Overview

overview

10

Static

static

1

14c63d1c89...8f.exe

windows7_x64

10

14c63d1c89...8f.exe

windows10_x64

10

Analysis

  • max time kernel
    149s
  • max time network
    128s
  • platform
    windows10_x64
  • resource
    win10v200722
  • submitted
    11-09-2020 10:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    14c63d1c8979ac3e55720fbfedd7f1f7fb68bbf16a2ca2882284817cf01ccd8f.exe

  • Size

    14.6MB

  • MD5

    18067be70aad9ca5d329663e35ed5cde

  • SHA1

    8655fc0484f35513527268f7313334dc2c2d5953

  • SHA256

    14c63d1c8979ac3e55720fbfedd7f1f7fb68bbf16a2ca2882284817cf01ccd8f

  • SHA512

    8b071bbe15118e69873a600e2bdb15125f8c6ae1ab133b1951fbbf52b4dddd65734088dd51f84de716f9c2cbb22bcda40c83d129d8594fbb839a3975355277ed

Score
10/10
stealeradwarediscoverypersistencetrojanbackdoormetasploitspyware

Malware Config

Extracted

Family

metasploit

Version

windows/download_exec

C2

http://39.101.174.221:12358/LWbW

Attributes
  • headers User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MALCJS)

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit
  • Registers COM server for autorun 1 TTPs
    persistence
  • Drops file in Drivers directory 3 IoCs
  • Executes dropped EXE 35 IoCs
  • Loads dropped DLL 71 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Installs/modifies Browser Helper Object 2 TTPs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • JavaScript code in executable 15 IoCs
  • Drops file in System32 directory 28 IoCs
  • Modifies service 2 TTPs 671 IoCs
    persistence
  • Drops file in Program Files directory 151 IoCs
  • Drops file in Windows directory 11 IoCs
  • NSIS installer 30 IoCs
    installer
  • Checks SCSI registry key(s) 3 TTPs 124 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 89 IoCs
  • Modifies registry class 381 IoCs
  • Modifies system certificate store 2 TTPs 21 IoCs
    evasionspywaretrojan
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: LoadsDriver 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 20 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 123 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\14c63d1c8979ac3e55720fbfedd7f1f7fb68bbf16a2ca2882284817cf01ccd8f.exe
    "C:\Users\Admin\AppData\Local\Temp\14c63d1c8979ac3e55720fbfedd7f1f7fb68bbf16a2ca2882284817cf01ccd8f.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3900
    • C:\Users\Admin\AppData\Local\Temp\TaskServer.exe
      TaskServer.exe
      2⤵
      • Executes dropped EXE
      PID:2972
    • C:\Users\Admin\AppData\Local\Temp\EasyConnectInstaller_.exe
      EasyConnectInstaller_.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in System32 directory
      • Modifies service
      • Drops file in Program Files directory
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2560
      • C:\Program Files (x86)\Sangfor\SSL\ClientComponent\Uninstall.exe
        "C:\Program Files (x86)\Sangfor\SSL\ClientComponent\Uninstall.exe" -QUICKREPAIR -HIDE -NODELSESSION -SessionId=-1
        3⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of SetWindowsHookEx
        PID:3336
      • C:\Program Files (x86)\Sangfor\SSL\ClientComponent\SangforCSClientInstaller.exe
        "C:\Program Files (x86)\Sangfor\SSL\ClientComponent\SangforCSClientInstaller.exe" -SessionId=-1
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in System32 directory
        • Drops file in Program Files directory
        • Modifies Internet Explorer settings
        • Suspicious behavior: EnumeratesProcesses
        PID:3868
      • C:\Program Files (x86)\Sangfor\SSL\ClientComponent\TcpDriverInstaller.exe
        "C:\Program Files (x86)\Sangfor\SSL\ClientComponent\TcpDriverInstaller.exe" -SessionId=-1
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:3972
        • C:\Program Files (x86)\Sangfor\SSL\TcpDriver\Remove.exe
          "C:\Program Files (x86)\Sangfor\SSL\TcpDriver\Remove.exe"
          4⤵
          • Executes dropped EXE
          PID:1972
        • C:\Program Files (x86)\Sangfor\SSL\TcpDriver\Install.exe
          "C:\Program Files (x86)\Sangfor\SSL\TcpDriver\Install.exe"
          4⤵
          • Executes dropped EXE
          PID:3968
      • C:\Program Files (x86)\Sangfor\SSL\ClientComponent\DnsDriverInstaller.exe
        "C:\Program Files (x86)\Sangfor\SSL\ClientComponent\DnsDriverInstaller.exe" -SessionId=-1
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:3952
        • C:\Program Files (x86)\Sangfor\SSL\DnsDriver\Remove.exe
          "C:\Program Files (x86)\Sangfor\SSL\DnsDriver\Remove.exe"
          4⤵
          • Executes dropped EXE
          PID:1216
        • C:\Program Files (x86)\Sangfor\SSL\DnsDriver\Install.exe
          "C:\Program Files (x86)\Sangfor\SSL\DnsDriver\Install.exe"
          4⤵
          • Executes dropped EXE
          PID:2072
      • C:\Program Files (x86)\Sangfor\SSL\ClientComponent\SuperExeInstaller.exe
        "C:\Program Files (x86)\Sangfor\SSL\ClientComponent\SuperExeInstaller.exe" -SessionId=-1
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:3100
        • C:\Windows\SysWOW64\expand.exe
          "expand.exe" -r "C:\Program Files (x86)\Sangfor\SSL\Promote\SangforPromote.CAB" "C:\Program Files (x86)\Sangfor\SSL\Promote"
          4⤵
          • Drops file in Program Files directory
          • Drops file in Windows directory
          PID:3776
      • C:\Program Files (x86)\Sangfor\SSL\ClientComponent\SangforServiceClientInstaller.exe
        "C:\Program Files (x86)\Sangfor\SSL\ClientComponent\SangforServiceClientInstaller.exe" -SessionId=-1
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious use of WriteProcessMemory
        PID:2100
        • C:\Windows\SysWOW64\expand.exe
          "expand.exe" -r "C:\Program Files (x86)\Sangfor\SSL\SangforServiceClient\SangforServiceClient.CAB" "C:\Program Files (x86)\Sangfor\SSL\SangforServiceClient"
          4⤵
          • Drops file in Program Files directory
          • Drops file in Windows directory
          PID:3948
      • C:\Program Files (x86)\Sangfor\SSL\ClientComponent\VC2010RedistX86UInstaller.exe
        "C:\Program Files (x86)\Sangfor\SSL\ClientComponent\VC2010RedistX86UInstaller.exe"
        3⤵
        • Executes dropped EXE
        • Drops file in System32 directory
        PID:984
      • C:\Program Files (x86)\Sangfor\SSL\ClientComponent\HTPInstaller.exe
        "C:\Program Files (x86)\Sangfor\SSL\ClientComponent\HTPInstaller.exe" -SessionId=-1
        3⤵
        • Executes dropped EXE
        • Drops file in Program Files directory
        PID:3392
      • C:\Program Files (x86)\Sangfor\SSL\ClientComponent\SJobberInstaller.exe
        "C:\Program Files (x86)\Sangfor\SSL\ClientComponent\SJobberInstaller.exe" -SessionId=-1
        3⤵
        • Executes dropped EXE
        • Drops file in Program Files directory
        PID:3904
      • C:\Program Files (x86)\Sangfor\SSL\ClientComponent\SangforUpdateInstaller.exe
        "C:\Program Files (x86)\Sangfor\SSL\ClientComponent\SangforUpdateInstaller.exe" -SessionId=-1
        3⤵
        • Executes dropped EXE
        • Drops file in Program Files directory
        PID:1176
      • C:\Program Files (x86)\Sangfor\SSL\ClientComponent\SangforRAppInstaller.exe
        "C:\Program Files (x86)\Sangfor\SSL\ClientComponent\SangforRAppInstaller.exe" -SessionId=-1
        3⤵
        • Executes dropped EXE
        • Drops file in Program Files directory
        PID:812
      • C:\Program Files (x86)\Sangfor\SSL\ClientComponent\InstallControl.exe
        "C:\Program Files (x86)\Sangfor\SSL\ClientComponent\InstallControl.exe" -SessionId=-1
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Modifies registry class
        PID:1172
      • C:\Program Files (x86)\Sangfor\SSL\ClientComponent\VNICInstaller_X64.exe
        "C:\Program Files (x86)\Sangfor\SSL\ClientComponent\VNICInstaller_X64.exe" -SessionId=-1
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:2808
        • C:\Program Files (x86)\Sangfor\SSL\CSClient\VNIC\ndiscleanup.x64.exe
          "C:\Program Files (x86)\Sangfor\SSL\CSClient\VNIC\ndiscleanup.x64.exe"
          4⤵
          • Executes dropped EXE
          PID:3988
        • C:\Program Files (x86)\Sangfor\SSL\CSClient\VNIC\vacon.exe
          "C:\Program Files (x86)\Sangfor\SSL\CSClient\VNIC\vacon.exe" install "C:\Program Files (x86)\Sangfor\SSL\CSClient\VNIC\SangforCertificate.cer" "C:\Program Files (x86)\Sangfor\SSL\CSClient\VNIC\SangforCertificate256.cer" "C:\Program Files (x86)\Sangfor\SSL\CSClient\VNIC\SangforVNIC.inf" SangforVNIC
          4⤵
          • Executes dropped EXE
          • Drops file in System32 directory
          • Modifies service
          • Drops file in Windows directory
          • Checks SCSI registry key(s)
          • Modifies system certificate store
          • Suspicious use of AdjustPrivilegeToken
          PID:3956
        • C:\Program Files (x86)\Sangfor\SSL\CSClient\VNIC\SetIPTime.exe
          "C:\Program Files (x86)\Sangfor\SSL\CSClient\VNIC\SetIPTime.exe"
          4⤵
          • Executes dropped EXE
          PID:3988
          • C:\Windows\SysWOW64\netsh.exe
            netsh interface ip set interface 2 dadtransmits=0
            5⤵
              PID:2568
        • C:\Program Files (x86)\Sangfor\SSL\ClientComponent\ComHelperX64.exe
          "C:\Program Files (x86)\Sangfor\SSL\ClientComponent\ComHelperX64.exe" reg ProxyIEX64.dll "C:\Program Files (x86)\Sangfor\SSL\ClientComponent\SangforTcpX64.dll"
          3⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Modifies service
          • Modifies registry class
          PID:3880
        • C:\Program Files (x86)\Sangfor\SSL\ClientComponent\ComHelperX64.exe
          "C:\Program Files (x86)\Sangfor\SSL\ClientComponent\ComHelperX64.exe" reg SangforNspX64.dll "C:\Program Files (x86)\Sangfor\SSL\ClientComponent\SangforNspX64.dll"
          3⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Modifies service
          • Modifies registry class
          PID:688
        • C:\Program Files (x86)\Sangfor\SSL\ClientComponent\ECBaseInstaller.exe
          "C:\Program Files (x86)\Sangfor\SSL\ClientComponent\ECBaseInstaller.exe" -SessionId=-1
          3⤵
          • Executes dropped EXE
          PID:2708
        • C:\Program Files (x86)\Sangfor\SSL\ClientComponent\ECAgentInstaller.exe
          "C:\Program Files (x86)\Sangfor\SSL\ClientComponent\ECAgentInstaller.exe" -SessionId=-1
          3⤵
          • Executes dropped EXE
          • Drops file in Program Files directory
          PID:2428
          • C:\Program Files (x86)\Sangfor\SSL\ECAgent\ECAgent.exe
            "C:\Program Files (x86)\Sangfor\SSL\ECAgent\ECAgent.exe" --restart
            4⤵
            • Executes dropped EXE
            • Loads dropped DLL
            PID:3108
        • C:\Program Files (x86)\Sangfor\SSL\ClientComponent\SuperServiceInstaller.exe
          "C:\Program Files (x86)\Sangfor\SSL\ClientComponent\SuperServiceInstaller.exe" -SessionId=-1
          3⤵
          • Executes dropped EXE
          PID:8
          • C:\Program Files (x86)\Sangfor\SSL\Promote\SangforPromoteService.exe
            "C:\Program Files (x86)\Sangfor\SSL\Promote\SangforPromoteService.exe" -/StopServer
            4⤵
            • Executes dropped EXE
            PID:3964
          • C:\Program Files (x86)\Sangfor\SSL\Promote\SangforPromoteService.exe
            "C:\Program Files (x86)\Sangfor\SSL\Promote\SangforPromoteService.exe" -/StartServer
            4⤵
            • Executes dropped EXE
            PID:1308
    • \??\c:\windows\system32\svchost.exe
      c:\windows\system32\svchost.exe -k netsvcs -s NetSetupSvc
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:1352
    • \??\c:\windows\system32\svchost.exe
      c:\windows\system32\svchost.exe -k dcomlaunch -s DeviceInstall
      1⤵
      • Drops file in Windows directory
      • Checks SCSI registry key(s)
      • Suspicious use of AdjustPrivilegeToken
      PID:3492
      • C:\Windows\system32\DrvInst.exe
        DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{10ceac9c-42e5-144f-b2cf-5244379a6f30}\sangforvnic.inf" "9" "493d7628f" "0000000000000174" "WinSta0\Default" "0000000000000178" "208" "c:\program files (x86)\sangfor\ssl\csclient\vnic"
        2⤵
        • Drops file in System32 directory
        • Drops file in Windows directory
        • Checks SCSI registry key(s)
        • Modifies data under HKEY_USERS
        PID:3964
      • C:\Windows\system32\DrvInst.exe
        DrvInst.exe "2" "211" "ROOT\NET\0000" "C:\Windows\INF\oem2.inf" "sangforvnic.inf:3beb73aff103cc24:SangforVNIC.ndi:5.9.0.0:sangforvnic," "493d7628f" "0000000000000174"
        2⤵
        • Drops file in Drivers directory
        • Drops file in System32 directory
        • Modifies service
        • Drops file in Windows directory
        • Checks SCSI registry key(s)
        • Suspicious use of AdjustPrivilegeToken
        PID:616
    • \??\c:\windows\system32\svchost.exe
      c:\windows\system32\svchost.exe -k netsvcs -s DsmSvc
      1⤵
      • Checks SCSI registry key(s)
      • Modifies data under HKEY_USERS
      PID:2104
    • \??\c:\windows\system32\svchost.exe
      c:\windows\system32\svchost.exe -k netsvcs -s NetSetupSvc
      1⤵
      • Modifies service
      • Suspicious use of AdjustPrivilegeToken
      PID:3032
    • C:\Program Files (x86)\Sangfor\SSL\Promote\SangforPromoteService.exe
      "C:\Program Files (x86)\Sangfor\SSL\Promote\SangforPromoteService.exe"
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Modifies data under HKEY_USERS
      PID:3172
      • C:\Program Files (x86)\Sangfor\SSL\ECAgent\ECAgent.exe
        "C:\Program Files (x86)\Sangfor\SSL\ECAgent\ECAgent.exe" --import-sys --enable-loopback
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in System32 directory
        • Modifies system certificate store
        PID:2784
        • C:\Windows\SysWOW64\CheckNetIsolation.exe
          CheckNetIsolation.exe LoopbackExempt -a -n="Microsoft.MicrosoftEdge_8wekyb3d8bbwe"
          3⤵
            PID:184
          • C:\Windows\SysWOW64\CheckNetIsolation.exe
            CheckNetIsolation.exe LoopbackExempt -a -n="Microsoft.Windows.Spartan_cw5n1h2txyewy"
            3⤵
              PID:804
          • C:\Program Files (x86)\Sangfor\SSL\ECAgent\ECAgent.exe
            "C:\Program Files (x86)\Sangfor\SSL\ECAgent\ECAgent.exe" --from-sp
            2⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Suspicious behavior: EnumeratesProcesses
            PID:2752
          • C:\Program Files (x86)\Sangfor\SSL\ECAgent\ECAgent.exe
            "C:\Program Files (x86)\Sangfor\SSL\ECAgent\ECAgent.exe" --import-nss --enable-ie-loopback
            2⤵
            • Executes dropped EXE
            PID:2412
          • C:\Program Files (x86)\Sangfor\SSL\ECAgent\ECAgent.exe
            "C:\Program Files (x86)\Sangfor\SSL\ECAgent\ECAgent.exe" --import-sys --enable-loopback
            2⤵
            • Executes dropped EXE
            • Drops file in System32 directory
            • Modifies data under HKEY_USERS
            • Modifies system certificate store
            PID:3880
            • C:\Windows\SysWOW64\CheckNetIsolation.exe
              CheckNetIsolation.exe LoopbackExempt -a -n="Microsoft.MicrosoftEdge_8wekyb3d8bbwe"
              3⤵
                PID:688
              • C:\Windows\SysWOW64\CheckNetIsolation.exe
                CheckNetIsolation.exe LoopbackExempt -a -n="Microsoft.Windows.Spartan_cw5n1h2txyewy"
                3⤵
                  PID:3648

            Network

            MITRE ATT&CK Matrix ATT&CK v6

            Initial Access

            Execution

            Persistence

            Registry Run Keys / Startup Folder

            1
            T1060

            Browser Extensions

            1
            T1176

            Modify Existing Service

            1
            T1031

            Privilege Escalation

            Defense Evasion

            Modify Registry

            4
            T1112

            Install Root Certificate

            1
            T1130

            Credential Access

            Credentials in Files

            1
            T1081

            Discovery

            Query Registry

            2
            T1012

            Peripheral Device Discovery

            1
            T1120

            System Information Discovery

            1
            T1082

            Lateral Movement

            Collection

            Data from Local System

            1
            T1005

            Exfiltration

            Command and Control

            Impact

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\PROGRA~2\Sangfor\SSL\CLIENT~1\ND_DKE~1.CAB
              Download Submit
            • C:\Program Files (x86)\Sangfor\SSL\CSClient\VNIC\SangforCertificate.cer
              Download Submit
            • C:\Program Files (x86)\Sangfor\SSL\CSClient\VNIC\SangforCertificate256.cer
              Download Submit
            • C:\Program Files (x86)\Sangfor\SSL\CSClient\VNIC\SangforVNIC.inf
              Download Submit
            • C:\Program Files (x86)\Sangfor\SSL\CSClient\VNIC\SetIPTime.exe
              Download Submit
            • C:\Program Files (x86)\Sangfor\SSL\CSClient\VNIC\SetIPTime.exe
              Download Submit
            • C:\Program Files (x86)\Sangfor\SSL\CSClient\VNIC\ndiscleanup.x64.exe
              Download Submit
            • C:\Program Files (x86)\Sangfor\SSL\CSClient\VNIC\ndiscleanup.x64.exe
              Download Submit
            • C:\Program Files (x86)\Sangfor\SSL\CSClient\VNIC\vacon.exe
              Download Submit
            • C:\Program Files (x86)\Sangfor\SSL\CSClient\VNIC\vacon.exe
              Download Submit
            • C:\Program Files (x86)\Sangfor\SSL\ClientComponent\ComHelperX64.exe
              Download Submit
            • C:\Program Files (x86)\Sangfor\SSL\ClientComponent\ComHelperX64.exe
              Download Submit
            • C:\Program Files (x86)\Sangfor\SSL\ClientComponent\ComHelperX64.exe
              Download Submit
            • C:\Program Files (x86)\Sangfor\SSL\ClientComponent\DnsDriverInstaller.exe
              Download Submit
            • C:\Program Files (x86)\Sangfor\SSL\ClientComponent\DnsDriverInstaller.exe
              Download Submit
            • C:\Program Files (x86)\Sangfor\SSL\ClientComponent\ECAgentInstaller.exe
              Download Submit
            • C:\Program Files (x86)\Sangfor\SSL\ClientComponent\ECAgentInstaller.exe
              Download Submit
            • C:\Program Files (x86)\Sangfor\SSL\ClientComponent\ECBaseInstaller.exe
              Download Submit
            • C:\Program Files (x86)\Sangfor\SSL\ClientComponent\ECBaseInstaller.exe
              Download Submit
            • C:\Program Files (x86)\Sangfor\SSL\ClientComponent\HTPInstaller.exe
              Download Submit
            • C:\Program Files (x86)\Sangfor\SSL\ClientComponent\HTPInstaller.exe
              Download Submit
            • C:\Program Files (x86)\Sangfor\SSL\ClientComponent\InstallControl.exe
              Download Submit
            • C:\Program Files (x86)\Sangfor\SSL\ClientComponent\InstallControl.exe
              Download Submit
            • C:\Program Files (x86)\Sangfor\SSL\ClientComponent\SJobberInstaller.exe
              Download Submit
            • C:\Program Files (x86)\Sangfor\SSL\ClientComponent\SJobberInstaller.exe
              Download Submit
            • C:\Program Files (x86)\Sangfor\SSL\ClientComponent\SangforCSClientInstaller.exe
              Download Submit
            • C:\Program Files (x86)\Sangfor\SSL\ClientComponent\SangforCSClientInstaller.exe
              Download Submit
            • C:\Program Files (x86)\Sangfor\SSL\ClientComponent\SangforCore.dll
              Download Submit
            • C:\Program Files (x86)\Sangfor\SSL\ClientComponent\SangforNspX64.dll
              Download Submit
            • C:\Program Files (x86)\Sangfor\SSL\ClientComponent\SangforRAppInstaller.exe
              Download Submit
            • C:\Program Files (x86)\Sangfor\SSL\ClientComponent\SangforRAppInstaller.exe
              Download Submit
            • C:\Program Files (x86)\Sangfor\SSL\ClientComponent\SangforServiceClientInstaller.exe
              Download Submit
            • C:\Program Files (x86)\Sangfor\SSL\ClientComponent\SangforServiceClientInstaller.exe
              Download Submit
            • C:\Program Files (x86)\Sangfor\SSL\ClientComponent\SangforTcp.dll
              Download Submit
            • C:\Program Files (x86)\Sangfor\SSL\ClientComponent\SangforTcpX64.dll
              Download Submit
            • C:\Program Files (x86)\Sangfor\SSL\ClientComponent\SangforUpdateInstaller.exe
              Download Submit
            • C:\Program Files (x86)\Sangfor\SSL\ClientComponent\SangforUpdateInstaller.exe
              Download Submit
            • C:\Program Files (x86)\Sangfor\SSL\ClientComponent\SuperExeInstaller.exe
              Download Submit
            • C:\Program Files (x86)\Sangfor\SSL\ClientComponent\SuperExeInstaller.exe
              Download Submit
            • C:\Program Files (x86)\Sangfor\SSL\ClientComponent\SuperServiceInstaller.exe
              Download Submit
            • C:\Program Files (x86)\Sangfor\SSL\ClientComponent\SuperServiceInstaller.exe
              Download Submit
            • C:\Program Files (x86)\Sangfor\SSL\ClientComponent\TcpDriverInstaller.exe
              Download Submit
            • C:\Program Files (x86)\Sangfor\SSL\ClientComponent\TcpDriverInstaller.exe
              Download Submit
            • C:\Program Files (x86)\Sangfor\SSL\ClientComponent\Uninstall.exe
              Download Submit
            • C:\Program Files (x86)\Sangfor\SSL\ClientComponent\Uninstall.exe
              Download Submit
            • C:\Program Files (x86)\Sangfor\SSL\ClientComponent\VC2010RedistX86UInstaller.exe
              Download Submit
            • C:\Program Files (x86)\Sangfor\SSL\ClientComponent\VC2010RedistX86UInstaller.exe
              Download Submit
            • C:\Program Files (x86)\Sangfor\SSL\ClientComponent\VNICInstaller_X64.exe
              Download Submit
            • C:\Program Files (x86)\Sangfor\SSL\ClientComponent\VNICInstaller_X64.exe
              Download Submit
            • C:\Program Files (x86)\Sangfor\SSL\DnsDriver\Install.exe
              Download Submit
            • C:\Program Files (x86)\Sangfor\SSL\DnsDriver\Install.exe
              Download Submit
            • C:\Program Files (x86)\Sangfor\SSL\DnsDriver\Remove.exe
              Download Submit
            • C:\Program Files (x86)\Sangfor\SSL\DnsDriver\Remove.exe
              Download Submit
            • C:\Program Files (x86)\Sangfor\SSL\ECAgent\ECAgent.exe
              Download Submit
            • C:\Program Files (x86)\Sangfor\SSL\ECAgent\ECAgent.exe
              Download Submit
            • C:\Program Files (x86)\Sangfor\SSL\ECAgent\ECAgent.exe
              Download Submit
            • C:\Program Files (x86)\Sangfor\SSL\ECAgent\ECAgent.exe
              Download Submit
            • C:\Program Files (x86)\Sangfor\SSL\ECAgent\ECAgent.exe
              Download Submit
            • C:\Program Files (x86)\Sangfor\SSL\ECAgent\ECAgent.exe
              Download Submit
            • C:\Program Files (x86)\Sangfor\SSL\ECAgent\ECBase.dll
              Download Submit
            • C:\Program Files (x86)\Sangfor\SSL\ECAgent\SANGFORVPNLIBEAY32.dll
              Download Submit
            • C:\Program Files (x86)\Sangfor\SSL\ECAgent\SANGFORVPNSSLEAY32.dll
              Download Submit
            • C:\Program Files (x86)\Sangfor\SSL\Promote\MSVCP60.dll
              Download Submit
            • C:\Program Files (x86)\Sangfor\SSL\Promote\SangforPromote.exe
              Download Submit
            • C:\Program Files (x86)\Sangfor\SSL\Promote\SangforPromoteService.exe
              Download Submit
            • C:\Program Files (x86)\Sangfor\SSL\Promote\SangforPromoteService.exe
              Download Submit
            • C:\Program Files (x86)\Sangfor\SSL\Promote\SangforPromoteService.exe
              Download Submit
            • C:\Program Files (x86)\Sangfor\SSL\Promote\SangforPromoteService.exe
              Download Submit
            • C:\Program Files (x86)\Sangfor\SSL\SangforServiceClient\SangforServiceClient.exe
              Download Submit
            • C:\Program Files (x86)\Sangfor\SSL\TcpDriver\Install.exe
              Download Submit
            • C:\Program Files (x86)\Sangfor\SSL\TcpDriver\Install.exe
              Download Submit
            • C:\Program Files (x86)\Sangfor\SSL\TcpDriver\Remove.exe
              Download Submit
            • C:\Program Files (x86)\Sangfor\SSL\TcpDriver\Remove.exe
              Download Submit
            • C:\Users\Admin\AppData\Local\Temp\EasyConnectInstaller_.exe
              Download Submit
            • C:\Users\Admin\AppData\Local\Temp\EasyConnectInstaller_.exe
              Download Submit
            • C:\Users\Admin\AppData\Local\Temp\TaskServer.exe
              Download Submit
            • C:\Users\Admin\AppData\Local\Temp\TaskServer.exe
              Download Submit
            • C:\Users\Admin\AppData\Local\Temp\{10CEA~1\SangforVnic.cat
              Download Submit
            • C:\Users\Admin\AppData\Local\Temp\{10CEA~1\SangforVnic.sys
              Download Submit
            • C:\Users\Admin\AppData\Local\Temp\{10ceac9c-42e5-144f-b2cf-5244379a6f30}\sangforvnic.inf
              Download Submit
            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e64br7r6.Admin\cert8.db
              Download Submit
            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e64br7r6.Admin\key3.db
              Download Submit
            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e64br7r6.Admin\secmod.db
              Download Submit
            • C:\Users\Admin\AppData\Roaming\Sangfor\SSL\Log\ECAgent_20200911.log
              Download Submit
            • C:\Windows\INF\oem2.PNF
              Download Submit
            • C:\Windows\INF\oem2.inf
              Download Submit
            • C:\Windows\Logs\DPX\setupact.log
              Download Submit
            • C:\Windows\SysWOW64\MSVCR100.dll
              Download Submit
            • C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Sangfor\SSL\Log\ECAgent_20200911.log
              Download Submit
            • C:\Windows\System32\DRIVER~1\FILERE~1\SANGFO~1.INF\SangforVnic.sys
              Download Submit
            • C:\Windows\System32\DriverStore\FileRepository\sangforvnic.inf_amd64_9183b83f3b2f3cd1\SangforVnic.cat
              Download Submit
            • C:\Windows\System32\DriverStore\FileRepository\sangforvnic.inf_amd64_9183b83f3b2f3cd1\sangforvnic.inf
              Download Submit
            • \??\c:\PROGRA~2\sangfor\ssl\csclient\vnic\SANGFO~1.SYS
              Download Submit
            • \??\c:\program files (x86)\sangfor\ssl\csclient\vnic\SangforVnic.cat
              Download Submit
            • \??\c:\program files (x86)\sangfor\ssl\promote\sangforpromote.cab
              Download Submit
            • \??\c:\program files (x86)\sangfor\ssl\sangforserviceclient\sangforserviceclient.cab
              Download Submit
            • \Program Files (x86)\Sangfor\SSL\ClientComponent\CSClientManagerPrj.dll
              Download Submit
            • \Program Files (x86)\Sangfor\SSL\ClientComponent\CSClientManagerPrj.dll
              Download Submit
            • \Program Files (x86)\Sangfor\SSL\ClientComponent\Nddkey\FT_ND_API.dll
              Download Submit
            • \Program Files (x86)\Sangfor\SSL\ClientComponent\Nddkey\FT_ND_SC.dll
              Download Submit
            • \Program Files (x86)\Sangfor\SSL\ClientComponent\SSOClientPrj.dll
              Download Submit
            • \Program Files (x86)\Sangfor\SSL\ClientComponent\SSOClientPrj.dll
              Download Submit
            • \Program Files (x86)\Sangfor\SSL\ClientComponent\SangforBHO.dll
              Download Submit
            • \Program Files (x86)\Sangfor\SSL\ClientComponent\SangforBHO.dll
              Download Submit
            • \Program Files (x86)\Sangfor\SSL\ClientComponent\SangforCDC.dll
              Download Submit
            • \Program Files (x86)\Sangfor\SSL\ClientComponent\SangforCDC.dll
              Download Submit
            • \Program Files (x86)\Sangfor\SSL\ClientComponent\SangforCore.dll
              Download Submit
            • \Program Files (x86)\Sangfor\SSL\ClientComponent\SangforCore.dll
              Download Submit
            • \Program Files (x86)\Sangfor\SSL\ClientComponent\SangforCore.dll
              Download Submit
            • \Program Files (x86)\Sangfor\SSL\ClientComponent\SangforL3Vpn.dll
              Download Submit
            • \Program Files (x86)\Sangfor\SSL\ClientComponent\SangforL3Vpn.dll
              Download Submit
            • \Program Files (x86)\Sangfor\SSL\ClientComponent\SangforNsp.dll
              Download Submit
            • \Program Files (x86)\Sangfor\SSL\ClientComponent\SangforNsp.dll
              Download Submit
            • \Program Files (x86)\Sangfor\SSL\ClientComponent\SangforNspX64.dll
              Download Submit
            • \Program Files (x86)\Sangfor\SSL\ClientComponent\SangforSddn.dll
              Download Submit
            • \Program Files (x86)\Sangfor\SSL\ClientComponent\SangforSddn.dll
              Download Submit
            • \Program Files (x86)\Sangfor\SSL\ClientComponent\SangforTcp.dll
              Download Submit
            • \Program Files (x86)\Sangfor\SSL\ClientComponent\SangforTcp.dll
              Download Submit
            • \Program Files (x86)\Sangfor\SSL\ClientComponent\SangforTcp.dll
              Download Submit
            • \Program Files (x86)\Sangfor\SSL\ClientComponent\SangforTcp.dll
              Download Submit
            • \Program Files (x86)\Sangfor\SSL\ClientComponent\SangforTcp.dll
              Download Submit
            • \Program Files (x86)\Sangfor\SSL\ClientComponent\SangforTcp.dll
              Download Submit
            • \Program Files (x86)\Sangfor\SSL\ClientComponent\SangforTcpX64.dll
              Download Submit
            • \Program Files (x86)\Sangfor\SSL\ClientComponent\UrlWarrent.dll
              Download Submit
            • \Program Files (x86)\Sangfor\SSL\ECAgent\ECBase.dll
              Download Submit
            • \Program Files (x86)\Sangfor\SSL\ECAgent\SangforVpnLibeay32.dll
              Download Submit
            • \Program Files (x86)\Sangfor\SSL\ECAgent\SangforVpnLibeay32.dll
              Download Submit
            • \Program Files (x86)\Sangfor\SSL\ECAgent\SangforVpnLibeay32.dll
              Download Submit
            • \Program Files (x86)\Sangfor\SSL\ECAgent\SangforVpnLibeay32.dll
              Download Submit
            • \Program Files (x86)\Sangfor\SSL\ECAgent\SangforVpnLibeay32.dll
              Download Submit
            • \Program Files (x86)\Sangfor\SSL\ECAgent\SangforVpnLibeay32.dll
              Download Submit
            • \Program Files (x86)\Sangfor\SSL\ECAgent\SangforVpnSsleay32.dll
              Download Submit
            • \Program Files (x86)\Sangfor\SSL\ECAgent\SangforVpnSsleay32.dll
              Download Submit
            • \Program Files (x86)\Sangfor\SSL\ECAgent\SangforVpnSsleay32.dll
              Download Submit
            • \Program Files (x86)\Sangfor\SSL\ECAgent\SangforVpnSsleay32.dll
              Download Submit
            • \Program Files (x86)\Sangfor\SSL\ECAgent\SangforVpnSsleay32.dll
              Download Submit
            • \Program Files (x86)\Sangfor\SSL\Promote\msvcp60.dll
              Download Submit
            • \Program Files (x86)\Sangfor\SSL\Promote\msvcp60.dll
              Download Submit
            • \Program Files (x86)\Sangfor\SSL\Promote\msvcp60.dll
              Download Submit
            • \Program Files (x86)\Sangfor\SSL\Promote\msvcp60.dll
              Download Submit
            • \Users\Admin\AppData\Local\Temp\nscB202.tmp\System.dll
              Download Submit
            • \Users\Admin\AppData\Local\Temp\nscB202.tmp\System.dll
              Download Submit
            • \Users\Admin\AppData\Local\Temp\nsiB30C.tmp\System.dll
              Download Submit
            • \Users\Admin\AppData\Local\Temp\nsjC2CB.tmp\System.dll
              Download Submit
            • \Users\Admin\AppData\Local\Temp\nsjC2CB.tmp\System.dll
              Download Submit
            • \Users\Admin\AppData\Local\Temp\nsjC2CB.tmp\nsExec.dll
              Download Submit
            • \Users\Admin\AppData\Local\Temp\nsjC2CB.tmp\nsExec.dll
              Download Submit
            • \Users\Admin\AppData\Local\Temp\nsjC2CB.tmp\nsExec.dll
              Download Submit
            • \Users\Admin\AppData\Local\Temp\nsjC2CB.tmp\nsExec.dll
              Download Submit
            • \Users\Admin\AppData\Local\Temp\nsjC2CB.tmp\nsExec.dll
              Download Submit
            • \Users\Admin\AppData\Local\Temp\nslAEE5.tmp\KillProcDLL.dll
              Download Submit
            • \Users\Admin\AppData\Local\Temp\nslAEE5.tmp\System.dll
              Download Submit
            • \Users\Admin\AppData\Local\Temp\nsp867D.tmp\SkinBtn.dll
              Download Submit
            • \Users\Admin\AppData\Local\Temp\nsp867D.tmp\SkinBtn.dll
              Download Submit
            • \Users\Admin\AppData\Local\Temp\nsp867D.tmp\SkinProgress.dll
              Download Submit
            • \Users\Admin\AppData\Local\Temp\nsp867D.tmp\SkinProgress.dll
              Download Submit
            • \Users\Admin\AppData\Local\Temp\nsp867D.tmp\System.dll
              Download Submit
            • \Users\Admin\AppData\Local\Temp\nsp867D.tmp\dbdStaticCtrl.dll
              Download Submit
            • \Users\Admin\AppData\Local\Temp\nsp867D.tmp\dbdStaticCtrl.dll
              Download Submit
            • \Users\Admin\AppData\Local\Temp\nstB657.tmp\nsExec.dll
              Download Submit
            • \Users\Admin\AppData\Local\Temp\nsyB454.tmp\nsExec.dll
              Download Submit
            • \Windows\SysWOW64\SangforInstallHelper.dll
              Download Submit
            • \Windows\SysWOW64\msvcr100.dll
              Download Submit
            • \Windows\SysWOW64\msvcr100.dll
              Download Submit
            • \Windows\SysWOW64\msvcr100.dll
              Download Submit
            • \Windows\SysWOW64\msvcr100.dll
              Download Submit
            • \Windows\SysWOW64\msvcr100.dll
              Download Submit
            • memory/8-163-0x0000000000000000-mapping.dmp
              Download
            • memory/184-196-0x0000000000000000-mapping.dmp
              Download
            • memory/616-125-0x0000000000000000-mapping.dmp
              Download
            • memory/688-141-0x0000000000000000-mapping.dmp
              Download
            • memory/688-937-0x0000000000000000-mapping.dmp
              Download
            • memory/804-198-0x0000000000000000-mapping.dmp
              Download
            • memory/812-92-0x0000000000000000-mapping.dmp
              Download
            • memory/984-80-0x0000000000000000-mapping.dmp
              Download
            • memory/1172-95-0x0000000000000000-mapping.dmp
              Download
            • memory/1176-89-0x0000000000000000-mapping.dmp
              Download
            • memory/1216-58-0x0000000000000000-mapping.dmp
              Download
            • memory/1308-169-0x0000000000000000-mapping.dmp
              Download
            • memory/1972-47-0x0000000000000000-mapping.dmp
              Download
            • memory/2072-62-0x0000000000000000-mapping.dmp
              Download
            • memory/2100-72-0x0000000000000000-mapping.dmp
              Download
            • memory/2412-923-0x0000000000000000-mapping.dmp
              Download
            • memory/2428-148-0x0000000000000000-mapping.dmp
              Download
            • memory/2560-3-0x0000000000000000-mapping.dmp
              Download
            • memory/2568-135-0x0000000000000000-mapping.dmp
              Download
            • memory/2708-145-0x0000000000000000-mapping.dmp
              Download
            • memory/2752-201-0x0000000003920000-0x0000000003921000-memory.dmp
              Filesize

              4KB

              Download
            • memory/2752-199-0x0000000003920000-0x0000000003921000-memory.dmp
              Filesize

              4KB

              Download
            • memory/2752-531-0x0000000004220000-0x0000000004221000-memory.dmp
              Filesize

              4KB

              Download
            • memory/2752-465-0x0000000003920000-0x0000000003921000-memory.dmp
              Filesize

              4KB

              Download
            • memory/2752-193-0x0000000003920000-0x0000000003921000-memory.dmp
              Filesize

              4KB

              Download
            • memory/2752-194-0x0000000004120000-0x0000000004121000-memory.dmp
              Filesize

              4KB

              Download
            • memory/2752-195-0x0000000003920000-0x0000000003921000-memory.dmp
              Filesize

              4KB

              Download
            • memory/2752-395-0x0000000003920000-0x0000000003921000-memory.dmp
              Filesize

              4KB

              Download
            • memory/2752-288-0x0000000003920000-0x0000000003921000-memory.dmp
              Filesize

              4KB

              Download
            • memory/2752-242-0x0000000003920000-0x0000000003921000-memory.dmp
              Filesize

              4KB

              Download
            • memory/2752-200-0x0000000003920000-0x0000000003921000-memory.dmp
              Filesize

              4KB

              Download
            • memory/2752-185-0x0000000000000000-mapping.dmp
              Download
            • memory/2752-207-0x0000000003920000-0x0000000003921000-memory.dmp
              Filesize

              4KB

              Download
            • memory/2784-180-0x0000000000000000-mapping.dmp
              Download
            • memory/2808-101-0x0000000000000000-mapping.dmp
              Download
            • memory/2972-9-0x0000000001506000-0x0000000001507000-memory.dmp
              Filesize

              4KB

              Download
            • memory/2972-0-0x0000000000000000-mapping.dmp
              Download
            • memory/3100-65-0x0000000000000000-mapping.dmp
              Download
            • memory/3108-151-0x0000000000000000-mapping.dmp
              Download
            • memory/3336-17-0x0000000000000000-mapping.dmp
              Download
            • memory/3392-83-0x0000000000000000-mapping.dmp
              Download
            • memory/3648-938-0x0000000000000000-mapping.dmp
              Download
            • memory/3776-69-0x0000000000000000-mapping.dmp
              Download
            • memory/3868-39-0x0000000000000000-mapping.dmp
              Download
            • memory/3880-925-0x0000000000000000-mapping.dmp
              Download
            • memory/3880-136-0x0000000000000000-mapping.dmp
              Download
            • memory/3904-86-0x0000000000000000-mapping.dmp
              Download
            • memory/3948-76-0x0000000000000000-mapping.dmp
              Download
            • memory/3952-55-0x0000000000000000-mapping.dmp
              Download
            • memory/3956-112-0x0000000000000000-mapping.dmp
              Download
            • memory/3964-166-0x0000000000000000-mapping.dmp
              Download
            • memory/3964-120-0x0000000000000000-mapping.dmp
              Download
            • memory/3968-52-0x0000000000000000-mapping.dmp
              Download
            • memory/3972-44-0x0000000000000000-mapping.dmp
              Download
            • memory/3988-132-0x0000000000000000-mapping.dmp
              Download
            • memory/3988-105-0x0000000000000000-mapping.dmp
              Download