Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
SADP.exe

Overview

General Information

Sample Name:SADP.exe
Analysis ID:1317941
MD5:bd51a46b73f84e74d4873e379b2283cd
SHA1:12c73c928da96a1288b474dff5f8441f1ad82028
SHA256:632d8fe7e574f0bbc476a5ead0f08e5bd8f6607cdf4e3aaa40279d44158d08f2
Infos:

Detection

Score:36
Range:0 - 100
Whitelisted:false
Confidence:40%

Compliance

Score:48
Range:0 - 100

Signatures

Tries to delay execution (extensive OutputDebugStringW loop)
Install WinpCap (used to filter network traffic)
Uses 32bit PE files
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Queries the volume information (name, serial number etc) of a device
Drops PE files
Tries to load missing DLLs
Creates driver files
Sleep loop found (likely to delay execution)
Found dropped PE file which has not been started or loaded
Creates a process in suspended mode (likely to inject code)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Analysis Advice

Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox
Sample monitors window changes (e.g. starting applications), analyze the sample with the 'Simulates keyboard and window changes' cookbook
Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior

Process Tree

  • System is w10x64_ra
  • SADP.exe (PID: 1304 cmdline: C:\Users\user\Desktop\SADP.exe MD5: BD51A46B73F84E74D4873E379B2283CD)
    • AppInstaller.exe (PID: 2152 cmdline: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exe MD5: 351C23EA9FBEE10E9E81889BCA867344)
      • cmd.exe (PID: 4120 cmdline: "C:\Windows\System32\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\RunTimeExe\vcredist2008.exe" /q MD5: 4943BA1A9B41D69643F69685E35B2943)
        • conhost.exe (PID: 5708 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: C5E9B1D1103EDCEA2E408E9497A5A88F)
      • cmd.exe (PID: 5736 cmdline: "C:\Windows\System32\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\RunTimeExe\vcredist_x64_2008.exe" /q MD5: 4943BA1A9B41D69643F69685E35B2943)
        • conhost.exe (PID: 4664 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: C5E9B1D1103EDCEA2E408E9497A5A88F)
      • cmd.exe (PID: 1984 cmdline: "C:\Windows\System32\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\RunTimeExe\vcredist_x86.exe" /q MD5: 4943BA1A9B41D69643F69685E35B2943)
        • conhost.exe (PID: 3244 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: C5E9B1D1103EDCEA2E408E9497A5A88F)
      • cmd.exe (PID: 5000 cmdline: "C:\Windows\System32\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\RunTimeExe\vcredist_x64_2013.exe" /q MD5: 4943BA1A9B41D69643F69685E35B2943)
        • conhost.exe (PID: 2288 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: C5E9B1D1103EDCEA2E408E9497A5A88F)
      • cmd.exe (PID: 5800 cmdline: "C:\Windows\System32\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\RunTimeExe\vc_redist.x86.exe" /q MD5: 4943BA1A9B41D69643F69685E35B2943)
        • conhost.exe (PID: 5772 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: C5E9B1D1103EDCEA2E408E9497A5A88F)
      • cmd.exe (PID: 5104 cmdline: "C:\Windows\System32\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\RunTimeExe\vc_redist.x64.exe" /q MD5: 4943BA1A9B41D69643F69685E35B2943)
        • conhost.exe (PID: 1272 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: C5E9B1D1103EDCEA2E408E9497A5A88F)
      • SADPTool.exe (PID: 5820 cmdline: "C:\Program Files (x86)\SADP\SADP\SADPTool.exe" MD5: C401148FE41B277C34364DE4E8F39BCB)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

  • Compliance
  • E-Banking Fraud
  • Spam, unwanted Advertisements and Ransom Demands
  • System Summary
  • Persistence and Installation Behavior
  • Hooking and other Techniques for Hiding and Protection
  • Malware Analysis System Evasion
  • HIPS / PFW / Operating System Protection Evasion
  • Language, Device and Operating System Detection

Click to jump to signature section

Show All Signature Results

Compliance

barindex
Source: SADP.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: C:\Users\user\Desktop\SADP.exeFile created: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\license_en.rtf
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeFile created: C:\Program Files (x86)\SADP\SADP\Open Source Software Licenses\Open Source Software Licenses-SADPTool.txt
Source: SADP.exeStatic PE information: certificate valid
Source: C:\Program Files (x86)\SADP\SADP\SADPTool.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9619_none_508d9c7abcbd32b6\MSVCR90.dll
Source: SADP.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

E-Banking Fraud

barindex
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeFile created: C:\Program Files (x86)\SADP\SADP\npf.sys

Spam, unwanted Advertisements and Ransom Demands

barindex
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeFile created: C:\Program Files (x86)\SADP\SADP\npf.sys
Source: SADP.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeSection loaded: wintab32.dll
Source: C:\Program Files (x86)\SADP\SADP\SADPTool.exeSection loaded: wintab32.dll
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeFile created: C:\Program Files (x86)\SADP\SADP\npf.sys
Source: C:\Users\user\Desktop\SADP.exeFile read: C:\Users\user\Desktop\SADP.exe
Source: SADP.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\SADP.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
Source: unknownProcess created: C:\Users\user\Desktop\SADP.exe C:\Users\user\Desktop\SADP.exe
Source: C:\Users\user\Desktop\SADP.exeProcess created: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exe C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exe
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\RunTimeExe\vcredist2008.exe" /q
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\RunTimeExe\vcredist_x64_2008.exe" /q
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\RunTimeExe\vcredist_x86.exe" /q
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\RunTimeExe\vcredist_x64_2013.exe" /q
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\RunTimeExe\vc_redist.x86.exe" /q
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\RunTimeExe\vc_redist.x64.exe" /q
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeProcess created: C:\Program Files (x86)\SADP\SADP\SADPTool.exe "C:\Program Files (x86)\SADP\SADP\SADPTool.exe"
Source: C:\Users\user\Desktop\SADP.exeProcess created: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exe C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exe
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\RunTimeExe\vcredist2008.exe" /q
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\RunTimeExe\vcredist_x64_2008.exe" /q
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\RunTimeExe\vcredist_x86.exe" /q
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\RunTimeExe\vcredist_x64_2013.exe" /q
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\RunTimeExe\vc_redist.x86.exe" /q
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\RunTimeExe\vc_redist.x64.exe" /q
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeProcess created: C:\Program Files (x86)\SADP\SADP\SADPTool.exe "C:\Program Files (x86)\SADP\SADP\SADPTool.exe"
Source: C:\Users\user\Desktop\SADP.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5708:120:WilError_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2288:120:WilError_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4664:120:WilError_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2288:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4664:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5772:120:WilError_02
Source: C:\Program Files (x86)\SADP\SADP\SADPTool.exeMutant created: \Sessions\1\BaseNamedObjects\QtLockedFile mutex c:/users/user/appdata/local/temp/qtsingleapplication-af61-1-lockfile
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3244:120:WilError_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3244:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1272:120:WilError_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5708:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5772:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1272:304:WilStaging_02
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeFile created: C:\Program Files (x86)\SADP
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SADP
Source: C:\Users\user\Desktop\SADP.exeFile created: C:\Users\user\AppData\Local\Temp\nskC412.tmp
Source: classification engineClassification label: sus36.bank.adwa.evad.winEXE@23/148@0/8
Source: C:\Users\user\Desktop\SADP.exeFile read: C:\Users\desktop.ini
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: SADP.exeStatic file information: File size 65313576 > 1048576
Source: SADP.exeStatic PE information: certificate valid
Source: C:\Program Files (x86)\SADP\SADP\SADPTool.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9619_none_508d9c7abcbd32b6\MSVCR90.dll
Source: SADP.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: C:\Users\user\Desktop\SADP.exeFile created: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\Json.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeFile created: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeFile created: C:\Program Files (x86)\SADP\SADP\Qt5Network.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeFile created: C:\Program Files (x86)\SADP\SADP\HCNetUtils.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeFile created: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-core-string-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeFile created: C:\Program Files (x86)\SADP\SADP\HCNetSDKCom\HCGeneralCfgMgr.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeFile created: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\opengl32sw.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeFile created: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeFile created: C:\Program Files (x86)\SADP\SADP\HCNetSDKCom\OpenAL32.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeFile created: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\imageformats\qico.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeFile created: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\iconengines\qsvgicon.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeFile created: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeFile created: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\Qt5Xml.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeFile created: C:\Program Files (x86)\SADP\SADP\HCNetSDKCom\StreamTransClient.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeFile created: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeFile created: C:\Program Files (x86)\SADP\SADP\HCNetSDKCom\HCDisplay.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeFile created: C:\Program Files (x86)\SADP\SADP\HCNetSDKCom\HCIndustry.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeFile created: C:\Program Files (x86)\SADP\SADP\HCNetSDKCom\msvcr90.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeFile created: C:\Program Files (x86)\SADP\SADP\sqldrivers\qsqlpsql.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeFile created: C:\Program Files (x86)\SADP\SADP\HCNetSDKCom\HCCoreDevCfg.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeFile created: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\msvcp140.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeFile created: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeFile created: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-core-file-l2-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeFile created: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeFile created: C:\Program Files (x86)\SADP\SADP\plugins\skins\CommonSkin.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeFile created: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\vccorlib140.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeFile created: C:\Program Files (x86)\SADP\SADP\HCNetSDKCom\libiconv2.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeFile created: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeFile created: C:\Program Files (x86)\SADP\SADP\HCNetSDKCom\HCPlayBack.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeFile created: C:\Program Files (x86)\SADP\SADP\HCCore.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeFile created: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\zlib1.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeFile created: C:\Program Files (x86)\SADP\SADP\hpr.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeFile created: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\Qt5Svg.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeFile created: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeFile created: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-core-util-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeFile created: C:\Program Files (x86)\SADP\SADP\sqldrivers\qsqlmysql.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeFile created: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeFile created: C:\Program Files (x86)\SADP\SADP\libssl-1_1.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeFile created: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeFile created: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeFile created: C:\Program Files (x86)\SADP\SADP\platforms\qoffscreen.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeFile created: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeFile created: C:\Program Files (x86)\SADP\SADP\Qt5Widgets.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeFile created: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\Quazip.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeFile created: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeFile created: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeFile created: C:\Program Files (x86)\SADP\SADP\HCNetSDKCom\AudioIntercom.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeFile created: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\API-MS-Win-core-xstate-l2-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeFile created: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-core-console-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeFile created: C:\Program Files (x86)\SADP\SADP\npf.sysJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeFile created: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\platforms\qwindows.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeFile created: C:\Program Files (x86)\SADP\SADP\msvcp140.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeFile created: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\vcruntime140.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeFile created: C:\Program Files (x86)\SADP\SADP\libcrypto-1_1.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeFile created: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\Qt5Gui.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeFile created: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-crt-private-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeFile created: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeFile created: C:\Program Files (x86)\SADP\SADP\plugins\styles\CommonStyle.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeFile created: C:\Program Files (x86)\SADP\SADP\SADPTool.exeJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeFile created: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\ucrtbase.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeFile created: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\D3Dcompiler_47.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeFile created: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\HUIControl.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeFile created: C:\Program Files (x86)\SADP\SADP\msvcp120.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeFile created: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeFile created: C:\Program Files (x86)\SADP\SADP\iVMSGUIToolkit.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeFile created: C:\Program Files (x86)\SADP\SADP\msvcr120.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeFile created: C:\Program Files (x86)\SADP\SADP\sqldrivers\qsqlite.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeFile created: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\imageformats\qwebp.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeFile created: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeFile created: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeFile created: C:\Program Files (x86)\Tool Infomation\{7D9B79C2-B1B2-433B-844F-F4299B86F26E}\Uninstall.exeJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeFile created: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeFile created: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeFile created: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\libGLESV2.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeFile created: C:\Program Files (x86)\SADP\SADP\NpfDetect.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeFile created: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeFile created: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeFile created: C:\Program Files (x86)\SADP\SADP\HCNetSDKCom\HCPreview.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeFile created: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\Qt5PrintSupport.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeFile created: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\imageformats\qgif.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeFile created: C:\Program Files (x86)\SADP\SADP\HCNetSDKCom\SystemTransform.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeFile created: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeFile created: C:\Program Files (x86)\SADP\SADP\Sadp.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeFile created: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeFile created: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\imageformats\qwbmp.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeFile created: C:\Program Files (x86)\SADP\SADP\HCNetSDKCom\HCAlarm.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeFile created: C:\Program Files (x86)\SADP\SADP\NpfDetectApp.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeFile created: C:\Program Files (x86)\SADP\SADP\sqldrivers\qsqlodbc.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeFile created: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeFile created: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeFile created: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeFile created: C:\Program Files (x86)\Tool Infomation\{7D9B79C2-B1B2-433B-844F-F4299B86F26E}\zlib1.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeFile created: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\libEGL.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeFile created: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-crt-multibyte-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeFile created: C:\Program Files (x86)\SADP\SADP\HCNetSDKCom\HCVoiceTalk.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeFile created: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeFile created: C:\Program Files (x86)\SADP\SADP\platforms\qminimal.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeFile created: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeFile created: C:\Program Files (x86)\SADP\SADP\Qt5Sql.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeFile created: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\imageformats\qjpeg.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeFile created: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeFile created: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\imageformats\qtga.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeFile created: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\imageformats\qicns.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeFile created: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-core-file-l1-2-0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeFile created: C:\Program Files (x86)\SADP\SADP\HCNetSDKCom\AnalyzeData.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeFile created: C:\Program Files (x86)\SADP\SADP\Qt5Core.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeFile created: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\Qt5Core.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeFile created: C:\Program Files (x86)\SADP\SADP\HCNetSDK.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeFile created: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\imageformats\qtiff.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeFile created: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeFile created: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\Qt5Qml.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeFile created: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\printsupport\windowsprintersupport.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeFile created: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeFile created: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeFile created: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-core-file-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeFile created: C:\Program Files (x86)\SADP\SADP\npf64.sysJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeFile created: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\imageformats\qsvg.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeFile created: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\license_en.rtf
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeFile created: C:\Program Files (x86)\SADP\SADP\Open Source Software Licenses\Open Source Software Licenses-SADPTool.txt
Source: C:\Users\user\Desktop\SADP.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\SADP\SADP\SADPTool.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\SADP\SADP\SADPTool.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\SADP\SADP\SADPTool.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\SADP\SADP\SADPTool.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\SADP\SADP\SADPTool.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\SADP\SADP\SADPTool.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\SADP\SADP\SADPTool.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\SADP\SADP\SADPTool.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\SADP\SADP\SADPTool.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\SADP\SADP\SADPTool.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\SADP\SADP\SADPTool.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\SADP\SADP\SADPTool.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\SADP\SADP\SADPTool.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\SADP\SADP\SADPTool.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\SADP\SADP\SADPTool.exeProcess information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

barindex
Source: C:\Program Files (x86)\SADP\SADP\SADPTool.exeSection loaded: OutputDebugStringW count: 330
Source: C:\Program Files (x86)\SADP\SADP\SADPTool.exeWindow / User API: threadDelayed 569
Source: C:\Program Files (x86)\SADP\SADP\SADPTool.exeWindow / User API: threadDelayed 1744
Source: C:\Program Files (x86)\SADP\SADP\SADPTool.exeWindow / User API: threadDelayed 476
Source: C:\Program Files (x86)\SADP\SADP\SADPTool.exeWindow / User API: foregroundWindowGot 511
Source: C:\Program Files (x86)\SADP\SADP\SADPTool.exeThread sleep count: Count: 1744 delay: -5
Source: C:\Users\user\Desktop\SADP.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\D3Dcompiler_47.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeDropped PE file which has not been started: C:\Program Files (x86)\SADP\SADP\msvcp120.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeDropped PE file which has not been started: C:\Program Files (x86)\SADP\SADP\iVMSGUIToolkit.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeDropped PE file which has not been started: C:\Program Files (x86)\SADP\SADP\Qt5Network.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeDropped PE file which has not been started: C:\Program Files (x86)\SADP\SADP\msvcr120.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeDropped PE file which has not been started: C:\Program Files (x86)\SADP\SADP\sqldrivers\qsqlite.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeDropped PE file which has not been started: C:\Program Files (x86)\Tool Infomation\{7D9B79C2-B1B2-433B-844F-F4299B86F26E}\Uninstall.exeJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeDropped PE file which has not been started: C:\Program Files (x86)\SADP\SADP\HCNetUtils.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-core-string-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeDropped PE file which has not been started: C:\Program Files (x86)\SADP\SADP\HCNetSDKCom\HCGeneralCfgMgr.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\libGLESV2.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\opengl32sw.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeDropped PE file which has not been started: C:\Program Files (x86)\SADP\SADP\NpfDetect.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeDropped PE file which has not been started: C:\Program Files (x86)\SADP\SADP\HCNetSDKCom\OpenAL32.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeDropped PE file which has not been started: C:\Program Files (x86)\SADP\SADP\HCNetSDKCom\HCPreview.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeDropped PE file which has not been started: C:\Program Files (x86)\SADP\SADP\HCNetSDKCom\SystemTransform.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeDropped PE file which has not been started: C:\Program Files (x86)\SADP\SADP\Sadp.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeDropped PE file which has not been started: C:\Program Files (x86)\SADP\SADP\HCNetSDKCom\StreamTransClient.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeDropped PE file which has not been started: C:\Program Files (x86)\SADP\SADP\NpfDetectApp.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeDropped PE file which has not been started: C:\Program Files (x86)\SADP\SADP\HCNetSDKCom\HCAlarm.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeDropped PE file which has not been started: C:\Program Files (x86)\SADP\SADP\sqldrivers\qsqlodbc.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeDropped PE file which has not been started: C:\Program Files (x86)\SADP\SADP\HCNetSDKCom\HCIndustry.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeDropped PE file which has not been started: C:\Program Files (x86)\SADP\SADP\HCNetSDKCom\HCDisplay.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeDropped PE file which has not been started: C:\Program Files (x86)\SADP\SADP\HCNetSDKCom\msvcr90.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeDropped PE file which has not been started: C:\Program Files (x86)\SADP\SADP\sqldrivers\qsqlpsql.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeDropped PE file which has not been started: C:\Program Files (x86)\SADP\SADP\HCNetSDKCom\HCCoreDevCfg.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeDropped PE file which has not been started: C:\Program Files (x86)\Tool Infomation\{7D9B79C2-B1B2-433B-844F-F4299B86F26E}\zlib1.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\libEGL.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-crt-multibyte-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-core-file-l2-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeDropped PE file which has not been started: C:\Program Files (x86)\SADP\SADP\plugins\skins\CommonSkin.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeDropped PE file which has not been started: C:\Program Files (x86)\SADP\SADP\HCNetSDKCom\libiconv2.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\vccorlib140.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeDropped PE file which has not been started: C:\Program Files (x86)\SADP\SADP\HCNetSDKCom\HCVoiceTalk.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeDropped PE file which has not been started: C:\Program Files (x86)\SADP\SADP\HCNetSDKCom\HCPlayBack.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeDropped PE file which has not been started: C:\Program Files (x86)\SADP\SADP\HCCore.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeDropped PE file which has not been started: C:\Program Files (x86)\SADP\SADP\platforms\qminimal.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\zlib1.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeDropped PE file which has not been started: C:\Program Files (x86)\SADP\SADP\Qt5Sql.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeDropped PE file which has not been started: C:\Program Files (x86)\SADP\SADP\hpr.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeDropped PE file which has not been started: C:\Program Files (x86)\SADP\SADP\sqldrivers\qsqlmysql.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-core-util-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeDropped PE file which has not been started: C:\Program Files (x86)\SADP\SADP\libssl-1_1.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-core-file-l1-2-0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeDropped PE file which has not been started: C:\Program Files (x86)\SADP\SADP\platforms\qoffscreen.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeDropped PE file which has not been started: C:\Program Files (x86)\SADP\SADP\HCNetSDKCom\AnalyzeData.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeDropped PE file which has not been started: C:\Program Files (x86)\SADP\SADP\HCNetSDK.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeDropped PE file which has not been started: C:\Program Files (x86)\SADP\SADP\HCNetSDKCom\AudioIntercom.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\Qt5Qml.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\API-MS-Win-core-xstate-l2-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\printsupport\windowsprintersupport.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-core-console-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeDropped PE file which has not been started: C:\Program Files (x86)\SADP\SADP\npf.sysJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-core-file-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeDropped PE file which has not been started: C:\Program Files (x86)\SADP\SADP\libcrypto-1_1.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-crt-private-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\SADP.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeDropped PE file which has not been started: C:\Program Files (x86)\SADP\SADP\npf64.sysJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeDropped PE file which has not been started: C:\Program Files (x86)\SADP\SADP\plugins\styles\CommonStyle.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeProcess information queried: ProcessInformation
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\RunTimeExe\vcredist2008.exe" /q
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\RunTimeExe\vcredist_x64_2008.exe" /q
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\RunTimeExe\vcredist_x86.exe" /q
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\RunTimeExe\vcredist_x64_2013.exe" /q
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\RunTimeExe\vc_redist.x86.exe" /q
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\RunTimeExe\vc_redist.x64.exe" /q
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeProcess created: C:\Program Files (x86)\SADP\SADP\SADPTool.exe "C:\Program Files (x86)\SADP\SADP\SADPTool.exe"
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeQueries volume information: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\platforms\qwindows.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeQueries volume information: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\translations\appinstaller_en.qm VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeQueries volume information: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\rcc\guiresource.rcc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeQueries volume information: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\imageformats\qgif.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeQueries volume information: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\imageformats\qicns.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeQueries volume information: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\imageformats\qico.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeQueries volume information: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\imageformats\qjpeg.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeQueries volume information: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\imageformats\qsvg.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeQueries volume information: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\imageformats\qtga.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeQueries volume information: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\imageformats\qtiff.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeQueries volume information: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\imageformats\qwbmp.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeQueries volume information: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\imageformats\qwebp.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeQueries volume information: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\iconengines\qsvgicon.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeQueries volume information: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\Tools\Tools.zip VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeQueries volume information: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\Tools\Tools.zip VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeQueries volume information: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\Uninstall\Uninstall.zip VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeQueries volume information: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\Uninstall\Uninstall.zip VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\cmd.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\cmd.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\cmd.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\cmd.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\cmd.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\cmd.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\SADP\SADP\SADPTool.exeQueries volume information: C:\Program Files (x86)\SADP\SADP\platforms\qminimal.dll VolumeInformation
Source: C:\Program Files (x86)\SADP\SADP\SADPTool.exeQueries volume information: C:\Program Files (x86)\SADP\SADP\platforms\qoffscreen.dll VolumeInformation
Source: C:\Program Files (x86)\SADP\SADP\SADPTool.exeQueries volume information: C:\Program Files (x86)\SADP\SADP\platforms\qwindows.dll VolumeInformation
Source: C:\Program Files (x86)\SADP\SADP\SADPTool.exeQueries volume information: C:\Program Files (x86)\SADP\SADP\plugins\styles\CommonStyle.dll VolumeInformation
Source: C:\Program Files (x86)\SADP\SADP\SADPTool.exeQueries volume information: C:\Program Files (x86)\SADP\SADP\plugins\skins\CommonSkin.dll VolumeInformation
Source: C:\Program Files (x86)\SADP\SADP\SADPTool.exeQueries volume information: C:\Program Files (x86)\SADP\SADP\plugins\styles\CommonStyle.dll VolumeInformation
Source: C:\Program Files (x86)\SADP\SADP\SADPTool.exeQueries volume information: C:\Program Files (x86)\SADP\SADP\translations\sadptool_en.qm VolumeInformation
Source: C:\Program Files (x86)\SADP\SADP\SADPTool.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation
Source: C:\Program Files (x86)\SADP\SADP\SADPTool.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsWindows Management Instrumentation1
Windows Service		1
Windows Service		2
Masquerading		1
Network Sniffing		11
Virtualization/Sandbox Evasion		Remote ServicesData from Local SystemExfiltration Over Other Network MediumData ObfuscationEavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/Job1
DLL Side-Loading		11
Process Injection		11
Virtualization/Sandbox Evasion		LSASS Memory1
Process Discovery		Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothJunk DataExploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)1
DLL Side-Loading		11
Process Injection		Security Account Manager1
Application Window Discovery		SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)1
DLL Side-Loading		NTDS1
File and Directory Discovery		Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA Secrets1
Network Sniffing		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
Replication Through Removable MediaLaunchdRc.commonRc.commonSteganographyCached Domain Credentials11
System Information Discovery		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
SADP.exe0%ReversingLabs
SADP.exe0%VirustotalBrowse

Dropped Files

SourceDetectionScannerLabelLink
C:\Program Files (x86)\SADP\SADP\HCCore.dll0%ReversingLabs
C:\Program Files (x86)\SADP\SADP\HCCore.dll0%VirustotalBrowse
C:\Program Files (x86)\SADP\SADP\HCNetSDK.dll0%ReversingLabs
C:\Program Files (x86)\SADP\SADP\HCNetSDK.dll0%VirustotalBrowse
C:\Program Files (x86)\SADP\SADP\HCNetSDKCom\AnalyzeData.dll0%ReversingLabs
C:\Program Files (x86)\SADP\SADP\HCNetSDKCom\AnalyzeData.dll2%VirustotalBrowse
C:\Program Files (x86)\SADP\SADP\HCNetSDKCom\AudioIntercom.dll0%ReversingLabs
C:\Program Files (x86)\SADP\SADP\HCNetSDKCom\AudioIntercom.dll0%VirustotalBrowse
C:\Program Files (x86)\SADP\SADP\HCNetSDKCom\HCAlarm.dll0%ReversingLabs
C:\Program Files (x86)\SADP\SADP\HCNetSDKCom\HCAlarm.dll0%VirustotalBrowse
C:\Program Files (x86)\SADP\SADP\HCNetSDKCom\HCCoreDevCfg.dll0%ReversingLabs
C:\Program Files (x86)\SADP\SADP\HCNetSDKCom\HCCoreDevCfg.dll0%VirustotalBrowse
C:\Program Files (x86)\SADP\SADP\HCNetSDKCom\HCDisplay.dll0%ReversingLabs
C:\Program Files (x86)\SADP\SADP\HCNetSDKCom\HCDisplay.dll0%VirustotalBrowse
C:\Program Files (x86)\SADP\SADP\HCNetSDKCom\HCGeneralCfgMgr.dll0%ReversingLabs
C:\Program Files (x86)\SADP\SADP\HCNetSDKCom\HCGeneralCfgMgr.dll0%VirustotalBrowse
C:\Program Files (x86)\SADP\SADP\HCNetSDKCom\HCIndustry.dll0%ReversingLabs
C:\Program Files (x86)\SADP\SADP\HCNetSDKCom\HCIndustry.dll0%VirustotalBrowse
C:\Program Files (x86)\SADP\SADP\HCNetSDKCom\HCPlayBack.dll0%ReversingLabs
C:\Program Files (x86)\SADP\SADP\HCNetSDKCom\HCPlayBack.dll1%VirustotalBrowse
C:\Program Files (x86)\SADP\SADP\HCNetSDKCom\HCPreview.dll0%ReversingLabs
C:\Program Files (x86)\SADP\SADP\HCNetSDKCom\HCPreview.dll0%VirustotalBrowse
C:\Program Files (x86)\SADP\SADP\HCNetSDKCom\HCVoiceTalk.dll0%ReversingLabs
C:\Program Files (x86)\SADP\SADP\HCNetSDKCom\HCVoiceTalk.dll0%VirustotalBrowse
C:\Program Files (x86)\SADP\SADP\HCNetSDKCom\OpenAL32.dll0%ReversingLabs
C:\Program Files (x86)\SADP\SADP\HCNetSDKCom\OpenAL32.dll0%VirustotalBrowse
C:\Program Files (x86)\SADP\SADP\HCNetSDKCom\StreamTransClient.dll0%ReversingLabs
C:\Program Files (x86)\SADP\SADP\HCNetSDKCom\StreamTransClient.dll0%VirustotalBrowse
C:\Program Files (x86)\SADP\SADP\HCNetSDKCom\SystemTransform.dll0%ReversingLabs
C:\Program Files (x86)\SADP\SADP\HCNetSDKCom\SystemTransform.dll0%VirustotalBrowse

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

World Map of Contacted IPs

Public IPs

IPDomainCountryFlagASNASN NameMalicious
239.255.255.250
unknownReserved
unknownunknownfalse

General Information

Joe Sandbox Version:38.0.0 Beryl
Analysis ID:1317941
Start date and time:2023-10-02 15:50:15 +02:00
Joe Sandbox Product:CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultwindowsinteractivecookbook.jbs
Analysis system description:Windows 10 64 bit version 1909 (MS Office 2019, IE 11, Chrome 104, Firefox 88, Adobe Reader DC 21, Java 8 u291, 7-Zip)
Number of analysed new started processes analysed:31
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • EGA enabled
Analysis Mode:stream
Analysis stop reason:Timeout
Sample file name:SADP.exe
Detection:SUS
Classification:sus36.bank.adwa.evad.winEXE@23/148@0/8
Cookbook Comments:
  • Found application associated with file extension: .exe
  • Exclude process from analysis (whitelisted): SIHClient.exe, SgrmBroker.exe, usocoreworker.exe, svchost.exe
  • Excluded IPs from analysis (whitelisted): 72.21.81.240
  • Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, slscr.update.microsoft.com, wu.ec.azureedge.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net, ctldl.windowsupdate.com, wu-bg-shim.trafficmanager.net, wu.azureedge.net
  • Not all processes where analyzed, report is missing behavior information
  • Report size getting too big, too many NtAllocateVirtualMemory calls found.
  • Report size getting too big, too many NtOpenKeyEx calls found.
  • Report size getting too big, too many NtProtectVirtualMemory calls found.
  • Report size getting too big, too many NtQueryValueKey calls found.
  • Report size getting too big, too many NtSetInformationFile calls found.

Created / dropped Files

C:\Program Files (x86)\SADP\SADP\ColumnConfig.xml

Download File
Process:C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exe
File Type:XML 1.0 document, ASCII text, with CRLF line terminators
Category:dropped
Size (bytes):2620
Entropy (8bit):4.594805298383486
Encrypted:false
SSDEEP:
MD5:C2C9A45C6185F1653F64AF2A1D752DBA
SHA1:F104515E264D11A5DE1AE911D418925D6F100601
SHA-256:52AC6BA2A37E5C1F34619126218268FF6226DEB9F376EEA7276B77C9DC411A43
SHA-512:7B30F631F56EBA18D880FACD08CC49378FA45C53CB951947CCF281835EF6D2A4347457263D8A6F7D417C0F29FFB2486551A34F4764BB4223B9B5A17863B1CBAF
Malicious:false
Reputation:low
Preview:<?xml version='1.0' encoding='GB2312'?>..<ColumnList>..<ColumnItem>..<ColumnName>Checkbox</ColumnName>..<IndexValue>0</IndexValue>..</ColumnItem>..<ColumnItem>..<ColumnName>Id</ColumnName>..<IndexValue>1</IndexValue>..</ColumnItem>..<ColumnItem>..<ColumnName>DeviceType</ColumnName>..<IndexValue>2</IndexValue>..</ColumnItem>..<ColumnItem>..<ColumnName>Activate</ColumnName>..<IndexValue>3</IndexValue>..</ColumnItem>..<ColumnItem>..<ColumnName>IPv4</ColumnName>..<IndexValue>4</IndexValue>..</ColumnItem>..<ColumnItem>..<ColumnName>Port</ColumnName>..<IndexValue>5</IndexValue>..</ColumnItem>..<ColumnItem>..<ColumnName>EnhancedSDKServicePort</ColumnName>..<IndexValue>6</IndexValue>..</ColumnItem>..<ColumnItem>..<ColumnName>Softversion</ColumnName>..<IndexValue>7</IndexValue>..</ColumnItem>..<ColumnItem>..<ColumnName>IPv4Gateway</ColumnName>..<IndexValue>8</IndexValue>..</ColumnItem>..<ColumnItem>..<ColumnName>HttpPort</ColumnName>..<IndexValue>9</IndexValue>..</ColumnItem>..<ColumnItem>..<Co

C:\Program Files (x86)\SADP\SADP\HCCore.dll

Download File
Process:C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exe
File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:dropped
Size (bytes):2180096
Entropy (8bit):6.715990095656359
Encrypted:false
SSDEEP:
MD5:FAFB9031A9FAE9A498846626648C82A5
SHA1:D917CD8722C43E5D7CFBA4D2B30E6468642D3F2D
SHA-256:91B087965E0E00DC6FB90D359542C39A0BE5595F77A05AF34E0A33F3CE712913
SHA-512:BF5A1162459A595A69438848B36EFCCBB9ADAEBBC9C8F454E83285E0781B5FBC6C54A9329FAFBC76B6CEAD00B19574677E5FBAB6CE7C7574C8EA24D099B1FC35
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
  • Antivirus: Virustotal, Detection: 0%, Browse
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........m..>..>..>.eD>..>.b>..>.\>..>.c>s.>J:H>..>..>8.>..f>..>..c>..>..b>..>.._>..>..X>..>...>..>..]>..>Rich..>................PE..L...C..c...........!.....&....V..............@................................p...........@................................. .........n.......................n.((...C..8...........................0...@............@...............................text...F$.......&.................. ..`.rdata..by...@...z...*..............@..@.data.....N......r..................@....rsrc.........n....... .............@..@.reloc..((....n..*.... .............@..B........................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\SADP\SADP\HCNetSDK.dll

Download File
Process:C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exe
File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:dropped
Size (bytes):848384
Entropy (8bit):6.689967860785471
Encrypted:false
SSDEEP:
MD5:2C219337BFB69C865F651D4673751A57
SHA1:CEDFB38D63EB5388FBCB9AE9A44150BAC0CAA010
SHA-256:065926BFA1020242B5A82287B3BE407F92081ADD00564D58673467D1BFE19FB5
SHA-512:4C7809A2C06CE4AA98DFAE5A83C58F36B9ABCF8468442E856F947FB231D7E97ADB98AE6BC5BFB66AAF24D18C709F76CDB434B4BF49CBD629B774A0C851B1BD75
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
  • Antivirus: Virustotal, Detection: 0%, Browse
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ S..A=L.A=L.A=LI..L.A=L...L.A=L...L.A=L...L.A=L...L.A=L...L.A=L.A<L.@=L...L.A=L...L.A=L...L.A=L...L.A=L.A.L.A=L...L.A=LRich.A=L........................PE..L......c...........!.........T......]........................................ ............@..............................v..8,...................................... ...8...........................@>..@............................................text............................... ..`.rdata..............................@..@.data...l ...P...,...>..............@....rsrc................j..............@..@.reloc...............n..............@..B................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\SADP\SADP\HCNetSDKCom\AnalyzeData.dll

Download File
Process:C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):499712
Entropy (8bit):6.6647075682204004
Encrypted:false
SSDEEP:
MD5:CBE7D35ED18C0C4AC30D674D24B8FEA6
SHA1:C7D285D8E305C7589ABA1DF065B99E1708CD03CB
SHA-256:663C9028A32767B8D3E824073B32335519380FB5D5BFB7D0E39E20F624AE8713
SHA-512:90F45275650896C150E1D0C42706B1C5CAC6803A9DF3643E7C7C74656AC041C742043D83D1521A2E2F44447E880539F900440B419488A3F3BC901D9F6EB8B8D2
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
  • Antivirus: Virustotal, Detection: 2%, Browse
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......).{.m...m...m...d..O...d.....Jen.n...m.......s..n...s..x...d..&...d..l...s..l...d..l...Richm...........................PE..L...:..`...........!.................y.......0.......................................=..........................................(....`.......................p...+...1.................................@............0...............................text............................... ..`.rdata......0....... ..............@..@.data....~..........................@....rsrc........`.......l..............@..@.reloc...-...p.......r..............@..B........................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\SADP\SADP\HCNetSDKCom\AudioIntercom.dll

Download File
Process:C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):2054144
Entropy (8bit):6.98550283512543
Encrypted:false
SSDEEP:
MD5:57F215C6207266B4D6F49EB2F3143E4C
SHA1:25555991792C8E423ED2A9E990D32BE9249407FF
SHA-256:C4989F004CE6986ED9F8B1C49E219B985CD05D04A15FB4E1C5F681844D498358
SHA-512:CE713A39681C03BC478894B5D4FE2408ECC5FBCDCE0B0233DE5431C72EAD478D04BBA7AA1339646E31572F5308D218D9F5060E0F8AA7CFDF0771B5898E8FF20B
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
  • Antivirus: Virustotal, Detection: 0%, Browse
Reputation:low
Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......................y......M.......d.......c.......t..............I.......c.......).....u.........d......L......|......=.......z.....Rich............................PE..L.....a...........!.........L............... ................................ .....s...............................@.......0~..P...............................|G...!............................................... ...............................text............................... ..`.rdata..,p... ...r..................@..@.data................~..............@....rsrc...............................@..@.reloc...Q.......R..................@..B................................................................................................................................................................................................................................................................

C:\Program Files (x86)\SADP\SADP\HCNetSDKCom\HCAlarm.dll

Download File
Process:C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exe
File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:dropped
Size (bytes):876544
Entropy (8bit):6.684507175514611
Encrypted:false
SSDEEP:
MD5:E9DAB58A861150F8C4DA5C17DF097513
SHA1:A2D26A05A98A81F427009C24A44D02B2AF8604E2
SHA-256:96240049901FDD0F98E161AAEC7BCE135B12AA594CEA32679BB19FE66835D51C
SHA-512:35FF78722D7958E7237BC45892BD62782919756285D4492BD5354B6F9E50B7663D83CB13E0B28CA4FA113A9D8E5A0E7ABA82C37DF00082F4D098615161853765
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
  • Antivirus: Virustotal, Detection: 0%, Browse
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............i...i...i..:....i...86..i...8...i...8..mi..y."..i...;4..i...i...h...;...i...;...i...;5..i...;2..i...i~..i...;7..i..Rich.i..................PE..L......c...........!......................................................................@.............................4.......................................Hp.. ...8............................!..@............................................text.............................. ..`.rdata..............................@..@.data............*..................@....rsrc...............................@..@.reloc..Hp.......r..................@..B........................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\SADP\SADP\HCNetSDKCom\HCCoreDevCfg.dll

Download File
Process:C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exe
File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:dropped
Size (bytes):905728
Entropy (8bit):6.693451143119324
Encrypted:false
SSDEEP:
MD5:94E41ABC5D18D5FF6CAE622B3C711D05
SHA1:1DC09BE73B2E391D79A669B23AE5B5EAE222B1CC
SHA-256:30FAFBEE630E02C33EE7E7BBC631D6DB6A1BFF66F777D049A7467777A5E20A76
SHA-512:19777832253E79BFD72B0D1C7797869B847CFD2EDA6FF6297319D5CD846BBC0068D71FCA4EA64EA6A50E012D42A98F965F3AC92FD0A3AC016721BCA120A752B8
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
  • Antivirus: Virustotal, Detection: 0%, Browse
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......R^[..?5..?5..?5....?5.Pn..4?5.Pn..X?5.Pn...?5......?5..m...?5..?4.P>5..m...?5..m...?5..m...?5..m...?5..?...?5..m...?5.Rich.?5.........PE..L...o..c...........!................9........0............................................@..............................)..$........`.......................p.......5..8............................P..@............0..4............................text...v........................... ..`.rdata.......0......."..............@..@.data....#...0...,..."..............@....rsrc........`.......N..............@..@.reloc.......p.......R..............@..B................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\SADP\SADP\HCNetSDKCom\HCDisplay.dll

Download File
Process:C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exe
File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:dropped
Size (bytes):855552
Entropy (8bit):6.691427325307979
Encrypted:false
SSDEEP:
MD5:F5994B8A36CBA0D7A8AB3BB92C254C06
SHA1:6E523CFE4DF9200E42988EDF40E7D87F2658D73A
SHA-256:37C2605E64B3452F966780D3AD1AD07FC5D6DD66247CCF80D446973C015B1683
SHA-512:666FBF2205FFE63E4E4EF0015167CA3B0C724E8F1D7879C9DADF37C6433530F76676DEC635D2314370C6C5A4CDF292A4DA3B0D577B4BAEED60A60DE965F0FAB1
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
  • Antivirus: Virustotal, Detection: 0%, Browse
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........v...%...%...%.g.%...%..%...%.=%...%.<%[..%O8.%...%...%...%...%...%..9%...%..=%...%...%...%...%...%..K%...%...%...%Rich...%................PE..L......c...........!.........4...............................................0............@..........................9.......V...................................r..p...8...............................@............................................text...v........................... ..`.rdata..L...........................@..@.data...l........,...j..............@....rsrc...............................@..@.reloc...r.......t..................@..B........................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\SADP\SADP\HCNetSDKCom\HCGeneralCfgMgr.dll

Download File
Process:C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exe
File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:dropped
Size (bytes):1361408
Entropy (8bit):6.7329275744482455
Encrypted:false
SSDEEP:
MD5:DAAD3D9007BAD5243B57450DDA1EFBBA
SHA1:C37BAD41B0EBF6CDCC85369B75EAB0797791058B
SHA-256:6C1299E24C537A53BEA1E9C0E764B42CA7B5911E36688022A683BD384F2BAB32
SHA-512:AAC7042508024BBC3987690AF8EA2743D3651DE10B94B142A6644D03663BC6B1F2DB08049A8A3A6A661F5835A55CD0BFA981B358D5DE2B1B14D9006981937AD8
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
  • Antivirus: Virustotal, Detection: 0%, Browse
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........_C^.>-..>-..>-.^....>-..o...>-..o...>-..o...>-......>-..l...>-..>,..?-..l...>-..l...>-..l...>-..l...>-..>...>-..l...>-.Rich.>-.........PE..L......c...........!.........................................................&...........@.........................p...8.............%...................... %.h.......8..............................@...............T............................text.............................. ..`.rdata..............................@..@.data...."..........................@....rsrc.........%.....................@..@.reloc..h.... %.....................@..B................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\SADP\SADP\HCNetSDKCom\HCIndustry.dll

Download File
Process:C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exe
File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:dropped
Size (bytes):1057792
Entropy (8bit):6.705164940370214
Encrypted:false
SSDEEP:
MD5:A6FF4E1FE631E1668A314C8967D1B6AC
SHA1:D23E3CC44218D921DC2DFE8A4B8BA232B554DB36
SHA-256:AF868B526AE184A6EBEF9304A3BCE5BA8B4D8B66EAF4842BFF5EEED35BBA4615
SHA-512:3F698DA60C84EEB27DCB1EBEEE352EBB649A294D8FB404B8C1B91AC85EE64C2848B732F6932ECAD9A6047C419EAD7806F7C5FB4E709D606EB12B475010619CD6
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
  • Antivirus: Virustotal, Detection: 0%, Browse
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........4u..U.Z.U.Z.U.ZB..Z.U.Z...Z.U.Z...Z.U.Z...Z.U.Z...Z.U.Z...Z.U.Z.U.Z.T.Z...Z.U.Z...Z.U.Z...Z.U.Z...Z.U.Z.U.Z.U.Z...Z.U.ZRich.U.Z........................PE..L......c...........!.........t...............................................P!...........@..........................F......dd........ ....................... ........8...............................@............................................text............................... ..`.rdata..............................@..@.data...,........*...r..............@....rsrc......... .....................@..@.reloc....... .....................@..B................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\SADP\SADP\HCNetSDKCom\HCPlayBack.dll

Download File
Process:C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exe
File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:dropped
Size (bytes):747520
Entropy (8bit):6.687729045487461
Encrypted:false
SSDEEP:
MD5:57BEB4217232AEDF43469F49FE4E9AB9
SHA1:5DFB681FD395BF6E5E5F7859B78367661A8D1E00
SHA-256:F81E4E8FFE13CF2BC35EAB1D9BB96C15FBA06009087EDFAFB724AB93F7272428
SHA-512:DC0F9CDE1B968191573EBC25F9D5FA32AAB8321B842783D5E6DA2D054FFF82FD4A14A6D31FCB823F7A394DFE8D1F871ECCA1D764E1279421A6765E6242F6BB15
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
  • Antivirus: Virustotal, Detection: 1%, Browse
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......lI.Z((..((..((....].+(..nyE..(..ny{.`(..nyz..(....Q.$(..%zG.-(..((..C)..%z..2(..%z{.>(..%zF.)(..%zA.)(..((..)(..%zD.)(..Rich((..........................PE..L......c...........!................r.....................................................@.........................p.......H........P.......................`...g..P...8...........................@(..@............................................text............................... ..`.rdata..............................@..@.data...L_.......,..................@....rsrc........P......................@..@.reloc...g...`...h..................@..B................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\SADP\SADP\HCNetSDKCom\HCPreview.dll

Download File
Process:C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exe
File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:dropped
Size (bytes):686080
Entropy (8bit):6.627971592123664
Encrypted:false
SSDEEP:
MD5:CA105DD6D1B37A492A902717568895A7
SHA1:56F156EDC87A09A49D332D82F898C80BAD7A7495
SHA-256:A6B18A8B174106DB28536F81B321EA152E5A48A36805D1D98B9E9263074D9868
SHA-512:3AFBC71F55DB7AC3C737E1F9FEAC49DEC369F1A56D7FC2756058EEB95EBD7EFF10E7D2C0EF56C714D8466B4C33FEED8F4B122A337EC47F74B8AFF81404A3C605
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
  • Antivirus: Virustotal, Detection: 0%, Browse
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......,G.gh&l4h&l4h&l4...4k&l4.w.4I&l4.w.4"&l4.w.4.&l4..4d&l4et.4m&l4h&m44'l4et.4r&l4et.4z&l4et.4i&l4et.4i&l4h&.4i&l4et.4i&l4Richh&l4........PE..L......c...........!.....>...j......iQ.......P............................................@.........................................P.......................`..4h...V..8............................(..@............P...............................text....<.......>.................. ..`.rdata.......P.......B..............@..@.data...L_.......,..................@....rsrc........P......................@..@.reloc..4h...`...j..................@..B................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\SADP\SADP\HCNetSDKCom\HCVoiceTalk.dll

Download File
Process:C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exe
File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:dropped
Size (bytes):689152
Entropy (8bit):6.657715081441153
Encrypted:false
SSDEEP:
MD5:54FB06ED1C8AF774E760062CE2B2A608
SHA1:91AE49ADE1680DC40962256F456139C7B947FD6D
SHA-256:662E3DDB6BCC5DBA5969A9FB8CF63CFAABE226C8B3C0883B908879FA8AE2454F
SHA-512:70DC62CF7329D9AE111551558FD880B1CC6BB714E49331E4388C090BEA6DDE5851913441C657533F44377F5F28087965B924A1B2ED69EA393192CC099470B75B
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
  • Antivirus: Virustotal, Detection: 0%, Browse
Reputation:low
Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......j.@....}...}...}..$},..}z..}?..}.}.}-..}h..}...}h..}f..}h..}...}.".}"..}#..}+..}../}5..}#..}5..}#..}%..}#..}/..}#..}/..}..}/..}#..}/..}Rich...}........................PE..L......c...........!.........Z......i^.......0............................................@.........................`q..(....z.......0.......................@...d.. 5..8...............................@............0...............................text............................... ..`.rdata..jk...0...l..................@..@.data..............................@....rsrc........0......................@..@.reloc...d...@...f..................@..B................................................................................................................................................................................................................................................................

C:\Program Files (x86)\SADP\SADP\HCNetSDKCom\OpenAL32.dll

Download File
Process:C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):375808
Entropy (8bit):7.079582943202465
Encrypted:false
SSDEEP:
MD5:F1AE1CEA6A77616C739AC021C38EB910
SHA1:152B5379395C03270243610A293D1D7555BE725D
SHA-256:6D1626E2C850B15A6A1F0CAC3CEEC9F24A20F6EE3A9C4199F9BF2E02CA5DD2C8
SHA-512:B2118491B4B0FBB37103BFB2B76FDBE68BE969EF1FF9106012FFFB94EFDCE9B76EF2290313D6D563ED943472D3E9BABF85F7B8BD2B254293D2C8C6706384E79B
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
  • Antivirus: Virustotal, Detection: 0%, Browse
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........................k.......m.......|.....b.n......3..........B.....{.......j.......l.......i.....Rich............................PE..L....1._...........!.....l...L......Qu....................................................@..........................}..!....p...................................-...................................o..@...............|............................text....k.......l.................. ..`.rdata..1............p..............@..@.data................~..............@....rsrc...............................@..@.reloc..v3.......4..................@..B........................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\SADP\SADP\HCNetSDKCom\StreamTransClient.dll

Download File
Process:C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exe
File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:dropped
Size (bytes):722432
Entropy (8bit):6.741649040991105
Encrypted:false
SSDEEP:
MD5:5B5B9B8DDC4377577B54E8C9E73B311E
SHA1:23F40866F9526AD9838E0AB31153C94F854C47EF
SHA-256:207AE46C2A11265D6097C9EE72B595BBCB343565AA928D20FA7D1B3789939356
SHA-512:0394FB442832C81ACB6E8AC5CB60457B1299FA5EFB2FD0BEA98A1D80B6197A5FDB1FE0C584481D0D2C0F5E712D91D2D27635922A5E330FEA52523A1E26E7ED35
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
  • Antivirus: Virustotal, Detection: 0%, Browse
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......2...v.v.v.v.v.v.....r.v.0..W.v.0..8.v.0...v.A..{.v.v.w...v.{.._.v.{..w.v.{..V.v.{..w.v.{..w.v.v...w.v.{..w.v.Richv.v.........PE..L......b...........!.........L............................................... !...........@..........................d......@j........ ....................... .|k......8...............................@............................................text............................... ..`.rdata..:...........................@..@.data............*...l..............@....rsrc......... .....................@..@.reloc..|k.... ..l..................@..B................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\SADP\SADP\HCNetSDKCom\SystemTransform.dll

Download File
Process:C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):720896
Entropy (8bit):6.76867680900025
Encrypted:false
SSDEEP:
MD5:9C5F17C3BD94822ABD3F324512433904
SHA1:E40D3B6538DF16025CD7BD4F32AFDAD0FA1995C3
SHA-256:121DAA31C1CD22E86256BA3B9D5707E9046CF1D1C88464B206029E862ED81C9D
SHA-512:3AB58CD702DEB5BD3D015CB64003ADB23490FEC7B13E55201654E391A2875C2613997C8BFA50CBF350DB8866B3767D8C25C9CC641D79947BE642C14933E07BB8
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
  • Antivirus: Virustotal, Detection: 0%, Browse
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........K.FQ*..Q*..Q*..XR..r*..v...R*..Q*..7*..XR...*..XR..%*..XR..P*..Ox..P*..XR..P*..RichQ*..................PE..L...,.gb...........!.................x...............................................................................N..7....E..(................................J..................................@...@............................................text...6........................... ..`.rdata..'D.......F..................@..@.data....K...`...p...<..............@....rsrc...............................@..@.reloc...M.......N..................@..B................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\SADP\SADP\HCNetSDKCom\libiconv2.dll

Download File
Process:C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exe
File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:dropped
Size (bytes):978432
Entropy (8bit):7.389576051888232
Encrypted:false
SSDEEP:
MD5:FD1DC6C680299A2ED1EEDCC3EABDA601
SHA1:E702404882B03014ABEB2ADEAD38A9E87AD90046
SHA-256:CB016E794D3311C71F21D87803E10A0E1133995F62A485EB37B321CD9B9E1087
SHA-512:2AED2D9F2D086A52A25F320DF3F2BDA144C6ADDE7D7F3BB8974EBCDEE7D65130246B357A54E383DAA88C22578193009EF0AC1F627C7094C413DC157ADCBC3DF9
Malicious:false
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...S.mA..........."...8...........................h.........................@................ .........................l............ .......................0.......................................................................................text...............................`..`.data...@...........................@....bss.....................................edata..l................................idata..............................@....rsrc........ ......................@....reloc.......0..................................................................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\SADP\SADP\HCNetSDKCom\msvcr90.dll

Download File
Process:C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):655872
Entropy (8bit):6.890407230950918
Encrypted:false
SSDEEP:
MD5:4D03CA609E68F4C90CF66515218017F8
SHA1:545E440940073D5EC49D47FEFD421730F8B33EFB
SHA-256:CF420ACED0D810E1D75F6811DD986F2D9FDED2FBB8D61FC9A7024520C475FEBB
SHA-512:1B52D09F94BD37850D098AE7222E85E16A4F6DF14CFDFC28526CD98B81FB009865FA75774EE4FEAA2E5D5861BEA27759FE4FB979C902F8EA60AFA8C3E1F723FE
Malicious:false
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................6.........!.R...7.....&.....0.....6.....3...Rich..........PE..L......H...........!.....Z..........@-.......p....Rx.........................0......!f....@.........................`....|......(........................$.......3......................................@............................................text....X.......Z.................. ..`.data....g...p...D...^..............@....rsrc...............................@..@.reloc...7.......8..................@..B................................................................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\SADP\SADP\HCNetUtils.dll

Download File
Process:C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):594432
Entropy (8bit):6.61966112162338
Encrypted:false
SSDEEP:
MD5:5043EEFFAEF444AFF1370ECC7F1CD286
SHA1:73D43FA67BC63628330942B1B9EAC9302B50C19E
SHA-256:FFA3986A18C5CCADF6C162572054681C2AAC9F44672D173DE422E2D161C03455
SHA-512:DB8C5A339D23AC6CC0754860154CD3D6EBF09264F8B149B09B249F3C1413928BFF12CF4BEC926D31187272FAAB4623739DE39FD2AC30AD6BD328CF5E55363243
Malicious:false
Reputation:low
Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......8...|..|..|...6..y..:...^..:.3.0..:.2......2.t....3.y..(..l..q.3.?..|.....i..s..q.7.2..q...}..q...}..|.E.}..q...}..Rich|..................PE..L.....5Y...........!.........T...............................................0 ...........@..........................a.......m..d...............................Ha......8...............................@...............$............................text............................... ..`.rdata..J...........................@..@.data...,".......@...l..............@....rsrc...............................@..@.reloc..Ha.......b..................@..B........................................................................................................................................................................................................................................................................

C:\Program Files (x86)\SADP\SADP\HCSadpSDK.xml

Download File
Process:C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exe
File Type:XML 1.0 document, ASCII text, with CRLF line terminators
Category:dropped
Size (bytes):255
Entropy (8bit):5.050816728357881
Encrypted:false
SSDEEP:
MD5:E7A56C3C3A564F9852438D9F7E217180
SHA1:F372A122F73DE2EB5BB4B706DD95C8005DDE2872
SHA-256:C5EBF324B451D22C0393577D8435D32A7880EB149EA206BD6B9CF9E2109AB715
SHA-512:2F51D50EF0366B92AD368BC44D248D316509005783BEE58BE9871A1EC2FA5EE48B7915612482447EAB43731613FAE40818DFD87C539CB3C5C30313B73B335BFB
Malicious:false
Reputation:low
Preview:<?xml version="1.0" encoding="UTF-8"?>..<SdkLog>..<logLevel>3</logLevel>..<logDirectory>C:\SadpLog</logDirectory>..<autoDelete>true</autoDelete>..<cryptoPath>libcrypto-1_1.dll</cryptoPath>..<sslPath>libssl-1_1.dll</sslPath>..<pcap>true</pcap>..</SdkLog>..

C:\Program Files (x86)\SADP\SADP\NpfDetect.dll

Download File
Process:C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):149504
Entropy (8bit):6.43198468152322
Encrypted:false
SSDEEP:
MD5:C8D14E7E4D56692D5F7F3C5D236AE756
SHA1:6BAF6C79B9E86289D813701B21B180BE6649A304
SHA-256:9E986DEB7611D08EAFA8ABAD73B43AE888465CBC24795321CE8D5B378BD66120
SHA-512:2823EF2C2DF65EEF9122E3B2550E702D74E73B27C5B98B7F8C078C6F8AF6D07061D197EC4E3D4B922ABEFA1E47B64770C5BABC306CE5039D6C1AC39FCA83F209
Malicious:false
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Q.4q..Z"..Z"..Z".a."..Z"S."..Z"S."Q.Z"S.".Z"L.I"..Z"..["N.Z".."..Z".."..Z".."..Z".."..Z"Rich..Z"........PE..L..._D.V...........!......... ...........................................................@.............................g...x...<...............................8.......8...............................@...............4............................text.............................. ..`.rdata..T...........................@..@.data...h|...0......................@....rsrc................(..............@..@.reloc..8............,..............@..B........................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\SADP\SADP\NpfDetectApp.exe

Download File
Process:C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exe
File Type:PE32 executable (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):56320
Entropy (8bit):6.508020658725717
Encrypted:false
SSDEEP:
MD5:FA155FAB12E74F2DC61168385537DA21
SHA1:AE5191158D96E06CEFB7ABD5D8408554574CCD97
SHA-256:91178B17D7B6F86B1CF1A23A22F065C989FE7B34C5D4EB730FBC72DEE11DDBC7
SHA-512:1C42F8956A7693E18B5E8B4389394AF9D9570036C5EC4B99201A24308135125B5FC555DD7D3151181FE709027F8864A9C04D5210CE8ADC6967551D6BB47E8EEB
Malicious:false
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................R......C......U..........................\.....B......G....Rich...........................PE..L......Y.................l...D....................@..................................>....@....................................d........................(......\...`...............................p...@...............0............................text...$j.......l.................. ..`.rdata...............p..............@..@.data...............................@....rsrc...............................@..@.reloc..H...........................@..B................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\SADP\SADP\Open Source Software Licenses\Open Source Software Licenses-SADPTool.txt

Download File
Process:C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exe
File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:dropped
Size (bytes):66161
Entropy (8bit):4.677347715058944
Encrypted:false
SSDEEP:
MD5:B6CCF993DC4A361B5DE2A92662AEFF27
SHA1:D291D5CA6572E3C403D3E498D1524DFE925EC234
SHA-256:85EB69530E20234D30E3FF382BB6B2207413E6BBA4CD9E4E9711D5687DFA72BA
SHA-512:7E945244AA83EFD98B206826C86091A68E4111AEF3FFB53A147EE21BBD82EB8C31E7B5331855D9AA1310F172A53ECB5525663695AB8B52F3A0E19F3BC21A777F
Malicious:false
Reputation:low
Preview:.Open Source Software Licenses....The information in this document applies to this product....1. Software Licensed under the GNU Library General Public License.. .. This product includes software licensed under the GNU Library.. General Public License (LGPL), Version 2. Please see Appendix A.. below for the terms of this license... .. Specifically, the following software included in this product is.. subject to the LGPL:.. .. Qt.... All software listed above is copyright by the respective author... Please see the source code for detailed information.....2. Software licensed under the Public Domain License.. .. This product includes software licensed under the Public Domain License. Please see.. Appendix K below for the terms of this license... .. Specifically, the following software included in this product is subject to.. the Public Domain license:.. .. sqlite3.. .. All software listed above is copyright by the respective author... Please see the sou

C:\Program Files (x86)\SADP\SADP\Qt5Core.dll

Download File
Process:C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):4779008
Entropy (8bit):6.865307788354471
Encrypted:false
SSDEEP:
MD5:F246B5AB46E8935FFE7471949DA3B59C
SHA1:C2CD6A537749FE4B3DA4D38F1E04796F01B8B7C7
SHA-256:CD5EE9C950A22D302EEBC6954C20722492CE5F2417C5C2D6F7EE40D86B8B6DC0
SHA-512:1382702B45F4CD90ED273EB146C838DD91E194034F9CA30A3C05404A42EC7FDDE66B1A7CFDF424B95AE3F7CCC1E8ED6442E6CCE3D4722A94AAE1B885F6141961
Malicious:false
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........8.U.V.U.V.U.V.\..A.V..t..Q.V.n.U.Z.V.n.R.^.V.n.W.Q.V.n.S.L.V.&.P.V.V.&.W.F.V.U.W.~.V..R...V..S...V..V.T.V....T.V.U...T.V..T.T.V.RichU.V.........PE..L....2.[...........!......#..&%.....I.".......$....g.........................pI...........@...........................A..6.. 9G.......H.......................H.$U....>.T...................T.>.......>.@.............$..............................text.....#.......#................. ..`.rdata..vF#...$..H#...#.............@..@.data....}...`G..N...>G.............@....tls..........G.......G.............@....gfids..0.....G.......G.............@..@.rsrc.........H.......G.............@..@.reloc..$U....H..V....G.............@..B................................................................................................................................................................................................

C:\Program Files (x86)\SADP\SADP\Qt5Network.dll

Download File
Process:C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):961024
Entropy (8bit):6.628784168058759
Encrypted:false
SSDEEP:
MD5:C320024D16450D6D09369AE091D2D99F
SHA1:EBDFAA67D4588B2C8E202D84F13EC558A3A70BF2
SHA-256:C7589E8B3DE7C889C0BF289DAC78C72813AC8F4BFB1C4C1CF607E0FD8DAF4D66
SHA-512:07E64E63FE244DDD680196F9082E78F18E6AC672B35226C5B8F50B49FA3CCF1218996B44CB23D61982FEE109E5BD8CD9251EEEDF8371664630DF6C8C0982F297
Malicious:false
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........E.R.+.R.+.R.+.[...X.+.i.(.W.+.i./.Y.+.i.*.V.+.i...J.+..*.P.+.!.*._.+.R.*...+....+.+..+.S.+.....S.+.R...S.+..).S.+.RichR.+.........PE..L...Q3.[...........!................~........0.....d......................... ............@.........................0....9..,"..,....0.......................@..$.......T...................D..........@............0...............................text...`........................... ..`.rdata......0......................@..@.data....L.......$..................@....gfids..H...........................@..@.tls......... ......................@....rsrc........0......................@..@.reloc..$....@......................@..B................................................................................................................................................................................................................

C:\Program Files (x86)\SADP\SADP\Qt5Sql.dll

Download File
Process:C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):155648
Entropy (8bit):6.5701428204577486
Encrypted:false
SSDEEP:
MD5:5796014FE5C4CF2B8F3FA0777B13D0C5
SHA1:BC9854945B1BB3CB9A15358F0F610FE1732B395C
SHA-256:EB4DF1A2C05BE473CCF10054EE23EF788078471264A8E14F29351F8627D8A406
SHA-512:6C1CD29870779C600CB812C60F4EDECA56E4E169245DA9A47EB8B323F5839B739B64F03B26104A8CB5CA44D6F67B8E84539CD888A682222DA66CDDE20F1395EF
Malicious:false
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......P.x..m...m...m.......m../3...m..g....m../3...m../3...m../3...m...3...m...m...l...3...m...3...m...3..m...m...m...3...m..Rich.m..................PE..L....2.[...........!.....p...........u.............b......................................@.........................P....i..\...x.......................................T...........................X...@...............x............................text....n.......p.................. ..`.rdata...............t..............@..@.data...,....P.......6..............@....tls.........`.......:..............@....gfids..L....p.......<..............@..@.rsrc................>..............@..@.reloc...............D..............@..B........................................................................................................................................................................................................

C:\Program Files (x86)\SADP\SADP\Qt5Widgets.dll

Download File
Process:C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):4468224
Entropy (8bit):6.837068715583377
Encrypted:false
SSDEEP:
MD5:CDF2CA4DA1BF5130051A38F583A717CD
SHA1:3E6EBF6574F04654A5312309FBE687AE137D98BA
SHA-256:EFC0A21E42F5F21621DE2775723A5936FCEA6A99BE5E2D4043A70F7944AF82B8
SHA-512:1634F7F3CB820D1F76298ABF5AED66262691A2F3650379DD6F91F2FF6F58BDF1781519004A9A6518D70F509BA4A71307484107E3EF75ADCAAAE0D284871E64FA
Malicious:false
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......(...l.d.l.d.l.d.e...d.d.W.g.d.d.W.`.g.d.W.e.h.d.W.a.{.d...e.h.d...e.a.d.l.e.|.d...a...d...d.m.d.....m.d.l..m.d...f.m.d.Richl.d.........PE..L....3.[...........!......+.........M.+...... +....e..........................D...........@..........................$6.0... .=.,.....A.......................A..i...:5.T...................d;5......;5.@............ +..3...........................text.....+.......+................. ..`.rdata...H... +..J....+.............@..@.data....o...p@..h...R@.............@....gfids..L.....@.......@.............@..@.tls..........@.......@.............@....rsrc.........A.......@.............@..@.reloc...i....A..j....@.............@..B................................................................................................................................................................................................................

C:\Program Files (x86)\SADP\SADP\SADP User Manual.pdf

Download File
Process:C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exe
File Type:PDF document, version 1.5, 34 pages
Category:dropped
Size (bytes):1195972
Entropy (8bit):7.849151483573003
Encrypted:false
SSDEEP:
MD5:6103A1E62FACC8ADF7F072407CA42094
SHA1:430D52F05C61C74C7E7169627DF5B14DC883E07E
SHA-256:4FFEC56B8ACEC921CFB8629F369292C44BFA39018980000B18D88DA898E36D94
SHA-512:585962F573117C0CA92892455DE38B26491C7670C6637F4D80A15D0F05CADD1DE28C11B3623449107A75B9A60457834AB2179BAE9E494D7B6637219E320A85C5
Malicious:false
Reputation:low
Preview:%PDF-1.5..%......1 0 obj..<</Type/Catalog/Pages 2 0 R/Lang(zh-CN) /Outlines 173 0 R>>..endobj..2 0 obj..<</Type/Pages/Count 34/Kids[ 3 0 R 12 0 R 21 0 R 23 0 R 26 0 R 32 0 R 35 0 R 38 0 R 39 0 R 40 0 R 42 0 R 43 0 R 44 0 R 45 0 R 47 0 R 48 0 R 49 0 R 51 0 R 52 0 R 53 0 R 55 0 R 56 0 R 57 0 R 58 0 R 59 0 R 60 0 R 61 0 R 142 0 R 146 0 R 151 0 R 155 0 R 160 0 R 165 0 R 170 0 R] >>..endobj..3 0 obj..<</Type/Page/Parent 2 0 R/Resources<</Font<</F1 5 0 R/F2 7 0 R/F3 10 0 R>>/XObject<</Image9 9 0 R>>/ProcSet[/PDF/Text/ImageB/ImageC/ImageI] >>/MediaBox[ 0 0 595.32 841.92] /Contents 4 0 R/Group<</Type/Group/S/Transparency/CS/DeviceRGB>>/Tabs/S>>..endobj..4 0 obj..<</Filter/FlateDecode/Length 449>>..stream..x....n.0......<...").......a.i.!(.^..M;..'{.:.q"..}.~.DR.u.\.cpX......<a4H.a}.6....}.|....ms]..Q.N.......m.#...,..........)...w........bC..xF...4#.....1...Y.8.c.P*=DN.*=X6......U.!a.J...U.z6...JV..+Y"L.. 1#.;T].H:.:.Q@$.(.......3....O%s..5.-..{..{...L.v6..K<.eLIOu..].t..3.bB.t.

C:\Program Files (x86)\SADP\SADP\SADP User Manual_ZX.PDF

Download File
Process:C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exe
File Type:PDF document, version 1.5, 2 pages
Category:dropped
Size (bytes):946412
Entropy (8bit):7.777264221865876
Encrypted:false
SSDEEP:
MD5:EAC56C0D1DD1A33393C4F977A3700749
SHA1:8D1EC09BC23E73893075CB12A6222B2D275947DF
SHA-256:F9FB2EA5E82918A4D61FCD93AB7AEA57472A19AF5EDB2BEC4DBFF454A2BCD897
SHA-512:0FE0464C175152753CAA29F9AFF77F5064F54BCB717D59A46ACAF2D28884C1469315980AC84079DAEB64B50F431E10D5874EEB08D38071E56FB455CB9E6D1DA7
Malicious:false
Reputation:low
Preview:%PDF-1.5.%......9 0 obj.131027.endobj.6 0 obj.<</Type/XObject./Subtype/Image./Width 2480./Height 3508./Filter /FlateDecode/BitsPerComponent 8./ColorSpace 8 0 R /SMask 7 0 R /Length 9 0 R.>>.stream.x..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\SADP\SADP\SADPTool.exe

Download File
Process:C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exe
File Type:PE32 executable (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):2144768
Entropy (8bit):5.662159475440264
Encrypted:false
SSDEEP:
MD5:C401148FE41B277C34364DE4E8F39BCB
SHA1:AA85521F819455ACC98DEA546112E6AD6A00E9F9
SHA-256:775E7FA752693F700452A173DF115938CEC4FBE03F74D88970478CC1727B8D6B
SHA-512:5FDE1D3D7FA38662C168856524D19540DDBCE5427FC0B4D65AD3E711C1BA502DC6EE55FCEAE09A5743B597D4BC44E4C05ED3A39C5FB8B62D3671D792C24DCC49
Malicious:true
Reputation:low
Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$.......`.`f$..5$..5$..5...4!..5...4)..5...4 ..5...4...5...5&..5...5,..5-..56..5...4%..5...4*..5...4&..5.y.5&..5...5&..5)..5#..5$..5...5...4H..5...4%..5...5%..5$.5%..5...4%..5Rich$..5........PE..L...V..e.............................,............@........................... .....Z.!...@.............................'.......D........v............ ..(...@...{......8...................t.......(...@................$...........................text............................... ..`.rdata..............................@..@.data....'.......$..................@....idata.............................@..@.gfids..m............f..............@..@.tls.................h..............@....00cfg...............l..............@..@.rsrc....v.......x...n..............@..@.reloc.......@......................@..B................................................................................

C:\Program Files (x86)\SADP\SADP\Sadp.dll

Download File
Process:C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exe
File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:dropped
Size (bytes):1673728
Entropy (8bit):6.714636480819867
Encrypted:false
SSDEEP:
MD5:728837FDC4A8D14366F886DA71997D0C
SHA1:087C8DFCEE3ED3DB4D7E3497FDEFD708E5618818
SHA-256:B6DD044327A1C9A413A807752218F8B8446CDDB54B73061B60FB81789AD25A2F
SHA-512:A728413C1795D86B431E9C9D10E45404AE8F8C1D85FC20254E055319DC3B96340D5F51F0D233D3055EFF725DC9AFE5F22EA98D21F3B906216CB4CC2B8603B05B
Malicious:false
Reputation:low
Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........]T..<:.<:.<:.....<:..m..<:..m...<:..m..}<:.n..<:.!...<:.n..<:.D..<:.<;.Y<:.n...<:.n..<:.n..<:.<..<:.n..<:.Rich.<:.........................PE..L....pcd...........!.........&t......\.......................................`............@.........................`P......xS.......`.......................p.. .......8...........................@...@...............T............................text............................... ..`.rdata...T.......V..................@..@.data.....m..p...P...P..............@....rsrc........`......................@..@.reloc.. ....p......................@..B........................................................................................................................................................................................................................................................................

C:\Program Files (x86)\SADP\SADP\Setup.xml

Download File
Process:C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exe
File Type:XML 1.0 document, ASCII text, with CRLF line terminators
Category:modified
Size (bytes):361
Entropy (8bit):4.731035977719306
Encrypted:false
SSDEEP:
MD5:DE6F260F51D40A3A633F713C5F0D219D
SHA1:85BE9BF5F1D316EEE618B88F4CF46C655278685E
SHA-256:7F0C5540DD32A0216BF6E0D17619283D2AD675FE80B72FD9D5EED40E77CF78DB
SHA-512:FA93600050B910F68ABACBB1FAA97754D8E7B078A1255F6E5755DA25A7EE241887987C7B4BFAEC3070CD6E35B361397B17EA5DBA88D3DEE1416DC42256C4AEA2
Malicious:false
Reputation:low
Preview:<?xml version='1.0' encoding='UTF-8'?>..<Configs>..<Translator>..<Value>0</Value>..</Translator>..<LogLevel>..<Value>0</Value>..</LogLevel>..<VersionType>..<Value>0</Value>..</VersionType>..<Type>..<Value>0</Value>..</Type>..<Skin>..<Value>BlackRedSkin</Value>..</Skin>..<Filter>..<Value>0</Value>..</Filter>..<Area>..<Value>Other</Value>..</Area>..</Configs>..

C:\Program Files (x86)\SADP\SADP\hpr.dll

Download File
Process:C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):116736
Entropy (8bit):6.42937079950737
Encrypted:false
SSDEEP:
MD5:AE369F96B50537C89904CA74B38CE6A5
SHA1:5F75AA54A3FBE42E01BA8867E280C354FE960C77
SHA-256:EC855B9D874D754A25752C7D1E6FE18E5F42721450D3C8D2AD3F46383A491D21
SHA-512:46B49093A6F9C27A1072D71F86B43938994CB5701A7861C3AAF9859C33710AAAA969AA660687D456A8B41AF67E9A89BC27D56FBF4E63C01F18FAF10F23919AC4
Malicious:false
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......>...zp.zp.zp.s.r.~p..?w.~p.s.t.sp.s.b.up.s.e.rp.zp...p.]...wp.s.k.Yp.s.s.{p.d"u.{p.s.p.{p.Richzp.........................PE..L....1.[...........!....."........... .......@...................................... .....@..........................q..9?..x[..........L............................C...............................O..@............@..l............................text.... .......".................. ..`.rdata...p...@...r...&..............@..@.data...............................@....rsrc...L...........................@..@.reloc..0".......$..................@..B................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\SADP\SADP\iVMSGUIToolkit.dll

Download File
Process:C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):3179520
Entropy (8bit):6.011391665120059
Encrypted:false
SSDEEP:
MD5:06EDBFEC17CDF7D5A4D5670E7D944FD0
SHA1:439CCB52059D060258F4ECB491DB828D8B532379
SHA-256:EEA40BFB7507217BDD671C05D7BB362FC191BBD20E7B589B741A8E6E57773D69
SHA-512:B0904670B5E183974D97DD0F32514C02E88259A355F230F6BB40DEB53AA161130D7F1DB6715F2C86EC7FD1C2361198634E814EA488209A8406B718B10B1F7592
Malicious:false
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......X.7..oY..oY..oY.....oY.'1Z..oY.'1]..oY.'1X..oY.'1\..oY......oY..1X..oY..oX..eY..1\.UnY..1Y..oY..1...oY..o..oY..1[..oY.Rich.oY.........PE..L.....*d...........!..........................................................0...........@...........................#.....TF+.,.....-.9........................... ...8...........................X...@.............+.T6...........................text...#........................... ..`.rdata..............................@..@.data...Hk....*..b....*.............@....idata.......+.......*.............@..@.qtmetad8.....-.......-.............@..P.gfids..s.....-.......-.............@..@.tls..........-.......-.............@....00cfg........-.......-.............@..@.rsrc...9.....-.......-.............@..@.reloc................-.............@..B........................................................................................

C:\Program Files (x86)\SADP\SADP\libcrypto-1_1.dll

Download File
Process:C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):2352128
Entropy (8bit):6.148794633310151
Encrypted:false
SSDEEP:
MD5:A9F223EA6BB906E5E046F443854DF617
SHA1:B330B5B7FA7172AA319B222A6B2DEF504095B0C0
SHA-256:78A67EE8ECD9CB70C666762D54766A49C96EC6E46EE8DCC7BBA7F6091799EF2A
SHA-512:DB963203BBE11F55D4E03AD474DE539762DECEFD3C8CC9E261E0018B02D93E3E02DA09D9441C717936558A466117ABB60D16D16B1DE02490E349FC9A8F47FCFC
Malicious:false
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........#K..pK..pK..p...pa..p...pU..p...p...p...pB..pK.~p...pF..p4..pF..pJ..pF..pJ..pF..pJ..pRichK..p........PE..L...E_.d...........!.........>.......L....... ................................$...........@..........................E ..h..XC#.d....`#.|....................p#.(...P+..8............................. .@............@#.X............................text...o........................... ..`.rdata....... ......................@..@.data...d.....".......".............@....idata..K....@#.......".............@..@.rsrc...|....`#.......".............@..@.reloc..)....p#.......".............@..B........................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\SADP\SADP\libssl-1_1.dll

Download File
Process:C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):675328
Entropy (8bit):5.856732529451982
Encrypted:false
SSDEEP:
MD5:BEB3AD39383153CE07D8067E23D170C1
SHA1:A9A3D92700C571A5C6952DAB46BBF9F410DEDBB5
SHA-256:72CCC02E9D97F10462B7CE6254EDD147BE99B7F838F8F45EE8E68C404CC0632D
SHA-512:1EEBEB9B2882F9ABEF0465FB745DE8B06C76C3E8F639EE52174CF92CEE579962B47F351816889BA192FAA6A9AFCEF85EDE74AF4EF7CEE469A8B9593369968C19
Malicious:false
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........S...2fU.2fU.2fUG.U.2fU.c.U.2fU.c.U.2fU.c.U.2fU.`.U.2fU.2gU.0fU.`.U.2fU.`.U.2fU.`.U.2fU.`.U.2fURich.2fU................PE..L...g_.d...........!......................................................................@..........................+...N......<....@..s....................P..DE..P...8...............................@............................................text............................... ..`.rdata..............................@..@.data... m.......J...j..............@....idata...@.......B..................@..@.rsrc...s....@......................@..@.reloc..}N...P...P..................@..B........................................................................................................................................................................................................................................................................

C:\Program Files (x86)\SADP\SADP\msvcp120.dll

Download File
Process:C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):455328
Entropy (8bit):6.698367093574994
Encrypted:false
SSDEEP:
MD5:FD5CABBE52272BD76007B68186EBAF00
SHA1:EFD1E306C1092C17F6944CC6BF9A1BFAD4D14613
SHA-256:87C42CA155473E4E71857D03497C8CBC28FA8FF7F2C8D72E8A1F39B71078F608
SHA-512:1563C8257D85274267089CD4AEAC0884A2A300FF17F84BDB64D567300543AA9CD57101D8408D0077B01A600DDF2E804F7890902C2590AF103D2C53FF03D9E4A5
Malicious:false
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......o...+.N+.N+.N.3wN).N+.N..Nm.aN(.Nm.cN#.Nm.]N..Nm.\Ne.Nm.YN-.Nm.`N*.Nm.gN*.Nm.bN*.NRich+.N........................PE..L....|OR.........."!.........................0.......................................x....@..........................W..L...<...<........................>.......D...................................K..@...............<............................text...<........................... ..`.data....^...0...0... ..............@....idata...............P..............@..@.rsrc................j..............@..@.reloc...D.......F...n..............@..B........................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\SADP\SADP\msvcp140.dll

Download File
Process:C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exe
File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:dropped
Size (bytes):440120
Entropy (8bit):6.655941426443587
Encrypted:false
SSDEEP:
MD5:D25C3FF7A4CBBFFC7C9FFF4F659051CE
SHA1:02FE8D84D7F74C2721FF47D72A6916028C8F2E8A
SHA-256:9C1DC36D319382E1501CDEAAE36BAD5B820EA84393EF6149E377D2FB2FC361A5
SHA-512:945FE55B43326C95F1EEE643D46A53B69A463A88BD149F90E9E193D71B84F4875455D37FD4F06C1307BB2CDBE99C1F6E18CB33C0B8679CD11FEA820D7E728065
Malicious:false
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......J.............!;......c....5..........5.....5......5......5...v..5.....5......5.....Rich...........................PE..L....KZW.........."!......................... .......................................O....@A.........................C.......R..,....................x..8?.......:.. g..8............................(..@............P......p@..@....................text...B........................... ..`.data....'... ......................@....idata.......P....... ..............@..@.didat..4....p.......6..............@....rsrc................8..............@..@.reloc...:.......<...<..............@..B........................................................................................................................................................................................................................................................

C:\Program Files (x86)\SADP\SADP\msvcr120.dll

Download File
Process:C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):970912
Entropy (8bit):6.9649735952029515
Encrypted:false
SSDEEP:
MD5:034CCADC1C073E4216E9466B720F9849
SHA1:F19E9D8317161EDC7D3E963CC0FC46BD5E4A55A1
SHA-256:86E39B5995AF0E042FCDAA85FE2AEFD7C9DDC7AD65E6327BD5E7058BC3AB615F
SHA-512:5F11EF92D936669EE834A5CEF5C7D0E7703BF05D03DC4F09B9DCFE048D7D5ADFAAB6A9C7F42E8080A5E9AAD44A35F39F3940D5CCA20623D9CAFE373C635570F7
Malicious:false
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......S9...XlA.XlA.XlA..A.XlA.XmA.XlAQ..A.ZlAQ..AvXlAQ..A!XlAQ..A.XlAQ..A.XlAQ..A.XlAQ..A.XlARich.XlA........PE..L....|OR.........."!................D............................................... .....@.........................`........R..(....p...................>......d]..@...8...........................H...@............P...............................text............................... ..`.data...4e.......V..................@....idata.......P......................@....rsrc........p.......0..............@..@.reloc..d].......^...4..............@..B................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\SADP\SADP\npf.sys

Download File
Process:C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exe
File Type:PE32 executable (native) Intel 80386, for MS Windows
Category:dropped
Size (bytes):36600
Entropy (8bit):6.496691324388439
Encrypted:false
SSDEEP:
MD5:25401B0C9576C8456B3E0BBD74FF0771
SHA1:C4F563342AB9EB4228E2C2A281A3FE68EDD5624E
SHA-256:BB569C99360A631850537DC2EDA0BF85D091CC30BD98B3FD2AC9DABDFB7741DA
SHA-512:51CF2B66202FA7498120951889B7700A030545DC59A2E0DDE305782A61CC1714E7E889DD8EDB11D47F3B7A4C86C23C33F64E0D75956045DC1B687D11AEB0670C
Malicious:true
Reputation:low
Preview:MZ......................@...................................`...........!..L.!This program cannot be run in DOS mode....$.......................................................................................................................................................................................................................................................................................................................................................................................................;..x...+...+...+X~.+|..+...+/..+...+x..+...+~..+X~.+t..+X~.+~..+X~.+~..+Rich...+................PE..L.....0Q.................W..........._.......T...............................p......F.......................................D_..P....f...............p.......k..,....U...............................W..@............T...............................text....O.......P.................. ..h.rdata.......T.......T..............@..H.data........Y.......Y..............@...INIT........._......._..

C:\Program Files (x86)\SADP\SADP\npf64.sys

Download File
Process:C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exe
File Type:PE32+ executable (native) x86-64, for MS Windows
Category:dropped
Size (bytes):36600
Entropy (8bit):6.293365115285525
Encrypted:false
SSDEEP:
MD5:DE7FCC77F4A503AF4CA6A47D49B3713D
SHA1:8206E2D8374F5E7BF626E47D56D2431EDC939652
SHA-256:4BFAA99393F635CD05D91A64DE73EDB5639412C129E049F0FE34F88517A10FC6
SHA-512:FDACE7EE2593FFE5724DB32F4BE62BB13AA1EC89E1E01C713D8C1E9891A5A0975D127450024C3388A987A35E546568ECDBCC60C185DC8F8B08CCEF67A084B20D
Malicious:false
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............}i.}i.}i.}h..}i...}i...}i...}i...}i...}i...}i.Rich.}i.................PE..d.....0Q.........."......V..........................................................9q......................................................d...P....................p...............a...............................................`...............................text....M.......N.................. ..h.rdata.......`.......R..............@..H.data...4....p.......X..............@....pdata...............^..............@..HINIT.................`.............. ....rsrc................h..............@..B.reloc..<............n..............@..B........................................................................................................................................................................................................................................

C:\Program Files (x86)\SADP\SADP\platforms\qminimal.dll

Download File
Process:C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):690688
Entropy (8bit):6.5362610079989185
Encrypted:false
SSDEEP:
MD5:40136163B59D80683E589B741A725372
SHA1:95CE6E3A8EA8B7460519C18BCD75748DB7C97D5F
SHA-256:408044B58567CAB9980C220ED1C8B9485A6A598E4AC5781860A5FDEF414C3230
SHA-512:31669E01BEB4B0FA2419EDC1428AEB916AB84B76841F52AB261158D98C415642541A48DA8090B581694646C3368249F22A1CB94C8B2197625B89595F61DDA8C4
Malicious:false
Reputation:low
Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......Z.6...XG..XG..XG...G..XG%.YF..XG%.[F..XG%.]F..XG%.\F..XGm.^F..XG..YF..XG..\F6.XGm.YF..XG..YG..XG..]F..XG..XF..XG..G..XG..ZF..XGRich..XG........................PE..L...:4.[...........!.....8...R.......7.......P............................................@.........................@...x.......@.......@........................;......T...........................8...@............P..T............................text....6.......8.................. ..`.rdata..F....P.......<..............@..@.data...L....P.......<..............@....qtmetad.....`.......D..............@..P.tls.........p.......F..............@....gfids..L............H..............@..@.rsrc...@............J..............@..@.reloc...;.......<...N..............@..B................................................................................................................................................

C:\Program Files (x86)\SADP\SADP\platforms\qoffscreen.dll

Download File
Process:C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):613376
Entropy (8bit):6.487165764933214
Encrypted:false
SSDEEP:
MD5:050AEB7243847B3BB5CB1174AE060DC4
SHA1:264F0BAFC4FDD7C286F82D61264F88C7B26C8FC8
SHA-256:730690B9EB086E26EBD0EB198357FCB49A658ACFDC824AB2FE81A59D7E0FC3B7
SHA-512:3960086C71FE79A1502937F7CB186E8B19FCB15FB7EBE10C9E98C504EE17484A0E34161E24C07E045CD299C05097E2D2C104269E07028853AAF60A57E64556DE
Malicious:false
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......!..{e..(e..(e..(l./(w..(^.)g..(..)g..(^.)b..(^.)q..(^.)n..(..)`..(e..(..(..)M..(..)m..(..)d..(..C(d..(..)d..(Riche..(........PE..L...F4.[...........!.....`..........g_.......p............................................@.............................x...H........p..@........................'......T...................d...........@............p...............................text....^.......`.................. ..`.rdata.......p.......d..............@..@.data...$....0.......$..............@....qtmetad.....@.......*..............@..P.tls.........P.......,..............@....gfids..L....`......................@..@.rsrc...@....p.......0..............@..@.reloc...'.......(...4..............@..B........................................................................................................................................................................

C:\Program Files (x86)\SADP\SADP\plugins\skins\CommonSkin.dll

Download File
Process:C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):1309696
Entropy (8bit):6.560037057984101
Encrypted:false
SSDEEP:
MD5:05097DE5C51C02556F3528AA918875E2
SHA1:10840B2B0C4FF6637422FF2EA86E8F8D697AF482
SHA-256:9346E3129830C0085D3DBB5A3C2DBF500520B1B8A79A9B7826D5B52ACE60C7F8
SHA-512:75A3E24BD11DF200F0C08AAE0E759508D9DAB2F6DC3E545B12E01A2865DA1D26D8568BF38F689AB731DD52C9ADFE6E50B0FCFCE38EC2ED13C0848F73185310A8
Malicious:false
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........S...S...S...Z...W...h..Q...h..Q...h..B...h..X....j].Q......P...S..........W......R.....i.R......R...RichS...........PE..L......e...........!.....n..........<........................................p............@.........................0.......8...x....@..<....................P.........8...........................(...@...............8............................text....l.......n.................. ..`.rdata...P.......R...r..............@..@.data...............................@....idata..............................@..@.qtmetad............................@..P.gfids..s...........................@..@.tls......... ......................@....00cfg.......0......................@..@.rsrc...<....@......................@..@.reloc..a....P......................@..B................................................................................................

C:\Program Files (x86)\SADP\SADP\plugins\styles\CommonStyle.dll

Download File
Process:C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):53760
Entropy (8bit):3.810279482469811
Encrypted:false
SSDEEP:
MD5:10B7500D4BAE79F4EA3EED44F4A3892A
SHA1:9B9FC694F63D97C15595851140BA855E98339BF3
SHA-256:B8C4A53DB855C99C4BD32CADE83F82129162A7F13CBD26BBFBCFBCCE0C53B792
SHA-512:2CF4832E3C4D87F0365D75A82CEFDD319CF99398C197C2CDB58FBA50F33F0D1A2AA44AC1D88BC52A3C97BD565A3CDA383DC4DFF891460EDFB8DD3177699DF38C
Malicious:false
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......._.Tp..:#..:#..:#...#..:# .;"..:# .9"..:# .?"..:# .>"..:#...#..:#..;"..:#..;#w.:#..?"..:#..:"..:#...#..:#..8"..:#Rich..:#................PE..L......e...........!.....p...d......F........................................@............@................................,........ ..<....................0......@...8...........................x...@...............,............................text...so.......p.................. ..`.rdata...#.......$...t..............@..@.data...h...........................@....idata..0...........................@..@.qtmetad............................@..P.gfids..s...........................@..@.tls................................@....00cfg..............................@..@.rsrc...<.... ......................@..@.reloc..$....0......................@..B........................................................................................

C:\Program Files (x86)\SADP\SADP\sqldrivers\qsqlite.dll

Download File
Process:C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):830464
Entropy (8bit):6.684402986837529
Encrypted:false
SSDEEP:
MD5:EFE3D629B10B452BC6C2E1B1AF3FF0B3
SHA1:7E04AAA8587569BE5B9BD7B4C40F562A39BCC92A
SHA-256:69D663DF501D6C31F969A897F60986D35262DAE40496A8FEAAE1B70BAE1F343C
SHA-512:4FA27D1C638811521EBB91B198CDC1A6D824EF8BC1D974975E11B67D9EEAB7F0F5D6FE136720BB5956E1A28C7E4C7FBFABD64DA9926E81E9FD05A4FC5F763345
Malicious:false
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........~.>...m...m...m.g8m...m.A.l...m.}.l...m.A.l...m.A.l...m.A.l...m.A.l...m...m...m.A.l...m.A.l...m.A.l...m.ATm...m.A.l...mRich...m........................PE..L...E4.[...........!....."..........)*.......@............................... ............@..........................#..t...D$..........8........................T..@...T...............................@............@...............................text.... .......".................. ..`.rdata.......@.......&..............@..@.data........`.......8..............@....qtmetad.............L..............@..P.gfids..L............N..............@..@.tls.................P..............@....rsrc...8............R..............@..@.reloc...T.......V...V..............@..B........................................................................................................................................................

C:\Program Files (x86)\SADP\SADP\sqldrivers\qsqlmysql.dll

Download File
Process:C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):51712
Entropy (8bit):6.211229516874057
Encrypted:false
SSDEEP:
MD5:4F36BA5155D6A5D9C8061CAA8E7B6E4A
SHA1:54A4A7A842948D7913C65124103AF4E023E37A53
SHA-256:D1DD3A2E2D4CFF0AFC41DF6F0924542AC165200E742430197B533F641A0E200F
SHA-512:5AB5DBF79A772A730E14B1AA7CD36FD32105DC33C07453D1C7F523A768EBD4ABCE5D4501D62F8AAC81627DF8A4097176789D9BA10DC73CCA6C5CA5900F75CB65
Malicious:false
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r.|.6...6...6...?..2.......4...E...4.......4.......".......=...-...4......3...6..........5......7......7......7...Rich6...........................PE..L...@4.[...........!.....f...d......Il.......................................0............@.........................0...x...............@.................... ..P... ...T..........................x...@............................................text....d.......f.................. ..`.rdata...D.......F...j..............@..@.data...............................@....qtmetad............................@..P.gfids..L...........................@..@.tls................................@....rsrc...@...........................@..@.reloc..P.... ......................@..B........................................................................................................................................................

C:\Program Files (x86)\SADP\SADP\sqldrivers\qsqlodbc.dll

Download File
Process:C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):68096
Entropy (8bit):6.324099414525529
Encrypted:false
SSDEEP:
MD5:AC09A63BA4EFAE4F8F590FA8A6043C36
SHA1:CB3B7596A93CF0FDD7A466F61181EBD8548CA5B1
SHA-256:747E90267317BF5E35FD396FB909C03A1807E6DC88DFC2A1CC3804B46B4E5C3E
SHA-512:324BA3F4B2AE6836703537A60A27C054ACF55E4A13B9D02EFA9E4925DF15D06CF50B977B4933A9C8FEC1B26773E5253667CEAA3957239B71FD8F14009BC0F72B
Malicious:false
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........M..,...,...,...T...,...r...,...r...,...r...,...r...,...N...,...r...,...,...-...r...,...r...,...rp..,...r...,..Rich.,..................PE..L...@4.[...........!.........l...............................................`............@.............................x...h........@..@....................P..........T...........................8...@...............t............................text............................... ..`.rdata..(K.......L..................@..@.data...............................@....qtmetad............................@..P.gfids..L.... ......................@..@.tls.........0......................@....rsrc...@....@......................@..@.reloc.......P......................@..B........................................................................................................................................................................

C:\Program Files (x86)\SADP\SADP\sqldrivers\qsqlpsql.dll

Download File
Process:C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):56320
Entropy (8bit):6.25854852413118
Encrypted:false
SSDEEP:
MD5:3C139E9FAFB7706D32D3D7F7A633CC77
SHA1:10C7AA40C40F4EE66116B171E05CEA759D774CEB
SHA-256:EEEAF706A8A3959234E5FA2940B66CA1FD007AA05EE3479A26B26E1F01F3BA85
SHA-512:B519DB790B5EABF06FC2C10476B6C907BBD6D1A64B65C11D5B299C8998A11DC38DFA530CE4A6FFC282237BBE6C2301FA689486C3BCD6B6E6F902EEA20083F17D
Malicious:false
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........V...7...7...7...i...7...U...7...i...7...i...7...i...7...O...7...i...7...7...6...i...7...i...7..ziq..7...i...7..Rich.7..........PE..L...?4.[...........!.....f...v.......n.......................................@............@.........................0...x............ ..@....................0..P......T...........................(...@............................................text....e.......f.................. ..`.rdata...T.......V...j..............@..@.data... ...........................@....qtmetad............................@..P.gfids..L...........................@..@.tls................................@....rsrc...@.... ......................@..@.reloc..P....0......................@..B................................................................................................................................................................................

C:\Program Files (x86)\Tool Infomation\{7D9B79C2-B1B2-433B-844F-F4299B86F26E}\Setup.xml

Download File
Process:C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exe
File Type:XML 1.0 document, ASCII text, with CRLF line terminators
Category:dropped
Size (bytes):246
Entropy (8bit):4.7940926986832135
Encrypted:false
SSDEEP:
MD5:35D9C37930B28F823EDE00DCB4041F61
SHA1:1FEBFA0E62CE268EFB2FE9F4E228FA693E41A7EE
SHA-256:801D0FB44B7AD9B1BAC733A224E53E29E25199B9221C587C25379DBDBFF839A9
SHA-512:04EB30FF3522B01B9CE94F1B2E7AB405DCB39CC572CF478CCD1E937E0C9916476E527630392392C351D5E056D4C4BD10762BDC0517AE51D70DF52E636BD0FE45
Malicious:false
Reputation:low
Preview:<?xml version='1.0' encoding='UTF-8'?>..<Configs>..<Translator>..<Value>0</Value>..</Translator>..<LogLevel>..<Value>0</Value>..</LogLevel>..<VersionType>..<Value>0</Value>..</VersionType>..<Skin>..<Value>CommonSkin</Value>..</Skin>..</Configs>..

C:\Program Files (x86)\Tool Infomation\{7D9B79C2-B1B2-433B-844F-F4299B86F26E}\Uninstall.exe

Download File
Process:C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exe
File Type:PE32 executable (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):845312
Entropy (8bit):7.391210100445463
Encrypted:false
SSDEEP:
MD5:62D52D9600F031D6529973BFBAFA8AA0
SHA1:5BB9B9309F7FE4AE844C9A81BE522D3D723F9ADC
SHA-256:66CB0E2BBBE17C8DF53FD3BC932EDF5D2308AD5895787C49A63382A78DEC7DEA
SHA-512:D9A02507D7ED30EB73F22163193748ACC0580712E5109C677771C958AC9F8416794B6D44FE171D7ACD6F48DE33EEFEE55B769D2207812DE7DF534F958A6BC8F7
Malicious:false
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................................................... CM.....j......o............j......o.....o.y.............o......Rich....................PE..L...g..e.................t...P.......A............@.......................... ....... ....@.....................................,....P...................(......L,..........................\...........@............................................text....r.......t.................. ..`.rdata...t.......v...x..............@..@.data...............................@....tls.........0......................@....gfids..X....@......................@..@.rsrc........P......................@..@.reloc..L,..........................@..B................................................................................................................................................................................................

C:\Program Files (x86)\Tool Infomation\{7D9B79C2-B1B2-433B-844F-F4299B86F26E}\translations\uninstall_en.qm

Download File
Process:C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exe
File Type:Qt Translation file
Category:dropped
Size (bytes):1781
Entropy (8bit):4.707356366822686
Encrypted:false
SSDEEP:
MD5:09618AAF55C59196A848AAFA80BC25A4
SHA1:A8759A5DB3E780761D28A89FC097304A4EB95728
SHA-256:4E46E049B95C7442783716F8A9FCC3DA9068B042AEABD780D16A6382F0C0491D
SHA-512:83E1ADE45141BB9533F2BDBED1C8A1D0EDBFA117D8C7167B6E0A651495547813EC4555B7F53988C48D23B234DB5EFF04ABBFAC2A6FC218B1F3B2BF841D3AD958
Malicious:false
Reputation:low
Preview:<.d....!..`...B......LD...3...V...X...!...6.tB..............b.....~.r........I....}...........,...h...y...L.d.......................C..............5....z..@....6..RA....i...<......C.a.n.c.e.l..........UndoMerge.....InstallingUI.......U.n.i.n.s.t.a.l.l. ..........BeganToUnloadWkJrSaJaAq.....QObject.......C.a.n.c.e.l..........Cancel.....QObject.....$.C.l.e.a.n.i.n.g. .r.e.g.i.s.t.r.y &..........ClearTheRegistryeuyqTkYHjj.....QObject.......C.o.n.f.i.r.m..........Confirm.....QObject.......C.r.e.a.t.e. .M.e.n.u..........CreateAMenulzLNyDH.....QObject.....$.D.e.l.e.t.i.n.g. .s.h.o.r.t.c.u.t &..........DeleteShortcutULXVgdVTs.....QObject.....*.C.o.n.f.i.r.m. .t.o. .u.n.i.n.s.t.a.l.l.?..........DetermineTheUninstalfYANYiIa.....QObject.......E.n.d..........End.....QObject.....*.I.n.s.t.a.l.l.i.n.g. .c.o.m.p.o.n.e.n.t &..........InstallingComponentsqpVUotjv.....QObject.....Z.T.h.e. .c.l.i.e.n.t. .i.s. .r.u.n.n.i.n.g... .E.x.i.t. .t.h.e. .c.l.i.e.n.t. .f.i.r.s.t............TheClientIsRunningP

C:\Program Files (x86)\Tool Infomation\{7D9B79C2-B1B2-433B-844F-F4299B86F26E}\translations\uninstall_zh.qm

Download File
Process:C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exe
File Type:Qt Translation file
Category:dropped
Size (bytes):1252
Entropy (8bit):5.638892338865044
Encrypted:false
SSDEEP:
MD5:30564271E4F98BC365C4CC4C0C723A16
SHA1:58161AB1CC2BC52AA32AB1CBEC401507E81B65F2
SHA-256:CA223CE9364EFD6BF5A0EA28BDC4ECA107E426492895D80EDC29DAFC1987B018
SHA-512:5B42788AD154843478A2E150E4C7C87A5D42622A70C6C885446660A265F53FDDEBDCFB49D82C9496A4C883AC3A0A893C6BF03EE7AA67AA278E13932091223DD3
Malicious:false
Reputation:low
Preview:<.d....!..`...B......LD.......V.......!.....tB..............b.....,.r.....p..I....i...........y...h.d.......................C..............5....,..@.......RA...ki...:.....S.m...........UndoMerge.....InstallingUI......_.Y.Sx.}..........BeganToUnloadWkJrSaJaAq.....QObject......S.m...........Cancel.....QObject......n.zzl.Q..h..........ClearTheRegistryeuyqTkYHjj.....QObject......xn[...........Confirm.....QObject......R.^...SU..........CreateAMenulzLNyDH.....QObject......R .d_.cwe._...........DeleteShortcutULXVgdVTs.....QObject......xn[.Sx.}..........DetermineTheUninstalfYANYiIa.....QObject......~.g_..........End.....QObject......kcW([...~.N...........InstallingComponentsqpVUotjv.....QObject......[.b7z.kcW(..L....QHQs..[.b7z...........TheClientIsRunningPrnptTrdtT.....QObject........{.g:_SRM^vg*[...kd.oN...........ThisSoftwareIsNotCurmXqDCfI.....QObject......Sx.}b.R.0...........Uninstalled.....QObject......Q.l.Q..h[.b...........WriteRegistryCompletyybNhJYd.....QObject......kcW(Q.l.Q..h.

C:\Program Files (x86)\Tool Infomation\{7D9B79C2-B1B2-433B-844F-F4299B86F26E}\zlib1.dll

Download File
Process:C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):69632
Entropy (8bit):6.788889282889975
Encrypted:false
SSDEEP:
MD5:F79601C1385358333070D32918340F19
SHA1:F40C2FB778075F062D5301F4A06757E9D355318E
SHA-256:483C6645C6580EAEBD385AA2C2D2CD54E7FB929DD8642AD1DC07F7EE168E4EE2
SHA-512:0BF630272AC40B937E726C817EB01EEEDF13BD42DAD6EC0C587C994BD08EB06742F2DF36C8B47D0625C85A15295CC760B71562C66113A27E127A71A560BA383B
Malicious:false
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6..Xr...r...r...U^..p...{.q.q...r...\.....t.w...{.w.q...{.f.p...{.a.o...{.p.s...l.v.s...{.s.s...Richr...................PE..L...T.Y[...........!.........`....................LZ.........................@..........................................|.......<.... ..,....................0..........................................@............................................text............................... ..`.rdata..,O.......P..................@..@.data...`...........................@....rsrc...,.... ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................................................................................................................................

C:\SadpLog\SdkLog_1_W.log

Download File
Process:C:\Program Files (x86)\SADP\SADP\SADPTool.exe
File Type:Non-ISO extended-ASCII text, with CRLF, LF line terminators
Category:modified
Size (bytes):20609
Entropy (8bit):5.349761730700014
Encrypted:false
SSDEEP:
MD5:C6415EDC967FE18945EDE09CA51EFCDA
SHA1:B37723B17896F016E01881DA9AC43433DE46D30D
SHA-256:FADBA8EA501D2470B5F3C6893EA6F91EED3B13F1088DA7A61BDFE92F7078485B
SHA-512:D188F821CD72A2FCD5BB5B88163EEE1B860444B86914898F5A09F558D7150E09E2B7CC0EBD7021CAD4B8DDF227AF6846492EF1DAD74BF1D778038CB23EE9E55D
Malicious:false
Reputation:low
Preview:[2023-10-02 15:51:26.884][INF] The HCSADPSDK Version is 4.3.1.15 build20230515..[2023-10-02 15:51:26.884][INF] WinPcap version 4.1.2 (packet.dll version ), based on libpcap version 1.0 branch 1_0_rel0b (20091008)..[2023-10-02 15:51:26.914][ERR] [CSADPGlobalCtrl::Init] Adapter number is [1]..[2023-10-02 15:51:26.944][ERR] [CIOEthernet::Init] m_wAdapterIndex[0], pPcapHandle[0], syserr[20], szErrbuf[Error opening adapter: The system cannot find the device specified. (20)], szAdapterName[//Device//NPF_{6B7BA02A-9C11-4C35-8986-0817ACB345E6}]..[2023-10-02 15:51:26.944][ERR] [CSadpService::Start] m_IoEthernet.Init() failed!..[2023-10-02 15:51:26.944][INF] [CIOMulticast::CreateServerSocket] Bind IP[192.168.2.2]..[2023-10-02 15:51:26.944][INF] [CIOMulticast::CreateServerSocket] Join IP[192.168.2.2]..[2023-10-02 15:51:26.944][INF] [CIOMulticast::CreateServerSocket] Create server success, m_hUdpServer[1080] LocalIp[192.168.2.2]..[2023-10-02 15:51:26.944][DBG] [CSADPGlobalCtrl::Init]Start Adapter

C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\API-MS-Win-core-xstate-l2-1-0.dll

Download File
Process:C:\Users\user\Desktop\SADP.exe
File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:dropped
Size (bytes):2560
Entropy (8bit):3.553306613801888
Encrypted:false
SSDEEP:
MD5:9E683825EAE3B6375CBD63623196BE96
SHA1:1B30500A36883BF7E3EB63476E6B49151D51AF78
SHA-256:CBD3FEF707ABF622B150DB1D10B5443264EB6DA8F4D7AA2ADC97C50A22D4D594
SHA-512:C4316F38ECC0BBF3ADCF1C2B67CE79453C0C292AA2D0637BF400BC10A1751E595885083C79023BE58BD1953A5E30D8E6EBEF4B4AF849F680ADBCB9E5AE820C11
Malicious:false
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L.....}B...........!......................... ...............................0......_.....@.......................................... ..................................T............................................................................text............................... ..`.rsrc........ ......................@..@......}B........:...T...T.........}B........d.................}B....................RSDS.....}....o?.......api-ms-win-core-xstate-l2-1-0.pdb...........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02......................}B....d...............(...@...X...............)...X.......................D...u...............api-ms-win-core-xstate-l2-1-0.dll.CopyContext.kernel32.CopyContext.GetEnabledXStateFeatures.kernel32.GetEnabledXStateFeatures.GetXSt

C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppConfig.xml

Download File
Process:C:\Users\user\Desktop\SADP.exe
File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
Category:dropped
Size (bytes):721
Entropy (8bit):5.526411742503357
Encrypted:false
SSDEEP:
MD5:F000EFEDA30B93CCAD559747BEFB4375
SHA1:F356115050FCBEE1F585C9C7EE560750E06AED81
SHA-256:55B408EF3C8435005F52ADB415016D8907A2691A6B8E434DF406E7EF1F4D81E7
SHA-512:A2CDF190AF5FEB4D662405EC03B2D47820E1A4F2ECBCDB807C7146F18893A3AF7CA33AFF9C61DF00071078BA3120E571A9F017EA90960BA89A7AB38D71857484
Malicious:false
Reputation:low
Preview:<?xml version='1.0' encoding='UTF-8'?>..<Configs>..<GUID>{7D9B79C2-B1B2-433B-844F-F4299B86F26E}</GUID>..<Translator>0</Translator>..<VersionType>0</VersionType>..<SoftwareNameEN>SADP</SoftwareNameEN>..<SoftwareNameCH>......</SoftwareNameCH>..<Version>3.1.1.5</Version>..<CompanyName>Hangzhou Hikvision Digital Technology Co., Ltd.</CompanyName>..<LegalCopyright>Hangzhou Hikvision Digital Technology Co., Ltd. All Rights Reserved.</LegalCopyright>..<InstallPath>C:\Program Files (x86)\</InstallPath>..<ProgramName>SADPTool.exe</ProgramName>..<SettingFile>Setup.xml</SettingFile>..<Components>..<Component>..<Name>SADPTool</Name>..<FilePath>Tools/Tools.zip</FilePath>..</Component>..</Components>..</Configs>..

C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exe

Download File
Process:C:\Users\user\Desktop\SADP.exe
File Type:PE32 executable (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):1076224
Entropy (8bit):7.251809201434709
Encrypted:false
SSDEEP:
MD5:351C23EA9FBEE10E9E81889BCA867344
SHA1:2AB5A282A1DCA4E731085167025D999455F747EF
SHA-256:F475C3DC2592A45B79D66869BBECA789150D62C83C843A290C497FF31BDA1E53
SHA-512:92CA77E2FA175905C14DDAB548CDE30DC54F99256FA0BD61FCF209E84CE630E4C24918A1C40831B2EC093A7673405F41ACC8739923D5E8999DC4975A69BA0BD5
Malicious:true
Reputation:low
Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$............l..l..l.......l...o..l...h..l...m..l...i..l..r...l.\.m..l.Y.m...l..m.{.l.Y.i..l.\.i...l.\...l.....l.\.n..l.Rich.l.........................PE..L...{..e............................K-............@.......................................@..................................|.......................D...(... ...t..0...............................P...@............................................text...K........................... ..`.rdata..Hq.......r..................@..@.data........@.......$..............@....gfids..T....`.......4..............@..@.tls.........p.......6..............@....rsrc................8..............@..@.reloc...t... ...v..................@..B........................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\D3Dcompiler_47.dll

Download File
Process:C:\Users\user\Desktop\SADP.exe
File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:dropped
Size (bytes):3466856
Entropy (8bit):6.444422172074855
Encrypted:false
SSDEEP:
MD5:C5B362BCE86BB0AD3149C4540201331D
SHA1:91BC4989345A4E26F06C0C781A21A27D4EE9BACD
SHA-256:EFBDBBCD0D954F8FDC53467DE5D89AD525E4E4A9CFFF8A15D07C6FDB350C407F
SHA-512:82FA22F6509334A6A481B0731DE1898AA70D2CF3A35F81C4A91FFFE0F4C4DD727C8D6A238C778ADC7678DFCF1BC81011A9EFF2DEE912E6B14F93CA3600D62DDD
Malicious:false
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Q...0.X.0.X.0.X=.DX.0.X=.EX.0.X..DX.0.X..FX.0.X.0.X.0.X..@X.0.X..EX.0.X..AX.0.X..XX@0.X..BX.0.X..GX.0.XRich.0.X................PE..L...n..R...........!......1.........7.0.......1..............................`5.......5...@...........................1.u... .2.d.....2.@.............4.h<....2....p...............................h...@.............2. ............................text...%.1.......1................. ..`.data...<.....1..^....1.............@....idata........2.......1.............@..@.rsrc...@.....2.......1.............@..@.reloc........2.......2.............@..B........................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\HUIControl.dll

Download File
Process:C:\Users\user\Desktop\SADP.exe
File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:dropped
Size (bytes):3192320
Entropy (8bit):6.719197665476097
Encrypted:false
SSDEEP:
MD5:DC339048241F24341C9874ED8999EDDD
SHA1:9C849085836B7C6FCB460C3F0022849E197AD9BC
SHA-256:19695743C0FF729C35271BC325B00516B79518B2E4B2521E3B6F328EB68FA62C
SHA-512:7DB9D14304928611879D97B55CA1F40C083624A5020121B38935E6F34948EA129A42771AF9D6D5DA0BBFC6A3E9B481755601CC65D9420A1BA72A5F3F80C43B1F
Malicious:false
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........R...3...3...3...Kc..3...m...3...m...3...m...3...m...3....;..3..Um...3...3..88..Pm...3..Pm...3..Pm...3...3g..3..Pm...3..Rich.3..........PE..L.....~^...........!.....F...................`...............................01...........@.........................P."......_*.,.....-.h.....................-.....0...T...............................@............`...0...........................text...-D.......F.................. ..`.rdata..j[...`...\...J..............@..@.data........,..p....,.............@....qtmetad.....P-.......-.............@..P.tls.........`-.......-.............@....gfids..L....p-.......-.............@..@.rsrc...h.....-.......-.............@..@.reloc........-......"-.............@..B........................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\Json.dll

Download File
Process:C:\Users\user\Desktop\SADP.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):105984
Entropy (8bit):6.399080467694282
Encrypted:false
SSDEEP:
MD5:C8E9790804C73D029D0FE795CE9240F5
SHA1:A6B29342A86EFD4BDB90EF32D5693B52696103E2
SHA-256:E4C952560F6040B22C8CD4178AAC7FF4C79767E5ED61B244628006A553792A61
SHA-512:E0451DD4548326403A982C52718CDFFDFF681FF4BE3A013C899032D2513859983EFF40AAEB66E0CF7371849A84960B09C57D551745AA6CABB7A833F5A1E4D651
Malicious:false
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............gP..gP..gP...P.gP..dQ.gP..bQ.gP..cQ.gP..fQ.gP.h.P.gP..fP..gPW.nQ.gPW.gQ..gPR.P..gPW.eQ..gPRich..gP........................PE..L......[...........!.........................0............................................@..........................]...*..L...................................H....<..p...................L=.......<..@............0..|............................text............................... ..`.rdata..@g...0...h..................@..@.data...............................@....gfids..H...........................@..@.tls................................@....rsrc...............................@..@.reloc..H...........................@..B................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\Neuter.bat

Download File
Process:C:\Users\user\Desktop\SADP.exe
File Type:DOS batch file, ASCII text, with CRLF line terminators
Category:dropped
Size (bytes):1018
Entropy (8bit):5.031465220066799
Encrypted:false
SSDEEP:
MD5:13685E6E33D4844B45FEC77AB0EF294E
SHA1:C39ADF3C89D2774F8E0C27F9EC0E8AA658DC7176
SHA-256:6108BBE978F6EE276800BF4393C4E17BAC2DADF1DDBE6A0B057AF8E40D42176A
SHA-512:62838BCE302BB038EFB2073277D5CA4EDF3AFA9F52ED36D27DC7E5A50D692026DF289BE4440A01BAD92AD8216903DB5154FDBB56D643E1B83A0D6CECD2B50708
Malicious:false
Reputation:low
Preview:@echo off..CHCP 65001 > nul..setlocal enabledelayedexpansion....set "XMLFile=AppConfig.xml"..set "SearchText=<VersionType>0</VersionType>"..set "ReplaceText=<VersionType>1</VersionType>"....echo Option Explicit > "%temp%\replace.vbs"..echo. >> "%temp%\replace.vbs"..echo Dim oFS, oFile, sContents, sNewContents >> "%temp%\replace.vbs"..echo Set oFS = CreateObject("Scripting.FileSystemObject") >> "%temp%\replace.vbs"..echo Set oFile = oFS.OpenTextFile("%XMLFile%", 1) >> "%temp%\replace.vbs"..echo sContents = oFile.ReadAll >> "%temp%\replace.vbs"..echo oFile.Close >> "%temp%\replace.vbs"..echo sNewContents = Replace(sContents, "%SearchText%", "%ReplaceText%") >> "%temp%\replace.vbs"..echo Set oFile = oFS.OpenTextFile("%XMLFile%", 2) >> "%temp%\replace.vbs"..echo oFile.Write(sNewContents) >> "%temp%\replace.vbs"..echo oFile.Close >> "%temp%\replace.vbs"....cscript //nologo "%temp%\replace.vbs"....if %errorlevel% equ 0 (.. echo XML Success...) else (.. echo XML Fail...)....del "%temp%\

C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\Qt5Core.dll

Download File
Process:C:\Users\user\Desktop\SADP.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):4779008
Entropy (8bit):6.865277574087122
Encrypted:false
SSDEEP:
MD5:42D7AAEB93BDA58136ED5CC9ABD4F064
SHA1:9B872FECB7CB76F5B3D9F359CE7F1A7E371DE2E3
SHA-256:D5B4A5817A45661C0AC07A4B14B02CCA67ED3694A05D9843AD30189C79889A59
SHA-512:1576DA4C3130A35E2E1C8887683BDD712596D75CE4E2DFE3AE4739477021CE6201CDA1EEAFD7E5822F405C03E47DDC457030AF110418286259D2C4D7353674DE
Malicious:false
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........8.U.V.U.V.U.V.\..A.V..t..Q.V.n.U.Z.V.n.R.^.V.n.W.Q.V.n.S.L.V.&.P.V.V.&.W.F.V.U.W.~.V..R...V..S...V..V.T.V....T.V.U...T.V..T.T.V.RichU.V.........PE..L....2.[...........!......#..&%.....I.".......$....g.........................pI...........@...........................A..6.. 9G.......H.......................H.$U....>.T...................T.>.......>.@.............$..............................text.....#.......#................. ..`.rdata..vF#...$..H#...#.............@..@.data....}...`G..N...>G.............@....tls..........G.......G.............@....gfids..0.....G.......G.............@..@.rsrc.........H.......G.............@..@.reloc..$U....H..V....G.............@..B................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\Qt5Gui.dll

Download File
Process:C:\Users\user\Desktop\SADP.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):4969472
Entropy (8bit):6.775729130276001
Encrypted:false
SSDEEP:
MD5:C4FDB471E4964FA3936FB2456D883C24
SHA1:95CC1F4288D59C015C5185C181E94CFF1F8F6BE0
SHA-256:6A2BF3AD9CAEEC71FF5FBD187F5DB3337E4C99FA51E36EE039183B0AA610B22C
SHA-512:F3059081F3859F87DFBC1418C57673144666BBEC8EF775E026717F5DB2DA764C9E8821B1AF16CA2C0BD71E78A1800541C75B722677FCFE912CC3A7AE0EC68617
Malicious:false
Reputation:low
Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......?..]{...{...{...r...m...@..w...@..p...@......@..l......y......r...{........t......E......z.....{.z...{...z......z...Rich{...........................PE..L...d3.[...........!.....T+... ......O+......p+..............................PL...........@..........................90.`.....G.@....@J......................PJ......./.T...................D./......./.@............p+.X............................text....S+......T+................. ..`.rdata..4k...p+..l...X+.............@..@.data....:....H.......H.............@....gfids..L.... J.......I.............@..@.tls.........0J.......I.............@....rsrc........@J.......I.............@..@.reloc.......PJ.......I.............@..B........................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\Qt5PrintSupport.dll

Download File
Process:C:\Users\user\Desktop\SADP.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):267264
Entropy (8bit):6.832480181905301
Encrypted:false
SSDEEP:
MD5:553E74C8F2DBE12E24C1ADBC9F22EEC9
SHA1:BD995DB466790BBCA496F058BE93053EC2558A38
SHA-256:EBA41549FC77DE336ED8FAFB231767519FEC048AD398AFB6A713F1F28675D1C1
SHA-512:4E43C1C05E28E9C8532A90286F812522FDC235A5E4BA89D9D6EC297141D0F3993705C17C38AA4483A844A5AAEE558E6CAD045C5C74DB0AD088EA50295742BB4C
Malicious:false
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........p............ic.....O.....O.....O......O.....s....^O..........^O.....^O....[O.......g....^O....Rich...................PE..L....4.[...........!.........j...............................................`............@.........................P....k................................... ...3..0...T..............................@............................................text............................... ..`.rdata..............................@..@.data...............................@....gfids..L...........................@..@.tls................................@....rsrc...............................@..@.reloc...3... ...4..................@..B........................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\Qt5Qml.dll

Download File
Process:C:\Users\user\Desktop\SADP.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):2677248
Entropy (8bit):6.531567510123732
Encrypted:false
SSDEEP:
MD5:F3C69CD1C820FC25DE09CE252287D692
SHA1:6CF81C83372D99768AF2240A527C804EBB891260
SHA-256:467F0D008462FE290485ED9F8C32A38082CC85116FDA09404CC517D192841195
SHA-512:BE59AEA64AFB61B915581048436FB9A961D92DB25384DB595FBAF420FCEA839C827293FF340E8D4180F13405A33447D116FD6D8B268905651B72BF1AEEC8EA43
Malicious:false
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........%..K...K...K......K...H...K...O...K...J...K...N...K.4.J...K..J...K...J...K.4.N...K.4.K...K.1.....K......K.4.I...K.Rich..K.........PE..L......[...........!...............................f.........................0)...........@...........................!.(.....%.......'.......................'.....j .T...................Dk ......j .@............................................text............................... ..`.rdata..h...........................@..@.data...\.....&..x....&.............@....gfids..L....`'......0'.............@..@.tls.........p'......2'.............@....rsrc.........'......4'.............@..@.reloc.......'......:'.............@..B................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\Qt5Svg.dll

Download File
Process:C:\Users\user\Desktop\SADP.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):264704
Entropy (8bit):6.6636684897426255
Encrypted:false
SSDEEP:
MD5:3AEEBDAFA1A493E0CEC89D73D86E8109
SHA1:47D79ED696CC3C8565E9E204F72240F352DD7CC1
SHA-256:1588EBF440FA04D03825BFBFAA52FA7D535C8E67180C17DC5084A425B64A9FD1
SHA-512:2E0686C94260B98FF99283865E36CDD047C9D6A5B670E2FD88ABEC1BDD434347692AA1F62E2220E22645A5D11A8F69424EC1A47187E98F514D7C192EFF2B1CA3
Malicious:false
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...............................................................................d.................Rich............................PE..L.....[...........!.....^..........|f.......p.....f.........................P............@.............................h{..H>...................................8..@...T...............................@............p...............................text...;].......^.................. ..`.rdata...X...p...Z...b..............@..@.data...t...........................@....gfids..L...........................@..@.tls................................@....rsrc...............................@..@.reloc...8.......:..................@..B................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\Qt5Xml.dll

Download File
Process:C:\Users\user\Desktop\SADP.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):150016
Entropy (8bit):6.6009830975089185
Encrypted:false
SSDEEP:
MD5:7D9B6944DEB58114C57BDE814FC87A40
SHA1:AC3E7F3323548DF3C0917EDC1C7E6A5266CD361C
SHA-256:3F4D83315DE13B1E56478766B7DC3C43E57F24D9A68860DB41997A6926573861
SHA-512:A9342515EC85C8784ABFDCA1F17329438F233A87D81A758E914C98188A7087E6F826F0A8E6BD36800046E4CC6609166E836DD6764B59AC95D2EA51B5F283D293
Malicious:false
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............R...R...R..[R...R...S...R..S...R...S...R...S...R...S...R...S...R...R;..R...S...R...S...R..7R...R.._R...R...S...RRich...R................PE..L....2.[...........!.....t...........y.............a......................................@.........................`....\..<...x....`.......................p.........T...........................8...@............................................text....s.......t.................. ..`.rdata..p............x..............@..@.data........@......................@....gfids..D....P.......$..............@..@.rsrc........`.......&..............@..@.reloc.......p.......,..............@..B................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\Quazip.dll

Download File
Process:C:\Users\user\Desktop\SADP.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):188928
Entropy (8bit):6.68699800432738
Encrypted:false
SSDEEP:
MD5:F9466E1B752CF0520B33A94037E96A09
SHA1:B1BEC4DE5569A3744CCC54950F88D4AE16E373CD
SHA-256:A86FB52753D361FB01FF0B55CEF9FD32E8416CBC83BE5711D56CBFDC996D883E
SHA-512:7615DC10A2CAFFA7A56289ACE85B777019D1B99277CC12B0AAA0FD38C0EC9298709CB67959B552244749A2FB3E94A954E97562D32592DB370162CF7931B0B802
Malicious:false
Reputation:low
Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......................P.............e$......................&{...............@.....l..............l.......l......l.......i.<.......T.....l.......Rich............PE..L......^...........!.........................................................0............@..........................t...5..............0............................J...............................J..@............................................text............................... ..`.rdata..............................@..@.data...`...........................@....gfids..L...........................@..@.rsrc...0...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\Setup.xml

Download File
Process:C:\Users\user\Desktop\SADP.exe
File Type:XML 1.0 document, ASCII text
Category:dropped
Size (bytes):230
Entropy (8bit):4.7613035162483035
Encrypted:false
SSDEEP:
MD5:55ABD66389CB163B228BE6B2E08EB038
SHA1:59E8B84024D784D680230286B9C852F0D3952F8E
SHA-256:34CBBBB9DBFEDF72DB299B64342A9C5F7FE89AF4BE06E1D6A0142671BA5B3947
SHA-512:4D08D90AE6A2A9EEDCD9F5234CB09847DC62EC8F8417262346BC2B6DCEC2076BEAD8AF6DB504C82730D9294F6C002957128ED0F68FF0133538CA6B5649D07B8F
Malicious:false
Reputation:low
Preview:<?xml version='1.0' encoding='UTF-8'?>.<Configs>.<Translator>.<Value>1</Value>.</Translator>.<LogLevel>.<Value>0</Value>.</LogLevel>.<VersionType>.<Value>0</Value>.</VersionType>.<Skin>.<Value>CommonSkin</Value>.</Skin>.</Configs>

C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\Standard.bat

Download File
Process:C:\Users\user\Desktop\SADP.exe
File Type:DOS batch file, ASCII text, with CRLF line terminators
Category:dropped
Size (bytes):1018
Entropy (8bit):5.031465220066799
Encrypted:false
SSDEEP:
MD5:D89BD87AD811A95D10A32F6780BA6F9B
SHA1:4B321031445237463727D960E0A507FDAF295325
SHA-256:3959E6546AC82B2D5DE22BCF5B6897BF890C355B09222BF92F8D856A20E4F97A
SHA-512:77358E9D7605E8DC9873B87A942B08340CA989323F0F7B12503A9C2B6EAF27C307157FC3DEC5E5104E36804EFD09FB65817CAC4D463A68BC1C0A50DBB05823CB
Malicious:false
Reputation:low
Preview:@echo off..CHCP 65001 > nul..setlocal enabledelayedexpansion....set "XMLFile=AppConfig.xml"..set "SearchText=<VersionType>1</VersionType>"..set "ReplaceText=<VersionType>0</VersionType>"....echo Option Explicit > "%temp%\replace.vbs"..echo. >> "%temp%\replace.vbs"..echo Dim oFS, oFile, sContents, sNewContents >> "%temp%\replace.vbs"..echo Set oFS = CreateObject("Scripting.FileSystemObject") >> "%temp%\replace.vbs"..echo Set oFile = oFS.OpenTextFile("%XMLFile%", 1) >> "%temp%\replace.vbs"..echo sContents = oFile.ReadAll >> "%temp%\replace.vbs"..echo oFile.Close >> "%temp%\replace.vbs"..echo sNewContents = Replace(sContents, "%SearchText%", "%ReplaceText%") >> "%temp%\replace.vbs"..echo Set oFile = oFS.OpenTextFile("%XMLFile%", 2) >> "%temp%\replace.vbs"..echo oFile.Write(sNewContents) >> "%temp%\replace.vbs"..echo oFile.Close >> "%temp%\replace.vbs"....cscript //nologo "%temp%\replace.vbs"....if %errorlevel% equ 0 (.. echo XML Success...) else (.. echo XML Fail...)....del "%temp%\

C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\Tools\Tools.zip

Download File
Process:C:\Users\user\Desktop\SADP.exe
File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
Category:dropped
Size (bytes):25037210
Entropy (8bit):7.9980936320946565
Encrypted:true
SSDEEP:
MD5:CA86A7D2BF9DD572AAD7850EC85C1A9E
SHA1:9F6986BAB91ED7E97ABD4E5F1717969944172B82
SHA-256:EAF4930668EAFB73A21A02725AFA5E42E6E8556B5EB73E7C77F5EEEB0B4C0E0D
SHA-512:DF479533EDCD54000A58458215D18D1FB252DEA6B643457ACEA72C1D62027723F470262DF754D41A29895C38EF675A4E384FB59B0641A8F8BB8FEE0B0B58ABAD
Malicious:false
Reputation:low
Preview:PK.........f5W]..J}...<.......ColumnConfig.xml...n.@...M...y+...j*.%.......c...X..}..Jz.M......?....\<4PV\.q.}...@.*..s.[.......;?P.....tw.4..i.r..GHO{u...a.I$38o..a........Pv.!T.J...)l.. t.J.K5o....*;..!..R..*5.}.r...d.Y..'P..[.F.D..u...3....0C.b...B./..,.R..u.c...4..Xu..dKW,.d?.....Zat..aUl.k.EM4+......y.00...l......v...........#..!......,!....p..X.Y...`...5\..A.9.'......z9 .<.m........ k../.O..........~.PK.........f5W[ J|.....D!.....HCCore.dll.{|.....\Z..MhK)P b....)....V.L[iu..U..y.J.:i)....uN7..V....6....%mY[P.T.U.V.n/..X.@......&'I....n$.{..{.../o\..I'I...B!I.#.\._..5..<.7..._.d.f....w.....{.>....?....K......{....Zn....w_5u.,U.;.v.7..Y..7...e_....k....\....k.z|..d.,..e....o.[....k...v...^.....v|S.4...w.w9.y.:9.\. .$.+.7,i/I..%.S3%...o.;.. C.d.`n.$%.P....q.N.. *...._...+m~I.,?.'u....i.n...< -X..v....B...hNT..|.i/..*.....].5.2.u...HR.U.k?...$.>..u.....w.....x4..l%t.'I........jX..CCW.3.f.e.....{...;......q.....G.N..L..)U...5.9w....$..p....

C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\Uninstall\Uninstall.zip

Download File
Process:C:\Users\user\Desktop\SADP.exe
File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
Category:dropped
Size (bytes):19038734
Entropy (8bit):7.99802761443637
Encrypted:true
SSDEEP:
MD5:137EC1D5501A92886E60BD7AFE31E2BA
SHA1:77447FA355196552D84E014D9F3BE3D4184D5F5E
SHA-256:90AC0BF31360612C76E1365A99E420D2FDE408CE4296C465811F4F30FDB928FA
SHA-512:13F941EB197BCC79F3244E351BD1D8E0E4DB3E42D612BCF9F43EF97F5092F43A9E05E9AD5166DDC5BF85B9A5EE793527FBB22987FE7FA24C60792967F36AE4F8
Malicious:false
Reputation:low
Preview:PK.........f5W.6...(...I.."...api-ms-win-core-console-l1-1-0.dll.\.8U..?.^..e....s..(......2_..`.E...2%.&.TJ...2.R!C4KT..(To~.....w..=g...:k...o....Q..A....y.....u...L.......J.Q....W.`......t......]...`?A/?AmSKA_.7..##...9...PA|.w....,.q)....E.cAn...I.g..AF.$........)D.`b...:.|...\.Z.FB......xQ....P.\P...d.tZ.AR........ .Fm......!C...Y.b. .E...&9......m.K..Y]O}q..}..f. +..YY...|q...Oe@...d:....?..1`.f.l5..q.^h. t.......?~A.>x....A.2.n..}&Cp..q...........c.X......B.Ea...3..E..aW[....@..N.%..xg@i...Q.B.4 [@I...M..f. =@..2.5.z.h.Z..............4....Q...(..u@..Q.vdK.....%.bj0t. V.Ax1.5?...@.>>..Z.r..O....aeVI...K-..*.......=?.Y.`b@0q.._..$...O0u_*...%:!x?b.r.\....^).Xn.k....$YQo...._.~.....++...,.\v:......',..}......./"..../p...Z.....@,`9'.E.,G,L...i...u.g.P.j.B._...r..:....L!..._]pM>.)..-./...w...[..P...t.....#B....< ]p...>..!.P.....\....Ysa.7..\.... ............hr...<..;.. .6..,....\...[...?..(.....?j....{.{.dm.v.C..J.Xc..wB.W..D....c..

C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-core-console-l1-1-0.dll

Download File
Process:C:\Users\user\Desktop\SADP.exe
File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:dropped
Size (bytes):18696
Entropy (8bit):7.075825777242229
Encrypted:false
SSDEEP:
MD5:AABBB38C4110CC0BF7203A567734A7E7
SHA1:5DF8D0CDD3E1977FFACCA08FAF8B1C92C13C6D48
SHA-256:24B07028C1E38B9CA2F197750654A0DFB7D33C2E52C9DD67100609499E8028DB
SHA-512:C66C98D2669D7A180510C57BAB707D1E224C12AB7E2B08994EB5FD5BE2F3DEE3DBDB934BCB9DB168845E4D726114BCE317045027215419D3F13DCFA0F143D713
Malicious:false
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L...x..d...........!......................... ...............................0.......z....@.............................+............ ...................=..............T............................................................................text...+........................... ..`.rsrc........ ......................@..@....x..d........;...T...T.......x..d........d...............x..d....................RSDS..1.1..(:p.../.....api-ms-win-core-console-l1-1-0.pdb..........T....rdata..T........rdata$zzzdbg.......+....edata... ..`....rsrc$01....` .......rsrc$02....................x..d....................(...`...............,...W...................G...o...............................D...s...............5...b...............................................api-ms-win-core-console-l1-1-0.dll.AllocConsole.kern

C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-core-datetime-l1-1-0.dll

Download File
Process:C:\Users\user\Desktop\SADP.exe
File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:dropped
Size (bytes):18184
Entropy (8bit):7.091874203755189
Encrypted:false
SSDEEP:
MD5:8894176AF3EA65A09AE5CF4C0E6FF50F
SHA1:46858EA9029D7FC57318D27CA14E011327502910
SHA-256:C64B7C6400E9BACC1A4F1BAED6374BFBCE9A3F8CF20C2D03F81EF18262F89C60
SHA-512:64B31F9B180C2E4E692643D0CCD08C3499CAE87211DA6B2B737F67B5719F018EBCACC2476D487A0AEB91FEA1666E6DBBF4CA7B08BB4AB5A031655BF9E02CEA9A
Malicious:false
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L.....YG...........!......................... ...............................0......_.....@.......................................... ...................=..............T............................................................................text............................... ..`.rsrc........ ......................@..@......YG........<...T...T.........YG........d.................YG....................RSDS....e...$3q.......api-ms-win-core-datetime-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02......................YG....P...............(...8...H...................t.......................api-ms-win-core-datetime-l1-1-0.dll.GetDateFormatA.kernel32.GetDateFormatA.GetDateFormatW.kernel32.GetDateFormatW.GetTimeFormatA.kernel32.GetTimeFormatA

C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-core-debug-l1-1-0.dll

Download File
Process:C:\Users\user\Desktop\SADP.exe
File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:dropped
Size (bytes):18184
Entropy (8bit):7.099985678218631
Encrypted:false
SSDEEP:
MD5:879920C7FA905036856BCB10875121D9
SHA1:A82787EA553EEFA0E7C3BB3AEDB2F2C60E39459A
SHA-256:7E4CBA620B87189278B5631536CDAD9BFDA6E12ABD8E4EB647CB85369A204FE8
SHA-512:06650248DDBC68529EF51C8B3BC3185A22CF1685C5FA9904AEE766A24E12D8A2A359B1EFD7F49CC2F91471015E7C1516C71BA9D6961850553D424FA400B7EA91
Malicious:false
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L....~.............!......................... ...............................0......Qf....@.......................................... ...................=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....~..........9...T...T........~..........d................~......................RSDS..' .I_^..lR..l.....api-ms-win-core-debug-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.....................~......P...............(...8...H...|...............q.......................api-ms-win-core-debug-l1-1-0.dll.DebugBreak.kernel32.DebugBreak.IsDebuggerPresent.kernel32.IsDebuggerPresent.OutputDebugStringA.kernel32.OutputDebugStri

C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-core-errorhandling-l1-1-0.dll

Download File
Process:C:\Users\user\Desktop\SADP.exe
File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:dropped
Size (bytes):18184
Entropy (8bit):7.119654047979734
Encrypted:false
SSDEEP:
MD5:D91BF81CF5178D47D1A588B0DF98EB24
SHA1:75F9F2DA06AA2735906B1C572DD556A3C30E7717
SHA-256:F8E3B45FD3E22866006F16A9E73E28B5E357F31F3C275B517692A5F16918B492
SHA-512:93D1B0D226E94235F1B32D42F6C1B95FADFAF103B8C1782423D2C5A4836102084FB53F871E3C434B85F0288E47F44345138DE54EA5F982CA3E8BBF2D2BEA0706
Malicious:false
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L....<b............!......................... ...............................0.......0....@.......................................... ...................=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....<b.........A...T...T........<b.........d................<b.....................RSDS....>.....j..C......api-ms-win-core-errorhandling-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.............<b.....n...............(...D...`...................4...f.......................'...J.....................api-ms-win-core-errorhandling-l1-1-0.dll.GetErrorMode.kernel32.GetErrorMode.GetLastError.kernel32.GetLastError.RaiseExcept

C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-core-file-l1-1-0.dll

Download File
Process:C:\Users\user\Desktop\SADP.exe
File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:dropped
Size (bytes):21768
Entropy (8bit):7.002529916127268
Encrypted:false
SSDEEP:
MD5:EEFE86B5A3AB256BEED8621A05210DF2
SHA1:90C1623A85C519ADBC5EF67B63354F881507B8A7
SHA-256:1D1C11FC1AD1FEBF9308225C4CCF0431606A4AB08680BA04494D276CB310BF15
SHA-512:C326A2CA190DB24E8E96C43D1DF58A4859A32EB64B0363F9778A8902F1AC0307DCA585BE04F831A66BC32DF54499681AD952CE654D607F5FDB93E9B4504D653F
Malicious:false
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L...s.(............!.........................0...............................@............@..........................................0...................=..............T............................................................................text............................... ..`.rsrc........0......................@..@....s.(.........8...T...T.......s.(.........d...............s.(.....................RSDS..c."....]3.9.O.....api-ms-win-core-file-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg............edata...0..`....rsrc$01....`0.......rsrc$02........s.(.............K...K.......D...p...6...`.......................?...l...............A...................6..._...................;...e............... ...I...n...............-...d...................*...g...............*...U...................M...

C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-core-file-l1-2-0.dll

Download File
Process:C:\Users\user\Desktop\SADP.exe
File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:dropped
Size (bytes):18184
Entropy (8bit):7.10604544921595
Encrypted:false
SSDEEP:
MD5:79EE4A2FCBE24E9A65106DE834CCDA4A
SHA1:FD1BA674371AF7116EA06AD42886185F98BA137B
SHA-256:9F7BDA59FAAFC8A455F98397A63A7F7D114EFC4E8A41808C791256EBF33C7613
SHA-512:6EF7857D856A1D23333669184A231AD402DC62C8F457A6305FE53ED5E792176CA6F9E561375A707DA0D7DD27E6EA95F8C4355C5DC217E847E807000B310AA05C
Malicious:false
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L....I.O...........!......................... ...............................0............@.............................L............ ...................=..............T............................................................................text...<........................... ..`.rsrc........ ......................@..@.....I.O........8...T...T........I.O........d................I.O....................RSDSyN'.;rC......l{.....api-ms-win-core-file-l1-2-0.pdb.........T....rdata..T........rdata$zzzdbg.......L....edata... ..`....rsrc$01....` .......rsrc$02.........I.O....@...................(...8...l...............`.......................api-ms-win-core-file-l1-2-0.dll.CreateFile2.kernel32.CreateFile2.GetTempPathW.kernel32.GetTempPathW.GetVolumeNameForVolumeMountPointW.kernel32.GetVolumeNameForVolumeMou

C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-core-file-l2-1-0.dll

Download File
Process:C:\Users\user\Desktop\SADP.exe
File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:dropped
Size (bytes):18184
Entropy (8bit):7.161194839446203
Encrypted:false
SSDEEP:
MD5:3F224766FE9B090333FDB43D5A22F9EA
SHA1:548D1BB707AE7A3DFCCC0C2D99908561A305F57B
SHA-256:AE5E73416EB64BC18249ACE99F6847024ECEEA7CE9C343696C84196460F3A357
SHA-512:C12EA6758071B332368D7EF0857479D2B43A4B27CEEAB86CBB542BD6F1515F605EA526DFA3480717F8F452989C25D0EE92BF3335550B15ECEC79E9B25E66A2CA
Malicious:false
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L...%..r...........!......................... ...............................0.......`....@.......................................... ...................=..............T............................................................................text...}........................... ..`.rsrc........ ......................@..@....%..r........8...T...T.......%..r........d...............%..r....................RSDS..Vf0....<...j\....api-ms-win-core-file-l2-1-0.pdb.........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02........%..r........................D...p...............#...P...................;...g...................<...m...............%...Z.........................api-ms-win-core-file-l2-1-0.dll.CopyFile2.kernel32.CopyFile2.CopyFileExW.kernel32.CopyFileExW.Crea

C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-core-handle-l1-1-0.dll

Download File
Process:C:\Users\user\Desktop\SADP.exe
File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:dropped
Size (bytes):18184
Entropy (8bit):7.108495536104711
Encrypted:false
SSDEEP:
MD5:18FD51821D0A6F3E94E3FA71DB6DE3AF
SHA1:7D9700E98EF2D93FDBF8F27592678194B740F4E0
SHA-256:DBA84E704FFE5FCD42548856258109DC77C6A46FD0B784119A3548EC47E5644B
SHA-512:4009B4D50E3CB17197009AC7E41A2351DE980B2C5B79C0B440C7FE4C1C3C4E18F1089C6F43216EAA262062C395423F3AD92CA494F664636FF7592C540C5EF89D
Malicious:false
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L...c..c...........!......................... ...............................0.......[....@............................._............ ...................=..............T............................................................................text..._........................... ..`.rsrc........ ......................@..@....c..c........:...T...T.......c..c........d...............c..c....................RSDS..:..z][....08d.....api-ms-win-core-handle-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg......._....edata... ..`....rsrc$01....` .......rsrc$02....................c..c....Z...............(...<...P...................A...|...............,.............api-ms-win-core-handle-l1-1-0.dll.CloseHandle.kernel32.CloseHandle.CompareObjectHandles.kernel32.CompareObjectHandles.DuplicateHandle.kernel32

C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-core-heap-l1-1-0.dll

Download File
Process:C:\Users\user\Desktop\SADP.exe
File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:dropped
Size (bytes):18184
Entropy (8bit):7.175349312442491
Encrypted:false
SSDEEP:
MD5:FF8026DAB5D3DABCA8F72B6FA7D258FA
SHA1:075C8719E226A34D7B883FD62B2D7F8823D70F1A
SHA-256:535E9D20F00A2F1A62F843A4A26CFB763138D5DFE358B0126D33996FBA9CA4D1
SHA-512:9C56FF11D5843BA09CD29E3BC6C6B9396926C6A588194193BA220CFA784B770AB6756076F16F18CFEA75B51A8184A1063EF47F63804839530382F8D39D5CF006
Malicious:false
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L...l7.............!......................... ...............................0............@.......................................... ...................=..............T............................................................................text............................... ..`.rsrc........ ......................@..@....l7..........8...T...T.......l7..........d...............l7......................RSDS..3.+.!u..m.m.......api-ms-win-core-heap-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02........l7..........................X...............2...Q...q.......................C...h...........................(...E...f.......................0..._...z...............................................api-ms-win-core-heap-l1-1-0.dll.GetProcessHeap.k

C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-core-interlocked-l1-1-0.dll

Download File
Process:C:\Users\user\Desktop\SADP.exe
File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:dropped
Size (bytes):18696
Entropy (8bit):7.081653532416814
Encrypted:false
SSDEEP:
MD5:CFE87D58F973DAEDA4EE7D2CF4AE521D
SHA1:FD0AA97B7CB6E50C6D5D2BF2D21D757040B5204A
SHA-256:4997FDA5D0E90B8A0AB7DA314CB56F25D1450B366701C45C294D8DD3254DE483
SHA-512:40EB68DEB940BBE1B835954183EEA711994C434DE0ABBDEA0B1A51DB6233A12E07827AD4A8639AE0BAF46DD26C168A775FFE606C82CBE47BAE655C7F28AB730B
Malicious:false
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L...`H.............!......................... ...............................0.......j....@.......................................... ...................=..............T............................................................................text............................... ..`.rsrc........ ......................@..@....`H..........?...T...T.......`H..........d...............`H......................RSDSR..*: H..*.2\.......api-ms-win-core-interlocked-l1-1-0.pdb..........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02................`H......................(...T...............L...............!...U...................1.......p...............@...s.................................api-ms-win-core-interlocked-l1-1-0.dll.InitializeSListHead.kernel32.InitializeSLis

C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-core-libraryloader-l1-1-0.dll

Download File
Process:C:\Users\user\Desktop\SADP.exe
File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:dropped
Size (bytes):19208
Entropy (8bit):7.068913871621595
Encrypted:false
SSDEEP:
MD5:0C48220A4485F36FEED84EF5DD0A5E9C
SHA1:1E7D4038C2765CFFA6D4255737A2A8AA86B5551C
SHA-256:2DD4EBAA12CBBA142B5D61A0EBF84A14D0D1BB8826BA42B63E303FE6721408DF
SHA-512:E09951785B09F535340E1E6C256DF1919485B4DAD302B30D90126411CC49A13807B580FA2FCD0D6F7B64AAC4F5B5EA3E250B66035A0E2F664D865408C9B43D48
Malicious:false
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L....A.............!......................... ...............................0......9.....@.......................................... ...................=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....A..........A...T...T........A..........d................A......................RSDS6..7....].8D........api-ms-win-core-libraryloader-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.............A......................(...........G...z...............-...\...................=...j...................(...I...k...............7...`...................O...r...............*...Y.......................=...^.......................

C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-core-localization-l1-2-0.dll

Download File
Process:C:\Users\user\Desktop\SADP.exe
File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:dropped
Size (bytes):20744
Entropy (8bit):7.082681710664215
Encrypted:false
SSDEEP:
MD5:23BD405A6CFD1E38C74C5150EEC28D0A
SHA1:1D3BE98E7DFE565E297E837A7085731ECD368C7B
SHA-256:A7FA48DE6C06666B80184AFEE7E544C258E0FB11399AB3FE47D4E74667779F41
SHA-512:C52D487727A34FBB601B01031300A80ECA7C4A08AF87567DA32CB5B60F7A41EB2CAE06697CD11095322F2FC8307219111EE02B60045904B5C9B1F37E48A06A21
Malicious:false
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L...c..@...........!......................... ...............................0......<H....@.......................................... ...................=..............T............................................................................text............................... ..`.rsrc........ ......................@..@....c..@........@...T...T.......c..@........d...............c..@....................RSDS......@..&...$&....api-ms-win-core-localization-l1-2-0.pdb.........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02................c..@....v.......;...;...(.......................<...f.......................5...]...................!...I...q...................N.............../...j.............../...^.................../...\...................8...`...........

C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-core-memory-l1-1-0.dll

Download File
Process:C:\Users\user\Desktop\SADP.exe
File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:dropped
Size (bytes):18696
Entropy (8bit):7.0982506606029165
Encrypted:false
SSDEEP:
MD5:3940167FFB4383992E73F9A10E4B8B1E
SHA1:53541C824003B0F90B236EDA83B06BEC5E1ACBF5
SHA-256:EC573431338371504B7B9E57B2D91382B856AABF25D2B4AD96486EFB794C198E
SHA-512:9732ACAA4DB773F4F99F423D9FEAEBB35C197BBD468922348E0AD086F7131D83F6D9714DC7D375183E7CB8920CFE37F3DA19B0041A9063CC60ABE183375B1929
Malicious:false
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L.....@p...........!......................... ...............................0............@.............................l............ ...................=..............T............................................................................text...l........................... ..`.rsrc........ ......................@..@......@p........:...T...T.........@p........d.................@p....................RSDS..?O.....Z..n....api-ms-win-core-memory-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg.......l....edata... ..`....rsrc$01....` .......rsrc$02......................@p....................(...h...........)...P...w...................C...g...................%...P...........B...g...................4...[...|...................=...................................api-ms-win-core-memory-l1-1-0.dl

C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-core-namedpipe-l1-1-0.dll

Download File
Process:C:\Users\user\Desktop\SADP.exe
File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:dropped
Size (bytes):18184
Entropy (8bit):7.158120561430464
Encrypted:false
SSDEEP:
MD5:990AC84AE2D83EEB532A28FE29602827
SHA1:0916F85CC6CC1F01DC08BDF71517A1DC1B8EAF78
SHA-256:DBD788B1C5694D65FA6F6E2202BFABB30ADF77EB1973CEB9A737EFB16E9EDAE2
SHA-512:F0E4705A6890B4F81B7D46F66CA6B8EE82F647E163BCE9ECAD11D0BBD69CAF4FF3C4F15E0D3F829C048B6849B99A7641861E6CAF319904D4D61A6084F10DA353
Malicious:false
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L......J...........!......................... ...............................0.......F....@.......................................... ...................=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.......J........=...T...T..........J........d..................J....................RSDS..f$..kY@..Q.r......api-ms-win-core-namedpipe-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02...................J....................(...P...x...............:...w...............O...y...............&...W...............=...j.......................api-ms-win-core-namedpipe-l1-1-0.dll.ConnectNamedPipe.kernel32.ConnectNamedPipe.CreateNamedP

C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-core-processenvironment-l1-1-0.dll

Download File
Process:C:\Users\user\Desktop\SADP.exe
File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:dropped
Size (bytes):19208
Entropy (8bit):7.0662742983613285
Encrypted:false
SSDEEP:
MD5:0C700B07C3497DF4863C3F2FE37CD526
SHA1:F835118244D02304DE9EB3A355420BA9D0BD9C13
SHA-256:9F1F26794FD664E0A8B6FBD53BFCA33DCF7B0DC37FAF3EB7782BC38DFF62CD8C
SHA-512:8042DBD9E80E33E41993887B0289E143E967544389500ADA9296B89BDA37BB26918E4F370F8A1BDAB8FAACC4E0A6980794D6A3B5320E170AD4EF751384C9F0A8
Malicious:false
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L..................!......................... ...............................0......{b....@.............................G............ ...................=..............T............................................................................text...G........................... ..`.rsrc........ ......................@..@................F...T...T...................d.......................................RSDSW.........$.~).....api-ms-win-core-processenvironment-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg.......G....edata... ..`....rsrc$01....` .......rsrc$02................................(...|.......B...............$...M...{...............P...................6...k.............../...(...e...............=...f...............8...q...............!...T............... ...........................

C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-core-processthreads-l1-1-0.dll

Download File
Process:C:\Users\user\Desktop\SADP.exe
File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:dropped
Size (bytes):20232
Entropy (8bit):7.089287949821804
Encrypted:false
SSDEEP:
MD5:1DDA9CB13449CE2C6BB670598FC09DC8
SHA1:0A91FE11B9A8321CA369F665A623270E5AC23176
SHA-256:4F187F1B4B14763360C325DF6B04D3EC3CC6D2CECC9B796BC52A6C7196B0B2CC
SHA-512:4E106C8A52033352C91B65CF65EC459DE764C125136333A2F4BA026EFDDE65F3F71B1F6F11E4C580150AC8A9779825BA5E2AF0E14DF999A198CFE244E522C28D
Malicious:false
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L....P.............!......................... ...............................0.......I....@.......................................... ...................=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....P..........B...T...T........P..........d................P......................RSDS...&^Z.....5.n~.....api-ms-win-core-processthreads-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.............P..............1...1...(...........K...x...............,...`...................C...q...............'...N...y..............."...I...{...............B...p...............,...c...............H...x...................9...S...p.......

C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-core-processthreads-l1-1-1.dll

Download File
Process:C:\Users\user\Desktop\SADP.exe
File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:dropped
Size (bytes):18696
Entropy (8bit):7.114763903791775
Encrypted:false
SSDEEP:
MD5:95C5B49AF7F2C7D3CD0BC14B1E9EFACB
SHA1:C400205C81140E60DFFA8811C1906CE87C58971E
SHA-256:FF9B51AFF7FBEC8D7FE5CC478B12492A59B38B068DC2B518324173BB3179A0E1
SHA-512:F320937B90068877C46D30A15440DC9ACE652C3319F5D75E0C8BB83F37E78BE0EFB7767B2BD713BE6D38943C8DB3D3D4C3DA44849271605324E599E1242309C3
Malicious:false
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L...Z..s...........!......................... ...............................0............@.......................................... ...................=..............T............................................................................text............................... ..`.rsrc........ ......................@..@....Z..s........B...T...T.......Z..s........d...............Z..s....................RSDS..j....O.m.h....api-ms-win-core-processthreads-l1-1-1.pdb...........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02............Z..s....................(...`...........-...l..........."...W...................N...................P...............F...q...............3...r...................................api-ms-win-core-processthreads-l1-1-1.dll.FlushInstr

C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-core-profile-l1-1-0.dll

Download File
Process:C:\Users\user\Desktop\SADP.exe
File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:dropped
Size (bytes):17672
Entropy (8bit):7.185434866879492
Encrypted:false
SSDEEP:
MD5:CEDEFD460BC1E36AE111668F3B658052
SHA1:9BD529FE189E0B214B9E0E51717BDF62F1DA44EA
SHA-256:F941C232964D01E4680E54AB04955EC6264058011B03889FE29DB86509511EBA
SHA-512:2C845642B054BC12C2911BFE2B850F06FECAFEF022180C22F6FFD670F821E84FCAD041C4D81DDADB781DDB36CB3E98DFE4EB75EC02B88306EF1D410CBB021454
Malicious:false
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L....-.............!......................... ...............................0......\8....@.......................................... ...................=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....-..........;...T...T........-..........d................-......................RSDS....M.h=.N...`....api-ms-win-core-profile-l1-1-0.pdb..........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.....................-......<...............(...0...8...w......._...........api-ms-win-core-profile-l1-1-0.dll.QueryPerformanceCounter.kernel32.QueryPerformanceCounter.QueryPerformanceFrequency.kernel32.QueryPerformanceFrequency....................

C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-core-rtlsupport-l1-1-0.dll

Download File
Process:C:\Users\user\Desktop\SADP.exe
File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:dropped
Size (bytes):17672
Entropy (8bit):7.1894145407335115
Encrypted:false
SSDEEP:
MD5:65FC0B6C2CEFF31336983E33B84A9313
SHA1:980DE034CC3A36021FD8BAFFF3846B0731B7068E
SHA-256:966A38ED7034F8D355E1E8772DFC92F23FB3C8A669780ED4AC3B075625D09744
SHA-512:F4EBC7A6D12AE6AFA5B96C06413A3438E1678B276B1517DA07D33912818FC863B4D35CB46280F12CF90E37BC93E3AB5E44EA6F75767A314C59222B7D397E5B6A
Malicious:false
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L.....?............!......................... ...............................0.......5....@.......................................... ...................=..............T............................................................................text............................... ..`.rsrc........ ......................@..@......?.........>...T...T.........?.........d.................?.....................RSDSMmC{Sj.6..m.........api-ms-win-core-rtlsupport-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02..................?.....F...............(...4...@...~...........l.................api-ms-win-core-rtlsupport-l1-1-0.dll.RtlCaptureContext.ntdll.RtlCaptureContext.RtlCaptureStackBackTrace.ntdll.RtlCaptureStackBackTrace.RtlUnwind.ntdll.RtlUnwind.

C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-core-string-l1-1-0.dll

Download File
Process:C:\Users\user\Desktop\SADP.exe
File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:dropped
Size (bytes):18184
Entropy (8bit):7.132820536291202
Encrypted:false
SSDEEP:
MD5:E7A266DD3A2A1E03D8716F92BEDE582D
SHA1:D4B97CE87C96DE1F39FEA97CCA3992D292B2C14E
SHA-256:339966AE75675A03F628C4DDD5D3218ABB36CBCF6DDCE83B88C07336D732B8AE
SHA-512:31168663FD71B901B1B9152FF288D4E1567003E5FCD1F1C9DFE36D26D2EB16B0932EC8CD34833DAB25531F768A01DE45C2483F92D4E79F92A89389C02BC05156
Malicious:false
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L...?%.............!......................... ...............................0.......p....@.......................................... ...................=..............T............................................................................text............................... ..`.rsrc........ ......................@..@....?%..........:...T...T.......?%..........d...............?%......................RSDSv..v0.M..-.~UP....api-ms-win-core-string-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02....................?%......x...............(...H...h...............)...O...x...........................>...i...........................api-ms-win-core-string-l1-1-0.dll.CompareStringEx.kernel32.CompareStringEx.CompareStringOrdinal.kernel32.Compare

C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-core-synch-l1-1-0.dll

Download File
Process:C:\Users\user\Desktop\SADP.exe
File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:dropped
Size (bytes):20232
Entropy (8bit):7.043571211492233
Encrypted:false
SSDEEP:
MD5:C1DCDB0FABC8AE671A7C7A94F42FB79A
SHA1:99355912D7A7D622753B2A855CAE4F5A4E50146F
SHA-256:CC76A4E82E0E0CD08DF3BB8F5AD57142305E0F666CC32599D76E363D0B43EFCB
SHA-512:6D92E7520AEEBFE60AAB43D6616B76A2DD385EDCAA217DB60003A0C0CBCB0E367063D240E38A19D0B8BEE2F2E7D4B982C4F08C8E9CCF34C7F670CB49F6561FFF
Malicious:false
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L.....^P...........!......................... ...............................0............@.............................V............ ...................=..............T............................................................................text...V........................... ..`.rsrc........ ......................@..@......^P........9...T...T.........^P........d.................^P....................RSDSu.J@z..Hd/..!+.d....api-ms-win-core-synch-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg.......V....edata... ..`....rsrc$01....` .......rsrc$02......................^P............)...)...(.......p.......1...c...................!...F...m...............$...X...........$...[.......................@...i...............!...Q.......................[...............7...........O...................

C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-core-synch-l1-2-0.dll

Download File
Process:C:\Users\user\Desktop\SADP.exe
File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:dropped
Size (bytes):18696
Entropy (8bit):7.137566982908939
Encrypted:false
SSDEEP:
MD5:6E704280D632C2F8F2CADEFCAE25AD85
SHA1:699C5A1C553D64D7FF3CF4FE57DA72BB151CAEDE
SHA-256:758A2F9EF6908B51745DB50D89610FE1DE921D93B2DBEA919BFDBA813D5D8893
SHA-512:ADE85A6CD05128536996705FD60C73F04BAB808DAFB5D8A93C45B2EE6237B6B4DDB087F1A009A9D289C868C98E61BE49259157F5161FECCF9F572FD306B460E6
Malicious:false
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L....>.............!......................... ...............................0......R.....@.............................v............ ...................=..............T............................................................................text...v........................... ..`.rsrc........ ......................@..@.....>..........9...T...T........>..........d................>......................RSDS...*YJe....X..Q....api-ms-win-core-synch-l1-2-0.pdb............T....rdata..T........rdata$zzzdbg.......v....edata... ..`....rsrc$01....` .......rsrc$02.....................>......................(...l...........R...................W...............&...b...............$...W.......6...w...............;...|...............H...................A.....................................api-ms-win-core-synch-

C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-core-sysinfo-l1-1-0.dll

Download File
Process:C:\Users\user\Desktop\SADP.exe
File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:dropped
Size (bytes):19208
Entropy (8bit):7.068425359116368
Encrypted:false
SSDEEP:
MD5:887995A73BC7DDE7B764AFABCE57EFE7
SHA1:363FD4E7AD4A57224E8410154697DF5E8629F526
SHA-256:F94210B39CDC812BEB7342A47E68673EA2116D0AD9266FCF8D7CEDAA9561FC38
SHA-512:D088EB1C6958774E20F0E2884136B4E2B978EFD16F557DBC55E64011ABBCE0768054F7E6D881C110182824143A39101FDAE273ED614738AA7BA5C727B27F6677
Malicious:false
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L...k-.\...........!......................... ...............................0.......t....@.............................E............ ...................=..............T............................................................................text...E........................... ..`.rsrc........ ......................@..@....k-.\........;...T...T.......k-.\........d...............k-.\....................RSDSo......j..f....B....api-ms-win-core-sysinfo-l1-1-0.pdb..........T....rdata..T........rdata$zzzdbg.......E....edata... ..`....rsrc$01....` .......rsrc$02....................k-.\....................(...........:...i...............N...................7...s...............+...M...r.............../...'...V...............:...k...................X............... ...?...d..............."...................

C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-core-timezone-l1-1-0.dll

Download File
Process:C:\Users\user\Desktop\SADP.exe
File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:dropped
Size (bytes):18696
Entropy (8bit):7.1338859952744516
Encrypted:false
SSDEEP:
MD5:C9A55DE62E53D747C5A7FDDEDEF874F9
SHA1:C5C5A7A873A4D686BFE8E3DA6DC70F724CE41BAD
SHA-256:B5C725BBB475B5C06CC6CB2A2C3C70008F229659F88FBA25CCD5D5C698D06A4B
SHA-512:ADCA0360A1297E80A8D3C2E07F5FBC06D2848F572F551342AD4C9884E4AB4BD1D3B3D9919B4F2B929E2848C1A88A4E844DD38C86067CACE9685F9640DB100EFB
Malicious:false
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L....}.............!......................... ...............................0......a9....@.............................E............ ...................=..............T............................................................................text...E........................... ..`.rsrc........ ......................@..@.....}..........<...T...T........}..........d................}......................RSDSfb.f.{....A...~}....api-ms-win-core-timezone-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg.......E....edata... ..`....rsrc$01....` .......rsrc$02.....................}......................(...\...........*...f...........C...............9.......................H...........%...j...............b.....................................api-ms-win-core-timezone-l1-1-0.dll.EnumDynamicTimeZoneInforma

C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-core-util-l1-1-0.dll

Download File
Process:C:\Users\user\Desktop\SADP.exe
File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:dropped
Size (bytes):18184
Entropy (8bit):7.101366386991871
Encrypted:false
SSDEEP:
MD5:29E1922B32E5312A948E6D8B1B34E2D9
SHA1:912F54BE8438F45E1562A47294091D522CD89356
SHA-256:34C5DEE6D566252C0CEB7D9A21E24D5F297AF2B26C32E0C7808BBD088AA9A6A9
SHA-512:837CD03EE0195DC94BAB0662FF3B8CD1BE2DEDD8A3254318D25DFEA6E88D07211186FA367F41AB864560E10A22220DEB3ED05CCF82D60AC80C71DFED08AFBEA3
Malicious:false
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L..................!......................... ...............................0......S.....@.............................9............ ...................=..............T............................................................................text...)........................... ..`.rsrc........ ......................@..@................8...T...T...................d.......................................RSDS..k...5...U.|O5....api-ms-win-core-util-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg.......9....edata... ..`....rsrc$01....` .......rsrc$02................J...................,...@...o...................j...}.........................api-ms-win-core-util-l1-1-0.dll.Beep.kernel32.Beep.DecodePointer.kernel32.DecodePointer.DecodeSystemPointer.kernel32.DecodeSystemPointer.EncodePointer.kernel3

C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-crt-conio-l1-1-0.dll

Download File
Process:C:\Users\user\Desktop\SADP.exe
File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:dropped
Size (bytes):19208
Entropy (8bit):7.088979240841937
Encrypted:false
SSDEEP:
MD5:A668C5EE307457729203AE00EDEBB6B3
SHA1:2114D84CF3EC576785EBBE6B2184B0D634B86D71
SHA-256:A95B1AF74623D6D5D892760166B9BFAC8926929571301921F1E62458E6D1A503
SHA-512:73DC1A1C2CEB98CA6D9DDC7611FC44753184BE00CFBA07C4947D675F0B154A09E6013E1EF54AC7576E661FC51B4BC54FDD96A0C046AB4EE58282E711B1854730
Malicious:false
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L...x..............!......................... ...............................0............@.......................................... ...................=..............T............................................................................text............................... ..`.rsrc........ ......................@..@v...................x...........8...d...d.......x...........d...............x.......................RSDS....~3..&L..........api-ms-win-crt-conio-l1-1-0.pdb.........d....rdata..d........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02........x.......T...............(.......................>...w.........../...W...p...........................,...L...l.......................,...L...m...............t...........'...^...............P...g...........................$...=...

C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-crt-convert-l1-1-0.dll

Download File
Process:C:\Users\user\Desktop\SADP.exe
File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:dropped
Size (bytes):22280
Entropy (8bit):6.929682118101382
Encrypted:false
SSDEEP:
MD5:9DDEA3CC96E0FDD3443CC60D649931B3
SHA1:AF3CB7036318A8427F20B8561079E279119DCA0E
SHA-256:B7C3EBC36C84630A52D23D1C0E79D61012DFA44CDEBDF039AF31EC9E322845A5
SHA-512:1427193B31B64715F5712DB9C431593BDC56EF512FE353147DDB7544C1C39DED4371CD72055D82818E965AFF0441B7CBE0B811D828EFB0ECE28471716659E162
Malicious:false
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L....F&............!.........................0...............................@......Y.....@..........................................0...................=..............T............................................................................text............................... ..`.rsrc........0......................@..@v....................F&.........:...d...d........F&.........d................F&.....................RSDSR .....[X.+~......api-ms-win-crt-convert-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg............edata...0..`....rsrc$01....`0.......rsrc$02.....................F&.............z...z...8... .......(...C...^...y...........................1...N...k...............................*...E...`...y...............................5...R...o.......................,...M...n...........

C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-crt-environment-l1-1-0.dll

Download File
Process:C:\Users\user\Desktop\SADP.exe
File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:dropped
Size (bytes):18696
Entropy (8bit):7.080577478918243
Encrypted:false
SSDEEP:
MD5:39325E5F023EB564C87D30F7E06DFF23
SHA1:03DD79A7FBE3DE1A29359B94BA2D554776BDD3FE
SHA-256:56D8B7EE7619579A3C648EB130C9354BA1BA5B33A07A4F350370EE7B3653749A
SHA-512:087B9DCB744AD7D330BACB9BDA9C1A1DF28EBB9327DE0C5DC618E79929FD33D1B1FF0E1EF4C08F8B3EA8118B968A89F44FE651C66CBA4ECBB3216CD4BCCE3085
Malicious:false
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L......#...........!......................... ...............................0............@............................."............ ...................=..............T............................................................................text...2........................... ..`.rsrc........ ......................@..@v......................#........>...d...d..........#........d..................#....................RSDS.."X...P....`R......api-ms-win-crt-environment-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg......."....edata... ..`....rsrc$01....` .......rsrc$02...................#....................8...............C...d...........................3...O...l....................... .......5...Z...w.......................)...F...a...........................................................

C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-crt-filesystem-l1-1-0.dll

Download File
Process:C:\Users\user\Desktop\SADP.exe
File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:dropped
Size (bytes):20232
Entropy (8bit):7.078362597786606
Encrypted:false
SSDEEP:
MD5:228C6BBE1BCE84315E4927392A3BAEE5
SHA1:BA274AA567AD1EC663A2F9284AF2E3CB232698FB
SHA-256:AC0CEC8644340125507DD0BC9A90B1853A2D194EB60A049237FB5E752D349065
SHA-512:37A60CCE69E81F68EF62C58BBA8F2843E99E8BA1B87DF9A5B561D358309E672AE5E3434A10A3DDE01AE624D1638DA226D42C64316F72F3D63B08015B43C56CAB
Malicious:false
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L.....E............!......................... ...............................0.......P....@.......................................... ...................=..............T............................................................................text............................... ..`.rsrc........ ......................@..@v.....................E.........=...d...d.........E.........d.................E.....................RSDS.(..H....]U.......api-ms-win-crt-filesystem-l1-1-0.pdb............d....rdata..d........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02..................E.............A...A...8...<...@...........$...=...V...q...................)...M...q......................./...O...o...........................7...X...v...........................6...U...r.......................

C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-crt-heap-l1-1-0.dll

Download File
Process:C:\Users\user\Desktop\SADP.exe
File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:dropped
Size (bytes):19208
Entropy (8bit):7.061759931417666
Encrypted:false
SSDEEP:
MD5:1776A2B85378B27825CF5E5A3A132D9A
SHA1:626F0E7F2F18F31EC304FE7A7AF1A87CBBEBB1DF
SHA-256:675B1B82DD485CC8C8A099272DB9241D0D2A7F45424901F35231B79186EC47EE
SHA-512:541A5DD997FC5FEC31C17B4F95F03C3A52E106D6FB590CB46BDF5ADAD23ED4A895853768229F3FBB9049F614D9BAE031E6C43CEC43FB38C89F13163721BB8348
Malicious:false
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L...(..............!......................... ...............................0......V0....@.......................................... ...................=..............T............................................................................text............................... ..`.rsrc........ ......................@..@v...................(...........7...d...d.......(...........d...............(.......................RSDS.......y..g........api-ms-win-crt-heap-l1-1-0.pdb..........d....rdata..d........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02........(.......6...............(...........c...................S.......................1...V...y.......................<...c...........................U...z...............:...u...................&...E...p.......................,...U...

C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-crt-locale-l1-1-0.dll

Download File
Process:C:\Users\user\Desktop\SADP.exe
File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:dropped
Size (bytes):18696
Entropy (8bit):7.13232650628006
Encrypted:false
SSDEEP:
MD5:034379BCEA45EB99DB8CDFEACBC5E281
SHA1:BBF93D82E7E306E827EFEB9612E8EAB2B760E2B7
SHA-256:8B543B1BB241F5B773EB76F652DAD7B12E3E4A09230F2E804CD6B0622E8BAF65
SHA-512:7EA6EFB75B0C59D3120D5B13DA139042726A06D105C924095ED252F39AC19E11E8A5C6BB1C45FA7519C0163716745D03FB9DAAACA50139A115235AB2815CC256
Malicious:false
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L.....Q............!......................... ...............................0.......N....@.............................e............ ...................=..............T............................................................................text...u........................... ..`.rsrc........ ......................@..@v.....................Q.........9...d...d.........Q.........d.................Q.....................RSDS...5m(....nf.......api-ms-win-crt-locale-l1-1-0.pdb............d....rdata..d........rdata$zzzdbg.......e....edata... ..`....rsrc$01....` .......rsrc$02......................Q.....................8...........5...h...............E...................$...N...t...................$...D...b...!...R............... ...s...................:...k.......................9...X...................

C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-crt-math-l1-1-0.dll

Download File
Process:C:\Users\user\Desktop\SADP.exe
File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:dropped
Size (bytes):28936
Entropy (8bit):6.668155103564419
Encrypted:false
SSDEEP:
MD5:8DA414C3524A869E5679C0678D1640C1
SHA1:60CF28792C68E9894878C31B323E68FEB4676865
SHA-256:39723E61C98703034B264B97EE0FE12E696C6560483D799020F9847D8A952672
SHA-512:6EF3F81206E7D4DCA5B3C1FAFC9AA2328B717E61EE0ACCE30DFB15AD0FE3CB59B2BD61F92BF6046C0AAE01445896DCB1485AD8BE86629D22C3301A1B5F4F2CFA
Malicious:false
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L.................!.........................@...............................P............@..............................+...........@...............4...=..............T............................................................................text....,.......................... ..`.rsrc........@.......0..............@..@v..............................7...d...d..................d......................................RSDS9.......2..R1E....api-ms-win-crt-math-l1-1-0.pdb..........d....rdata..d........rdata$zzzdbg........+...edata...@..`....rsrc$01....`@.......rsrc$02...............l.......:...:...(...................................(...@...X...q...............................4...M...g........................ ..= ..i ... ... ... ...!..E!..o!...!...!...!..."..F"..s"..."..."..."...#..E#..o#...#...#..

C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-crt-multibyte-l1-1-0.dll

Download File
Process:C:\Users\user\Desktop\SADP.exe
File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:dropped
Size (bytes):26376
Entropy (8bit):6.711200183934711
Encrypted:false
SSDEEP:
MD5:19D7F2D6424C98C45702489A375D9E17
SHA1:310BC4ED49492383E7C669AC9145BDA2956C7564
SHA-256:A6B83B764555D517216E0E34C4945F7A7501C1B7A25308D8F85551FE353F9C15
SHA-512:01C09EDEF90C60C9E6CDABFF918F15AFC9B728D6671947898CE8848E3D102F300F3FB4246AF0AC9C6F57B3B85B24832D7B40452358636125B61EB89567D3B17E
Malicious:false
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L....2.............!.....$...................@...............................P...........@.............................. ...........@...............*...=..............T............................................................................text....".......$.................. ..`.rsrc........@.......&..............@..@v....................2..........<...d...d........2..........d................2......................RSDS .Nq...6....,.F.....api-ms-win-crt-multibyte-l1-1-0.pdb.........d....rdata..d........rdata$zzzdbg........ ...edata...@..`....rsrc$01....`@.......rsrc$02.....................2......................8...X...x...;...`.......................1...T...w...................'...L...q.......................B...e.......................7...Z...}...................+...L...m.......................

C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-crt-private-l1-1-0.dll

Download File
Process:C:\Users\user\Desktop\SADP.exe
File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:dropped
Size (bytes):72968
Entropy (8bit):5.833846377658087
Encrypted:false
SSDEEP:
MD5:3D139F57ED79D2C788E422CA26950446
SHA1:788E4FB5D1F46B0F1802761D0AE3ADDB8611C238
SHA-256:DC25A882AC454A0071E4815B0E939DC161BA73B5C207B84AFD96203C343B99C7
SHA-512:12ED9216F44AA5F245C707FE39AED08DC18EA675F5A707098F1A1DA42B348A649846BC919FD318DE7954EA9097C01F22BE76A5D85D664EF030381E7759840765
Malicious:false
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L...2..............!................................................................K.....@..............................................................=..............T............................................................................text............................... ..`.rsrc...............................@..@v...................2...........:...d...d.......2...........d...............2.......................RSDSTrXT..{...b.........api-ms-win-crt-private-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg............edata......`....rsrc$01....`........rsrc$02....................2........>..............8...d#...5...>...?..-?..U?...?...?...?...@..L@...@...@...@..!A..RA...A...A...A...B..BB...B...B...C..>C..vC...C...C...C...D..>D..wD...D...E..[E...E...E...E..'F..]F...F...F...F..8G..kG...G..

C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-crt-process-l1-1-0.dll

Download File
Process:C:\Users\user\Desktop\SADP.exe
File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:dropped
Size (bytes):19208
Entropy (8bit):7.073487666122886
Encrypted:false
SSDEEP:
MD5:9D3D6F938C8672A12AEA03F85D5330DE
SHA1:6A7D6E84527EAF54D6F78DD1A5F20503E766A66C
SHA-256:707C9A384440D0B2D067FC0335273F8851B02C3114842E17DF9C54127910D7FB
SHA-512:0E1681B16CD9AF116BCC5C6B4284C1203B33FEBB197D1D4AB8A649962C0E807AF9258BDE91C86727910624196948E976741411843DD841616337EA93A27DE7CB
Malicious:false
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L................!......................... ...............................0............@.............................x............ ...................=..............T............................................................................text............................... ..`.rsrc........ ......................@..@v.............................:...d...d.................d.....................................RSDS=..7..n............api-ms-win-crt-process-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg.......x....edata... ..`....rsrc$01....` .......rsrc$02..................................$...$...8.......X...................&...@...Y...q...........................*...E..._...z.......................!...<...V...q...........................9...V...t.......................7...R...i...

C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-crt-runtime-l1-1-0.dll

Download File
Process:C:\Users\user\Desktop\SADP.exe
File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:dropped
Size (bytes):22792
Entropy (8bit):6.939823426760396
Encrypted:false
SSDEEP:
MD5:FB0CA6CBFFF46BE87AD729A1C4FDE138
SHA1:2C302D1C535D5C40F31C3A75393118B40E1B2AF9
SHA-256:1EE8E99190CC31B104FB75E66928B8C73138902FEFEDBCFB54C409DF50A364DF
SHA-512:99144C67C33E89B8283C5B39B8BF68D55638DAA6ACC2715A2AC8C5DBA4170DD12299D3A2DFFB39AE38EF0872C2C68A64D7CDC6CEBA5E660A53942761CB9ECA83
Malicious:false
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L..................!.........................0...............................@............@..........................................0...................=..............T............................................................................text............................... ..`.rsrc........0......................@..@v...............................:...d...d...................d.......................................RSDS.m.q|3.;./>.n5^.....api-ms-win-crt-runtime-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg............edata...0..`....rsrc$01....`0.......rsrc$02............................f.......k...k...8...............................4...S...s.......................E...g.......................)...N...n...................&...E...f...................'...D...j.......................>.......

C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-crt-stdio-l1-1-0.dll

Download File
Process:C:\Users\user\Desktop\SADP.exe
File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:dropped
Size (bytes):24328
Entropy (8bit):6.867867660778997
Encrypted:false
SSDEEP:
MD5:D5166AB3034F0E1AA679BFA1907E5844
SHA1:851DD640CB34177C43B5F47B218A686C09FA6B4C
SHA-256:7BCAB4CA00FB1F85FEA29DD3375F709317B984A6F3B9BA12B8CF1952F97BEEE5
SHA-512:8F2D7442191DE22457C1B8402FAAD594AF2FE0C38280AAAFC876C797CA79F7F4B6860E557E37C3DBE084FE7262A85C358E3EEAF91E16855A91B7535CB0AC832E
Malicious:false
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L......G...........!.........................0...............................@............@.............................a............0..............."...=..............T............................................................................text...a........................... ..`.rsrc........0......................@..@v......................G........8...d...d..........G........d..................G....................RSDS9uG.l..k..y.........api-ms-win-crt-stdio-l1-1-0.pdb.........d....rdata..d........rdata$zzzdbg.......a....edata...0..`....rsrc$01....`0.......rsrc$02...........G....^...............(....... ...................<...y...........)...h........... ...]...............H...............)...D...^...v...............................T...u.......................9...Z...{...................0...Q...

C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-crt-string-l1-1-0.dll

Download File
Process:C:\Users\user\Desktop\SADP.exe
File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:dropped
Size (bytes):24328
Entropy (8bit):6.865312371416882
Encrypted:false
SSDEEP:
MD5:AD99C2362F64CDE7756B16F9A016A60F
SHA1:07C9A78EE658BFA81DB61DAB039CFFC9145CC6CB
SHA-256:73AB2161A7700835B2A15B7487045A695706CC18BCEE283B114042570BB9C0AA
SHA-512:9C72F239ADDA1DE11B4AD7028F3C897C93859EF277658AEAA141F09B7DDFE788D657B9CB1E2648971ECD5D27B99166283110CCBA437D461003DBB9F6885451F7
Malicious:false
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L...b.MG...........!.........................0...............................@......P.....@..........................................0..............."...=..............T............................................................................text............................... ..`.rsrc........0......................@..@v...................b.MG........9...d...d.......b.MG........d...............b.MG....................RSDS..'.......!...k....api-ms-win-crt-string-l1-1-0.pdb............d....rdata..d........rdata$zzzdbg............edata...0..`....rsrc$01....`0.......rsrc$02....................b.MG....,...............8...........W...s.......................#...B...a...........................<...[...z.......................;...[...{................... ...A...b...........................<...X...r.......

C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-crt-time-l1-1-0.dll

Download File
Process:C:\Users\user\Desktop\SADP.exe
File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:dropped
Size (bytes):20744
Entropy (8bit):7.011893707747583
Encrypted:false
SSDEEP:
MD5:9B79FDA359A269C63DCAC69B2C81CAA4
SHA1:A38C81B7A2EC158DFCFEB72CB7C04B3EB3CCC0FB
SHA-256:4D0F0EA6E8478132892F9E674E27E2BC346622FC8989C704E5B2299A18C1D138
SHA-512:E69D275C5EC5EAE5C95B0596F0CC681B7D287B3E2F9C78A9B5E658949E6244F754F96AD7D40214D22ED28D64E4E8BD507363CDF99999FEA93CFE319078C1F541
Malicious:false
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L....#.............!......................... ...............................0............@.......................................... ...................=..............T............................................................................text............................... ..`.rsrc........ ......................@..@v....................#..........7...d...d........#..........d................#......................RSDS.V.m.w:.d..9.|]m....api-ms-win-crt-time-l1-1-0.pdb..........d....rdata..d........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.........#..............H...H...(...H...h... ...=...\...z.......................8...V...s.......................&...D...a...~.......................?...b.......................!...F...k.......................0...N...k...................

C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\api-ms-win-crt-utility-l1-1-0.dll

Download File
Process:C:\Users\user\Desktop\SADP.exe
File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:dropped
Size (bytes):18696
Entropy (8bit):7.124120649956731
Encrypted:false
SSDEEP:
MD5:70E9104E743069B573CA12A3CD87EC33
SHA1:4290755B6A49212B2E969200E7A088D1713B84A2
SHA-256:7E6B33A4C0C84F18F2BE294EC63212245AF4FD8354636804FFE5EE9A0D526D95
SHA-512:E979F28451D271F405B780FC2025707C8A29DCB4C28980CA42E33D4033666DE0E4A4644DEFEC6C1D5D4BDD3C73D405FAFCFFE3320C60134681F62805C965BFD9
Malicious:false
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L..................!......................... ...............................0......N.....@.............................^............ ...................=..............T............................................................................text...n........................... ..`.rsrc........ ......................@..@v...............................:...d...d...................d.......................................RSDS.R.dY.D.....F.......api-ms-win-crt-utility-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg.......^....edata... ..`....rsrc$01....` .......rsrc$02............................d...............8.......(...................#...<...U...l...............................+...@...[...r...................................4...I..._.......................3...N...e...|.......................

C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\iconengines\qsvgicon.dll

Download File
Process:C:\Users\user\Desktop\SADP.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):31232
Entropy (8bit):6.009104797561919
Encrypted:false
SSDEEP:
MD5:EA30529F2A170076CBED74339060B79C
SHA1:734D6990267C259C65364C86B97429953462F192
SHA-256:F6ED5A788954D8BBBC75ABE4EB1DCD3D63B9A4C280FD0888C5DB4A7ECF3B5630
SHA-512:10D9E3B27AFCFCC857A709452435141983A089239C8170A3866DB81ED90C3FF796225B6F6F73342DB6DD6A74644B8BDEE3949A22DD9897405A965634B92A2ACD
Malicious:false
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........p(...F...F...F..i....F..OG...F.sG...F..OE...F..OC...F..OB...F.YOG...F...G.U.F.YOC...F.YOF...F.\O....F.YOD...F.Rich..F.........................PE..L.....[...........!.....<...>......;C.......P............................................@..........................\..x...8]..........@............................T..T...................tU.......U..@............P..|............................text....;.......<.................. ..`.rdata...%...P...&...@..............@..@.data................f..............@....qtmetad.............h..............@..P.tls.................j..............@....gfids..L............l..............@..@.rsrc...@............n..............@..@.reloc...............r..............@..B................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\imageformats\qgif.dll

Download File
Process:C:\Users\user\Desktop\SADP.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):26112
Entropy (8bit):5.8609275435002415
Encrypted:false
SSDEEP:
MD5:9A6E4CC2074CA53EC71C5624B91BF1C7
SHA1:E819B6291E9CA1F0F88BF17D22F18A27DC6AB404
SHA-256:2B9BF918852F853636A8A6E58D2CC1B1E4B3773B2954B60831D39CF80C82C600
SHA-512:6B460A10402BD685E16AC8234248CB8C6557D2B11E7EA07A4EA10B0A27430E08A2F42D36E7D8CFE76F713771247B1A09A2562141518AAD3BE6D08513A7A7C548
Malicious:false
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........._O.j.O.j.O.j.F...I.j.t.k.M.j.<.k.M.j.t.i.M.j.t.o.\.j.t.n.D.j...k.J.j.O.k.#.j...o.L.j...j.N.j....N.j...h.N.j.RichO.j.........PE..L.../4.[...........!.....4...2.......;.......P............................................@..........................\..t....\..........8.......................H....T..T....................T......hT..@............P...............................text....3.......4.................. ..`.rdata.......P.......8..............@..@.data........p.......T..............@....qtmetad ............V..............@..P.gfids..L............X..............@..@.tls.................Z..............@....rsrc...8............\..............@..@.reloc..H............`..............@..B................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\imageformats\qicns.dll

Download File
Process:C:\Users\user\Desktop\SADP.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):33280
Entropy (8bit):6.037479165369959
Encrypted:false
SSDEEP:
MD5:FC89B652ABEB27264C48476443188C5E
SHA1:82ADA6D0F38EB7418A1CF797F7766CBE64E551FA
SHA-256:227DF9E6E591D525BE2263514ECB88B75AE3C189AAA7951D871D3BBDDC7CA8C8
SHA-512:259931985C0CAAC2C27967497D62EDF10B85730ED4A9912622F8ADE6B5926E1C248CEB7818B860A914876E60C96BA51893C7672D0681F85DA5227518DFDB812A
Malicious:false
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........s....i...i...i..j....i..Lh...i..ph...i..Lj...i..Ll...i..Lm...i.ILh...i...h.U.i.ILl...i.ILi...i.LL....i.ILk...i.Rich..i.........PE..L......[...........!.....>...D.......D.......P............................................@.........................pb..t....b..........8...........................`Z..T....................[.......Z..@............P..<............................text...d<.......>.................. ..`.rdata...(...P...*...B..............@..@.data...0............l..............@....qtmetad(............r..............@..P.tls.................t..............@....gfids..L............v..............@..@.rsrc...8............x..............@..@.reloc...............|..............@..B................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\imageformats\qico.dll

Download File
Process:C:\Users\user\Desktop\SADP.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):27648
Entropy (8bit):5.9435886430390426
Encrypted:false
SSDEEP:
MD5:42B3EC2643E77E55C12FC5AE4C11F3C0
SHA1:C51FF5B96B1C44F5BA65175E82C7B890041B17F4
SHA-256:31A02BD072A9F953DB7F13AFC4510A5B80CA7DD38F043311C5A067D634909F82
SHA-512:3E54B00F3DC191A441E71E430E811EBA493C6991862EFD81D0419D100EF3271FB21E8538CCAE8F88EF4CA18B4A712EDBB36475002CB039905AFDC47A329B0042
Malicious:false
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........v...............o.......I......u.......I.......I.......I......]I..........K...]I......]I......XIa.....]I......Rich............................PE..L...04.[...........!.....4...8.......:.......P............................................@..........................]..t...t]..........8............................T..T...................4U.......T..@............P...............................text....2.......4.................. ..`.rdata..P!...P..."...8..............@..@.data................Z..............@....qtmetad<............\..............@..P.gfids..L............^..............@..@.tls.................`..............@....rsrc...8............b..............@..@.reloc...............f..............@..B................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\imageformats\qjpeg.dll

Download File
Process:C:\Users\user\Desktop\SADP.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):243712
Entropy (8bit):6.480827175252606
Encrypted:false
SSDEEP:
MD5:488E78482A31FB118429D3D556D32B40
SHA1:EEF558F41B83AF780B597C492FDC3E5F931EBF40
SHA-256:DF34AA3DA6AFCDD3459B4FBB60ED719150472CC33262927428D0B5426181B951
SHA-512:A57F62CFEC44E9C1E02CA8B248ED52C94DF8B86A9E0D2387DC75A6A0E9E74A2FB811160C2FF90AA247207810B0F6BA843DF78CD1E9CFE90F9FE4A34F8C305165
Malicious:false
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......9..}}|..}|..}|..t.y.w|..F"./.|...../.|..F"./.|..F"./i|..F"./v|..."./x|..}|...|..."./S|..."./~|..."./||..."..||..."./||..Rich}|..................PE..L...m4.[...........!.....H...p.......R.......`............................... ............@.............................t...4...........8...............................T...................t...........@............`...............................text....G.......H.................. ..`.rdata..LQ...`...R...L..............@..@.data...............................@....qtmetad@...........................@..P.gfids..L...........................@..@.tls................................@....rsrc...8...........................@..@.reloc..............................@..B................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\imageformats\qsvg.dll

Download File
Process:C:\Users\user\Desktop\SADP.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):21504
Entropy (8bit):5.657615585573641
Encrypted:false
SSDEEP:
MD5:9BAAF308F01A055A133CB58197BFC47A
SHA1:9F61CB1C942EB16CEBA65266895FEA7A221DE990
SHA-256:52B131CB6DE9D1826B800E2A8E775A5BD74620D1C8CFCA6B3E6028DDA02C4B59
SHA-512:F152E0306CC20155451478534514A793ADDC883325A0EC1B7B1224766E56838F6CA1B80105645EE57BC073B602222ED4A9170D3D0B8BE6BDDC35487A28247E12
Malicious:false
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l(...F...F...F..u....F..SG...F.oG...F..SE...F..SC...F..SB...F.YSG...F...G..F.YSC...F.YSF...F.\S....F.YSD...F.Rich..F.........PE..L.....[...........!..... ...4......V&.......0............................................@.........................0<..t....<..........8...........................04..T....................4.......4..@............0...............................text............ .................. ..`.rdata.. ....0... ...$..............@..@.data........P.......D..............@....qtmetadP....`.......F..............@..P.tls.........p.......H..............@....gfids..L............J..............@..@.rsrc...8............L..............@..@.reloc...............P..............@..B................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\imageformats\qtga.dll

Download File
Process:C:\Users\user\Desktop\SADP.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):20992
Entropy (8bit):5.527948998408991
Encrypted:false
SSDEEP:
MD5:16E31D8C96E1BDEBC966738AB4F0CDF2
SHA1:48F927014573EE69C622D7CC7274E295D46BD618
SHA-256:1CD0075ED6A48D4BA00CA7E10086C79DC557A9556CFB779CFF557A658D6CEC72
SHA-512:024EE9A659D1C0ECE66394F902564C605193369A273CABEB6F1330CDD6DCA1D6C2F0A65EE8859AC6816446F74B34194BA579BDDC6162CB81EBFBCF04E8694FB2
Malicious:false
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......k.b./.../.../...&..).......-...\...-.......-.......>.......$......*.../...M......,........................Rich/...........................PE..L......[...........!.........4.......$.......0............................................@..........................>..t....?..........8...........................p5..T...................$6.......5..@............0...............................text............................... ..`.rdata..@....0......."..............@..@.data...L....P.......@..............@....qtmetad$....`.......B..............@..P.gfids..L....p.......D..............@..@.tls.................F..............@....rsrc...8............H..............@..@.reloc...............L..............@..B................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\imageformats\qtiff.dll

Download File
Process:C:\Users\user\Desktop\SADP.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):327680
Entropy (8bit):5.691218844079373
Encrypted:false
SSDEEP:
MD5:489E9D77A885CD95E1165E99B8A6D9A8
SHA1:DBE1D0C667B5CAA7EC82FC31A0105901F4CBE460
SHA-256:82BB21B3C0049E65A4E880146E1F452F6704476FC405E287892227B008B17C1F
SHA-512:F2AEFB622D492D0B6D66F73A6CB012A5394F9D6D6A19ACB51B7483A069580E00EA538321C7C9B3ECBDC90801E8D7077234C5C58A231281671F72C961A1BB84D4
Malicious:false
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........{.]...]...]...T...M...f..._......._...f...X...f...O...f...V......X...].........._......~......\......\......\...Rich]...........................PE..L......[...........!.........X......P........................................`............@.............................t...D........0..8....................@..........T...................t...........@...............`............................text...4........................... ..`.rdata...'.......(..................@..@.data...............................@....qtmetad@...........................@..P.tls................................@....gfids..L.... ......................@..@.rsrc...8....0......................@..@.reloc.......@......................@..B........................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\imageformats\qwbmp.dll

Download File
Process:C:\Users\user\Desktop\SADP.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):19968
Entropy (8bit):5.690270549672116
Encrypted:false
SSDEEP:
MD5:4137C2BBB5A23166110C25D0D8A89554
SHA1:620FC042EDBB9E9FC58E8003F817BEAF984069BC
SHA-256:9AD580C2A34679D1D81C9A76365A19B814881EE4B0487CA784B73BFF9F4BF62C
SHA-512:1B2416A99FAA4355C76C6B9B631BD54D2CBF5A5B42A19746B79BED32F73FA3E7049635624AC6CBBC60827155A32FCAA0552588836D58AE8611843F5C8B1007DD
Malicious:false
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Ki4...Z...Z...Z..p...Z.4V[...Z.|j[...Z.4VY...Z.4V_...Z.4V^...Z..V[...Z...[.e.Z..V_...Z..VZ...Z..V....Z..VX...Z.Rich..Z.........PE..L......[...........!.........0...... %.......0............................................@..........................;..t...d<..........8............................3..T....................4......84..@............0...............................text............................... ..`.rdata.......0......."..............@..@.data........P.......>..............@....qtmetad,....`.......@..............@..P.gfids..L....p.......B..............@..@.tls.................D..............@....rsrc...8............F..............@..@.reloc...............J..............@..B................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\imageformats\qwebp.dll

Download File
Process:C:\Users\user\Desktop\SADP.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):400896
Entropy (8bit):6.720964735483934
Encrypted:false
SSDEEP:
MD5:97B3DB9BB0DBC157825666BCB5BFF64D
SHA1:24A5B1779AF5416FA333C88C460FAB668901D2CD
SHA-256:8DB386345F4BBD56AFF9B825821CFBF426E881023F8AF0887684B8FC882B9EFE
SHA-512:806CA9045FBFBF3CE3259A0F463A5B4029DAD249C8EAEEA534DC17049CCB9535575D89F69A1F4EB3B7E33867B2D60D8A750C3C0A0C118030FB88403E844A67A3
Malicious:false
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......x...<.A<.A<.A5..A6.A...@>.AO..@>.A...@7.A...@..A...@7.A...@9.A<.A..A...@>.A...@[.A...@=.A...A=.A...@=.ARich<.A........................PE..L......[...........!.........X............................................................@......................... ...t...............8.......................l ......T...................4...........@............................................text............................... ..`.rdata..............................@..@.data...( ..........................@....qtmetad$....@......................@..P.tls.........P......................@....gfids..L....`......................@..@_RDATA.. ....p......................@..@.rsrc...8...........................@..@.reloc..l ......."..................@..B................................................................................................................

C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\libEGL.dll

Download File
Process:C:\Users\user\Desktop\SADP.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):13312
Entropy (8bit):5.609448388994549
Encrypted:false
SSDEEP:
MD5:61C7176F97C87D018538FD2E55D99F92
SHA1:BD5616C955D71F2B607D891079D069C7E11397AA
SHA-256:29B27A61052646495832F14688428E22A5D6B193EEF8BB04FB6B3431F5FD5FD7
SHA-512:8DBC2E49CAC7B50847EE7D8D7CD4D26F06E93684324FE194D78785EB4F5576D6EA30665D34E8AA54A81631771EE7A8D04D671460934B0D63DC5E097014A58BD0
Malicious:false
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........]..3..3..3......3...2..3..2..3...0..3...6..3...7..3.z.2..3..2..3.z.6..3.z.3..3......3.z.1..3.Rich.3.........PE..L....2.[...........!........."......n........ ............................................@.........................p%..0....+..d....`.......................p.......!..T............................!..@............ ..L............................text............................... ..`.rdata....... ......................@..@.data........@.......,..............@....gfids.......P......................@..@.rsrc........`.......0..............@..@.reloc.......p.......2..............@..B................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\libGLESV2.dll

Download File
Process:C:\Users\user\Desktop\SADP.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):1950720
Entropy (8bit):6.5570376731080655
Encrypted:false
SSDEEP:
MD5:0AFA64078ED85E576C2F88FCC573C862
SHA1:0E3680491C0E3F18925B0EE03B11BC7C513DE011
SHA-256:B262C9F3FAFAE23876D62078192D4D82C73504DB753F8A946EF4718177117AE9
SHA-512:0DB1EAD84E1921C31F20C254770D675061E7D12F8265D3DDB2C9B57C6A1CC1820AB6DAA1FB1D7CC90DC8B88F01EBD54A95948FEF2EFD0068FABB14E6E767DF1D
Malicious:false
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........'.[.F...F...F...>B..F.......F.......F.......F.......F...$...F...$...F...F..DF..b...!F..b....F..g....F..b....F..Rich.F..........................PE..L....2.[...........!.........$......g;.......................................0............@..............................\...P..................................4...p...T...................$..........@............................................text.............................. ..`.rdata.............................@..@.data....g...p...D...`..............@....tls................................@....gfids..L...........................@..@.rsrc...............................@..@.reloc..4...........................@..B........................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\license_ch.htm

Download File
Process:C:\Users\user\Desktop\SADP.exe
File Type:HTML document, Unicode text, UTF-8 text, with very long lines (351), with CRLF line terminators
Category:dropped
Size (bytes):21342
Entropy (8bit):6.436290638552252
Encrypted:false
SSDEEP:
MD5:7BC9F60CCC1AF3C55EB6CDA7771C605A
SHA1:347041B8C5F79408306390410BCEA0FF413217C5
SHA-256:D78C36298BA9963761AC9DB857A81CE1B073EC733B874A0D268983203E7CC795
SHA-512:0C389B37131E7E406222BC56A4170727B85CF328B2B3E9699FA2668E3ECB9C55F114628D09FE6DDD1E768C20DD8D8DBDC61CA10BFD05223B2A77786077114DA8
Malicious:false
Reputation:low
Preview:<html>....<head>..<meta http-equiv=Content-Type content="text/html; charset=utf-8">..<meta name=Generator content="Microsoft Word 15 (filtered)">..<style>.. .. /* Font Definitions */.. @font-face...{font-family:SimSun;...panose-1:2 1 6 0 3 1 1 1 1 1;}..@font-face...{font-family:"Cambria Math";...panose-1:2 4 5 3 5 4 6 3 2 4;}..@font-face...{font-family:Calibri;...panose-1:2 15 5 2 2 2 4 3 2 4;}..@font-face...{font-family:"\@SimSun";...panose-1:2 1 6 0 3 1 1 1 1 1;}.. /* Style Definitions */.. p.MsoNormal, li.MsoNormal, div.MsoNormal...{margin:0in;...text-align:justify;...text-justify:inter-ideograph;...font-size:10.5pt;...font-family:"Calibri",sans-serif;}..p.MsoHeader, li.MsoHeader, div.MsoHeader...{mso-style-link:"Header Char";...margin:0in;...text-align:center;...layout-grid-mode:char;...border:none;...padding:0in;...font-size:9.0pt;...font-family:"Calibri",sans-serif;}..p.MsoFooter, li.MsoFooter, div.MsoFooter...{mso-style-link:"Footer Char";...margin:0in;...layout-grid-mode:cha

C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\license_ch.rtf.backup

Download File
Process:C:\Users\user\Desktop\SADP.exe
File Type:Rich Text Format data, version 1, ANSI, code page 936, default middle east language ID 1025
Category:dropped
Size (bytes):106519
Entropy (8bit):4.7832506835706985
Encrypted:false
SSDEEP:
MD5:9221AD8A6A2D9C413442A40E19B926B5
SHA1:654B55F79EB1528FB61E5668964CFE1B1AEB2B77
SHA-256:9000F3F02529CE34FDD4F649B9F99BF518FE7AAB64B53C4AB608C2AC075E74DB
SHA-512:A2F69E17B905229834B3DF2F2265DA9C581AD3A6393C928EF5D3FCBAFA594553D8649C75A9882721E433D26971D41C453B36B62968E648522918BBD031BA9D5D
Malicious:false
Reputation:low
Preview:{\rtf1\adeflang1025\ansi\ansicpg936\uc2\adeff31507\deff0\stshfdbch31505\stshfloch31506\stshfhich31506\stshfbi31507\deflang1033\deflangfe2052\themelang1033\themelangfe2052\themelangcs0{\fonttbl{\f0\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman;}..{\f13\fbidi \fnil\fcharset134\fprq2{\*\panose 02010600030101010101}\'cb\'ce\'cc\'e5{\*\falt SimSun};}{\f13\fbidi \fnil\fcharset134\fprq2{\*\panose 02010600030101010101}\'cb\'ce\'cc\'e5{\*\falt SimSun};}..{\f36\fbidi \fnil\fcharset134\fprq2{\*\panose 02010600030101010101}\'b5\'c8\'cf\'df{\*\falt DengXian};}{\f40\fbidi \fswiss\fcharset0\fprq2{\*\panose 020f0502020204030204}Calibri;}..{\f41\fbidi \fnil\fcharset134\fprq2{\*\panose 02010600030101010101}@\'cb\'ce\'cc\'e5;}{\f42\fbidi \fnil\fcharset134\fprq2{\*\panose 02010600030101010101}@\'b5\'c8\'cf\'df;}..{\flomajor\f31500\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman;}{\fdbmajor\f31501\fbidi \fnil\fcharset134\fprq2{\*\panose 0201060003

C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\license_en.html

Download File
Process:C:\Users\user\Desktop\SADP.exe
File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
Category:dropped
Size (bytes):35246
Entropy (8bit):5.349240204330781
Encrypted:false
SSDEEP:
MD5:14B86975430FA69BDDDFCA2A09FC852E
SHA1:753E691E251AA21BE89D6CE31ABFA115A43E2035
SHA-256:56C6732BE6CD68286F872BB5A79242400FD9BCE5BE11D195C5DE9CA45D00E88A
SHA-512:61F021F850238CEE8F0586C300DD3EA8279791FC03EF073EC8B8B765C4E19AC1C44B3E59DA17D18DB5D2982E0EBD97530C88D38F2356FA3A3026D749A4CAEAC1
Malicious:false
Reputation:low
Preview:<html>....<head>..<meta http-equiv=Content-Type content="text/html; charset=utf-8">..<meta name=Generator content="Microsoft Word 15 (filtered)">..<style>.. .. /* Font Definitions */.. @font-face...{font-family:SimSun;...panose-1:2 1 6 0 3 1 1 1 1 1;}..@font-face...{font-family:"Cambria Math";...panose-1:2 4 5 3 5 4 6 3 2 4;}..@font-face...{font-family:Calibri;...panose-1:2 15 5 2 2 2 4 3 2 4;}..@font-face...{font-family:"\@SimSun";...panose-1:2 1 6 0 3 1 1 1 1 1;}.. /* Style Definitions */.. p.MsoNormal, li.MsoNormal, div.MsoNormal...{margin:0in;...text-align:justify;...text-justify:inter-ideograph;...font-size:10.5pt;...font-family:"Calibri",sans-serif;}..p.MsoHeader, li.MsoHeader, div.MsoHeader...{mso-style-link:"Header Char";...margin:0in;...text-align:center;...layout-grid-mode:char;...border:none;...padding:0in;...font-size:9.0pt;...font-family:"Calibri",sans-serif;}..p.MsoFooter, li.MsoFooter, div.MsoFooter...{mso-style-link:"Footer Char";...margin:0in;...layout-grid-mode:cha

C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\license_en.png

Download File
Process:C:\Users\user\Desktop\SADP.exe
File Type:PNG image data, 208 x 28, 8-bit/color RGBA, non-interlaced
Category:dropped
Size (bytes):6642
Entropy (8bit):7.953972182011067
Encrypted:false
SSDEEP:
MD5:93B3BAE90B0F88A1CB75465B5C078E6C
SHA1:4794A1088D004CB1B89C3FF0E6B9C96FDCE8FD7E
SHA-256:EC68DCE88A2A7E0845DE339746A3902CEA7237D00939A610C415D2204B8C9E3D
SHA-512:5C21F65007FCBB57AA460DB51E1FBE627DE68BC2EA9BC5F6F633D715A288B64DAAC911A1C261FE5FAAE1299057E47905EC7D8BE9816F1BA2FE1C8A0254CFD1DF
Malicious:false
Reputation:low
Preview:.PNG........IHDR...............1.....sRGB.@.}.....gAMA......a.....pHYs..........o.d....tEXtSoftware.Microsoft Office..5q...bIDATx^.w.UE..[..\W.ew.'...tvf.sv<.3........... "".&@E..s.s&u.M..h. 9'..S...O...].n........{+........?..:q.r.o.R;J&..f..fmS....gF...|c......gG..S.;tT..Z....WvV....j_...G-l.u.L+..c.u...vu..w..!..-..-....3.<..g]\..<.V.._.m.2..i;5....:.}K......V.?...6l.z.'.....W.=.......7.9.9....m....{.\R..kM=|..o.=..5t.P......x.>.5K.........x..:....._.]=..#...|.AU\\..;v...\.~..3f...G...s...S.N...oT.;u.Tu..13'ys:m.4S.q>....^S.o..Vgmx..#..3u....}..WT.....t..gEEj.s....m.8u"c0<.j.[.]..|...o.>Q.)......)...N.2...m.ZM.u.....h}ob..#.v......|..\.....qy.K[S....5s.i..=z.....j....C.j..z..r...\.....U..-.._..7nl.I......k..M.6..x......3c..u.-....k.*..9.7....;.....+T.mU...S.7o.\.3'.Mg.".../..w.m.+...........k.1...~3.{.V....1k...q...5b~{....<....OH_).<1..~.a>.!i..Ze......PT.\%.k|Qm5...v,M..f..+..\3OMSV....;&N.b..&).k.S.~?*SW./..vM..` .....C.

C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\license_en.rtf

Download File
Process:C:\Users\user\Desktop\SADP.exe
File Type:Rich Text Format data, version 1, ANSI, default middle east language ID 1025
Category:dropped
Size (bytes):264223
Entropy (8bit):4.341656624991592
Encrypted:false
SSDEEP:
MD5:F300B9C09557E881062FFD6AC69F7ADB
SHA1:CCD09D3E441D94E9A7AE361EC60305E67B215D9A
SHA-256:C9CDC60570537DAEB7B67A28164CF184C845D324BE209B335E54A1A70FB3C01C
SHA-512:2D1532AD820AA4ACBB522F56C17CCC4C23115C7D99F01A0BFE556164418D581F3E87769585C976DDF6442FF5940AC65B330FDA950C20C9DECDB9A0829634C965
Malicious:false
Reputation:low
Preview:{\rtf1\ansi\deff4\adeflang1025.{\fonttbl{\f0\froman\fprq2\fcharset0 Times New Roman;}{\f1\froman\fprq2\fcharset2 Symbol;}{\f2\fswiss\fprq2\fcharset0 Arial;}{\f3\froman\fprq2\fcharset0 Liberation Serif{\*\falt Times New Roman};}{\f4\froman\fprq2\fcharset0 Calibri;}{\f5\fswiss\fprq2\fcharset0 Liberation Sans{\*\falt Arial};}{\f6\fnil\fprq2\fcharset0 DejaVu Sans Mono;}{\f7\fnil\fprq2\fcharset128 \'91\'76\'91\'cc;}{\f8\fnil\fprq2\fcharset0 Noto Sans Devanagari UI;}{\f9\fswiss\fprq0\fcharset128 Noto Sans Devanagari UI;}{\f10\fnil\fprq2\fcharset0 Times New Roman;}}.{\colortbl;\red0\green0\blue0;\red0\green0\blue255;\red0\green255\blue255;\red0\green255\blue0;\red255\green0\blue255;\red255\green0\blue0;\red255\green255\blue0;\red255\green255\blue255;\red0\green0\blue128;\red0\green128\blue128;\red0\green128\blue0;\red128\green0\blue128;\red128\green0\blue0;\red128\green128\blue0;\red128\green128\blue128;\red192\green192\blue192;\red0\green0\blue10;}.{\stylesheet{\s0\snext0\qj\nowidctlpar\ltrp

C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\license_en.rtf.backup

Download File
Process:C:\Users\user\Desktop\SADP.exe
File Type:Rich Text Format data, version 1, ANSI, code page 936, default middle east language ID 1025
Category:dropped
Size (bytes):213143
Entropy (8bit):4.9561902013159305
Encrypted:false
SSDEEP:
MD5:C166DE4DB745CDCF34DB8E5D454A9972
SHA1:54F33B60CF6CE36E2F695AF0F258A99C99985995
SHA-256:2A342E243827CA18D8753145C4AC5D8E85321C9F09E98DD9781FB4C514A0E616
SHA-512:CF193CF02472E8C45F63A88E042E3572724E287F45C68B069DBBEEAD87CEDC4DA9FBBCF559BF7909816B7B5087992BC2A2E719BE577DBC77A6E484EBDABE20AE
Malicious:false
Reputation:low
Preview:{\rtf1\adeflang1025\ansi\ansicpg936\uc2\adeff0\deff0\stshfdbch31505\stshfloch31506\stshfhich31506\stshfbi0\deflang1033\deflangfe2052\themelang1033\themelangfe2052\themelangcs0{\fonttbl{\f0\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman;}..{\f13\fbidi \fnil\fcharset134\fprq2{\*\panose 02010600030101010101}\'cb\'ce\'cc\'e5{\*\falt SimSun};}{\f13\fbidi \fnil\fcharset134\fprq2{\*\panose 02010600030101010101}\'cb\'ce\'cc\'e5{\*\falt SimSun};}..{\f39\fbidi \fswiss\fcharset0\fprq2{\*\panose 020f0502020204030204}Calibri;}{\f40\fbidi \fnil\fcharset134\fprq2{\*\panose 00000000000000000000}@\'cb\'ce\'cc\'e5;}..{\flomajor\f31500\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman;}{\fdbmajor\f31501\fbidi \fnil\fcharset134\fprq2{\*\panose 02010600030101010101}\'cb\'ce\'cc\'e5{\*\falt SimSun};}..{\fhimajor\f31502\fbidi \froman\fcharset0\fprq2{\*\panose 02040503050406030204}Cambria;}{\fbimajor\f31503\fbidi \froman\fcharset0\fprq2{\*\panose 020206

C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\msvcp140.dll

Download File
Process:C:\Users\user\Desktop\SADP.exe
File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:dropped
Size (bytes):457512
Entropy (8bit):6.6610937021182615
Encrypted:false
SSDEEP:
MD5:B33902774CE0EDED02B0CF1B54622736
SHA1:05C4FFB6B9B9BA8A56B7A3187B7D100AB20FE8D5
SHA-256:8CABBD2AD374DA8E58374C6915592D217966E7EA7E0D4038AA21A2D92A5A0612
SHA-512:BB7B40D3907EC7D96ED2827067B9B727BF8CC660BE21D8AA40267ED25C44BF06B54654AF669C5A47DBB321B3D46275780C00FFFBC15A7AF0C5BEE03BDC3D1988
Malicious:false
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......V.............."P.......,............X......X......X......X......X..e...X......X.@.....X......Rich............PE..L.....9Z.........."!.....H...................`............................................@A....................................,.......................(?.......;...g..8............................(..@...................0...@....................text....F.......H.................. ..`.data....(...`.......L..............@....idata..H............d..............@..@.didat..4............z..............@....rsrc................|..............@..@.reloc...;.......<..................@..B........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\opengl32sw.dll

Download File
Process:C:\Users\user\Desktop\SADP.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):15995904
Entropy (8bit):6.353584600934879
Encrypted:false
SSDEEP:
MD5:8B197F55264A44B7B25046F7BA5BD7D2
SHA1:CEF69E168160968E00FFFFA136E1AF7819E7C0CE
SHA-256:25AE7577E066FA80519A8F1C314B15CDD22E4A8D3ECD2A36ECCC79E40714A91D
SHA-512:6AF2B1B17A7E3460099359A6750221AACB8F9CE0E80B346DBAFD2CBD8E579543B980F98E0AEB199E0781A045C9D6A7F2F11C8628F960C13550328487B7FA9154
Malicious:false
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l%..K...K...K.......K.......K.......K.;.....K..PH...K..PN...K..PO...K.......K...J...K..PO...K..PN.I.K..PC...K..PK...K..PI...K.Rich..K.........PE..L.....`W...........!..........H......D....................................................@..........................v.....t...........................................T...........................X...@............................................text............................... ..`.rdata....<.......<.................@..@.data...pp... ......................@....gfids..............................@..@.tls................................@..._RDATA..............................@..@.reloc..............................@..B........................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\platforms\qwindows.dll

Download File
Process:C:\Users\user\Desktop\SADP.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):1097216
Entropy (8bit):6.6479912486663535
Encrypted:false
SSDEEP:
MD5:986CACDD4265C10DCE32C486B5C97317
SHA1:1599D9B4340C6750421BADF367C6076543BAA3EB
SHA-256:FEEEFF0686EB8ED0200117EF146591EE78F70D96872FB337EDD3138D411ED4BF
SHA-512:248AE631DE93DACD88BFD8C12E1F85AF336111BF8746ED29A09E6F5DFCB704C5A2639D3A7FB756B08028483BB39F984E503BD1E6819DAC59AE96376518968F77
Malicious:false
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...................^............................<.....................<.....<.....<.....9.2....<.....Rich...........PE..L....4.[...........!.....H..........'D.......`...............................@............@.............................x...............@.......................L...p...T...................$..........@............`..X............................text...1F.......H.................. ..`.rdata..2....`.......L..............@..@.data...\5... ......................@....qtmetad.....`......................@..P.gfids..X....p......................@..@.tls................................@....rsrc...@...........................@..@.reloc..L............"..............@..B................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\printsupport\windowsprintersupport.dll

Download File
Process:C:\Users\user\Desktop\SADP.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):34304
Entropy (8bit):5.972420545783711
Encrypted:false
SSDEEP:
MD5:9CBE3DF1F9377B6972CF446D8A31B7D3
SHA1:789196193118ACBE8A33DF6C3E7EC09CEC29CA02
SHA-256:69077A7125F180063099D232DEAFF7C428BC199D9BDD4F7ECFCD0777CB1F5F1A
SHA-512:0EA1939CC797C0549E32758B6A5697640A3CA866CE643E3578D15CAC1D2F7A5D885147B013851C0B0ABBD503A9539F2483CB9FB41F6F48B0FD71CDE2F9DCADA8
Malicious:false
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........#^.sp^.sp^.spW..pZ.spe.rq\.spe.pq\.spe.vqJ.spe.wqU.sp..rqX.sp-.rqY.sp^.rp..sp..vq].sp..sq_.sp..p_.sp..qq_.spRich^.sp........................PE..L...74.[...........!.....:...J.......@.......P............................................@.........................0b.......b..........X.......................P....X..T...................4Y.......X..@............P...............................text...T8.......:.................. ..`.rdata...1...P...2...>..............@..@.data................p..............@....qtmetad.............t..............@..P.tls.................v..............@....gfids..L............x..............@..@.rsrc...X............z..............@..@.reloc..P............~..............@..B................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\rcc\guiresource.rcc

Download File
Process:C:\Users\user\Desktop\SADP.exe
File Type:Qt Binary Resource file
Category:dropped
Size (bytes):1295899
Entropy (8bit):6.3383501719455175
Encrypted:false
SSDEEP:
MD5:4EC518E739915886C5461732E4DE115A
SHA1:A05FEDDE4B8A6DD1898E464C705FE671FA8838DE
SHA-256:AB3FCDEEA4266E2C94183BCA404A95DB12C81876B9434CAB797789464F2D5AB8
SHA-512:3A34E569C0DF2136FEB2907EC64FF610FA253D16BB921C4DC02E0959EDE307808C0AE039092E935DB5229CA559AC339195486CE8ABDB9E9FF9CFEBF781DB3950
Malicious:false
Reputation:low
Preview:qres....................<?xml version="1.0" encoding="UTF-8"?>.<svg width="24px" height="24px" viewBox="0 0 24 24" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">. Generator: Sketch 52.3 (67297) - http://www.bohemiancoding.com/sketch -->. <title>.... / .. / 1 .. / 4 ....</title>. <desc>Created with Sketch.</desc>. <defs>. <polygon id="path-1" points="3 0 6 4 0 4"></polygon>. </defs>. <g id="....-/-..-/-1-..-/-4-...." stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">. <g id="icon" transform="translate(9.000000, 6.000000)">. <polygon id="traingle-down" fill-opacity="0.2" fill="#000000" points="3 12 0 8 6 8"></polygon>. <mask id="mask-2" fill="white">. <use xlink:href="#path-1"></use>. </mask>. <use id="traingle-up" fill-opacity="0.7" fill="#000000" xlink:href="#path-1"></use>. </g>

C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\runtime.txt

Download File
Process:C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exe
File Type:CSV text
Category:dropped
Size (bytes):30
Entropy (8bit):2.515270396880037
Encrypted:false
SSDEEP:
MD5:BCA66E2DADD5A3639F7F4E17F83E459B
SHA1:FEBB3596A13B12DCD1479930758A35981C4FEB43
SHA-256:D9D06E7AB590DEDCC878804B8E3B2DAB4B428BBCF0FDF0F9E1FE5CD073B83C79
SHA-512:50AD336CFCE1D0A7A1C6568C0C847F262FBD7EC3465D4CDC82397326EF5CB19121FF7EAC3D3F5F9D72A3BA9C1B980D85667C46831C1F3F14AC32FA295327C973
Malicious:false
Reputation:low
Preview:0,0..0,1..1,0..1,1..2,0..2,1..

C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\translations\appinstaller_en.qm

Download File
Process:C:\Users\user\Desktop\SADP.exe
File Type:Qt Translation file
Category:dropped
Size (bytes):7179
Entropy (8bit):4.800266330053784
Encrypted:false
SSDEEP:
MD5:37A7A37DD511C4C7333179B6E8D7080F
SHA1:AE3A35F0B81CF24F217603D288EDCE3048804A35
SHA-256:C13BD98A60B3D0DE4A4BD1301DB24B48081A43DAFBB2A97868BD7D63C90FC7B5
SHA-512:0017A5BA887314CE79EC7736E5B1A1920AF98A78100E19D84E418E7494BCF35794D6867FB21A3233171A3C3A675BF6B25EAC15A24136D790EB4246AC6FD4D144
Malicious:false
Reputation:low
Preview:<.d....!..`...B...H..LD.......V.....VcI.....W.T...c.qjI...X.v.............4.......S...!...T.tB.......Vj......H....R.R.E...I.R.E......)3......g.......g............`..Y............$.&.......b.......r.......r.....S..0.......$...m..$.............3o......8.E.....AbT.....U........h.......h........,.......,.....G(....k.m.......wf....S..d.......d....}..h......z.U...;...(...M.........-`......-`........................x.....SW.......f...L.......M.......................@.C.......C.......J.e......*.......*....Y..*....1.............l..........................5....9.......q..................@.......RA...Bi..........I.n.s.t.a.l.l.a.t.i.o.n. .C.a.n.c.e.l.e.d. ............CancelledInstallatioeqAlPXqq.....CancelPageUI.......C.o.m.p.l.e.t.e..........Complete.....CancelPageUI.......C.o.m.p.l.e.t.e.d..........Completed.....CompletedPageUI.....*.C.r.e.a.t.e. .a. .D.e.s.k.t.o.p. .I.c.o.n..........CreateAClientsideDesVsbrQlaK.....CompletedPageUI.......L.a.u.n.c.h. .C.l.i.e.n.t..........RunClientubSDsBQ

C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\translations\appinstaller_zh.qm

Download File
Process:C:\Users\user\Desktop\SADP.exe
File Type:Qt Translation file
Category:modified
Size (bytes):5426
Entropy (8bit):5.787034354070442
Encrypted:false
SSDEEP:
MD5:72A03EBFFA5BA07DF23091A8892C14A8
SHA1:DE8042DE3DA69CE0515D88AD4C649A256EF4995D
SHA-256:C973BABDC3B1066522E3F01DFBDA64F778FBAFA0C2409F20FDC5B9412A9B701C
SHA-512:45859C1ACB28D50EAF8655AA469657D09BF8F28787A49E8C2F0C5AB3FFE4288AD50F5B59909A3FD947761624809E985C753CB8B4E522F8EA7E62D52128046DA5
Malicious:false
Reputation:low
Preview:<.d....!..`...B...H..LD.......V...>.VcI.....W.T.....qjI.....v.............N.......u...!.....tB...."..Vj......H......R.E...w.R.E......)3......g....A..g....J..........Y....=.........&.......b.......r.....t.r........0.......$......$...;.......3.3o....C.8.E...:.AbT.....U.....$..h....!..h....5...,.......,...2.G(....G.m.......wf.......d.......d.......h......z.U...7...(.............-`......-`........................x...<.SW.......f...n.......K.........................C.......C.....".J.e...i..*.......*....Y..*..........|.......8...............{.......U..5...............................@....s..RA....i.........].S.m.[.............CancelledInstallatioeqAlPXqq.....CancelPageUI......[.b...........Complete.....CancelPageUI......[.b...........Completed.....CompletedPageUI......R.^.[.b7z.hL.b_.cwe._...........CreateAClientsideDesVsbrQlaK.....CompletedPageUI........L[.b7z...........RunClientubSDsBQTkH.....CompletedPageUI......[...[.b...........TheInstallationIsComntpKEzGx.....CompletedPageUI...

C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\ucrtbase.dll

Download File
Process:C:\Users\user\Desktop\SADP.exe
File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:dropped
Size (bytes):1172232
Entropy (8bit):6.803222047671955
Encrypted:false
SSDEEP:
MD5:6343FF7874BA03F78BB0DFE20B45F817
SHA1:82221A9AC1C1B8006F3F5E8539E74E3308F10BCB
SHA-256:6F8F05993B8A25CADF5E301E58194C4D23402E467229B12E40956E4F128588B3
SHA-512:63C3D3207577D4761103DAF3F9901DD0A0AE8A89694AD1128FD7E054627CDD930D1020049317C5A898411735E2F75E2103AE303E7E514B6387A3C8463A4FB994
Malicious:false
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........SH..2&@.2&@.2&@.J.@.2&@.2'@32&@.V.@.2&@.V"A.2&@.V&A.2&@.V%A.2&@.V#A.2&@.V(A.0&@.V.@.2&@.V$A.2&@Rich.2&@........PE..L....#.............!......................................................................@A................................l........ ...................=...0......P...T...............................@...............h............................text...P........................... ..`.data...............................@....idata..............................@..@.rsrc........ ......................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\vccorlib140.dll

Download File
Process:C:\Users\user\Desktop\SADP.exe
File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:dropped
Size (bytes):267592
Entropy (8bit):6.584929938715299
Encrypted:false
SSDEEP:
MD5:60F11A76E35FD4A9CD2455EA3EFF3224
SHA1:C86AA0A9864525B50A87555EB0C42AF443B262D2
SHA-256:F3BCC4A3AE6CD03E08EC48411B6927A0A163AF6F92384279C1DD7AFCB7F52293
SHA-512:B996E29B9C91BD0A3303A597ECF958648FCAFA3D5F0F5A22CC2AEBB62714A482023E7A711CB2578F3F8937F802723942717009F98D9432AC7D44918F38FCA25D
Malicious:false
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Kv.|.../.../.../.oo/.../4I...../4I...../4I...../4I...../..7/.../.../|../4I...../4I...../4I./.../4I...../Rich.../........................PE..L....PZW.........."!................@........@............................................@A.............................=..............................H?.......Q...D..8............................D..@............................................text....,.......................... ..`.data....=...@...:...2..............@....idata...............l..............@..@minATL...............|..............@..@.rsrc................~..............@..@.reloc...Q.......R..................@..B........................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\vcruntime140.dll

Download File
Process:C:\Users\user\Desktop\SADP.exe
File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:dropped
Size (bytes):83784
Entropy (8bit):6.845861669519174
Encrypted:false
SSDEEP:
MD5:A2523EA6950E248CBDF18C9EA1A844F6
SHA1:549C8C2A96605F90D79A872BE73EFB5D40965444
SHA-256:6823B98C3E922490A2F97F54862D32193900077E49F0360522B19E06E6DA24B4
SHA-512:2141C041B6BDBEE9EC10088B9D47DF02BF72143EB3619E8652296D617EFD77697F4DC8727D11998695768843B4E94A47B1AED2C6FB9F097FFC8A42CA7AAAF66A
Malicious:false
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......c..'...'...'....Yf.%.....>.,...'...........7.......4.......#.......?.......&.....R.&.......&...Rich'...................PE..L...rKZW.........."!........."...............................................P......P_....@A........................P................0..................H?...@..p.......8...............................@............................................text...d........................... ..`.data...d...........................@....idata..............................@..@_RDATA....... ......................@..@.rsrc........0......................@..@.reloc..p....@......................@..B........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\zlib1.dll

Download File
Process:C:\Users\user\Desktop\SADP.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):74240
Entropy (8bit):6.859076370787931
Encrypted:false
SSDEEP:
MD5:D1B07C831A03075BAC36AF5387DA65BD
SHA1:2D7B1BA783E0B0D6A56C1C33948E9D6ED5DAB7AD
SHA-256:9018B142C63C4E390331F2499578A1E49B0D201070B1A8730797B82372A7AEE3
SHA-512:2CACDFD977907B6986C62F0AD7C75CA36BB08B603F4ADEC4E0A9D1D2C82F958410CA6CA040E042536FC492262D14ACB4A2CEBD7231B5950A40A27B6FF012B2BF
Malicious:false
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................g.......N..........t.K......Y......^......H......O......I......L....Rich...........................PE..L...#.Ic...........!.........j...................LZ.........................`.......a..............................0 ..........<....@..,....................P.......................................................................................text.............................. ..`.rdata...X.......Z..................@..@.data...p....0......................@....rsrc...,....@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SADP\SADP.lnk

Download File
Process:C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exe
File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Mon Oct 2 12:51:12 2023, mtime=Mon Oct 2 12:51:12 2023, atime=Mon Oct 2 12:51:12 2023, length=2144768, window=hide
Category:dropped
Size (bytes):1135
Entropy (8bit):4.60985791116423
Encrypted:false
SSDEEP:
MD5:5180FEE4AAA62DC0529B840E6F29AB50
SHA1:D02650CB02DFB01ECEF24F2F87B64C65B3E3D3A0
SHA-256:5263C7604034482944654143C7C324A3A94BC52BAB8F8C60A4ED671818B51B34
SHA-512:44653B327E338B8694D30B3BB0B3CBB4AE7DB87C892F8A73A3B5EFED54520D03C238AA54D18788D70158CFC9774C734B10CE7ED192C7ACA28E9D92A5235ECDCD
Malicious:false
Reputation:low
Preview:L..................F.... .....e.7.....h.7.....h.7..... ..........................P.O. .:i.....+00.../C:\.....................1.....BWin..PROGRA~2.........sN.&BWin....^...............V........P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....N.1.....BWcn..SADP..:......BWcnBWcn.....d.....................EV.S.A.D.P.....N.1.....BWgn..SADP..:......BWcnBWgn.....d......................Z.S.A.D.P.....f.2... .BWgn .SADPTool.exe..J......BWgnBWgn..............................S.A.D.P.T.o.o.l...e.x.e.......\...............-.......[.............>~.....C:\Program Files (x86)\SADP\SADP\SADPTool.exe..-.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.S.A.D.P.\.S.A.D.P.\.S.A.D.P.T.o.o.l...e.x.e. .C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.S.A.D.P.\.S.A.D.P.........*................@Z|...K.J.........`.......X.......965543..........N...n..O...}R...c.&.G..........N...n..O...}R...c.&.G......................1SPS.XF.L8C....&.m.m................S.-.1.-.5.-.2.1.-.2.6.6.0.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SADP\Uninstall SADP.lnk

Download File
Process:C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exe
File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Mon Oct 2 12:51:21 2023, mtime=Mon Oct 2 12:51:21 2023, atime=Mon Oct 2 12:51:21 2023, length=845312, window=hide
Category:dropped
Size (bytes):1463
Entropy (8bit):4.614400450726104
Encrypted:false
SSDEEP:
MD5:D5B2B023695C48FBF0A2B50CB38F6D63
SHA1:26035EA6672518364D5A1FD5F10108B10F8B8157
SHA-256:F12B063D5D7B3300E8B1519B75875A8B26EEAD223B2EC92ECBFDD769434B80C7
SHA-512:40A09F602780A243CF29E89D939D758E340CB686C55E776F3E02D19E1E780E34FC227912A50FD73A5F1260FFFCD8AF546FA55F2DB216997F6389CF7E85ACC565
Malicious:false
Reputation:low
Preview:L..................F.... ...Pes.7....Kv.7....Kv.7...........................-....P.O. .:i.....+00.../C:\.....................1.....BWin..PROGRA~2.........sN.&BWin....^...............V........P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....h.1.....BWin..TOOLIN~1..P......BWinBWin.............................T.o.o.l. .I.n.f.o.m.a.t.i.o.n.......1.....BWkn..{7D9B7~1..~......BWinBWkn...........................zk.{.7.D.9.B.7.9.C.2.-.B.1.B.2.-.4.3.3.B.-.8.4.4.F.-.F.4.2.9.9.B.8.6.F.2.6.E.}.....h.2.....BWkn .UNINST~1.EXE..L......BWknBWkn..........................Q]y.U.n.i.n.s.t.a.l.l...e.x.e.......................-.....................>~.....C:\Program Files (x86)\Tool Infomation\{7D9B79C2-B1B2-433B-844F-F4299B86F26E}\Uninstall.exe..[.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.T.o.o.l. .I.n.f.o.m.a.t.i.o.n.\.{.7.D.9.B.7.9.C.2.-.B.1.B.2.-.4.3.3.B.-.8.4.4.F.-.F.4.2.9.9.B.8.6.F.2.6.E.}.\.U.n.i.n.s.t.a.l.l...e.x.e.M.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SADP\User Manual.lnk

Download File
Process:C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exe
File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Mon Oct 2 12:51:12 2023, mtime=Mon Oct 2 12:51:12 2023, atime=Mon Oct 2 12:51:12 2023, length=1195972, window=hide
Category:dropped
Size (bytes):1175
Entropy (8bit):4.634180070951918
Encrypted:false
SSDEEP:
MD5:5096CB88EE75352EAFF2C44FE7099480
SHA1:F5BCE00E4CD1826EC63FA799DA107A158EE06FBC
SHA-256:49B239423D01AA3494008A0E96CD461A133AE791AB0AF31247D453F041534D30
SHA-512:04042B3CC17A18642F1E9EAB86BF0DA209E5BE462CB39B515002132B05CA0C6BD18463EC5A3E090F6A203533AFCDFF4F71F7616EF9DA2B009EEA3128C4C7712F
Malicious:false
Reputation:low
Preview:L..................F.... ....M6.7...`.8.7...`.8.7....?...........................P.O. .:i.....+00.../C:\.....................1.....BWin..PROGRA~2.........sN.&BWin....^...............V........P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....N.1.....BWcn..SADP..:......BWcnBWcn.....d.....................EV.S.A.D.P.....N.1.....BWgn..SADP..:......BWcnBWkn.....d......................H.S.A.D.P.....v.2..?..BWgn .SADPUS~1.PDF..Z......BWgnBWgn...........................6..S.A.D.P. .U.s.e.r. .M.a.n.u.a.l...p.d.f.......d...............-.......c.............>~.....C:\Program Files (x86)\SADP\SADP\SADP User Manual.pdf..5.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.S.A.D.P.\.S.A.D.P.\.S.A.D.P. .U.s.e.r. .M.a.n.u.a.l...p.d.f. .C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.S.A.D.P.\.S.A.D.P.........*................@Z|...K.J.........`.......X.......965543..........N...n..O...}R...i.&.G..........N...n..O...}R...i.&.G......................1SPS.XF.L8C....&.m.m..

C:\Users\user\Desktop\SADP.lnk

Download File
Process:C:\Users\user\AppData\Local\Temp\nsgC57B.tmp\AppInstaller.exe
File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Mon Oct 2 12:51:12 2023, mtime=Mon Oct 2 12:51:21 2023, atime=Mon Oct 2 12:51:12 2023, length=2144768, window=hide
Category:modified
Size (bytes):1135
Entropy (8bit):4.616738414613265
Encrypted:false
SSDEEP:
MD5:8CAFD5DB49C02427F1EC4D6F285B16AD
SHA1:B097056E5CFE8EBF3506FF5F78734CABC4D47C36
SHA-256:BC564711757AD2D8C2D9CF4746AD2BC53BD915B3432D1E49087ECB2DA2F95F87
SHA-512:B78F35ABF7C328533BD0482539907000220E81608E143C9806F0AB856B4F52E1F7E5747C3524B6B02A5136F812D7DCCEF3ED0605579A0E77B716602646D0A815
Malicious:false
Reputation:low
Preview:L..................F.... .....e.7...M...7.....h.7..... ..........................P.O. .:i.....+00.../C:\.....................1.....BWin..PROGRA~2.........sN.&BWin....^...............V........P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....N.1.....BWcn..SADP..:......BWcnBWcn.....d.....................EV.S.A.D.P.....N.1.....BWgn..SADP..:......BWcnBWkn.....d......................H.S.A.D.P.....f.2... .BWgn .SADPTool.exe..J......BWgnBWgn..............................S.A.D.P.T.o.o.l...e.x.e.......\...............-.......[.............>~.....C:\Program Files (x86)\SADP\SADP\SADPTool.exe..-.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.S.A.D.P.\.S.A.D.P.\.S.A.D.P.T.o.o.l...e.x.e. .C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.S.A.D.P.\.S.A.D.P.........*................@Z|...K.J.........`.......X.......965543..........N...n..O...}R...c.&.G..........N...n..O...}R...c.&.G......................1SPS.XF.L8C....&.m.m................S.-.1.-.5.-.2.1.-.2.6.6.0.

Static File Info

General

File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
Entropy (8bit):7.997311254304506
TrID:
  • Win32 Executable (generic) a (10002005/4) 99.96%
  • Generic Win/DOS Executable (2004/3) 0.02%
  • DOS Executable Generic (2002/1) 0.02%
  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:SADP.exe
File size:65'313'576 bytes
MD5:bd51a46b73f84e74d4873e379b2283cd
SHA1:12c73c928da96a1288b474dff5f8441f1ad82028
SHA256:632d8fe7e574f0bbc476a5ead0f08e5bd8f6607cdf4e3aaa40279d44158d08f2
SHA512:ae6f11dbf730c5c2af07196b39178a9139d8eb57cd0d635463c9a4675e5f874082186d6ecdfcaa41f10b15a1b25f7edcc2121607b4f7529e01c35805f15dfe00
SSDEEP:1572864:QUGam3R5EL/SqyQHssCoflAuvc9m9+mUkzSYbcNRVW8WsJl3IeI1Z:uaGR5crMmflAiYW+97RVWpulYeI3
TLSH:43E733C9D19ACE5DF85F60B25B748C46A2169DAE9ECB4C50E392B30203773F285D44AF
File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(...F...F...F.*.....F...G.w.F.*.....F...v...F...@...F.Rich..F.........PE..L......].................d...|......k2............@

File Icon

Icon Hash:0f312d7d4de56c2c

Static PE Info

General

Entrypoint:0x40326b
Entrypoint Section:.text
Digitally signed:true
Imagebase:0x400000
Subsystem:windows gui
Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:0x5DF6D4F0 [Mon Dec 16 00:50:56 2019 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:4
OS Version Minor:0
File Version Major:4
File Version Minor:0
Subsystem Version Major:4
Subsystem Version Minor:0
Import Hash:e9c0657252137ac61c1eeeba4c021000

Authenticode Signature

Signature Valid:true
Signature Issuer:CN=GlobalSign GCC R45 CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE
Signature Validation Error:The operation completed successfully
Error Number:0
Not Before, Not After
  • 5/27/2021 10:09:39 AM 5/27/2024 10:09:39 AM
Subject Chain
  • CN="Hangzhou Hikvision Digital Tech.Co.,Ltd", O="Hangzhou Hikvision Digital Tech.Co.,Ltd", L=HANGZHOU, S=ZHEJIANG, C=CN
Version:3
Thumbprint MD5:F237C5EF38589E46C618DAA8863B1CEF
Thumbprint SHA-1:87F7BDB11586952BA603961F3D8C6EB4E29F79BA
Thumbprint SHA-256:E8D67C380DC49B98D23227127C04582C7F3849919DC85841A02BD090728799EF
Serial:76C177BCD7E6B6E10B9F1545
Instruction
sub esp, 00000184h
push ebx
push esi
push edi
xor ebx, ebx
push 00008001h
mov dword ptr [esp+18h], ebx
mov dword ptr [esp+10h], 0040A198h
mov dword ptr [esp+20h], ebx
mov byte ptr [esp+14h], 00000020h
call dword ptr [004080A0h]
call dword ptr [0040809Ch]
and eax, BFFFFFFFh
cmp ax, 00000006h
mov dword ptr [0042F40Ch], eax
je 00007FF6146752C3h
push ebx
call 00007FF6146783ABh
cmp eax, ebx
je 00007FF6146752B9h
push 00000C00h
call eax
mov esi, 00408298h
push esi
call 00007FF614678327h
push esi
call dword ptr [00408098h]
lea esi, dword ptr [esi+eax+01h]
cmp byte ptr [esi], bl
jne 00007FF61467529Dh
push 0000000Ah
call 00007FF61467837Fh
push 00000008h
call 00007FF614678378h
push 00000006h
mov dword ptr [0042F404h], eax
call 00007FF61467836Ch
cmp eax, ebx
je 00007FF6146752C1h
push 0000001Eh
call eax
test eax, eax
je 00007FF6146752B9h
or byte ptr [0042F40Fh], 00000040h
push ebp
call dword ptr [00408040h]
push ebx
call dword ptr [00408284h]
mov dword ptr [0042F4D8h], eax
push ebx
lea eax, dword ptr [esp+38h]
push 00000160h
push eax
push ebx
push 00429830h
call dword ptr [00408178h]
push 0040A188h
Programming Language:
  • [EXP] VC++ 6.0 SP5 build 8804
NameVirtual AddressVirtual Size Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IMPORT0x853c0xa0.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE0x390000x71498.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
IMAGE_DIRECTORY_ENTRY_SECURITY0x3e473280x2800
IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
IMAGE_DIRECTORY_ENTRY_TLS0x00x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IAT0x80000x294.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

Sections

NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
.text0x10000x62ff0x6400False0.672421875data6.457821426487787IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata0x80000x134a0x1400False0.459765625data5.238921057104071IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data0xa0000x255180x600False0.4557291666666667data4.049203760121162IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.ndata0x300000x90000x0False0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc0x390000x714980x71600False0.21534548993936053data4.780065266614771IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
NameRVASizeTypeLanguageCountryZLIB Complexity
RT_ICON0x393b80x42028Device independent bitmap graphic, 256 x 512 x 32, image size 270336EnglishUnited States0.1705476817469006
RT_ICON0x7b3e00x10828Device independent bitmap graphic, 128 x 256 x 32, image size 67584EnglishUnited States0.19883473323080564
RT_ICON0x8bc080x94a8Device independent bitmap graphic, 96 x 192 x 32, image size 38016EnglishUnited States0.30258040782005463
RT_ICON0x950b00x67e8Device independent bitmap graphic, 80 x 160 x 32, image size 26560EnglishUnited States0.29969924812030074
RT_ICON0x9b8980x5488Device independent bitmap graphic, 72 x 144 x 32, image size 21600EnglishUnited States0.33484288354898334
RT_ICON0xa0d200x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16896EnglishUnited States0.2838332546055739
RT_ICON0xa4f480x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.3955394190871369
RT_ICON0xa74f00x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.4294090056285178
RT_ICON0xa85980x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishUnited States0.5668032786885245
RT_ICON0xa8f200x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsEnglishUnited States0.43641618497109824
RT_ICON0xa94880x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.6640070921985816
RT_DIALOG0xa98f00x202dataEnglishUnited States0.4085603112840467
RT_DIALOG0xa9af80xf8dataEnglishUnited States0.6290322580645161
RT_DIALOG0xa9bf00xeedataEnglishUnited States0.6260504201680672
RT_GROUP_ICON0xa9ce00xa0dataEnglishUnited States0.68125
RT_VERSION0xa9d800x2e4dataEnglishUnited States0.4418918918918919
RT_MANIFEST0xaa0680x42eXML 1.0 document, ASCII text, with very long lines (1070), with no line terminatorsEnglishUnited States0.5130841121495328
DLLImport
KERNEL32.dllGetTempPathA, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, SetEnvironmentVariableA, Sleep, GetTickCount, GetCommandLineA, lstrlenA, GetVersion, SetErrorMode, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GetWindowsDirectoryA, SetFileAttributesA, GetLastError, CreateDirectoryA, CreateProcessA, RemoveDirectoryA, CreateFileA, GetTempFileNameA, ReadFile, WriteFile, lstrcpyA, MoveFileExA, lstrcatA, GetSystemDirectoryA, GetProcAddress, GetExitCodeProcess, WaitForSingleObject, CompareFileTime, SetFileTime, GetFileAttributesA, SetCurrentDirectoryA, MoveFileA, GetFullPathNameA, GetShortPathNameA, SearchPathA, CloseHandle, lstrcmpiA, CreateThread, GlobalLock, lstrcmpA, DeleteFileA, FindFirstFileA, FindNextFileA, FindClose, SetFilePointer, GetPrivateProfileStringA, WritePrivateProfileStringA, MulDiv, MultiByteToWideChar, FreeLibrary, LoadLibraryExA, GetModuleHandleA, GlobalAlloc, GlobalFree, ExpandEnvironmentStringsA
USER32.dllGetSystemMenu, SetClassLongA, EnableMenuItem, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, ScreenToClient, GetWindowRect, GetDlgItem, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, GetDC, ReleaseDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, EndDialog, RegisterClassA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, ExitWindowsEx, LoadImageA, CreateDialogParamA, SetTimer, SetWindowTextA, SetForegroundWindow, ShowWindow, SetWindowLongA, SendMessageTimeoutA, FindWindowExA, IsWindow, AppendMenuA, TrackPopupMenu, CreatePopupMenu, DrawTextA, EndPaint, DestroyWindow, wsprintfA, PostQuitMessage
GDI32.dllSelectObject, SetTextColor, SetBkMode, CreateFontIndirectA, CreateBrushIndirect, DeleteObject, GetDeviceCaps, SetBkColor
SHELL32.dllSHGetSpecialFolderLocation, ShellExecuteExA, SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, SHFileOperationA
ADVAPI32.dllAdjustTokenPrivileges, RegCreateKeyExA, RegOpenKeyExA, SetFileSecurityA, OpenProcessToken, LookupPrivilegeValueA, RegEnumValueA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegSetValueExA, RegQueryValueExA, RegEnumKeyA
COMCTL32.dllImageList_Create, ImageList_AddMasked, ImageList_Destroy
ole32.dllOleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance

Possible Origin

Language of compilation systemCountry where language is spokenMap
EnglishUnited States