3873c69cccf2a31a8e178f98a0ba2ed4bdcf78985e5889d8b2dba42ffc255930

Analysis

max time kernel
150s
max time network
152s
platform
windows10_x64
resource
win10v20210408
submitted
14-04-2021 10:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dp.5.5.57.setup.exe
Size

8.6MB
MD5

e44256e244663658506a5509d9dc04b7
SHA1

76f370862a5bfc2b5d7664779c3959cf79db38a6
SHA256

3873c69cccf2a31a8e178f98a0ba2ed4bdcf78985e5889d8b2dba42ffc255930
SHA512

668fea4bd87d828d27694eddfc7a0c6ea6b5851172f964a521914be55c92409a94ae55c8b01f8f31b1233014330c002de2a481d7a5684c7cf3375e208f9eafc6

Score

9^/10

aspackv2 discovery persistence upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 10 IoCs

Detects file using ACProtect software.

Processes:

resource	yara_rule
C:\ProgramData\nCore\asc4.dll	acprotect
C:\ProgramData\nCore\oe.api	acprotect
C:\ProgramData\nCore\oe4.api	acprotect
C:\ProgramData\nCore\unzip.api	acprotect
C:\ProgramData\nCore\unrar.api	acprotect
C:\ProgramData\nCore\unmscab.api	acprotect
C:\ProgramData\nCore\ungau.api	acprotect
C:\ProgramData\nCore\unarj.api	acprotect
C:\ProgramData\nCore\thebat.api	acprotect
C:\ProgramData\nCore\StopAPI4.dll	acprotect

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

Processes:

resource	yara_rule
C:\ProgramData\nCore\kernel40.dll	aspack_v212_v242

Drops file in Drivers directory 1 IoCs

Processes:

dp.5.5.57.setup.tmp

description ioc process

File created C:\Windows\system32\drivers\is-84DE1.tmp dp.5.5.57.setup.tmp
Executes dropped EXE 4 IoCs

Processes:

dp.5.5.57.setup.tmpdpatrolu.exedpatrolu.exedpatrolu.exe

pid process

3248 dp.5.5.57.setup.tmp
1276 dpatrolu.exe
1812 dpatrolu.exe
1432 dpatrolu.exe

description	ioc	process
File created	C:\Windows\system32\drivers\is-84DE1.tmp	dp.5.5.57.setup.tmp

UPX packed file 10 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
C:\ProgramData\nCore\asc4.dll	upx
C:\ProgramData\nCore\oe.api	upx
C:\ProgramData\nCore\oe4.api	upx
C:\ProgramData\nCore\unzip.api	upx
C:\ProgramData\nCore\unrar.api	upx
C:\ProgramData\nCore\unmscab.api	upx
C:\ProgramData\nCore\ungau.api	upx
C:\ProgramData\nCore\unarj.api	upx
C:\ProgramData\nCore\thebat.api	upx
C:\ProgramData\nCore\StopAPI4.dll	upx

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

dpatrolu.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Digital Patrol Update 5 = "C:\\Program Files (x86)\\NictaTech Software\\Digital Patrol 5\\dpatrolu.exe /autoupdate"	dpatrolu.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 34 IoCs

Processes:

dp.5.5.57.setup.tmp

description	ioc	process
File created	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\is-I7M4J.tmp	dp.5.5.57.setup.tmp
File opened for modification	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\dpatrolu.exe	dp.5.5.57.setup.tmp
File opened for modification	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\nfregdrv.exe	dp.5.5.57.setup.tmp
File opened for modification	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\PL.dll	dp.5.5.57.setup.tmp
File created	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\is-MB21I.tmp	dp.5.5.57.setup.tmp
File opened for modification	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\unins000.dat	dp.5.5.57.setup.tmp
File opened for modification	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\activation.exe	dp.5.5.57.setup.tmp
File opened for modification	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\dpscanner.exe	dp.5.5.57.setup.tmp
File created	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\is-EV4QR.tmp	dp.5.5.57.setup.tmp
File created	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\is-NV5MR.tmp	dp.5.5.57.setup.tmp
File opened for modification	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\DPatrolNF.exe	dp.5.5.57.setup.tmp
File opened for modification	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\ssleay32.dll	dp.5.5.57.setup.tmp
File created	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\is-8RB2E.tmp	dp.5.5.57.setup.tmp
File created	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\unins000.msg	dp.5.5.57.setup.tmp
File created	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\unins000.dat	dp.5.5.57.setup.tmp
File created	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\is-551PE.tmp	dp.5.5.57.setup.tmp
File created	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\is-SDFKN.tmp	dp.5.5.57.setup.tmp
File created	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\is-RV76H.tmp	dp.5.5.57.setup.tmp
File opened for modification	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\order.url	dp.5.5.57.setup.tmp
File opened for modification	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\dpatrol.chm	dp.5.5.57.setup.tmp
File created	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\is-I0LG2.tmp	dp.5.5.57.setup.tmp
File created	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\is-QQG6Q.tmp	dp.5.5.57.setup.tmp
File opened for modification	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\DPatrolQ.exe	dp.5.5.57.setup.tmp
File created	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\is-5J4LJ.tmp	dp.5.5.57.setup.tmp
File created	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\is-R8JRI.tmp	dp.5.5.57.setup.tmp
File created	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\is-H5QH9.tmp	dp.5.5.57.setup.tmp
File created	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\is-KDL6S.tmp	dp.5.5.57.setup.tmp
File opened for modification	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\ProtocolFilters.dll	dp.5.5.57.setup.tmp
File opened for modification	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\nfapi.dll	dp.5.5.57.setup.tmp
File opened for modification	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\libeay32.dll	dp.5.5.57.setup.tmp
File created	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\is-CMLST.tmp	dp.5.5.57.setup.tmp
File created	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\is-OQ8EH.tmp	dp.5.5.57.setup.tmp
File opened for modification	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\dpatrolaa.exe	dp.5.5.57.setup.tmp
File opened for modification	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\mengine.dll	dp.5.5.57.setup.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies registry class 39 IoCs

Processes:

dpatrolu.exedpatrolu.exedpatrolu.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{331D164F-F270-41CB-04E0-9EF88FE2345F}	dpatrolu.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{331D164F-F270-41CB-04E0-9EF88FE2345F}\1.0	dpatrolu.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{331D164F-F270-41CB-04E0-9EF88FE2345F}\1.0\0\win32\ = "%SystemRoot%\\SysWow64\\wiaaut.dll"	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{331D164F-F270-41CB-04E0-9EF88FE2345F}\1.0\FLAGS\	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B49F8298-8B54-449E-59AD-A87753AB4C70}\Version\ = "1.0"	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B49F8298-8B54-449E-59AD-A87753AB4C70}\InprocServer32\	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B49F8298-8B54-449E-59AD-A87753AB4C70}\ProgID\	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{331D164F-F270-41CB-04E0-9EF88FE2345F}\1.0\	dpatrolu.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{331D164F-F270-41CB-04E0-9EF88FE2345F}\1.0\0	dpatrolu.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{331D164F-F270-41CB-04E0-9EF88FE2345F}\1.0\0\win32	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B49F8298-8B54-449E-59AD-A87753AB4C70}\ = "Dopawmik Object"	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B49F8298-8B54-449E-59AD-A87753AB4C70}\ProgID\ = "Microsoft.PhotoAcqOptionsDlg.1"	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{331D164F-F270-41CB-04E0-9EF88FE2345F}\1.0\FLAGS\ = "0"	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile"	dpatrolu.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B49F8298-8B54-449E-59AD-A87753AB4C70}	dpatrolu.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B49F8298-8B54-449E-59AD-A87753AB4C70}\InprocServer32	dpatrolu.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B49F8298-8B54-449E-59AD-A87753AB4C70}\ProgID	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B49F8298-8B54-449E-59AD-A87753AB4C70}\VersionIndependentProgID\	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B49F8298-8B54-449E-59AD-A87753AB4C70}\VersionIndependentProgID\ = "Microsoft.PhotoAcqOptionsDlg"	dpatrolu.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B49F8298-8B54-449E-59AD-A87753AB4C70}\TypeLib	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B49F8298-8B54-449E-59AD-A87753AB4C70}\TypeLib\	dpatrolu.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B49F8298-8B54-449E-59AD-A87753AB4C70}\Version	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{331D164F-F270-41CB-04E0-9EF88FE2345F}\	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{331D164F-F270-41CB-04E0-9EF88FE2345F}\1.0\ = "Microsoft Windows Image Acquisition Library v2.0"	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile"	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile"	dpatrolu.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B49F8298-8B54-449E-59AD-A87753AB4C70}\InprocServer32\ = "%ProgramFiles(x86)%\\Windows Photo Viewer\\PhotoAcq.dll"	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{331D164F-F270-41CB-04E0-9EF88FE2345F}\1.0\0\win32\	dpatrolu.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{331D164F-F270-41CB-04E0-9EF88FE2345F}\1.0\FLAGS	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B49F8298-8B54-449E-59AD-A87753AB4C70}\TypeLib\ = "{331D164F-F270-41CB-04E0-9EF88FE2345F}"	dpatrolu.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B49F8298-8B54-449E-59AD-A87753AB4C70}\VersionIndependentProgID	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{331D164F-F270-41CB-04E0-9EF88FE2345F}\1.0\0\	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B49F8298-8B54-449E-59AD-A87753AB4C70}\Version\	dpatrolu.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\	dpatrolu.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

Processes:

dp.5.5.57.setup.tmpdpatrolu.exedpatrolu.exedpatrolu.exe

pid	process
3248	dp.5.5.57.setup.tmp
3248	dp.5.5.57.setup.tmp
1276	dpatrolu.exe
1276	dpatrolu.exe
1812	dpatrolu.exe
1812	dpatrolu.exe
1432	dpatrolu.exe
1432	dpatrolu.exe

Suspicious use of FindShellTrayWindow 2 IoCs

Processes:

dp.5.5.57.setup.tmpdpatrolu.exe

pid process

3248 dp.5.5.57.setup.tmp
1432 dpatrolu.exe
Suspicious use of SendNotifyMessage 1 IoCs

Processes:

dpatrolu.exe

pid process

1432 dpatrolu.exe

pid	process
1432	dpatrolu.exe

Suspicious use of WriteProcessMemory 12 IoCs

Processes:

dp.5.5.57.setup.exedp.5.5.57.setup.tmp

description	pid	process	target process
PID 640 wrote to memory of 3248	640	dp.5.5.57.setup.exe	dp.5.5.57.setup.tmp
PID 640 wrote to memory of 3248	640	dp.5.5.57.setup.exe	dp.5.5.57.setup.tmp
PID 640 wrote to memory of 3248	640	dp.5.5.57.setup.exe	dp.5.5.57.setup.tmp
PID 3248 wrote to memory of 1276	3248	dp.5.5.57.setup.tmp	dpatrolu.exe
PID 3248 wrote to memory of 1276	3248	dp.5.5.57.setup.tmp	dpatrolu.exe
PID 3248 wrote to memory of 1276	3248	dp.5.5.57.setup.tmp	dpatrolu.exe
PID 3248 wrote to memory of 1812	3248	dp.5.5.57.setup.tmp	dpatrolu.exe
PID 3248 wrote to memory of 1812	3248	dp.5.5.57.setup.tmp	dpatrolu.exe
PID 3248 wrote to memory of 1812	3248	dp.5.5.57.setup.tmp	dpatrolu.exe
PID 3248 wrote to memory of 1432	3248	dp.5.5.57.setup.tmp	dpatrolu.exe
PID 3248 wrote to memory of 1432	3248	dp.5.5.57.setup.tmp	dpatrolu.exe
PID 3248 wrote to memory of 1432	3248	dp.5.5.57.setup.tmp	dpatrolu.exe

C:\Users\Admin\AppData\Local\Temp\dp.5.5.57.setup.exe
"C:\Users\Admin\AppData\Local\Temp\dp.5.5.57.setup.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:640

C:\Users\Admin\AppData\Local\Temp\is-NBJ8I.tmp\dp.5.5.57.setup.tmp
"C:\Users\Admin\AppData\Local\Temp\is-NBJ8I.tmp\dp.5.5.57.setup.tmp" /SL5="$2011E,8757533,62976,C:\Users\Admin\AppData\Local\Temp\dp.5.5.57.setup.exe"
2⤵
- Drops file in Drivers directory
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:3248

C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\dpatrolu.exe
"C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\dpatrolu.exe" /INSTALL_MSC
3⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:1276

C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\dpatrolu.exe
"C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\dpatrolu.exe" /INSTALL_HIDE
3⤵
- Executes dropped EXE
- Adds Run key to start application
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:1812

C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\dpatrolu.exe
"C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\dpatrolu.exe" /AUTOSTART /AUTOEXIT
3⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1432

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\dpatrolu.exe
MD5
0b0e830fac801dc8560c0590db6fba5d

SHA1
149a4c39872a5fc6e79d7f9e1bd4057a0738b265

SHA256
00d2f71d8c27b2746b9d43e51d360cfc10dc0d853647edb7bac07ce1b6d5a615

SHA512
779d5e6bc1fccf13645336ad081f9eebf39f0a444c5bcfb644c4ab68a52ded9afc580fd80b75bac26ca22e633c78a56dc72d2649d2f22a00752c5a6c633b6d0f

Download Submit
C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\dpatrolu.exe
MD5
0b0e830fac801dc8560c0590db6fba5d

SHA1
149a4c39872a5fc6e79d7f9e1bd4057a0738b265

SHA256
00d2f71d8c27b2746b9d43e51d360cfc10dc0d853647edb7bac07ce1b6d5a615

SHA512
779d5e6bc1fccf13645336ad081f9eebf39f0a444c5bcfb644c4ab68a52ded9afc580fd80b75bac26ca22e633c78a56dc72d2649d2f22a00752c5a6c633b6d0f

Download Submit
C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\dpatrolu.exe
MD5
0b0e830fac801dc8560c0590db6fba5d

SHA1
149a4c39872a5fc6e79d7f9e1bd4057a0738b265

SHA256
00d2f71d8c27b2746b9d43e51d360cfc10dc0d853647edb7bac07ce1b6d5a615

SHA512
779d5e6bc1fccf13645336ad081f9eebf39f0a444c5bcfb644c4ab68a52ded9afc580fd80b75bac26ca22e633c78a56dc72d2649d2f22a00752c5a6c633b6d0f

Download Submit
C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\dpatrolu.exe
MD5
0b0e830fac801dc8560c0590db6fba5d

SHA1
149a4c39872a5fc6e79d7f9e1bd4057a0738b265

SHA256
00d2f71d8c27b2746b9d43e51d360cfc10dc0d853647edb7bac07ce1b6d5a615

SHA512
779d5e6bc1fccf13645336ad081f9eebf39f0a444c5bcfb644c4ab68a52ded9afc580fd80b75bac26ca22e633c78a56dc72d2649d2f22a00752c5a6c633b6d0f

Download Submit
C:\ProgramData\nCore\StopAPI4.dll
MD5
1d25e3e638bc4a256e18f7e8a201ae62

SHA1
2e2f00381593be010e3e9c0d3c542681079205c5

SHA256
b1ce8126934ecf65b54b00f196a483efaf557cedd19c6b924560446023e0cbf2

SHA512
b652533b6a5e6e2c4187fd60c069d2ee3ed4bbb89bfa8050cc671d9fc83698403225114f15bf4175c1dd53b46a9f66389d5f975d56d08b4de9cbf9728d6b2fed

Download Submit
C:\ProgramData\nCore\asc4.dll
MD5
1efca8fd4ff144ee2df2dfd531e3e91b

SHA1
2796e69436b2765bdb0b90cf5016616cb003c16b

SHA256
81d590be4c0253cad92a9febc8390e81899c5f5e3435aeb75e6916730a37adeb

SHA512
330778a26007635f7e685e3400df2792ac039dd8c7dd96a090aede7cee5ab305bced98ab6798acb536ae703ed2f3157f280148bc269c6a013fd2649d4a95cf34

Download Submit
C:\ProgramData\nCore\daily.avb
MD5
0838264b481901310c05464e997c8e82

SHA1
2c02042e84fb0b6355e656e50fb93993f0a54484

SHA256
43615f17781bf69d6888cc9ce50b819a5a5e635581f96e3d8216331e89ba9674

SHA512
53d58e80ab2c613fd81e1fdb322c7d20b6b980c1af2ed7f7163d40d810a28a585b1b028e15a02651435e76d8bffbe3698cdc249c041eaad0e2b22bbb9870afa8

Download Submit
C:\ProgramData\nCore\kernel40.dll
MD5
cae1d89b8f678ff87d0b7fb91657dbb6

SHA1
45ec96abbd58eb5606b3a3f8f287c86b6abd3bb0

SHA256
cf2f0ec6100f5cbadf516a34d632a0fd9a0f063bdb7694ba2c9c405c0b9c0e92

SHA512
b495b49a4ed1387c09bf70467321ef01c36184230e2f71f8c6f6d5a032228796924df00e4077a008423c78c7c3ab77ace3aec2b43cb0f22b5980e923a3754260

Download Submit
C:\ProgramData\nCore\oe.api
MD5
0e3b3413b242f8fcf99bca2c6c2a2c43

SHA1
b6335ea524d542920ad2a01c784f331c6d80c2c3

SHA256
b18e178b465c8d9e37e8e1061450202ba5d52959d5202a32a6802e35bd049516

SHA512
43d3fb6a037b45d458bb160bcdec8ddee40258830a1dbabbd69a6bd303b611657eeed3e1dda61e93270c4d540bc660da12b55fb2dda4d1ee1adf3750aae6017f

Download Submit
C:\ProgramData\nCore\oe4.api
MD5
e9effa1a7209816abdaf795cf70a72c3

SHA1
e5a5beebf9eb454fb0cd4586608f2adabf59893e

SHA256
703593eb00fa56ea8cc203adae752d72e9e66332e0ec53261eb00785ae1888fe

SHA512
bdac0ddd8157d32f162c473fb0bc45932e142f33de82c7a9a589126c4429d56c49bdf113895820cf343376b0cfb83ec432aad4d42512d0b5474ed1188734ffde

Download Submit
C:\ProgramData\nCore\stop.set
MD5
abd313d8cc23670b5caebe63bd8840f9

SHA1
21e4edcef0dbe93d5cd00c760bcf4c42072175c9

SHA256
3b1c0da820c9cfd3051a2b4f329fcda98c771147d544765174164dbe7e368f36

SHA512
34b118fc55a7463818f2a20476ed29e156dd2bee27594ba63cbfdc0b2f9c6d55b5714c937d120c036e179fd29dca69259c48df811a180baa16f6360c9c4da095

Download Submit
C:\ProgramData\nCore\thebat.api
MD5
15194c4c88b3cefbde50170043bb8b37

SHA1
1eb005399c0fea7dbfe3e8338a0c380950731be0

SHA256
2ccf5d89e668c66c37e206fa087b9f9aace38f9f13128f69362546af6aa49e95

SHA512
5b1ab617a82282b5d10fefab5e1f1a9a28f73538c3c28b5ff477ad9eca2005ea8831ce07171d7378464f945ed87d5d22856ff96fe446072afec5457214ab25de

Download Submit
C:\ProgramData\nCore\unarj.api
MD5
1baf9a140af47e4bffb608b6f145c725

SHA1
5c0479ac9610e4df6f50ca8c2d81d6d9389f540a

SHA256
1345eda988df4f3b69eea163bddfb9d0ddf04f76a87874ea32f4ac857a79b987

SHA512
0e7a0f907d5effa89e59391e6d1b3dbf9de039565568cff2a6c122554ca3c6c2882ef3a8d9e15138505038ebc33de4296048cf28f064785c15b6ad9036925b13

Download Submit
C:\ProgramData\nCore\ungau.api
MD5
aaded7506631631e16d26a80b12f0941

SHA1
7fe462225b74e3ef7d562b44eacc0a166dfeb3c0

SHA256
baf0f59a45b7533a34164fd6cc8a2b056592f46c00d41663c1cde18019ee8411

SHA512
44ca8dce0a1df70810d228be3822c53ba4c2a928113ab4bcbb0c5ea63aef81e278ce5caf362e728fea1d648489a6e3a0f10c55b001bf5b47fc8405b695de2827

Download Submit
C:\ProgramData\nCore\unmscab.api
MD5
205fabf0e1c2d986fdf3effeebb98028

SHA1
bafe59c4f55c63ed4f4aadce95b0f92363287584

SHA256
15507c2684e212aaa976fff09d5fb005a84ba22e10b8a962722c6e47260f8322

SHA512
cd51f1f2d03cd76c4d427413033cfcf9f3222aa035483a25e33352160c75eb6a39fe1961a797dece84f98f8e18957ea29f29ec67892772204dccdd8e0406eb6a

Download Submit
C:\ProgramData\nCore\unrar.api
MD5
d0faead4b21518d7461ed015cf82811b

SHA1
d51e9e5e6a8d4ef54d877b7a901779c4b78ef62d

SHA256
c127fca1c329501a38bbbc34d510ebb4558abfae61f50a0dc4e45da9ec88db51

SHA512
8500347de437ee9da33c7b9b3e998dff91ee78429b8705149f45157767f0251b42c8d5e20b5633e69f004aefccde8e76e47a4d6493c4abce10d8c0d6884032f5

Download Submit
C:\ProgramData\nCore\unzip.api
MD5
4b31d7221fa69fe70f473b6658f2b9fd

SHA1
9efb7a0987a4555c206860a2b3a3103d66e579be

SHA256
ec20b021ea0c5a2eca1d7abb5360905e18520856f9ca216f1c19bf472e0f93c9

SHA512
0e46172ccfa9348b08de9cf172a68432cd3fe4a43d7563aafa83a2879660890e6deda2f1772ac9acc7d7cfd6a6a4f2341bd911c5ff01b585ebb6d10af9cabdb7

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-NBJ8I.tmp\dp.5.5.57.setup.tmp
MD5
2b3bd2ec9b2b76d19be643b247c40871

SHA1
2553635eb1d4221a05af434a537b01a799a427f6

SHA256
60ead5fd6da9a9eda0624483c48f4f612b1951b5598b38b7f7ae6cc2cc332d29

SHA512
65c398409fed4eba877268493bd5ba34adcc35e2bdf0a8227ee8e59db3939bdc9fac364160cb92300f465896825a66c73971f1f2479bb69b2aacd9018d571cea

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-NBJ8I.tmp\dp.5.5.57.setup.tmp
MD5
2b3bd2ec9b2b76d19be643b247c40871

SHA1
2553635eb1d4221a05af434a537b01a799a427f6

SHA256
60ead5fd6da9a9eda0624483c48f4f612b1951b5598b38b7f7ae6cc2cc332d29

SHA512
65c398409fed4eba877268493bd5ba34adcc35e2bdf0a8227ee8e59db3939bdc9fac364160cb92300f465896825a66c73971f1f2479bb69b2aacd9018d571cea

Download Submit
C:\Users\Admin\AppData\Roaming\Digital Patrol\report\ReportU.txt
MD5
3735fd2458ec2d67b61b4e82381db96c

SHA1
16ad13e564e7854ceccec862b33fbe8b16540cd3

SHA256
7b8104ad4f0ae92bd5b2d7216dfa725cb7a5b14dceaf618e614e57b7cc4cff7a

SHA512
977ed5a6619e8cd3df49b84e1306c87aa73468ae7751ce9e474fa5a212eb82101aeb80ac64cdf19ae6e8c1e5d7be9464a9f30047f2d871f58ee613c4f38e27ad

Download Submit
C:\Users\Admin\AppData\Roaming\Digital Patrol\report\ReportU.txt
MD5
b6a6adee90ec24e7850b9f2a69da2e3a

SHA1
a844bde28ba4375fc6f40368eada4a27561e98db

SHA256
457f4caa625d2d337ae34090cc79d7bd135769abc44fac749275b2562a999a26

SHA512
55dc010642c871027a9f52ad61e4f296ae2edde57d1563f0b40962b1f27a86b05f32eff6b68f7464b6ce069ed61b41bbc849d51afe4cbf6f91f9aeb395c077fa

Download Submit
memory/640-114-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/1276-168-0x0000000000720000-0x0000000000721000-memory.dmp

Filesize
4KB

Download
memory/1276-181-0x00000000023A0000-0x00000000023A1000-memory.dmp

Filesize
4KB

Download
memory/1276-159-0x0000000002320000-0x0000000002321000-memory.dmp

Filesize
4KB

Download
memory/1276-160-0x0000000002340000-0x0000000002341000-memory.dmp

Filesize
4KB

Download
memory/1276-158-0x0000000000670000-0x000000000071E000-memory.dmp

Filesize
696KB

Download
memory/1276-161-0x0000000000670000-0x000000000071E000-memory.dmp

Filesize
696KB

Download
memory/1276-162-0x0000000000670000-0x000000000071E000-memory.dmp

Filesize
696KB

Download
memory/1276-163-0x0000000002350000-0x0000000002351000-memory.dmp

Filesize
4KB

Download
memory/1276-164-0x0000000000670000-0x000000000071E000-memory.dmp

Filesize
696KB

Download
memory/1276-165-0x0000000000670000-0x000000000071E000-memory.dmp

Filesize
696KB

Download
memory/1276-166-0x0000000000670000-0x000000000071E000-memory.dmp

Filesize
696KB

Download
memory/1276-167-0x0000000000740000-0x000000000088A000-memory.dmp

Filesize
1.3MB

Download
memory/1276-156-0x0000000002330000-0x0000000002331000-memory.dmp

Filesize
4KB

Download
memory/1276-169-0x0000000000740000-0x000000000088A000-memory.dmp

Filesize
1.3MB

Download
memory/1276-170-0x0000000002330000-0x0000000002331000-memory.dmp

Filesize
4KB

Download
memory/1276-171-0x0000000002330000-0x0000000002333000-memory.dmp

Filesize
12KB

Download
memory/1276-172-0x0000000002390000-0x0000000002391000-memory.dmp

Filesize
4KB

Download
memory/1276-173-0x0000000002390000-0x0000000002391000-memory.dmp

Filesize
4KB

Download
memory/1276-174-0x00000000023A0000-0x00000000023A1000-memory.dmp

Filesize
4KB

Download
memory/1276-175-0x00000000023A0000-0x00000000023A1000-memory.dmp

Filesize
4KB

Download
memory/1276-176-0x00000000023A0000-0x00000000023A1000-memory.dmp

Filesize
4KB

Download
memory/1276-177-0x00000000023A0000-0x00000000023A1000-memory.dmp

Filesize
4KB

Download
memory/1276-178-0x00000000023A0000-0x00000000023A1000-memory.dmp

Filesize
4KB

Download
memory/1276-179-0x00000000023A0000-0x00000000023A1000-memory.dmp

Filesize
4KB

Download
memory/1276-180-0x00000000023A0000-0x00000000023A1000-memory.dmp

Filesize
4KB

Download
memory/1276-157-0x0000000002330000-0x0000000002331000-memory.dmp

Filesize
4KB

Download
memory/1276-183-0x00000000023A0000-0x00000000023A1000-memory.dmp

Filesize
4KB

Download
memory/1276-182-0x00000000023A0000-0x00000000023A1000-memory.dmp

Filesize
4KB

Download
memory/1276-184-0x00000000023A0000-0x00000000023A1000-memory.dmp

Filesize
4KB

Download
memory/1276-155-0x0000000002330000-0x0000000002331000-memory.dmp

Filesize
4KB

Download
memory/1276-120-0x0000000000000000-mapping.dmp

Download
memory/1276-154-0x0000000002330000-0x0000000002331000-memory.dmp

Filesize
4KB

Download
memory/1276-135-0x0000000002330000-0x0000000002331000-memory.dmp

Filesize
4KB

Download
memory/1276-133-0x0000000002330000-0x0000000002331000-memory.dmp

Filesize
4KB

Download
memory/1276-134-0x0000000002330000-0x0000000002331000-memory.dmp

Filesize
4KB

Download
memory/1276-132-0x0000000002330000-0x0000000002331000-memory.dmp

Filesize
4KB

Download
memory/1276-131-0x0000000002330000-0x0000000002331000-memory.dmp

Filesize
4KB

Download
memory/1276-130-0x0000000002330000-0x0000000002331000-memory.dmp

Filesize
4KB

Download
memory/1276-129-0x0000000002330000-0x0000000002331000-memory.dmp

Filesize
4KB

Download
memory/1276-127-0x0000000002330000-0x0000000002331000-memory.dmp

Filesize
4KB

Download
memory/1276-128-0x0000000002330000-0x0000000002331000-memory.dmp

Filesize
4KB

Download
memory/1276-126-0x0000000002330000-0x0000000002331000-memory.dmp

Filesize
4KB

Download
memory/1276-125-0x0000000002330000-0x0000000002331000-memory.dmp

Filesize
4KB

Download
memory/1276-124-0x0000000002330000-0x0000000002331000-memory.dmp

Filesize
4KB

Download
memory/1276-123-0x0000000002330000-0x0000000002331000-memory.dmp

Filesize
4KB

Download
memory/1432-188-0x0000000000000000-mapping.dmp

Download
memory/1812-185-0x0000000000000000-mapping.dmp

Download
memory/3248-115-0x0000000000000000-mapping.dmp

Download
memory/3248-118-0x00000000001E0000-0x00000000001E1000-memory.dmp

Filesize
4KB

Download