702013db8f80bdd47af9cf2dcb212bd65e924f705aca9c7196188f4d5173aebe

Analysis

max time kernel
151s
max time network
158s
platform
windows10_x64
resource
win10v20210408
submitted
14-04-2021 10:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dp.5.5.57.setup.full.exe
Size

155.9MB
MD5

71ffb06c52a9a6cb526695a658f2efcc
SHA1

151beead12e5e8fc779430cacd95b7f079ab1731
SHA256

702013db8f80bdd47af9cf2dcb212bd65e924f705aca9c7196188f4d5173aebe
SHA512

e5416083bda0665e9579f6beeba88004ea84c2269deadbf8c7cb3eb7b6b4143d07a5633cfcd6d265c4ecfd257b7aa89b114c2ee4e9a66af35dd5d4695b02273d

Score

9^/10

aspackv2 discovery persistence upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 3 IoCs

Detects file using ACProtect software.

Processes:

resource	yara_rule
C:\ProgramData\nCore\asc4.dll	acprotect
C:\ProgramData\nCore\oe.api	acprotect
C:\ProgramData\nCore\oe4.api	acprotect

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

Processes:

resource	yara_rule
C:\ProgramData\nCore\kernel40.dll	aspack_v212_v242

Drops file in Drivers directory 1 IoCs

Processes:

dp.5.5.57.setup.full.tmp

description ioc process

File created C:\Windows\system32\drivers\is-685NR.tmp dp.5.5.57.setup.full.tmp
Executes dropped EXE 7 IoCs

Processes:

dp.5.5.57.setup.full.tmpdpatrolu.exedpatrolu.exedpatrolu.exedpatrolu.exenfregdrv.exeDPatrolNF.exe

pid process

2872 dp.5.5.57.setup.full.tmp
744 dpatrolu.exe
4480 dpatrolu.exe
1968 dpatrolu.exe
204 dpatrolu.exe
3416 nfregdrv.exe
4664 DPatrolNF.exe

description	ioc	process
File created	C:\Windows\system32\drivers\is-685NR.tmp	dp.5.5.57.setup.full.tmp

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
C:\ProgramData\nCore\asc4.dll	upx
C:\ProgramData\nCore\oe.api	upx
C:\ProgramData\nCore\oe4.api	upx

Loads dropped DLL 8 IoCs

Processes:

nfregdrv.exeDPatrolNF.exe

pid process

3416 nfregdrv.exe
4664 DPatrolNF.exe
4664 DPatrolNF.exe
4664 DPatrolNF.exe
4664 DPatrolNF.exe
4664 DPatrolNF.exe
4664 DPatrolNF.exe
4664 DPatrolNF.exe

pid	process
3416	nfregdrv.exe
4664	DPatrolNF.exe
4664	DPatrolNF.exe
4664	DPatrolNF.exe
4664	DPatrolNF.exe
4664	DPatrolNF.exe
4664	DPatrolNF.exe
4664	DPatrolNF.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

dpatrolu.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Digital Patrol Update 5 = "C:\\Program Files (x86)\\NictaTech Software\\Digital Patrol 5\\dpatrolu.exe /autoupdate"	dpatrolu.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 34 IoCs

Processes:

dp.5.5.57.setup.full.tmp

description	ioc	process
File opened for modification	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\activation.exe	dp.5.5.57.setup.full.tmp
File opened for modification	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\dpscanner.exe	dp.5.5.57.setup.full.tmp
File opened for modification	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\ssleay32.dll	dp.5.5.57.setup.full.tmp
File created	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\is-IBC1E.tmp	dp.5.5.57.setup.full.tmp
File created	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\is-UMD1D.tmp	dp.5.5.57.setup.full.tmp
File created	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\is-8SMIR.tmp	dp.5.5.57.setup.full.tmp
File opened for modification	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\order.url	dp.5.5.57.setup.full.tmp
File opened for modification	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\dpatrol.chm	dp.5.5.57.setup.full.tmp
File created	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\is-LHF1G.tmp	dp.5.5.57.setup.full.tmp
File created	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\is-HCMRP.tmp	dp.5.5.57.setup.full.tmp
File created	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\is-R60T1.tmp	dp.5.5.57.setup.full.tmp
File opened for modification	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\unins000.dat	dp.5.5.57.setup.full.tmp
File opened for modification	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\dpatrolu.exe	dp.5.5.57.setup.full.tmp
File opened for modification	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\nfregdrv.exe	dp.5.5.57.setup.full.tmp
File created	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\unins000.msg	dp.5.5.57.setup.full.tmp
File opened for modification	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\DPatrolNF.exe	dp.5.5.57.setup.full.tmp
File opened for modification	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\mengine.dll	dp.5.5.57.setup.full.tmp
File opened for modification	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\ProtocolFilters.dll	dp.5.5.57.setup.full.tmp
File created	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\is-6D0QV.tmp	dp.5.5.57.setup.full.tmp
File created	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\unins000.dat	dp.5.5.57.setup.full.tmp
File created	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\is-PHEA5.tmp	dp.5.5.57.setup.full.tmp
File created	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\is-K2NEG.tmp	dp.5.5.57.setup.full.tmp
File created	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\is-8A9TL.tmp	dp.5.5.57.setup.full.tmp
File opened for modification	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\PL.dll	dp.5.5.57.setup.full.tmp
File opened for modification	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\libeay32.dll	dp.5.5.57.setup.full.tmp
File created	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\is-S1CPE.tmp	dp.5.5.57.setup.full.tmp
File created	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\is-DP4QI.tmp	dp.5.5.57.setup.full.tmp
File created	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\is-M8E1F.tmp	dp.5.5.57.setup.full.tmp
File created	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\is-B96CJ.tmp	dp.5.5.57.setup.full.tmp
File created	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\is-F6EH5.tmp	dp.5.5.57.setup.full.tmp
File opened for modification	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\dpatrolaa.exe	dp.5.5.57.setup.full.tmp
File opened for modification	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\DPatrolQ.exe	dp.5.5.57.setup.full.tmp
File opened for modification	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\nfapi.dll	dp.5.5.57.setup.full.tmp
File created	C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\is-QHVH5.tmp	dp.5.5.57.setup.full.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies registry class 51 IoCs

Processes:

dpatrolu.exedpatrolu.exedpatrolu.exedpatrolu.exeDPatrolNF.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{204C6B92-EF25-40A0-BF87-7F2E8BE3322F}\VersionIndependentProgID	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{204C6B92-EF25-40A0-BF87-7F2E8BE3322F}\ = "Rarale Obawzoh"	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{67BEB568-DC02-DF4A-B244-B05C132065A3}\4.0\	dpatrolu.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{204C6B92-EF25-40A0-BF87-7F2E8BE3322F}\TypeLib	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{204C6B92-EF25-40A0-BF87-7F2E8BE3322F}\Version\ = "1.0"	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile"	dpatrolu.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{67BEB568-DC02-DF4A-B244-B05C132065A3}\4.0\0\win64	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{204C6B92-EF25-40A0-BF87-7F2E8BE3322F}\Version\	dpatrolu.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\	dpatrolu.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\	dpatrolu.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	DPatrolNF.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{204C6B92-EF25-40A0-BF87-7F2E8BE3322F}\ProgID	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{204C6B92-EF25-40A0-BF87-7F2E8BE3322F}\ProgID\ = "PLA.LegacyDataCollectorSet.1"	dpatrolu.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{67BEB568-DC02-DF4A-B244-B05C132065A3}\4.0\0\win32	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{204C6B92-EF25-40A0-BF87-7F2E8BE3322F}\TypeLib\	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{67BEB568-DC02-DF4A-B244-B05C132065A3}\4.0\0\win32\ = "C:\\Windows\\SysWOW64\\hhctrl.ocx"	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{67BEB568-DC02-DF4A-B244-B05C132065A3}\4.0\0\win64\	dpatrolu.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{204C6B92-EF25-40A0-BF87-7F2E8BE3322F}\Version	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\	DPatrolNF.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{204C6B92-EF25-40A0-BF87-7F2E8BE3322F}\InprocServer32	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{204C6B92-EF25-40A0-BF87-7F2E8BE3322F}\ProgID\	dpatrolu.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{67BEB568-DC02-DF4A-B244-B05C132065A3}	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{67BEB568-DC02-DF4A-B244-B05C132065A3}\4.0\0\	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile"	DPatrolNF.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile"	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{204C6B92-EF25-40A0-BF87-7F2E8BE3322F}\LocalServer32\	dpatrolu.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{67BEB568-DC02-DF4A-B244-B05C132065A3}\4.0	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{204C6B92-EF25-40A0-BF87-7F2E8BE3322F}\TypeLib\ = "{67BEB568-DC02-DF4A-B244-B05C132065A3}"	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile"	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile"	dpatrolu.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{204C6B92-EF25-40A0-BF87-7F2E8BE3322F}\LocalServer32	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{67BEB568-DC02-DF4A-B244-B05C132065A3}\4.0\0\win32\	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{67BEB568-DC02-DF4A-B244-B05C132065A3}\4.0\FLAGS\ = "0"	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{204C6B92-EF25-40A0-BF87-7F2E8BE3322F}\VersionIndependentProgID\ = "PLA.LegacyDataCollectorSet"	dpatrolu.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{67BEB568-DC02-DF4A-B244-B05C132065A3}\4.0\0	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{204C6B92-EF25-40A0-BF87-7F2E8BE3322F}\VersionIndependentProgID\	dpatrolu.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{204C6B92-EF25-40A0-BF87-7F2E8BE3322F}	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{204C6B92-EF25-40A0-BF87-7F2E8BE3322F}\InprocServer32\	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{204C6B92-EF25-40A0-BF87-7F2E8BE3322F}\LocalServer32\ = "%SystemRoot%\\SysWow64\\plasrv.exe"	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{67BEB568-DC02-DF4A-B244-B05C132065A3}\	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{67BEB568-DC02-DF4A-B244-B05C132065A3}\4.0\FLAGS\	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\	dpatrolu.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	dpatrolu.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{204C6B92-EF25-40A0-BF87-7F2E8BE3322F}\InprocServer32\ = "%SystemRoot%\\SysWow64\\pla.dll"	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{67BEB568-DC02-DF4A-B244-B05C132065A3}\4.0\ = "HHCtrl 4.0 Type Library"	dpatrolu.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{67BEB568-DC02-DF4A-B244-B05C132065A3}\4.0\0\win64\ = "C:\\Windows\\SysWow64\\hhctrl.ocx"	dpatrolu.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{67BEB568-DC02-DF4A-B244-B05C132065A3}\4.0\FLAGS	dpatrolu.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

dp.5.5.57.setup.full.tmpdpatrolu.exedpatrolu.exedpatrolu.exedpatrolu.exeDPatrolNF.exe

pid	process
2872	dp.5.5.57.setup.full.tmp
2872	dp.5.5.57.setup.full.tmp
744	dpatrolu.exe
744	dpatrolu.exe
4480	dpatrolu.exe
4480	dpatrolu.exe
1968	dpatrolu.exe
1968	dpatrolu.exe
204	dpatrolu.exe
204	dpatrolu.exe
4664	DPatrolNF.exe
4664	DPatrolNF.exe

Suspicious behavior: LoadsDriver 1 IoCs

Processes:

pid process

616
Suspicious use of FindShellTrayWindow 7 IoCs

Processes:

dp.5.5.57.setup.full.tmpdpatrolu.exedpatrolu.exe

pid process

2872 dp.5.5.57.setup.full.tmp
1968 dpatrolu.exe
1968 dpatrolu.exe
204 dpatrolu.exe
204 dpatrolu.exe
204 dpatrolu.exe
204 dpatrolu.exe
Suspicious use of SendNotifyMessage 5 IoCs

Processes:

dpatrolu.exedpatrolu.exe

pid process

1968 dpatrolu.exe
1968 dpatrolu.exe
204 dpatrolu.exe
204 dpatrolu.exe
204 dpatrolu.exe

pid	process
616

pid	process
1968	dpatrolu.exe
1968	dpatrolu.exe
204	dpatrolu.exe
204	dpatrolu.exe
204	dpatrolu.exe

Suspicious use of WriteProcessMemory 21 IoCs

Processes:

dp.5.5.57.setup.full.exedp.5.5.57.setup.full.tmpdpatrolu.exe

description	pid	process	target process
PID 4804 wrote to memory of 2872	4804	dp.5.5.57.setup.full.exe	dp.5.5.57.setup.full.tmp
PID 4804 wrote to memory of 2872	4804	dp.5.5.57.setup.full.exe	dp.5.5.57.setup.full.tmp
PID 4804 wrote to memory of 2872	4804	dp.5.5.57.setup.full.exe	dp.5.5.57.setup.full.tmp
PID 2872 wrote to memory of 744	2872	dp.5.5.57.setup.full.tmp	dpatrolu.exe
PID 2872 wrote to memory of 744	2872	dp.5.5.57.setup.full.tmp	dpatrolu.exe
PID 2872 wrote to memory of 744	2872	dp.5.5.57.setup.full.tmp	dpatrolu.exe
PID 2872 wrote to memory of 4480	2872	dp.5.5.57.setup.full.tmp	dpatrolu.exe
PID 2872 wrote to memory of 4480	2872	dp.5.5.57.setup.full.tmp	dpatrolu.exe
PID 2872 wrote to memory of 4480	2872	dp.5.5.57.setup.full.tmp	dpatrolu.exe
PID 2872 wrote to memory of 1968	2872	dp.5.5.57.setup.full.tmp	dpatrolu.exe
PID 2872 wrote to memory of 1968	2872	dp.5.5.57.setup.full.tmp	dpatrolu.exe
PID 2872 wrote to memory of 1968	2872	dp.5.5.57.setup.full.tmp	dpatrolu.exe
PID 2872 wrote to memory of 204	2872	dp.5.5.57.setup.full.tmp	dpatrolu.exe
PID 2872 wrote to memory of 204	2872	dp.5.5.57.setup.full.tmp	dpatrolu.exe
PID 2872 wrote to memory of 204	2872	dp.5.5.57.setup.full.tmp	dpatrolu.exe
PID 2872 wrote to memory of 3416	2872	dp.5.5.57.setup.full.tmp	nfregdrv.exe
PID 2872 wrote to memory of 3416	2872	dp.5.5.57.setup.full.tmp	nfregdrv.exe
PID 2872 wrote to memory of 3416	2872	dp.5.5.57.setup.full.tmp	nfregdrv.exe
PID 204 wrote to memory of 4664	204	dpatrolu.exe	DPatrolNF.exe
PID 204 wrote to memory of 4664	204	dpatrolu.exe	DPatrolNF.exe
PID 204 wrote to memory of 4664	204	dpatrolu.exe	DPatrolNF.exe

C:\Users\Admin\AppData\Local\Temp\dp.5.5.57.setup.full.exe
"C:\Users\Admin\AppData\Local\Temp\dp.5.5.57.setup.full.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4804

C:\Users\Admin\AppData\Local\Temp\is-IGS25.tmp\dp.5.5.57.setup.full.tmp
"C:\Users\Admin\AppData\Local\Temp\is-IGS25.tmp\dp.5.5.57.setup.full.tmp" /SL5="$201C8,163122863,62976,C:\Users\Admin\AppData\Local\Temp\dp.5.5.57.setup.full.exe"
2⤵
- Drops file in Drivers directory
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2872

C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\dpatrolu.exe
"C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\dpatrolu.exe" /INSTALL_MSC
3⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:744

C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\dpatrolu.exe
"C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\dpatrolu.exe" /INSTALL_HIDE
3⤵
- Executes dropped EXE
- Adds Run key to start application
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:4480

C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\dpatrolu.exe
"C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\dpatrolu.exe" /AUTOSTART /AUTOEXIT
3⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1968

C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\dpatrolu.exe
"C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\dpatrolu.exe" /au
3⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:204

C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\DPatrolNF.exe
"C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\DPatrolNF.exe"
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:4664

C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\nfregdrv.exe
"C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\nfregdrv.exe" pavnf2
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3416

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\dpatrolu.exe
MD5
0b0e830fac801dc8560c0590db6fba5d

SHA1
149a4c39872a5fc6e79d7f9e1bd4057a0738b265

SHA256
00d2f71d8c27b2746b9d43e51d360cfc10dc0d853647edb7bac07ce1b6d5a615

SHA512
779d5e6bc1fccf13645336ad081f9eebf39f0a444c5bcfb644c4ab68a52ded9afc580fd80b75bac26ca22e633c78a56dc72d2649d2f22a00752c5a6c633b6d0f

Download Submit
C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\dpatrolu.exe
MD5
0b0e830fac801dc8560c0590db6fba5d

SHA1
149a4c39872a5fc6e79d7f9e1bd4057a0738b265

SHA256
00d2f71d8c27b2746b9d43e51d360cfc10dc0d853647edb7bac07ce1b6d5a615

SHA512
779d5e6bc1fccf13645336ad081f9eebf39f0a444c5bcfb644c4ab68a52ded9afc580fd80b75bac26ca22e633c78a56dc72d2649d2f22a00752c5a6c633b6d0f

Download Submit
C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\dpatrolu.exe
MD5
0b0e830fac801dc8560c0590db6fba5d

SHA1
149a4c39872a5fc6e79d7f9e1bd4057a0738b265

SHA256
00d2f71d8c27b2746b9d43e51d360cfc10dc0d853647edb7bac07ce1b6d5a615

SHA512
779d5e6bc1fccf13645336ad081f9eebf39f0a444c5bcfb644c4ab68a52ded9afc580fd80b75bac26ca22e633c78a56dc72d2649d2f22a00752c5a6c633b6d0f

Download Submit
C:\Program Files (x86)\NictaTech Software\Digital Patrol 5\dpatrolu.exe
MD5
0b0e830fac801dc8560c0590db6fba5d

SHA1
149a4c39872a5fc6e79d7f9e1bd4057a0738b265

SHA256
00d2f71d8c27b2746b9d43e51d360cfc10dc0d853647edb7bac07ce1b6d5a615

SHA512
779d5e6bc1fccf13645336ad081f9eebf39f0a444c5bcfb644c4ab68a52ded9afc580fd80b75bac26ca22e633c78a56dc72d2649d2f22a00752c5a6c633b6d0f

Download Submit
C:\ProgramData\nCore\advware.avb
MD5
4894582671b786fab460d7878ca7cd74

SHA1
011e0946d9ab1ad3c76956e9789def6feb3e346a

SHA256
33a24cb34a43e6445cff7781a95c10960f963d00b553cb27da7b70a28e28f030

SHA512
846750916cd3cba3c9cf491b8989bb49e3b2db379d6fb68e588e32e4ed95d5cdbe2bf5988e56c18910184c9b68336095259ddd6d5d4873e6df71d20ded4ce574

Download Submit
C:\ProgramData\nCore\asc4.dll
MD5
1efca8fd4ff144ee2df2dfd531e3e91b

SHA1
2796e69436b2765bdb0b90cf5016616cb003c16b

SHA256
81d590be4c0253cad92a9febc8390e81899c5f5e3435aeb75e6916730a37adeb

SHA512
330778a26007635f7e685e3400df2792ac039dd8c7dd96a090aede7cee5ab305bced98ab6798acb536ae703ed2f3157f280148bc269c6a013fd2649d4a95cf34

Download Submit
C:\ProgramData\nCore\backdoor.avb
MD5
46babac78e3ca258da3d442630531ac9

SHA1
f6a8b85598f186dc2199e7591c17f0e64927efe7

SHA256
de65653a6e50c3198f250f8e94708d577809236b823b116b55de710978fd8e78

SHA512
700e49b98cf1c2fbb2672555d5e6491f9d6fb47af930189430957be1ff9b8c5f246b3ca147966d14ee3ef16c12bdf564ae004c2c141bc3612c218ebf41ec513d

Download Submit
C:\ProgramData\nCore\ca.avb
MD5
2fc05f51d1d3041d1cceb337e1e5010f

SHA1
67dae6b2927e6a5d5dcded104e0cc12384cc52d0

SHA256
515af6ab468405b6c1a78a26e0471085797ed4c7b6ee0e4f33506764da96a97f

SHA512
b6ea6a06b932312fa7489f1b8f5c31eb18f27e4e3f6832e3ece9884e7fd8270509990eeff44b2c24265af1d44d57ee2b41f2abe5c192ecf0f43bebcbcca1c91c

Download Submit
C:\ProgramData\nCore\daily.avb
MD5
0838264b481901310c05464e997c8e82

SHA1
2c02042e84fb0b6355e656e50fb93993f0a54484

SHA256
43615f17781bf69d6888cc9ce50b819a5a5e635581f96e3d8216331e89ba9674

SHA512
53d58e80ab2c613fd81e1fdb322c7d20b6b980c1af2ed7f7163d40d810a28a585b1b028e15a02651435e76d8bffbe3698cdc249c041eaad0e2b22bbb9870afa8

Download Submit
C:\ProgramData\nCore\kernel4.avb
MD5
7a91d0a410fe15f10abd1c5eaf6c401a

SHA1
1bddc1fb1be573fb0cd82749b0796279d9790867

SHA256
9ae0cc5815aa5f80ca005a4a388387a609371accd34bc7ad8b0c9726c795b279

SHA512
c53912628825c76e114d2ce3a6131c5eecb93169af236e6d198351b6ef12684f52844d2180d19aec29edfa1b3e825b651a2de854a265db3a3d641b8d3a03f8b2

Download Submit
C:\ProgramData\nCore\kernel40.dll
MD5
cae1d89b8f678ff87d0b7fb91657dbb6

SHA1
45ec96abbd58eb5606b3a3f8f287c86b6abd3bb0

SHA256
cf2f0ec6100f5cbadf516a34d632a0fd9a0f063bdb7694ba2c9c405c0b9c0e92

SHA512
b495b49a4ed1387c09bf70467321ef01c36184230e2f71f8c6f6d5a032228796924df00e4077a008423c78c7c3ab77ace3aec2b43cb0f22b5980e923a3754260

Download Submit
C:\ProgramData\nCore\malware01.avb
MD5
8baf10bbe3b1020303e7fe38dd066e14

SHA1
5ed9796f0d33bcdc2f50f21d4573e106beafb390

SHA256
e83c941b1b56ca148dddc56d93e31c4185570ad8429a7255606397481d263ed3

SHA512
b422e1d004fe9dc1e7e6c5eb5924aad19a73755b83f7f4fe2100ac5a0c61574b2fd4793f6e6030768386eef1eee5edd305e26e7701977e12adb1a3693f764d34

Download Submit
C:\ProgramData\nCore\malware02.avb
MD5
278df04a36c3acb3d5a74f4046b4849d

SHA1
3f9af2da5a883ff05dc4052aeb8229f5789deece

SHA256
4470048156b9b432e97456524683e39cf28201c46744287134419ea086a79c06

SHA512
709be2c02824b3928bd4863afda76035ac01a5b59b579d4c3d0c81b3601d560aa5d01a5104087f1f4eb2ae8b959079beb635874836d31525f229c472053ccbca

Download Submit
C:\ProgramData\nCore\nCore5.ini
MD5
3857d17f29865191d36f8104a6e1c050

SHA1
32e103f02714d2dd520a0d711f2003609e4aea1b

SHA256
cdf087bca80ed62df73fe8732b59f9a56f5bf07502213a5d35e3c1078334f84d

SHA512
3286cdccf37f0bd1585f1d63d0657107f3be724fc2c9b4c60f035689319774d80550e5cc52340832a9294c4032e5dfded2d72257bdd1f8c2780b4b01ed9514fc

Download Submit
C:\ProgramData\nCore\oe.api
MD5
0e3b3413b242f8fcf99bca2c6c2a2c43

SHA1
b6335ea524d542920ad2a01c784f331c6d80c2c3

SHA256
b18e178b465c8d9e37e8e1061450202ba5d52959d5202a32a6802e35bd049516

SHA512
43d3fb6a037b45d458bb160bcdec8ddee40258830a1dbabbd69a6bd303b611657eeed3e1dda61e93270c4d540bc660da12b55fb2dda4d1ee1adf3750aae6017f

Download Submit
C:\ProgramData\nCore\oe4.api
MD5
e9effa1a7209816abdaf795cf70a72c3

SHA1
e5a5beebf9eb454fb0cd4586608f2adabf59893e

SHA256
703593eb00fa56ea8cc203adae752d72e9e66332e0ec53261eb00785ae1888fe

SHA512
bdac0ddd8157d32f162c473fb0bc45932e142f33de82c7a9a589126c4429d56c49bdf113895820cf343376b0cfb83ec432aad4d42512d0b5474ed1188734ffde

Download Submit
C:\ProgramData\nCore\riskware.avb
MD5
d6308c2c01a79c3fb9d087515e60bdac

SHA1
9c055ef943735bd9183fd913624d147f9b14d810

SHA256
e0ef459d162c859adec74f0076c1c5725bfded3240347b7fab5d1e18d5da3a46

SHA512
663e1c6778f01f5b57c6e51ca68f1a7fd25a230cf6e245f8f6efc58739f076025a75a2797cd87f838e93d39cddd08d7b9174d5ffb2a1f2358e93481bb3329ff5

Download Submit
C:\ProgramData\nCore\rmdb001.avb
MD5
80e6387b6575fc4bffd7036d0c34e186

SHA1
9cd69ebf5fb65ead59af763ef170ad9dd3c981f4

SHA256
0beb8412b872ce9cf149c06620c9ecc108aca3ca43c7b0690474945cc4e1803c

SHA512
55b78b75c03bdbeb0f4e9cb5651d8d5a945773bc0fda297bad70bfa9046903d545298d2c62dcaef602691c8976f0ef41089827cbf107fa57916b700e5ce53663

Download Submit
C:\ProgramData\nCore\rmdb002.avb
MD5
e7e2aa78521d16c0e1ba2fbc659ce246

SHA1
2a97e0b1dc8048ae59aa2888b4a776879165225f

SHA256
96f1528e6df0a372da17823df66b05fa984662936592b841acb1c1f2b718196f

SHA512
eaac1e5d2785d8f6c2a0a235e2e53a7168bc0b484a1f46ea37f3bbdaf87852f08c20daf3e17a31b5588fb444b005d3c22ccac860f239ea3983b726d5a4550001

Download Submit
C:\ProgramData\nCore\rmdb003.avb
MD5
cc5ffbd574e9e50083c3bd7cbbac8ede

SHA1
746d699e08a8e37c03618ad5bd8e70a15484514c

SHA256
4a9a2f308842f44308ea48c16096de80dc80c636b929ae741fd1526b63dfe650

SHA512
ee36b1a7af2d712e141d9b3a278309cbdd9e7dd8d525300f476810f27b100cad969d74580eb4b647b129c9f94c92e36953b591b3012b1da2a0b94bbcfe9909c6

Download Submit
C:\ProgramData\nCore\rmdb004.avb
MD5
e1cb35a7dbb681fd0f5f8d8610e3a77d

SHA1
3bd97d68212f4de7e59b0c2231dfd1f31e725088

SHA256
68c117a28f0c392ea9fcfb9791356318688e7ed56126cd89028a980da7cb877c

SHA512
a70172bff7052e64f2861d19c671cd4424948ae5a702639222313c947dc6843ee1a868e094a41a4535375015b0625015482516e6acfad720472088b1a3a9d989

Download Submit
C:\ProgramData\nCore\rmdb005.avb
MD5
056e6d7360dac0a405b91c13fc7b8692

SHA1
0e04e9af1cb203a1755cf6ca300078d1a8408a9a

SHA256
b5baa84f750b09d893e494f742307465cc9393955fe08872754ef92c66e97e10

SHA512
c6f78ee7d1a43ccb0ed9a75a83521b778cb2aeca9caa01be8e91d53652441740984ac6e65d8187f57f5b5bf46b550c00780c0edcad29000f9bfddfcf5f2381ee

Download Submit
C:\ProgramData\nCore\rmdb006.avb
MD5
9bb01c5791e52aa213ac8befc2ed990a

SHA1
ac50c3866b50092e96ca94f87902a87fb4984b73

SHA256
0d878817a732b39eb69d562e878782ba2c2a89a8b75472c7692162775014e721

SHA512
edf9168d23e257e3c939d7fc655b34eac1ba21621fe9dcdd3c793bde4e5c70735bc6f92a196bda4c095f2c38ae391b1bd3c1e78cc45e6e9e35997ad90fbb14b5

Download Submit
C:\ProgramData\nCore\rmdb007.avb
MD5
26eaffb25ab8183efbf88386141b5b5d

SHA1
2bf4f2275b34011deb0101f10c36325fdf6befd9

SHA256
811d91504ec582fe85a3e667f66901e0b34d0aee4e65672a28218fe8b996cd42

SHA512
5080c45ef7832a444b353516b8f8c98e86fbb101a6e018c7e4a0939692cee0fa3797b5d10cf82fb1844f001840e790237d8f154b570704fdd91c462c2e21d5fb

Download Submit
C:\ProgramData\nCore\rmdb008.avb
MD5
6515f96e784f2079f23c32b1225bcf03

SHA1
39e90a1c6040aa91ab5585c5df69d026752fc412

SHA256
1ff3adb38b89f7df769d9f98a1defbdbfac39a51c35f1095568297286084c7a2

SHA512
099180e887b663214c7d970ba029e4ed0b396e4087fc63c1e8b5a077cdf5d33b146157b5f50b66bc93f809e737bae91128abbe1980c8d4764b2150d4ca0982c4

Download Submit
C:\ProgramData\nCore\rmdb009.avb
MD5
6c021e6e10aece5011ec5e3b35c5cdd3

SHA1
f60a8cdff01c038e535f7df24910ac6a3f29725e

SHA256
24b0a47ffc72524204d7d9ed3167a3ef0c7aebc72b0237d17da5085f56691577

SHA512
11e1b72e9bca8da4d7a2ce430fb09c9e210e7bc0ef1a54cb28c52b7fa3677438b84716a41d914c99cdcc46e49caad37a2e50cbb8b89d8b6dd66444cbcbea8ec7

Download Submit
C:\ProgramData\nCore\rmdb010.avb
MD5
7edcc00019975a434e2eda0bfba15f8b

SHA1
e8476a75c0759dde9a01da38a51e358b4e6e22a8

SHA256
55194ac4286e0afbaf7fd558c4fab27231838e8e268371aa823d2bbcaaf6a04e

SHA512
98ede5fe42aa475b1c50033146860a72aef4a46b9819c29ad115ffae5b2311ebfd9b070b8848011adf6eeb6cd9dba52755bd886c3fee2750308de1b5a6e8774f

Download Submit
C:\ProgramData\nCore\rmdb011.avb
MD5
97c5e2b444d526c95455629a37d6eb85

SHA1
ed95a74986c67bb63f39ad7ef412cd5eaf88cfca

SHA256
b92c882b293857756545486da148d9684b7e61fd14af4e1731f75da0ab5bd12e

SHA512
64a81dd58c0bc77cc008897dc4db9303fe4986adb4a1684db77712d76d3c25c26999c8f024511a74bbcf98ddcba939211c2027da58e557e509298efef73e6cfd

Download Submit
C:\ProgramData\nCore\rmdb012.avb
MD5
2b49f97ff2f14517c96267a925dfc239

SHA1
e98ea0d95958cd416f8561de1f0035810894b267

SHA256
c8bf9dbe4c38a01d2648630a7de880252f99831df3b47d58fde6c4e2716b66b5

SHA512
4d194169a3664aad1e66bb422e1ead4220c523a4db6b4d4ad6737dcb3ffb37d61a5d35fb860a88a059f997e1374dc3e6e63419c89cbe6c40fb69fec6ee82151a

Download Submit
C:\ProgramData\nCore\rmdb013.avb
MD5
2444866b4d30f269803a6912d0fd17e1

SHA1
2d919574ca2da29868723cd0a27e045d45f4e373

SHA256
5068aa8fd755dbbb982e154b523f6a9ca9720673bd1a4bcb094e3f95f0f323fc

SHA512
f1101c303497937c60ad2be3a09f5ed7009151e6dd78745e5d5d539864ac76a6e342ce28723f243a0e4b218c0640a7370cc66e47792f7cae5edfaded8da1ba6d

Download Submit
C:\ProgramData\nCore\rmdb014.avb
MD5
9d095da7ff4e5de33fe173b2b69d5b8d

SHA1
02d1d0d210262b636bd0ec0dacc1f9c3d0597266

SHA256
1cf5c11f7fd38bce8cef15fcbe8c82ac29db6de2ba4e1af13e5ca4c78dfc96a1

SHA512
a9fa6a77dd36ab2984f43be8de8055d7ad69cf79a5ec264500d2e8ca0258baf190cb158374ee22f32ebc7f31a2198a91dae04f3c9c5888497b278c5d434b73a9

Download Submit
C:\ProgramData\nCore\rmdb015.avb
MD5
e9bb94d8dc0074e02eea1b6fa933cbdf

SHA1
1008381b0283a4e1a7e347c9a9decee18b9f1116

SHA256
86635efe68f42a5a0ce6a83b3a733d11eee8abf3b7f661caf8402fe7a9848240

SHA512
c7dc8e5a9d29f758b2d9cc4608185cda83ed759d61290dc7ae4937e4be089bca1ab372e7308ef1b4fc670106fb1b9e50a88f9a29cc630a207edf3ca30c4b2ea3

Download Submit
C:\ProgramData\nCore\rmdb016.avb
MD5
4ead5ea57bd5beb45793aff0124ec562

SHA1
7621fe5bc4de5ab92596b5c8f8a0a8e7935dbd8c

SHA256
12d3892f3dc8ba8f82e0177156f70e6fba485cfc58e8c89eebe116ab38f39487

SHA512
038af1a1b5cbc1b6dff623dc541429af06d56df75415632ffeac5abd2ab57b2d75b2325d614f6113ec8c09bbba36c82b113c6eb644d7e2bc93be98853ce6850d

Download Submit
C:\ProgramData\nCore\rmdb017.avb
MD5
b8de71300ce88cbe6a03faf876bbc308

SHA1
f48aa38a5018240e2cc747f41d3ba84f6b2329aa

SHA256
a858ee619c69c6b0a1d80c9be0bf4d70475213401eea11059b1cf3392af746b6

SHA512
e4fe0f99d80dd1f793b8ab87d0d182252fbb0a0fe735e3234fd143160b937591db8f4addcab1043db03519590adcc8901baefe128eabab0557578294844cce21

Download Submit
C:\ProgramData\nCore\rmdb018.avb
MD5
8e8bb6a9d774c4a677df42f1b08485a0

SHA1
7ecc41de67b6d986b551e99c6cd966e4dabbc54b

SHA256
cef210329b31bbb031e9385a72147cec918b5a062bb928702a0110763d2b3603

SHA512
e0066c388dcc5c6c40f9a48a124ec16706fced173a9702569509167fc092de376e73855d394f24c69d8d25e8bcde02389416b4e32be8b36f737c5516b9a2294f

Download Submit
C:\ProgramData\nCore\rmdb019.avb
MD5
f9cae1f285b41c937117d9e79cd692cd

SHA1
414cdf580d6380900f3158bc9d136bf133554650

SHA256
d39279178193770d42008f1aaa21e1ad73f3013c8da566bdedba98f7c7a364f0

SHA512
18ee98947c513be9a705f0dd31552223a0bfefdd7a291a0f13a2bf4af3958e59d62c06feec946ab5ffcb3779a397bb4ed2d2be1ad0caae2a646254525e03b7dd

Download Submit
C:\ProgramData\nCore\rmdb020.avb
MD5
8f3854ea664bfcee3a42170a5536b9e9

SHA1
16ae47156ede30f736e4ad956e62dbc6ac48c3fa

SHA256
5974aa881f1f2564fefc77df47bb5db8fbc29bd35927d70b1deb6a8bb8cccc16

SHA512
e34c9b0b388ea55fc763ae376c0e94c4e1e35630c054d3658f87be426ce215865ce1bb51fc9f9d3e2175fff13c78f0d07cf94524b89ac88c509aef5645a63c81

Download Submit
C:\ProgramData\nCore\rmdb021.avb
MD5
4a802c007dc32f96d3004ead3906c305

SHA1
f914586628ddf5f70cd1c151771fbc5fe8be20dc

SHA256
42b33f878ceafb3e2521fc90d77da8624f3f696d34f79da1f00b4b5669a214af

SHA512
1b223cbb2a8995738f46771e12336f48a6939698a80089ce653056801002e17c8be3b3d5855f985c727e4aec2c7233069092fe9c0d9976cbcf9c9520ab441549

Download Submit
C:\ProgramData\nCore\rmdb022.avb
MD5
68d99bbf2b442480ca8c0a9377ec8ee5

SHA1
3a8c0eeca4170083a245f7f9a61eb91338d18e5c

SHA256
738d31901ef15d4a85f045b26c38931ea2b365da6dc8cb2ebd105b10c9cd65a6

SHA512
a2bee9d08a5543f4b90a4b0e6a1e8f3d3eaedce0eb626014f1dfd123d8a076f7bbff189b5d3857b7a0f0172178dc78a03d92d4c82b8716297f1cae6af3adec7d

Download Submit
C:\ProgramData\nCore\rmdb023.avb
MD5
f93c6a0b0674d59f9ec5d408751403a6

SHA1
8db092a2eaa3b27f19d4b0d89bfc1e4c1487808e

SHA256
de7a125cf4d8e8744e4fec48cde7b1a5d8bd4b4ad1525336887d13216b4c5210

SHA512
249838a6db70587293a3c996c2588a90e3b36148fff2c83e91b35e8b2501737798862117a3e5cb53a086d22868db709d6b6627fc1eba32322c90b9bb7ed83d75

Download Submit
C:\ProgramData\nCore\rmdb024.avb
MD5
97779e737bced2c42b72da7dfbb1c1aa

SHA1
d025829e1b34043f680f4857c1edfbd8f7e31ba3

SHA256
10ee9d7a6d0c39baf034a7abd4673472a1eedf31229c49d694f45347bfbd6910

SHA512
726bedc828efb5b634e932636e9587bbf044d584ca77c9c4e11a19c62359b2da0e662460749441d61a7f2ab8b345c915aeba51b409fe6bede9cfbe70c5fdc8be

Download Submit
C:\ProgramData\nCore\rmdb025.avb
MD5
245f368f47eaafa6b76a71d4f184ef12

SHA1
92a2ec8e741ff37d3aa8f7d584e6949712513e00

SHA256
b449387371c0185952911b2d52cd66f8ba84789d42ee1ee4c9299a847247a32f

SHA512
f24b22cc1461a4f45946192db2113aacf9d8b0225a8dbd26113a60674e85fd62e5f3af003c00d331eaa8066b188451e9f8a279f6e2b047313af61c729157c6e4

Download Submit
C:\ProgramData\nCore\rmdb026.avb
MD5
232e9d465f0b0872dacdcaaaa6cc12d7

SHA1
d77ebbeae117865ba6067b2943f1b847cad90f2b

SHA256
b78d79989e404624d211cd2a647ea143f142de735ae92a7086ee727b1c0b515a

SHA512
c9c1223caace588913c99a8a891abf6b6e4a36b5a080b1b2082b5bdec39080e2d25724021c4df8074cacf2209211289fc6c5abc7daf434da9c465e0dfd10aa9c

Download Submit
C:\ProgramData\nCore\rmdb027.avb
MD5
643874e8f54b2be6afe3c66850442980

SHA1
9bf9fa3285e24a6b540e557ea398e68cab67ab60

SHA256
5e1d8878551b2b84247b6b33f3e51f292d9ca784dc78a7c764a58371d35befb8

SHA512
c5e956280ad1448c4d0474b6dba6b78859128a0b3ec677c345d12b9b57e16078c60e533f02c12277975222933f4c5aa2d9f888853b9e461cbe3db874b0c32350

Download Submit
C:\ProgramData\nCore\rmdb028.avb
MD5
9445e14c49ac17bfdacc53a99d7ae446

SHA1
474a405c4220e6a8cb73d4aba899906aca6504a0

SHA256
a6771dfcd50cf950904fc5cbda6c65eace851fbec585455153eb76a3a6106181

SHA512
9ee104d01006621abaa4958375b11970749500a8c44e7519435448c20e002092ad405ef98334089976ae833668fe22bf3cd217336fe4b00be838997f0b6ea90e

Download Submit
C:\ProgramData\nCore\rmdb029.avb
MD5
7ee4ebb705d296cb41e67eedd3a2d5d7

SHA1
79c68825080f02e853146e5c216abfc834d922d4

SHA256
a2e74960b265eb465c662901bb9adc6dcc0d596f0ac8363f20ca77b4d3500ce2

SHA512
ebbc85de4c89d61c2c9e96625c7b285990c9a6dfb97a32cb3fdb8fa6937290d71151642bd46350ff251123352d0511fca3c68d9df512da553d1057b92c52c5c7

Download Submit
C:\ProgramData\nCore\rmdb030.avb
MD5
a481cc3a201b10fda0c11c88451e83ce

SHA1
9a46ea1a7094e8d6b1535fa0c80c62b705639104

SHA256
bd2a6b6ffaacc34938b35befb54c99a5e2edd220fb2a0a44411c90fe3cb79186

SHA512
794664ee1b461db4e9b3fe8023ad9cf245d99921dd126a3938be6e309e44ee2ebfa5fdc0dcfd9259251df7c214a0dd5c9a709fde3b40cef1b8c43e4adfa4e7b6

Download Submit
C:\ProgramData\nCore\rmdb031.avb
MD5
edd0f06d0976f780404ac8ed418aa17e

SHA1
bb60bdc3e9a9d06050be18ddb6a05307c854e334

SHA256
78f3dfd660ee59ac4c54afef060b2b4c04edc61147449b81aed79c680ec26d91

SHA512
b6225ff0d904e0898918307123817d60bfd9525658d0cd5b547858933ef7f4c0f3e24436a3881b032a7828699ae7770ef630eb4ea2d599cb433a928d9b852c61

Download Submit
C:\ProgramData\nCore\rmdb032.avb
MD5
77db13d51922ea499e85ef54a9fe3d7d

SHA1
79c02c0ddb6c80f7b111367630b8559b0c5ea7f6

SHA256
6846f5d9f0a68dc9d2a7df023580228d90a31d05b2351ec081c5a461ac629d3c

SHA512
c5941d557323c3fa8493fcc3c7a429f188fd8d7a8d8921db8e4eda9cd74ea61afa187132461ee512d8e50973b34ae8f09f68f53381bfe152ec4fc58f1ec58540

Download Submit
C:\ProgramData\nCore\rmdb033.avb
MD5
3b4e95e72deaafe71e22a89c6043120c

SHA1
6bf9358bb1f91dad62d7a89fb14b30e7f18aaccb

SHA256
e265c87b1e4374ff268cfcfb6ae800b7344aaddd306d38af3c7652528afbf57a

SHA512
da6335eb8913f4bf0a267816edd94464aa4797eb917a7e2a879e5957ab73e443ece8d0802eea533971fa7441a6d0f69724545c672aca10cb077b2ea5b7369ce5

Download Submit
C:\ProgramData\nCore\rmdb034.avb
MD5
64335f840f416b3dfbd8c19f1ca90c04

SHA1
b8bc44b540466e92629ee5bae69deecf575257eb

SHA256
3832127d121e63116a922278ac51d5772192718d2c1370fedd7c243160abc2ef

SHA512
15fba9e50f91f4d968bd45ac2b03f4bbb2b7af1ba086662b4ed78cef25c96caa7a34ef08382f26eaa3b43d0128699cf5ffcc2285df798653a100057a37ccde97

Download Submit
C:\ProgramData\nCore\rmdb035.avb
MD5
6805a7aafb65d062debd904ab0b34435

SHA1
722bca3d0e2d7ab086f49771ab2a613a517889e1

SHA256
e7daaff461a9455b2d3f31a399453e9bd5dc3ae89e2e160524c995d94da27080

SHA512
2a2445cd3c55e6da025064bd451a53db455fdff78680b4521c6b21383921491f1aa9a73c71503cf68210f0188c9a3f9bf85a6be6ad279a3f5670d72507926b85

Download Submit
C:\ProgramData\nCore\rmdb036.avb
MD5
daa5ac40834cf78057531111f6294a9a

SHA1
be24260a87fb9a6ed77fd6a61341ca4abf970963

SHA256
26c2ceede4d12eabae92bc8362e141bd3d6b84e79ba44f892c7be52014d704b0

SHA512
451a4e8c352e205c81188a093a7b734ccf710e0f0c28c745106446b16c36207576b0bd3b3fa7f826cac9f302b8cf0bb102ddba2c61d49336f7b38d463b453715

Download Submit
C:\ProgramData\nCore\rsdb001.avb
MD5
3431895c69be493a6e2e8f0d8d979856

SHA1
d51d86fead875474034e1e6975f7198f27bf32ab

SHA256
83a1d451b309e4e8d41288be80075adf3e10b1f670220ab66f99500a22f285c1

SHA512
c4c88071a6881a87d52d81ddb1d83d0434b6095d7a41343777bb6996a9bc287fc946cd932ab8ec5bbea7570ae3d0bef353557729859595577f597f97f3d524a9

Download Submit
C:\ProgramData\nCore\rudb001.avb
MD5
2e813800961410b5d300b6b6c6fd24d4

SHA1
e06b7bef2dcd3a64eaba9e75d940e53c1766814a

SHA256
40a5495cc30bc56fa04b43c6b99d40d1f938ba201ce277c07d24c6650f4c1420

SHA512
9a82afc43395930c359d2f679c61db2c5727aa36fa814d44b87aa368719b18234a3879a6052bf321b1fceeceea984427d290f583e939632b7d0693eef5545b80

Download Submit
C:\ProgramData\nCore\rudb002.avb
MD5
2780c9c666a2afb58c35ea5b3496d233

SHA1
e582cccf58194d3e33263f5423c0a7096fd0a336

SHA256
82a242a14771e6848105bd379780dc367dd04c21cf4aed4479c260c2e4f4dc54

SHA512
8adb37df2a3d0caf374477ff520552cd6fd0282f64f44bf6fd65d53042142e1cc649a9590a5da4732771df2c376639f04d016f64e84a5410a6cad6e20e985034

Download Submit
C:\ProgramData\nCore\rudb003.avb
MD5
00bd4433aef6b231e933a43045b50b45

SHA1
0608a87e865b782fe146318583bee22b4eb2447f

SHA256
d4eca13874d05a82b633e25a0d1308855c4241b57c63ca1367c8b515dea65beb

SHA512
8f6fa5bb13bcc20709f8a4b78322b48199eef6d60df2b22356d1ebc4508dea9de50a0ebf4b3f2e57cbeb334eaf165501e0ad995bc714745b1f4abb5ba4e891ec

Download Submit
C:\ProgramData\nCore\rudb004.avb
MD5
e68f7328a36bd5d7b92f89e32988e537

SHA1
7c999a67336ca061cc7cf6d3305eac5a4f336195

SHA256
8b959a9a68c2dbd19b49a1b5d2c8005e84f2c5d2c3ab5c2a24b9da44d5de09af

SHA512
25a1d0aa5780a8db20cd98c72d405c54ecfb2b400a82721cdf4d8e431cf66c8a8cfa3d2ec9fd6caae384bd4d7a2a143186c8e1d8a634417a338cba684f3862c3

Download Submit
C:\ProgramData\nCore\rudb005.avb
MD5
f4d6f80f47eddfb55c6dde9452a45905

SHA1
b2e62ba442775dd2bda792a5ad83d756f9caf33f

SHA256
3a3fe829f915cd3fc9a41a7b0f22461a2663a07d550e254a5f5eeda7aca68319

SHA512
2c68eecb023c8b8460e0c300bee0c1949e1be50bb7d19bb8b2ae37b2f433e3b423805dcbc4afb816e60a256c775ac1f71a88e65e364e4701c16d2104a3c538a1

Download Submit
C:\ProgramData\nCore\rudb006.avb
MD5
021ae2dbec2d03304fdfcd68155aa932

SHA1
41a784ac7a5ad235998ac55a4f8a013ba80524f2

SHA256
5563d8b87954b41800e829dc2ffb4c781ef04a2a360fa1735eb372749f1f807c

SHA512
232bd5c1ad4ae44c73e369299cda0413ebcb512bd64e8e49770fbcf587adcde2a0f7731d84f3164323ac460d9c238188cd548aa9f30a7994f34b629d87ade322

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-IGS25.tmp\dp.5.5.57.setup.full.tmp
MD5
ebfabb4e6e589e9a5de56d2a6d3614e2

SHA1
d082f902bd635fa90b4c63508b58a163bf3816cb

SHA256
88211ba518296caf01fe2ca1a4586d2428a83f97417372439b67a0f4a669934d

SHA512
710f547119b7eff3160b3b54eb4f17863fec0f99d43f52383ac291443677558598c3a38bca71e3f9c18cf459506833e4010e088a600f40120cc1029686e223c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-IGS25.tmp\dp.5.5.57.setup.full.tmp
MD5
ebfabb4e6e589e9a5de56d2a6d3614e2

SHA1
d082f902bd635fa90b4c63508b58a163bf3816cb

SHA256
88211ba518296caf01fe2ca1a4586d2428a83f97417372439b67a0f4a669934d

SHA512
710f547119b7eff3160b3b54eb4f17863fec0f99d43f52383ac291443677558598c3a38bca71e3f9c18cf459506833e4010e088a600f40120cc1029686e223c2

Download Submit
C:\Users\Admin\AppData\Roaming\Digital Patrol\report\ReportU.txt
MD5
877161308c8efc3b2dc24d1071552b59

SHA1
82533ff1177f281276d26f5bfc5300b24b2de35f

SHA256
7579acf2a08d75e6ef91a085450688054ea0cf3be1ca994b92899c4fb42a2f5f

SHA512
309ca31af13f8519a5792e73843a2e4c7649c54a2c971b28dadde955be9a2dee7a45947e75190ad0cf8f86c33a20f46237700fc6ff7ef6ced4f9661871391aec

Download Submit
C:\Users\Admin\AppData\Roaming\Digital Patrol\report\ReportU.txt
MD5
9209b5d31038683a7a2373d56f27dd9d

SHA1
6a8401df8a265a1be1a3ead80c0287248442d29c

SHA256
fd1fd0be72560b6fa4a85d7c2024111da3b906710267e470e682dd7949e8c875

SHA512
a82597556b9cc28176906629f31845dfd32c9e731e396b841fec98a71dc387d30f36a0881ba42a828a49631095d514c8d8a369c9e47b2bba84280556dbbeeeba

Download Submit
memory/204-247-0x0000000000000000-mapping.dmp

Download
memory/744-126-0x0000000002580000-0x0000000002581000-memory.dmp

Filesize
4KB

Download
memory/744-123-0x0000000002580000-0x0000000002581000-memory.dmp

Filesize
4KB

Download
memory/744-133-0x0000000002580000-0x0000000002581000-memory.dmp

Filesize
4KB

Download
memory/744-134-0x0000000002580000-0x0000000002581000-memory.dmp

Filesize
4KB

Download
memory/744-135-0x0000000002580000-0x0000000002581000-memory.dmp

Filesize
4KB

Download
memory/744-132-0x0000000002580000-0x0000000002581000-memory.dmp

Filesize
4KB

Download
memory/744-131-0x0000000002580000-0x0000000002581000-memory.dmp

Filesize
4KB

Download
memory/744-130-0x0000000002580000-0x0000000002581000-memory.dmp

Filesize
4KB

Download
memory/744-129-0x0000000002580000-0x0000000002581000-memory.dmp

Filesize
4KB

Download
memory/744-128-0x0000000002580000-0x0000000002581000-memory.dmp

Filesize
4KB

Download
memory/744-127-0x0000000002580000-0x0000000002581000-memory.dmp

Filesize
4KB

Download
memory/744-166-0x00000000025F0000-0x00000000025F1000-memory.dmp

Filesize
4KB

Download
memory/744-125-0x0000000002580000-0x0000000002581000-memory.dmp

Filesize
4KB

Download
memory/744-155-0x0000000002580000-0x0000000002581000-memory.dmp

Filesize
4KB

Download
memory/744-156-0x0000000002580000-0x0000000002581000-memory.dmp

Filesize
4KB

Download
memory/744-158-0x0000000002580000-0x0000000002581000-memory.dmp

Filesize
4KB

Download
memory/744-157-0x0000000002580000-0x0000000002581000-memory.dmp

Filesize
4KB

Download
memory/744-160-0x00000000025E0000-0x00000000025E1000-memory.dmp

Filesize
4KB

Download
memory/744-161-0x00000000025E0000-0x00000000025E1000-memory.dmp

Filesize
4KB

Download
memory/744-159-0x0000000002580000-0x0000000002583000-memory.dmp

Filesize
12KB

Download
memory/744-163-0x00000000025F0000-0x00000000025F1000-memory.dmp

Filesize
4KB

Download
memory/744-162-0x00000000025F0000-0x00000000025F1000-memory.dmp

Filesize
4KB

Download
memory/744-167-0x00000000025F0000-0x00000000025F1000-memory.dmp

Filesize
4KB

Download
memory/744-168-0x00000000025F0000-0x00000000025F1000-memory.dmp

Filesize
4KB

Download
memory/744-165-0x00000000025F0000-0x00000000025F1000-memory.dmp

Filesize
4KB

Download
memory/744-169-0x00000000025F0000-0x00000000025F1000-memory.dmp

Filesize
4KB

Download
memory/744-124-0x0000000002580000-0x0000000002581000-memory.dmp

Filesize
4KB

Download
memory/744-154-0x0000000002580000-0x0000000002581000-memory.dmp

Filesize
4KB

Download
memory/744-120-0x0000000000000000-mapping.dmp

Download
memory/744-184-0x00000000025F0000-0x00000000025F1000-memory.dmp

Filesize
4KB

Download
memory/744-170-0x00000000025F0000-0x00000000025F1000-memory.dmp

Filesize
4KB

Download
memory/744-183-0x0000000002400000-0x0000000002401000-memory.dmp

Filesize
4KB

Download
memory/744-182-0x00000000023E0000-0x00000000023E1000-memory.dmp

Filesize
4KB

Download
memory/744-181-0x00000000023F0000-0x00000000023F1000-memory.dmp

Filesize
4KB

Download
memory/744-180-0x0000000000920000-0x0000000000921000-memory.dmp

Filesize
4KB

Download
memory/744-179-0x0000000000930000-0x0000000000931000-memory.dmp

Filesize
4KB

Download
memory/744-177-0x00000000025A0000-0x00000000025A1000-memory.dmp

Filesize
4KB

Download
memory/744-178-0x0000000000800000-0x0000000000801000-memory.dmp

Filesize
4KB

Download
memory/744-176-0x00000000007C0000-0x00000000007E3000-memory.dmp

Filesize
140KB

Download
memory/744-175-0x00000000007C0000-0x00000000007E3000-memory.dmp

Filesize
140KB

Download
memory/744-174-0x0000000002590000-0x0000000002591000-memory.dmp

Filesize
4KB

Download
memory/744-173-0x0000000002570000-0x0000000002571000-memory.dmp

Filesize
4KB

Download
memory/744-172-0x00000000007F0000-0x00000000007F1000-memory.dmp

Filesize
4KB

Download
memory/744-171-0x00000000025F0000-0x00000000025F1000-memory.dmp

Filesize
4KB

Download
memory/744-164-0x00000000025F0000-0x00000000025F1000-memory.dmp

Filesize
4KB

Download
memory/1968-188-0x0000000000000000-mapping.dmp

Download
memory/2872-115-0x0000000000000000-mapping.dmp

Download
memory/2872-118-0x00000000001E0000-0x00000000001E1000-memory.dmp

Filesize
4KB

Download
memory/3416-248-0x0000000000000000-mapping.dmp

Download
memory/4480-185-0x0000000000000000-mapping.dmp

Download
memory/4664-249-0x0000000000000000-mapping.dmp

Download
memory/4664-251-0x0000000000CB0000-0x0000000000D1D000-memory.dmp

Filesize
436KB

Download
memory/4664-252-0x0000000000F90000-0x0000000000FE7000-memory.dmp

Filesize
348KB

Download
memory/4664-254-0x0000000000FF0000-0x0000000001128000-memory.dmp

Filesize
1.2MB

Download
memory/4804-114-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download