743c9ffe4cd2ceb6aef5cfc1609abe1e95b8c08d0abd3cd7204b6b66a4fd42b0

Analysis

max time kernel
46s
max time network
39s
platform
windows7_x64
resource
win7v20201028
submitted
17-11-2020 12:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9bb0dd4768b54912bd52b88cdbc56f9a.exe
Size

1010KB
MD5

55fd74f80b5676407da337cdbabc4052
SHA1

ed046dc1cd23fd8fd6c8b269267fe9b2e1583163
SHA256

743c9ffe4cd2ceb6aef5cfc1609abe1e95b8c08d0abd3cd7204b6b66a4fd42b0
SHA512

23f3747b53f2a1519df9cf4a38e7f52d3635e62049334d1b90799780e993b66efb6dc38324d57d30ec9930d09bad2e47bc223fab3c12485d86c556654327ebcd

Score

8^/10

discovery persistence upx

Malware Config

Signatures

Executes dropped EXE 7 IoCs

Processes:

irsetup.exeDtsGuard.exeDtsMainCon.exeDtsGuard.exeDtsMainProc.exeDtsMainCon.exeDtsMainProc.exe

pid process

1376 irsetup.exe
1628 DtsGuard.exe
1824 DtsMainCon.exe
1664 DtsGuard.exe
1384 DtsMainProc.exe
1492 DtsMainCon.exe
1892 DtsMainProc.exe

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe	upx
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe	upx
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe	upx
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe	upx
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe	upx
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe	upx

Loads dropped DLL 28 IoCs

Processes:

9bb0dd4768b54912bd52b88cdbc56f9a.exeirsetup.exeDtsGuard.exeDtsMainCon.exeDtsGuard.exeDtsMainProc.exeDtsMainCon.exeDtsMainProc.exe

pid	process
1900	9bb0dd4768b54912bd52b88cdbc56f9a.exe
1900	9bb0dd4768b54912bd52b88cdbc56f9a.exe
1900	9bb0dd4768b54912bd52b88cdbc56f9a.exe
1900	9bb0dd4768b54912bd52b88cdbc56f9a.exe
1376	irsetup.exe
1376	irsetup.exe
1376	irsetup.exe
1376	irsetup.exe
1628	DtsGuard.exe
1824	DtsMainCon.exe
1628	DtsGuard.exe
1628	DtsGuard.exe
1628	DtsGuard.exe
1824	DtsMainCon.exe
1628	DtsGuard.exe
1664	DtsGuard.exe
1664	DtsGuard.exe
1824	DtsMainCon.exe
1824	DtsMainCon.exe
1384	DtsMainProc.exe
1384	DtsMainProc.exe
1384	DtsMainProc.exe
1384	DtsMainProc.exe
1492	DtsMainCon.exe
1492	DtsMainCon.exe
1492	DtsMainCon.exe
1892	DtsMainProc.exe
1892	DtsMainProc.exe

Adds Run key to start application 2 TTPs 8 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

DtsMainCon.exeDtsMainProc.exeDtsMainCon.exeDtsMainProc.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000\Software\Microsoft\Windows\CurrentVersion\Run\DtsMainCon = "C:\\Users\\Admin\\AppData\\Roaming\\DreamTong\\SmartService\\Common\\DtsMainCon.exe -wQGxLVE"	DtsMainCon.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000\Software\Microsoft\Windows\CurrentVersion\Run\DtsMainProc = "C:\\Users\\Admin\\AppData\\Roaming\\DreamTong\\SmartService\\Common\\DtsMainProc.exe -wQGxLVE"	DtsMainCon.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000\Software\Microsoft\Windows\CurrentVersion\Run\DtsMainCon = "C:\\Users\\Admin\\AppData\\Roaming\\DreamTong\\SmartService\\Common\\DtsMainCon.exe -t cDamBi"	DtsMainProc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000\Software\Microsoft\Windows\CurrentVersion\Run\DtsMainProc = "C:\\Users\\Admin\\AppData\\Roaming\\DreamTong\\SmartService\\Common\\DtsMainProc.exe /Y mqQEBvN"	DtsMainProc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000\Software\Microsoft\Windows\CurrentVersion\Run\DtsMainCon = "C:\\Users\\Admin\\AppData\\Roaming\\DreamTong\\SmartService\\Common\\DtsMainCon.exe -tOEvJTC"	DtsMainCon.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000\Software\Microsoft\Windows\CurrentVersion\Run\DtsMainProc = "C:\\Users\\Admin\\AppData\\Roaming\\DreamTong\\SmartService\\Common\\DtsMainProc.exe -tOEvJTC"	DtsMainCon.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000\Software\Microsoft\Windows\CurrentVersion\Run\DtsMainCon = "C:\\Users\\Admin\\AppData\\Roaming\\DreamTong\\SmartService\\Common\\DtsMainCon.exe -t iVIjF"	DtsMainProc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000\Software\Microsoft\Windows\CurrentVersion\Run\DtsMainProc = "C:\\Users\\Admin\\AppData\\Roaming\\DreamTong\\SmartService\\Common\\DtsMainProc.exe /Y gOfRVvjga"	DtsMainProc.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in System32 directory 4 IoCs

Processes:

irsetup.exe

description	ioc	process
File opened for modification	C:\Windows\SysWOW64\MSINET.OCX	irsetup.exe
File created	C:\Windows\SysWOW64\MSINET.OCX	irsetup.exe
File opened for modification	C:\Windows\SysWOW64\VB6KO.DLL	irsetup.exe
File created	C:\Windows\SysWOW64\VB6KO.DLL	irsetup.exe

Modifies registry class 86 IoCs

Processes:

DtsGuard.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59292-9880-11CF-9754-00AA00C00908}\ProxyStubClsid32	DtsGuard.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\InetCtls.Inet\CLSID\ = "{48E59293-9880-11CF-9754-00AA00C00908}"	DtsGuard.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\Version	DtsGuard.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\MiscStatus\1	DtsGuard.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}\1.0\FLAGS	DtsGuard.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\TypeLib	DtsGuard.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352}	DtsGuard.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\Implemented Categories\{0DE86A53-2BAA-11CF-A229-00AA003D7352}	DtsGuard.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}\1.0\HELPDIR\	DtsGuard.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\TypeLib	DtsGuard.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{48E59292-9880-11CF-9754-00AA00C00908}\ = "DInetEvents"	DtsGuard.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59292-9880-11CF-9754-00AA00C00908}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	DtsGuard.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59292-9880-11CF-9754-00AA00C00908}\TypeLib\Version = "1.0"	DtsGuard.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}	DtsGuard.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\ProxyStubClsid32	DtsGuard.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\MiscStatus\1\ = "132497"	DtsGuard.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\Version\ = "1.0"	DtsGuard.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59295-9880-11CF-9754-00AA00C00908}	DtsGuard.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\TypeLib\ = "{48E59290-9880-11CF-9754-00AA00C00908}"	DtsGuard.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\InprocServer32	DtsGuard.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\InprocServer32\ThreadingModel = "Apartment"	DtsGuard.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}\1.0\0	DtsGuard.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{48E59292-9880-11CF-9754-00AA00C00908}\TypeLib\Version = "1.0"	DtsGuard.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\ = "Microsoft Internet Transfer Control 6.0 (SP6)"	DtsGuard.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\ProgID	DtsGuard.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\Implemented Categories\{0DE86A52-2BAA-11CF-A229-00AA003D7352}	DtsGuard.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59294-9880-11CF-9754-00AA00C00908}	DtsGuard.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}	DtsGuard.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\TypeLib	DtsGuard.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\InetCtls.Inet.1\ = "Microsoft Internet Transfer Control 6.0 (SP6)"	DtsGuard.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\Control	DtsGuard.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\Implemented Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502}	DtsGuard.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59294-9880-11CF-9754-00AA00C00908}\ = "Internet Control General Property Page Object"	DtsGuard.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59294-9880-11CF-9754-00AA00C00908}\InprocServer32	DtsGuard.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}\1.0	DtsGuard.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\TypeLib\Version = "1.0"	DtsGuard.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	DtsGuard.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\Programmable	DtsGuard.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59292-9880-11CF-9754-00AA00C00908}	DtsGuard.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{48E59292-9880-11CF-9754-00AA00C00908}	DtsGuard.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\InetCtls.Inet.1\CLSID\ = "{48E59293-9880-11CF-9754-00AA00C00908}"	DtsGuard.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}\1.0\0\win32	DtsGuard.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	DtsGuard.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{48E59292-9880-11CF-9754-00AA00C00908}\ProxyStubClsid32	DtsGuard.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{48E59292-9880-11CF-9754-00AA00C00908}\TypeLib	DtsGuard.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\InetCtls.Inet.1	DtsGuard.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\InetCtls.Inet\CurVer\ = "InetCtls.Inet.1"	DtsGuard.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{48E59291-9880-11CF-9754-00AA00C00908}	DtsGuard.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\TypeLib\ = "{48E59290-9880-11CF-9754-00AA00C00908}"	DtsGuard.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{48E59292-9880-11CF-9754-00AA00C00908}\TypeLib\ = "{48E59290-9880-11CF-9754-00AA00C00908}"	DtsGuard.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}	DtsGuard.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\InetCtls.Inet.1\CLSID	DtsGuard.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\ToolboxBitmap32\ = "C:\\Windows\\SysWow64\\MSINET.OCX, 1"	DtsGuard.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59291-9880-11CF-9754-00AA00C00908}	DtsGuard.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59292-9880-11CF-9754-00AA00C00908}\ = "DInetEvents"	DtsGuard.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59292-9880-11CF-9754-00AA00C00908}\TypeLib	DtsGuard.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\InetCtls.Inet\ = "Microsoft Internet Transfer Control 6.0 (SP6)"	DtsGuard.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59295-9880-11CF-9754-00AA00C00908}	DtsGuard.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59295-9880-11CF-9754-00AA00C00908}\InprocServer32\ = "C:\\Windows\\SysWow64\\MSINET.OCX"	DtsGuard.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59292-9880-11CF-9754-00AA00C00908}\TypeLib\ = "{48E59290-9880-11CF-9754-00AA00C00908}"	DtsGuard.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\VersionIndependentProgID\ = "InetCtls.Inet"	DtsGuard.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\InetCtls.Inet\CurVer	DtsGuard.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\MiscStatus\ = "0"	DtsGuard.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\ToolboxBitmap32	DtsGuard.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

DtsMainProc.exe

pid process

1892 DtsMainProc.exe

pid	process
1892	DtsMainProc.exe

Suspicious use of SetWindowsHookEx 12 IoCs

Processes:

irsetup.exeDtsGuard.exeDtsMainCon.exeDtsGuard.exeDtsMainProc.exeDtsMainCon.exeDtsMainProc.exe

pid	process
1376	irsetup.exe
1376	irsetup.exe
1628	DtsGuard.exe
1824	DtsMainCon.exe
1664	DtsGuard.exe
1384	DtsMainProc.exe
1384	DtsMainProc.exe
1384	DtsMainProc.exe
1492	DtsMainCon.exe
1892	DtsMainProc.exe
1892	DtsMainProc.exe
1892	DtsMainProc.exe

Suspicious use of WriteProcessMemory 31 IoCs

Processes:

9bb0dd4768b54912bd52b88cdbc56f9a.exeirsetup.exeDtsGuard.exeDtsMainCon.exeDtsMainProc.exeDtsMainCon.exe

description	pid	process	target process
PID 1900 wrote to memory of 1376	1900	9bb0dd4768b54912bd52b88cdbc56f9a.exe	irsetup.exe
PID 1900 wrote to memory of 1376	1900	9bb0dd4768b54912bd52b88cdbc56f9a.exe	irsetup.exe
PID 1900 wrote to memory of 1376	1900	9bb0dd4768b54912bd52b88cdbc56f9a.exe	irsetup.exe
PID 1900 wrote to memory of 1376	1900	9bb0dd4768b54912bd52b88cdbc56f9a.exe	irsetup.exe
PID 1900 wrote to memory of 1376	1900	9bb0dd4768b54912bd52b88cdbc56f9a.exe	irsetup.exe
PID 1900 wrote to memory of 1376	1900	9bb0dd4768b54912bd52b88cdbc56f9a.exe	irsetup.exe
PID 1900 wrote to memory of 1376	1900	9bb0dd4768b54912bd52b88cdbc56f9a.exe	irsetup.exe
PID 1376 wrote to memory of 1824	1376	irsetup.exe	DtsMainCon.exe
PID 1376 wrote to memory of 1824	1376	irsetup.exe	DtsMainCon.exe
PID 1376 wrote to memory of 1824	1376	irsetup.exe	DtsMainCon.exe
PID 1376 wrote to memory of 1824	1376	irsetup.exe	DtsMainCon.exe
PID 1376 wrote to memory of 1628	1376	irsetup.exe	DtsGuard.exe
PID 1376 wrote to memory of 1628	1376	irsetup.exe	DtsGuard.exe
PID 1376 wrote to memory of 1628	1376	irsetup.exe	DtsGuard.exe
PID 1376 wrote to memory of 1628	1376	irsetup.exe	DtsGuard.exe
PID 1628 wrote to memory of 1664	1628	DtsGuard.exe	DtsGuard.exe
PID 1628 wrote to memory of 1664	1628	DtsGuard.exe	DtsGuard.exe
PID 1628 wrote to memory of 1664	1628	DtsGuard.exe	DtsGuard.exe
PID 1628 wrote to memory of 1664	1628	DtsGuard.exe	DtsGuard.exe
PID 1824 wrote to memory of 1384	1824	DtsMainCon.exe	DtsMainProc.exe
PID 1824 wrote to memory of 1384	1824	DtsMainCon.exe	DtsMainProc.exe
PID 1824 wrote to memory of 1384	1824	DtsMainCon.exe	DtsMainProc.exe
PID 1824 wrote to memory of 1384	1824	DtsMainCon.exe	DtsMainProc.exe
PID 1384 wrote to memory of 1492	1384	DtsMainProc.exe	DtsMainCon.exe
PID 1384 wrote to memory of 1492	1384	DtsMainProc.exe	DtsMainCon.exe
PID 1384 wrote to memory of 1492	1384	DtsMainProc.exe	DtsMainCon.exe
PID 1384 wrote to memory of 1492	1384	DtsMainProc.exe	DtsMainCon.exe
PID 1492 wrote to memory of 1892	1492	DtsMainCon.exe	DtsMainProc.exe
PID 1492 wrote to memory of 1892	1492	DtsMainCon.exe	DtsMainProc.exe
PID 1492 wrote to memory of 1892	1492	DtsMainCon.exe	DtsMainProc.exe
PID 1492 wrote to memory of 1892	1492	DtsMainCon.exe	DtsMainProc.exe

C:\Users\Admin\AppData\Local\Temp\9bb0dd4768b54912bd52b88cdbc56f9a.exe
"C:\Users\Admin\AppData\Local\Temp\9bb0dd4768b54912bd52b88cdbc56f9a.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1900

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
"C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:662050 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\9bb0dd4768b54912bd52b88cdbc56f9a.exe" "__IRCT:2" "__IRTSS:0" "__IRSID:S-1-5-21-3825035466-2522850611-591511364-1000"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1376

C:\Users\Admin\AppData\Roaming\DreamTong\SmartService\Common\DtsMainCon.exe
C:\Users\Admin\AppData\Roaming\DreamTong\SmartService\Common\DtsMainCon.exe /f
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1824

C:\Users\Admin\AppData\Roaming\DreamTong\SmartService\Common\DtsMainProc.exe
C:\Users\Admin\AppData\Roaming\DreamTong\SmartService\Common\DtsMainProc.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1384

C:\Users\Admin\AppData\Roaming\DreamTong\SmartService\Common\DtsMainCon.exe
C:\Users\Admin\AppData\Roaming\DreamTong\SmartService\Common\DtsMainCon.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1492

C:\Users\Admin\AppData\Roaming\DreamTong\SmartService\Common\DtsMainProc.exe
C:\Users\Admin\AppData\Roaming\DreamTong\SmartService\Common\DtsMainProc.exe
6⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1892

C:\Users\Admin\AppData\Roaming\DreamTong\SmartService\Guard\DtsGuard.exe
C:\Users\Admin\AppData\Roaming\DreamTong\SmartService\Guard\DtsGuard.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1628

C:\Users\Admin\AppData\Roaming\DreamTong\SmartService\Guard\DtsGuard.exe
"C:\Users\Admin\AppData\Roaming\DreamTong\SmartService\Guard\DtsGuard.exe"
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1664

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
MD5
3fe7c92dba5c9240b4ab0d6a87e6166a

SHA1
7980d7dffc073515b621834246dda33ab00c308d

SHA256
a7818c1e0dad1cbba4d17809688887adeeafe940a3cb53a6aeabdfcd196f7258

SHA512
bd2c87b2d02b80b90f744a101bbb9294b1d90650a338be725028e6649e46a759fa72032e80ffe911ae82b005b4d2394960e7b73ce7ad8fe3a70e8a47d2a7c98d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
MD5
3fe7c92dba5c9240b4ab0d6a87e6166a

SHA1
7980d7dffc073515b621834246dda33ab00c308d

SHA256
a7818c1e0dad1cbba4d17809688887adeeafe940a3cb53a6aeabdfcd196f7258

SHA512
bd2c87b2d02b80b90f744a101bbb9294b1d90650a338be725028e6649e46a759fa72032e80ffe911ae82b005b4d2394960e7b73ce7ad8fe3a70e8a47d2a7c98d

Download Submit
C:\Users\Admin\AppData\Roaming\DreamTong\SmartService\Common\DtsMainCon.exe
MD5
c448ea767a76414990f9239a2a6cdf78

SHA1
cee71958d6a21824769767d4ea2fbf21e69f77b1

SHA256
eb11b977b920f6cfa6ba14120d3671f60781ca50a28849b1c1ad718a37b0668b

SHA512
f33c5997bf3fe3dc933f7cc145a150552f0cfba2de0cab6e75495480d1da32095c22aae91d36738a550072dfe5dcbf444522e0d03a9467fcd04dd6a03a9bdf12

Download Submit
C:\Users\Admin\AppData\Roaming\DreamTong\SmartService\Common\DtsMainCon.exe
MD5
87f2facab6f1d0737098d6cf7dce6cb1

SHA1
a6e4bb86b497fcf913779ffd3a3f06bd714f1978

SHA256
2e4f52139ce0f3558ba2964a8efbf0cec7ab164a485102b2a0f7e107f84c651a

SHA512
392b933c428aee13f72678f6940f49bd62b92a04a7f465e403788988f76919bcc8eab5a4ae4d82efcb0c15dc025e2e2043375d260ef2bcfad0fdfa2516fbf06a

Download Submit
C:\Users\Admin\AppData\Roaming\DreamTong\SmartService\Common\DtsMainCon.exe
MD5
d03a4a47b7e64fb387f7d97852f26fee

SHA1
11c035a8dadfb0333d2863d9ea8e895cf5335b3c

SHA256
e12eda8dddc9145cb83ff481888e26e763c9602cfdc175d6cc07e2d02b618a60

SHA512
c78a4e294a89a51f1f638a99b665e61614254188a022a02684f8c761b78a445b491b98b8052507d1f16a83652d80ffe3970584571285409a45a5255449176616

Download Submit
C:\Users\Admin\AppData\Roaming\DreamTong\SmartService\Common\DtsMainProc.exe
MD5
55017c4d9797ff9cf7455fa9c0799cc9

SHA1
d80982a190a6de92b1c095289a48e4873a888036

SHA256
d9032fa943e22160e8de2d43978e8919874c4ecf9a149ad04430ddf1738afef8

SHA512
415d35af0abb69923ad0dd5c794fb59996a61e7104c51bc9c41ffcf745d6675a89193a49a376f3f5dfae3b78cf9b239aa5c5e526b6ebc8c7cdd66b4608ecd49b

Download Submit
C:\Users\Admin\AppData\Roaming\DreamTong\SmartService\Common\DtsMainProc.exe
MD5
dcc367d0604d1be8d776d0f5814126de

SHA1
62ca3b4d77029ca902fe63ff127bbfe0f9b03750

SHA256
d40120b11f784de7e95c7456245b867053fdb63f523c4883ba50cb30ee17ac98

SHA512
24dc759a6dbd7f9fae327845a060265ab06d71ca80290f1fe99dd6a2dd4eaa54d12cb00a945b4bacb5ed611f87bc69dc5642b9ef36eaf151a4a6bd50663407bd

Download Submit
C:\Users\Admin\AppData\Roaming\DreamTong\SmartService\Common\DtsMainProc.exe
MD5
dcc367d0604d1be8d776d0f5814126de

SHA1
62ca3b4d77029ca902fe63ff127bbfe0f9b03750

SHA256
d40120b11f784de7e95c7456245b867053fdb63f523c4883ba50cb30ee17ac98

SHA512
24dc759a6dbd7f9fae327845a060265ab06d71ca80290f1fe99dd6a2dd4eaa54d12cb00a945b4bacb5ed611f87bc69dc5642b9ef36eaf151a4a6bd50663407bd

Download Submit
C:\Users\Admin\AppData\Roaming\DreamTong\SmartService\Common\DtsMainProc.exe
MD5
dcc367d0604d1be8d776d0f5814126de

SHA1
62ca3b4d77029ca902fe63ff127bbfe0f9b03750

SHA256
d40120b11f784de7e95c7456245b867053fdb63f523c4883ba50cb30ee17ac98

SHA512
24dc759a6dbd7f9fae327845a060265ab06d71ca80290f1fe99dd6a2dd4eaa54d12cb00a945b4bacb5ed611f87bc69dc5642b9ef36eaf151a4a6bd50663407bd

Download Submit
C:\Users\Admin\AppData\Roaming\DreamTong\SmartService\Guard\DtsGuard.exe
MD5
80ef8ee4b908b05f66b4203d2ee0e93e

SHA1
0d71acc156287d48932032dfbfbe12f89e5cce70

SHA256
a97e9188899ab57c2c7bef202f4179f70b007a40ac30dc06fdd8ec42ab1d94f6

SHA512
db7d6ff39f2b797bbb16b943e235d0067ee5a7617301cbe5d422017b2ca717ddb0332dd050de875a461691e791c355eb730c864caeaba037ad6aa1c1bb4da1d4

Download Submit
C:\Users\Admin\AppData\Roaming\DreamTong\SmartService\Guard\DtsGuard.exe
MD5
80ef8ee4b908b05f66b4203d2ee0e93e

SHA1
0d71acc156287d48932032dfbfbe12f89e5cce70

SHA256
a97e9188899ab57c2c7bef202f4179f70b007a40ac30dc06fdd8ec42ab1d94f6

SHA512
db7d6ff39f2b797bbb16b943e235d0067ee5a7617301cbe5d422017b2ca717ddb0332dd050de875a461691e791c355eb730c864caeaba037ad6aa1c1bb4da1d4

Download Submit
C:\Users\Admin\AppData\Roaming\DreamTong\SmartService\Guard\DtsGuard.exe
MD5
80ef8ee4b908b05f66b4203d2ee0e93e

SHA1
0d71acc156287d48932032dfbfbe12f89e5cce70

SHA256
a97e9188899ab57c2c7bef202f4179f70b007a40ac30dc06fdd8ec42ab1d94f6

SHA512
db7d6ff39f2b797bbb16b943e235d0067ee5a7617301cbe5d422017b2ca717ddb0332dd050de875a461691e791c355eb730c864caeaba037ad6aa1c1bb4da1d4

Download Submit
C:\Windows\SysWOW64\MSINET.OCX
MD5
90a39346e9b67f132ef133725c487ff6

SHA1
9cd22933f628465c863bed7895d99395acaa5d2a

SHA256
e55627932120be87c7950383a75a5712b0ff2c00b8d18169195ad35bc2502fc2

SHA512
0337817b9194a10b946d7381a84a2aeefd21445986afef1b9ae5a52921e598cdb0d1a576bdf8391f1ebf8be74950883a6f50ad1f61ff08678782c6b05a18adbf

Download Submit
C:\Windows\SysWOW64\vb6ko.dll
MD5
84742b5754690ed667372be561cf518d

SHA1
ef97aa43f804f447498568fc33704800b91a7381

SHA256
52b64e2bfc9ee0b807f2095726ace9e911bcd907054ac15686a4e7d2fd4dc751

SHA512
72ac19a3665a01519dac2ad43eb6178a66ad7f4e167f2a882cbca242978f8debe3e15d0e210c3b0391590699999f33a1fd5de4ca6559ff894b4e6cb4ac1415a0

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
MD5
3fe7c92dba5c9240b4ab0d6a87e6166a

SHA1
7980d7dffc073515b621834246dda33ab00c308d

SHA256
a7818c1e0dad1cbba4d17809688887adeeafe940a3cb53a6aeabdfcd196f7258

SHA512
bd2c87b2d02b80b90f744a101bbb9294b1d90650a338be725028e6649e46a759fa72032e80ffe911ae82b005b4d2394960e7b73ce7ad8fe3a70e8a47d2a7c98d

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
MD5
3fe7c92dba5c9240b4ab0d6a87e6166a

SHA1
7980d7dffc073515b621834246dda33ab00c308d

SHA256
a7818c1e0dad1cbba4d17809688887adeeafe940a3cb53a6aeabdfcd196f7258

SHA512
bd2c87b2d02b80b90f744a101bbb9294b1d90650a338be725028e6649e46a759fa72032e80ffe911ae82b005b4d2394960e7b73ce7ad8fe3a70e8a47d2a7c98d

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
MD5
3fe7c92dba5c9240b4ab0d6a87e6166a

SHA1
7980d7dffc073515b621834246dda33ab00c308d

SHA256
a7818c1e0dad1cbba4d17809688887adeeafe940a3cb53a6aeabdfcd196f7258

SHA512
bd2c87b2d02b80b90f744a101bbb9294b1d90650a338be725028e6649e46a759fa72032e80ffe911ae82b005b4d2394960e7b73ce7ad8fe3a70e8a47d2a7c98d

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
MD5
3fe7c92dba5c9240b4ab0d6a87e6166a

SHA1
7980d7dffc073515b621834246dda33ab00c308d

SHA256
a7818c1e0dad1cbba4d17809688887adeeafe940a3cb53a6aeabdfcd196f7258

SHA512
bd2c87b2d02b80b90f744a101bbb9294b1d90650a338be725028e6649e46a759fa72032e80ffe911ae82b005b4d2394960e7b73ce7ad8fe3a70e8a47d2a7c98d

Download Submit
\Users\Admin\AppData\Roaming\DreamTong\SmartService\Common\DtsMainCon.exe
MD5
d03a4a47b7e64fb387f7d97852f26fee

SHA1
11c035a8dadfb0333d2863d9ea8e895cf5335b3c

SHA256
e12eda8dddc9145cb83ff481888e26e763c9602cfdc175d6cc07e2d02b618a60

SHA512
c78a4e294a89a51f1f638a99b665e61614254188a022a02684f8c761b78a445b491b98b8052507d1f16a83652d80ffe3970584571285409a45a5255449176616

Download Submit
\Users\Admin\AppData\Roaming\DreamTong\SmartService\Common\DtsMainCon.exe
MD5
d03a4a47b7e64fb387f7d97852f26fee

SHA1
11c035a8dadfb0333d2863d9ea8e895cf5335b3c

SHA256
e12eda8dddc9145cb83ff481888e26e763c9602cfdc175d6cc07e2d02b618a60

SHA512
c78a4e294a89a51f1f638a99b665e61614254188a022a02684f8c761b78a445b491b98b8052507d1f16a83652d80ffe3970584571285409a45a5255449176616

Download Submit
\Users\Admin\AppData\Roaming\DreamTong\SmartService\Common\DtsMainCon.exe
MD5
c448ea767a76414990f9239a2a6cdf78

SHA1
cee71958d6a21824769767d4ea2fbf21e69f77b1

SHA256
eb11b977b920f6cfa6ba14120d3671f60781ca50a28849b1c1ad718a37b0668b

SHA512
f33c5997bf3fe3dc933f7cc145a150552f0cfba2de0cab6e75495480d1da32095c22aae91d36738a550072dfe5dcbf444522e0d03a9467fcd04dd6a03a9bdf12

Download Submit
\Users\Admin\AppData\Roaming\DreamTong\SmartService\Common\DtsMainCon.exe
MD5
c448ea767a76414990f9239a2a6cdf78

SHA1
cee71958d6a21824769767d4ea2fbf21e69f77b1

SHA256
eb11b977b920f6cfa6ba14120d3671f60781ca50a28849b1c1ad718a37b0668b

SHA512
f33c5997bf3fe3dc933f7cc145a150552f0cfba2de0cab6e75495480d1da32095c22aae91d36738a550072dfe5dcbf444522e0d03a9467fcd04dd6a03a9bdf12

Download Submit
\Users\Admin\AppData\Roaming\DreamTong\SmartService\Common\DtsMainProc.exe
MD5
dcc367d0604d1be8d776d0f5814126de

SHA1
62ca3b4d77029ca902fe63ff127bbfe0f9b03750

SHA256
d40120b11f784de7e95c7456245b867053fdb63f523c4883ba50cb30ee17ac98

SHA512
24dc759a6dbd7f9fae327845a060265ab06d71ca80290f1fe99dd6a2dd4eaa54d12cb00a945b4bacb5ed611f87bc69dc5642b9ef36eaf151a4a6bd50663407bd

Download Submit
\Users\Admin\AppData\Roaming\DreamTong\SmartService\Common\DtsMainProc.exe
MD5
dcc367d0604d1be8d776d0f5814126de

SHA1
62ca3b4d77029ca902fe63ff127bbfe0f9b03750

SHA256
d40120b11f784de7e95c7456245b867053fdb63f523c4883ba50cb30ee17ac98

SHA512
24dc759a6dbd7f9fae327845a060265ab06d71ca80290f1fe99dd6a2dd4eaa54d12cb00a945b4bacb5ed611f87bc69dc5642b9ef36eaf151a4a6bd50663407bd

Download Submit
\Users\Admin\AppData\Roaming\DreamTong\SmartService\Common\DtsMainProc.exe
MD5
dcc367d0604d1be8d776d0f5814126de

SHA1
62ca3b4d77029ca902fe63ff127bbfe0f9b03750

SHA256
d40120b11f784de7e95c7456245b867053fdb63f523c4883ba50cb30ee17ac98

SHA512
24dc759a6dbd7f9fae327845a060265ab06d71ca80290f1fe99dd6a2dd4eaa54d12cb00a945b4bacb5ed611f87bc69dc5642b9ef36eaf151a4a6bd50663407bd

Download Submit
\Users\Admin\AppData\Roaming\DreamTong\SmartService\Guard\DtsGuard.exe
MD5
80ef8ee4b908b05f66b4203d2ee0e93e

SHA1
0d71acc156287d48932032dfbfbe12f89e5cce70

SHA256
a97e9188899ab57c2c7bef202f4179f70b007a40ac30dc06fdd8ec42ab1d94f6

SHA512
db7d6ff39f2b797bbb16b943e235d0067ee5a7617301cbe5d422017b2ca717ddb0332dd050de875a461691e791c355eb730c864caeaba037ad6aa1c1bb4da1d4

Download Submit
\Users\Admin\AppData\Roaming\DreamTong\SmartService\Guard\DtsGuard.exe
MD5
80ef8ee4b908b05f66b4203d2ee0e93e

SHA1
0d71acc156287d48932032dfbfbe12f89e5cce70

SHA256
a97e9188899ab57c2c7bef202f4179f70b007a40ac30dc06fdd8ec42ab1d94f6

SHA512
db7d6ff39f2b797bbb16b943e235d0067ee5a7617301cbe5d422017b2ca717ddb0332dd050de875a461691e791c355eb730c864caeaba037ad6aa1c1bb4da1d4

Download Submit
\Windows\SysWOW64\MSINET.OCX
MD5
90a39346e9b67f132ef133725c487ff6

SHA1
9cd22933f628465c863bed7895d99395acaa5d2a

SHA256
e55627932120be87c7950383a75a5712b0ff2c00b8d18169195ad35bc2502fc2

SHA512
0337817b9194a10b946d7381a84a2aeefd21445986afef1b9ae5a52921e598cdb0d1a576bdf8391f1ebf8be74950883a6f50ad1f61ff08678782c6b05a18adbf

Download Submit
\Windows\SysWOW64\MSINET.OCX
MD5
90a39346e9b67f132ef133725c487ff6

SHA1
9cd22933f628465c863bed7895d99395acaa5d2a

SHA256
e55627932120be87c7950383a75a5712b0ff2c00b8d18169195ad35bc2502fc2

SHA512
0337817b9194a10b946d7381a84a2aeefd21445986afef1b9ae5a52921e598cdb0d1a576bdf8391f1ebf8be74950883a6f50ad1f61ff08678782c6b05a18adbf

Download Submit
\Windows\SysWOW64\MSINET.OCX
MD5
90a39346e9b67f132ef133725c487ff6

SHA1
9cd22933f628465c863bed7895d99395acaa5d2a

SHA256
e55627932120be87c7950383a75a5712b0ff2c00b8d18169195ad35bc2502fc2

SHA512
0337817b9194a10b946d7381a84a2aeefd21445986afef1b9ae5a52921e598cdb0d1a576bdf8391f1ebf8be74950883a6f50ad1f61ff08678782c6b05a18adbf

Download Submit
\Windows\SysWOW64\MSINET.OCX
MD5
90a39346e9b67f132ef133725c487ff6

SHA1
9cd22933f628465c863bed7895d99395acaa5d2a

SHA256
e55627932120be87c7950383a75a5712b0ff2c00b8d18169195ad35bc2502fc2

SHA512
0337817b9194a10b946d7381a84a2aeefd21445986afef1b9ae5a52921e598cdb0d1a576bdf8391f1ebf8be74950883a6f50ad1f61ff08678782c6b05a18adbf

Download Submit
\Windows\SysWOW64\MSINET.OCX
MD5
90a39346e9b67f132ef133725c487ff6

SHA1
9cd22933f628465c863bed7895d99395acaa5d2a

SHA256
e55627932120be87c7950383a75a5712b0ff2c00b8d18169195ad35bc2502fc2

SHA512
0337817b9194a10b946d7381a84a2aeefd21445986afef1b9ae5a52921e598cdb0d1a576bdf8391f1ebf8be74950883a6f50ad1f61ff08678782c6b05a18adbf

Download Submit
\Windows\SysWOW64\MSINET.OCX
MD5
90a39346e9b67f132ef133725c487ff6

SHA1
9cd22933f628465c863bed7895d99395acaa5d2a

SHA256
e55627932120be87c7950383a75a5712b0ff2c00b8d18169195ad35bc2502fc2

SHA512
0337817b9194a10b946d7381a84a2aeefd21445986afef1b9ae5a52921e598cdb0d1a576bdf8391f1ebf8be74950883a6f50ad1f61ff08678782c6b05a18adbf

Download Submit
\Windows\SysWOW64\MSINET.OCX
MD5
90a39346e9b67f132ef133725c487ff6

SHA1
9cd22933f628465c863bed7895d99395acaa5d2a

SHA256
e55627932120be87c7950383a75a5712b0ff2c00b8d18169195ad35bc2502fc2

SHA512
0337817b9194a10b946d7381a84a2aeefd21445986afef1b9ae5a52921e598cdb0d1a576bdf8391f1ebf8be74950883a6f50ad1f61ff08678782c6b05a18adbf

Download Submit
\Windows\SysWOW64\MSINET.OCX
MD5
90a39346e9b67f132ef133725c487ff6

SHA1
9cd22933f628465c863bed7895d99395acaa5d2a

SHA256
e55627932120be87c7950383a75a5712b0ff2c00b8d18169195ad35bc2502fc2

SHA512
0337817b9194a10b946d7381a84a2aeefd21445986afef1b9ae5a52921e598cdb0d1a576bdf8391f1ebf8be74950883a6f50ad1f61ff08678782c6b05a18adbf

Download Submit
\Windows\SysWOW64\MSINET.OCX
MD5
90a39346e9b67f132ef133725c487ff6

SHA1
9cd22933f628465c863bed7895d99395acaa5d2a

SHA256
e55627932120be87c7950383a75a5712b0ff2c00b8d18169195ad35bc2502fc2

SHA512
0337817b9194a10b946d7381a84a2aeefd21445986afef1b9ae5a52921e598cdb0d1a576bdf8391f1ebf8be74950883a6f50ad1f61ff08678782c6b05a18adbf

Download Submit
\Windows\SysWOW64\VB6KO.DLL
MD5
84742b5754690ed667372be561cf518d

SHA1
ef97aa43f804f447498568fc33704800b91a7381

SHA256
52b64e2bfc9ee0b807f2095726ace9e911bcd907054ac15686a4e7d2fd4dc751

SHA512
72ac19a3665a01519dac2ad43eb6178a66ad7f4e167f2a882cbca242978f8debe3e15d0e210c3b0391590699999f33a1fd5de4ca6559ff894b4e6cb4ac1415a0

Download Submit
\Windows\SysWOW64\VB6KO.DLL
MD5
84742b5754690ed667372be561cf518d

SHA1
ef97aa43f804f447498568fc33704800b91a7381

SHA256
52b64e2bfc9ee0b807f2095726ace9e911bcd907054ac15686a4e7d2fd4dc751

SHA512
72ac19a3665a01519dac2ad43eb6178a66ad7f4e167f2a882cbca242978f8debe3e15d0e210c3b0391590699999f33a1fd5de4ca6559ff894b4e6cb4ac1415a0

Download Submit
\Windows\SysWOW64\VB6KO.DLL
MD5
84742b5754690ed667372be561cf518d

SHA1
ef97aa43f804f447498568fc33704800b91a7381

SHA256
52b64e2bfc9ee0b807f2095726ace9e911bcd907054ac15686a4e7d2fd4dc751

SHA512
72ac19a3665a01519dac2ad43eb6178a66ad7f4e167f2a882cbca242978f8debe3e15d0e210c3b0391590699999f33a1fd5de4ca6559ff894b4e6cb4ac1415a0

Download Submit
\Windows\SysWOW64\VB6KO.DLL
MD5
84742b5754690ed667372be561cf518d

SHA1
ef97aa43f804f447498568fc33704800b91a7381

SHA256
52b64e2bfc9ee0b807f2095726ace9e911bcd907054ac15686a4e7d2fd4dc751

SHA512
72ac19a3665a01519dac2ad43eb6178a66ad7f4e167f2a882cbca242978f8debe3e15d0e210c3b0391590699999f33a1fd5de4ca6559ff894b4e6cb4ac1415a0

Download Submit
\Windows\SysWOW64\VB6KO.DLL
MD5
84742b5754690ed667372be561cf518d

SHA1
ef97aa43f804f447498568fc33704800b91a7381

SHA256
52b64e2bfc9ee0b807f2095726ace9e911bcd907054ac15686a4e7d2fd4dc751

SHA512
72ac19a3665a01519dac2ad43eb6178a66ad7f4e167f2a882cbca242978f8debe3e15d0e210c3b0391590699999f33a1fd5de4ca6559ff894b4e6cb4ac1415a0

Download Submit
\Windows\SysWOW64\VB6KO.DLL
MD5
84742b5754690ed667372be561cf518d

SHA1
ef97aa43f804f447498568fc33704800b91a7381

SHA256
52b64e2bfc9ee0b807f2095726ace9e911bcd907054ac15686a4e7d2fd4dc751

SHA512
72ac19a3665a01519dac2ad43eb6178a66ad7f4e167f2a882cbca242978f8debe3e15d0e210c3b0391590699999f33a1fd5de4ca6559ff894b4e6cb4ac1415a0

Download Submit
memory/528-28-0x000007FEF5BC0000-0x000007FEF5E3A000-memory.dmp

Filesize
2.5MB

Download
memory/1376-4-0x0000000000000000-mapping.dmp

Download
memory/1384-60-0x0000000000230000-0x0000000000234000-memory.dmp

Filesize
16KB

Download
memory/1384-43-0x0000000000000000-mapping.dmp

Download
memory/1384-61-0x0000000002800000-0x0000000002804000-memory.dmp

Filesize
16KB

Download
memory/1492-54-0x0000000000000000-mapping.dmp

Download
memory/1492-71-0x0000000002700000-0x0000000002704000-memory.dmp

Filesize
16KB

Download
memory/1492-70-0x0000000000230000-0x0000000000234000-memory.dmp

Filesize
16KB

Download
memory/1628-12-0x0000000000000000-mapping.dmp

Download
memory/1628-33-0x0000000002450000-0x0000000002454000-memory.dmp

Filesize
16KB

Download
memory/1628-34-0x0000000002790000-0x0000000002794000-memory.dmp

Filesize
16KB

Download
memory/1664-40-0x00000000025F0000-0x00000000025F4000-memory.dmp

Filesize
16KB

Download
memory/1664-39-0x0000000002420000-0x0000000002424000-memory.dmp

Filesize
16KB

Download
memory/1664-31-0x0000000000000000-mapping.dmp

Download
memory/1824-9-0x0000000000000000-mapping.dmp

Download
memory/1824-49-0x0000000001CA0000-0x0000000001CA4000-memory.dmp

Filesize
16KB

Download
memory/1824-50-0x0000000002800000-0x0000000002804000-memory.dmp

Filesize
16KB

Download
memory/1892-64-0x0000000000000000-mapping.dmp

Download