strongpity | 0e4651625abda88df56952b7e97d7fb64a3e1ea97bfe01e931d47381c0952e98

Resubmissions

21-08-2021 07:25

210821-sc6xvh6ksa 10

14-03-2021 12:03

210314-cpwwfsf7da 10

Analysis

max time kernel
149s
max time network
154s
platform
windows10_x64
resource
win10v20210410
submitted
21-08-2021 07:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0e4651625abda88df56952b7e97d7fb64a3e1ea97bfe01e931d47381c0952e98.exe
Size

2.4MB
MD5

6d0fd5f76fbe861695b140828aac6443
SHA1

71b54d8219ab3a44ac434c41495c8d0db62a7d3f
SHA256

0e4651625abda88df56952b7e97d7fb64a3e1ea97bfe01e931d47381c0952e98
SHA512

e85fc4cbb64b4abdb1d76322e66ee7a007e8fc13f3dc9bd6d485aa36be345fda2494e44c665768388e3fe5c6aaeafc4d0926a62d69c13a2d06409182711527a6

Score

10^/10

strongpity persistence spyware stealer

Malware Config

Signatures

StrongPity
StrongPity is a spyware developed by PROMETHIUM APT group mainly used in government sponsored attacks.
stealer spyware strongpity

StrongPity Spyware 2 IoCs

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\ndaData\nvwmisrv.exe	family_strongpity
C:\Users\Admin\AppData\Local\Temp\ndaData\nvwmisrv.exe	family_strongpity

Executes dropped EXE 4 IoCs

Processes:

fnmsetup.exenvwmisrv.exewinmsism.exefnmsetup.tmp

pid process

1288 fnmsetup.exe
1348 nvwmisrv.exe
2452 winmsism.exe
2752 fnmsetup.tmp

pid	process
1288	fnmsetup.exe
1348	nvwmisrv.exe
2452	winmsism.exe
2752	fnmsetup.tmp

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

0e4651625abda88df56952b7e97d7fb64a3e1ea97bfe01e931d47381c0952e98.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Windows\CurrentVersion\Run\CUpdateTask = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ndaData\\nvwmisrv.exe"	0e4651625abda88df56952b7e97d7fb64a3e1ea97bfe01e931d47381c0952e98.exe
Key created	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Windows\CurrentVersion\Run	0e4651625abda88df56952b7e97d7fb64a3e1ea97bfe01e931d47381c0952e98.exe

Suspicious use of WriteProcessMemory 12 IoCs

Processes:

0e4651625abda88df56952b7e97d7fb64a3e1ea97bfe01e931d47381c0952e98.exenvwmisrv.exefnmsetup.exe

description	pid	process	target process
PID 3904 wrote to memory of 1288	3904	0e4651625abda88df56952b7e97d7fb64a3e1ea97bfe01e931d47381c0952e98.exe	fnmsetup.exe
PID 3904 wrote to memory of 1288	3904	0e4651625abda88df56952b7e97d7fb64a3e1ea97bfe01e931d47381c0952e98.exe	fnmsetup.exe
PID 3904 wrote to memory of 1288	3904	0e4651625abda88df56952b7e97d7fb64a3e1ea97bfe01e931d47381c0952e98.exe	fnmsetup.exe
PID 3904 wrote to memory of 1348	3904	0e4651625abda88df56952b7e97d7fb64a3e1ea97bfe01e931d47381c0952e98.exe	nvwmisrv.exe
PID 3904 wrote to memory of 1348	3904	0e4651625abda88df56952b7e97d7fb64a3e1ea97bfe01e931d47381c0952e98.exe	nvwmisrv.exe
PID 3904 wrote to memory of 1348	3904	0e4651625abda88df56952b7e97d7fb64a3e1ea97bfe01e931d47381c0952e98.exe	nvwmisrv.exe
PID 1348 wrote to memory of 2452	1348	nvwmisrv.exe	winmsism.exe
PID 1348 wrote to memory of 2452	1348	nvwmisrv.exe	winmsism.exe
PID 1348 wrote to memory of 2452	1348	nvwmisrv.exe	winmsism.exe
PID 1288 wrote to memory of 2752	1288	fnmsetup.exe	fnmsetup.tmp
PID 1288 wrote to memory of 2752	1288	fnmsetup.exe	fnmsetup.tmp
PID 1288 wrote to memory of 2752	1288	fnmsetup.exe	fnmsetup.tmp

C:\Users\Admin\AppData\Local\Temp\0e4651625abda88df56952b7e97d7fb64a3e1ea97bfe01e931d47381c0952e98.exe
"C:\Users\Admin\AppData\Local\Temp\0e4651625abda88df56952b7e97d7fb64a3e1ea97bfe01e931d47381c0952e98.exe"
1⤵
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:3904

C:\Users\Admin\AppData\Local\Temp\fnmsetup.exe
"C:\Users\Admin\AppData\Local\Temp\fnmsetup.exe"
2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1288

C:\Users\Admin\AppData\Local\Temp\is-LB8H7.tmp\fnmsetup.tmp
"C:\Users\Admin\AppData\Local\Temp\is-LB8H7.tmp\fnmsetup.tmp" /SL5="$301CA,1480519,54272,C:\Users\Admin\AppData\Local\Temp\fnmsetup.exe"
3⤵
- Executes dropped EXE
PID:2752

C:\Users\Admin\AppData\Local\Temp\ndaData\nvwmisrv.exe
"C:\Users\Admin\AppData\Local\Temp\ndaData\nvwmisrv.exe"
2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1348

C:\Users\Admin\AppData\Local\Temp\ndaData\winmsism.exe
"C:\Users\Admin\AppData\Local\Temp\ndaData\winmsism.exe"
3⤵
- Executes dropped EXE
PID:2452

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\fnmsetup.exe

MD5
65689075a82a08bb797bb9a5cc2932c9

SHA1
a13b3baeedc3456bf8a03e6f7fd43b8ccfabc7e2

SHA256
803b09f5863b583114d4db7d19ac0c5f64163c0075992bcfc289d27feea3a3ab

SHA512
20a1ac3df849e09fe361d0de8c04f9d8598457e95427a30df9ab74316c2644aa30f782b88b171ffadd7be4b6fc85970ec539d003aa1244434be6a12bbb9b6ee6

Download Submit
C:\Users\Admin\AppData\Local\Temp\fnmsetup.exe

MD5
65689075a82a08bb797bb9a5cc2932c9

SHA1
a13b3baeedc3456bf8a03e6f7fd43b8ccfabc7e2

SHA256
803b09f5863b583114d4db7d19ac0c5f64163c0075992bcfc289d27feea3a3ab

SHA512
20a1ac3df849e09fe361d0de8c04f9d8598457e95427a30df9ab74316c2644aa30f782b88b171ffadd7be4b6fc85970ec539d003aa1244434be6a12bbb9b6ee6

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-LB8H7.tmp\fnmsetup.tmp

MD5
8f144bcbcad0417e7823dd8e60218530

SHA1
9df092a764b8ad278ed574f00d1c065683eef6ac

SHA256
39dfa032878743bba8244c73173c263e669131f0084a38f22c52b1383f627ba0

SHA512
e093f69030fee17d8b55bde8337d409e8dfb583c97a81ed37425fb72122318d4c1f996d0d1bca28f24182ff5c8afe2be25eadc27951463ddca5c0abceca2a72d

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-LB8H7.tmp\fnmsetup.tmp

MD5
8f144bcbcad0417e7823dd8e60218530

SHA1
9df092a764b8ad278ed574f00d1c065683eef6ac

SHA256
39dfa032878743bba8244c73173c263e669131f0084a38f22c52b1383f627ba0

SHA512
e093f69030fee17d8b55bde8337d409e8dfb583c97a81ed37425fb72122318d4c1f996d0d1bca28f24182ff5c8afe2be25eadc27951463ddca5c0abceca2a72d

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2141340605_0821072153197_0.sft

MD5
bca136534b18e009fde69abf455a15d9

SHA1
5604b23fe3602e9fd7696a8b6b9dadae572393dc

SHA256
e5d3a23e076cf202ac686266b85a01844225d229d3365907ab83a61740f9811d

SHA512
c2a327b2462fe799632f7e666ba80a08f91984eaf2ab5103289f356e125a8cf2e6ebe7dacc33d172cf25999b475fe93db5260c01e825d5d2b781f03c9a98dac7

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2141340605_0821072153197_1.sft

MD5
3e5e798f4e66f4ce1600de3dd3529d9e

SHA1
67aab41c0f3ca238dcfb31ea015066a8b7ea3891

SHA256
1fb814c8324cb7be1f297d5741c08a104d535a8e93988d4642ce88887badcf61

SHA512
3f345a8888bf83989dd411bc9eb21c2017ea0096fa0cb149a3451b368087bf6360a05d06241519b04d64004b79db6dc1b52a6cb2afd0465617a71752be0771be

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2141340605_0821072153197_2.sft

MD5
97709080882684be251332331dd71a72

SHA1
8434667e5852a981e4f75dfea954907407b7e648

SHA256
2b05aebb112c54774c6554cdbdfe45cde37d8fc15ff102780e57d9da2f27e093

SHA512
594059483f0bf20571ba44b0d60cc3985cac54f9fb692d3d334ce8cb80ceb211201654587604f34bdf75230dd3c22d9fb6d47d2a653b04753fd8fa266277be9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2141340605_0821072153197_3.sft

MD5
891fd06675b1a2ae919f40efa6851958

SHA1
ecad1a1e6d5458cf684b533c2230bcc74ba1839b

SHA256
8ddc64f5d16912bc39aac74c190738f57199a21db20d98de2ef2b99f5c23ab44

SHA512
44045ad3c226dfd386af46fc0c44df777e1a40c1e241c7d1ffd1631cc1792db4ef4e3e4aa536f8f2a516e1dee4f3f712a6590011b15215fae4a30e32966eb573

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2141340605_0821072153197_4.sft

MD5
818b816b94dd8d462238906321c29c38

SHA1
d04a80f0ac310bc8b180ff0ce730f998aedf57da

SHA256
8725360889c9a5ac192bf5b619030c3e827d0e1f1d4d087a9013ac9f98ff7d50

SHA512
3c82435a08eca30971f37b952a53caa91c5fa5290c75f304a22e60f186e3dbf607806bbb8d79d337c64094e328fce7b07b7ef6704ccebbccd90babc7771cbaf2

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2141340605_0821072153197_5.sft

MD5
05ef42388e42b6d7958eb20de079f6ff

SHA1
0fe6c611f6c26b01c9c3de3a445e54a2299ce58f

SHA256
6f0e001286626d4dfef2ab6a6e22bf3ed1ff4c48908a032a22c5d50e7eedde73

SHA512
4c34b0889bd73b1df084bbbc9cc917360048db9f04979c37bc448a00cde7dd3ebe9d86927bf5e94d0b937d9fe7d25f380813b69e0138814e729841b1def5d6c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2141340605_0821072153197_6.sft

MD5
6c78bb4a6deae697fda94e726f4d08b9

SHA1
2e901d570f6d3110713ee41d8ecc8a5c89943c47

SHA256
3349ab876d1fd1ca984acb479ec6b1f891001a6ca2ad87d0f86ddc1840985117

SHA512
c05a076180b21259e64796c8f0ef4115d3e38dec0653ff396f1c56aaa64e9dda0f055aeabe4e9bf584b13910c4031ba528aa41518c8aadab91d5db08b2724ccc

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2141340605_0821072153228_0.sft

MD5
37f0fb87f79733beebacb8d5964d95ba

SHA1
fb304ba16b55437205f2dc3cd4a77b052923c513

SHA256
294ee6dc47cb85ccdf6efee650a04a90202408c7a717b2f968aeec1e24f78aeb

SHA512
a1f6c22a02fb5a29ee84eb5e46d66864b0c90e302e0ba7dfca8fa8b19007e5cf06dcae619d233fea5dd03f70b338a8d9bbedb70fbe592f9197541d27b862b7c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2141340605_0821072153259_0.sft

MD5
6990382119b394368b8de15c7856e492

SHA1
23c0777efc696e0d7cdc5c1a9fe73ba6d15e5335

SHA256
b552b4372767da415acdc041c20e4eed0f86f098afc7d3d50dca29f6e2dc2a91

SHA512
836d872e634032886f1b0058e2d1d691a5ab330eac1ade1b164d42da0d5a9e861fb9487c6e912665979c2c5e5a6b91b4dfc8ddd45e4531f1a2f8e78e794755e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2141340605_0821072153353_0.sft

MD5
2d9ad2d86a4529b0a4d53bff9a3324ec

SHA1
de584c3851940738b90d852f2ed5a9f81c431d33

SHA256
b0a38605800d3909d8adbbeb8e942c613d2f39680dcfd9d50b670125b1f36c2b

SHA512
a22b34340f80ced99846990c5da1c606a3aab5c94a41e395f26a04e404482d787cf95ebff47db9a1b59f539ed543ba2462ccc9eb9451c5a32f0870ade474f628

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2141340605_0821072153353_1.sft

MD5
1050659e5ec7130a4c54ad3d9ef89b62

SHA1
e27de6e1695605cf3d78782022895d0046cea261

SHA256
c612afffcb48490353cf94daafae8bb2e2c06c5c51fb4a4d344a41902d4c6315

SHA512
0bd2f754b9dc13acfa5798108830a3138fdfd0d2f3553d039671bb3221247951fce50dd9d656885add05d556a32ad388fc7b56c87d4ac93e99abda5af86a5197

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2141340605_0821072153353_2.sft

MD5
f52711a54fae09bf761944d1aa70c2a5

SHA1
c5d055659d17ecab0f2c521783ff93a46180b783

SHA256
0c39e69ff17691305de9fedf655f8f80578d0a921924e6e248fcde2509c1b586

SHA512
9500bb862d214eafb829d63515f114cdbe0c0b9d3c6f4e2fab0d8e304419385f359e680ac8f24bf8d65252901bd141a8f1908c8d840040665bbc6a6c7dd39c7a

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2141340605_0821072153353_3.sft

MD5
272aa9c777f2ae3d91cac7ac786888f0

SHA1
c2689d3dc2b1ace35b6ff2d4c1cf88e13d777e43

SHA256
2abdee60adafcb126745d886dc1db293a0baa88d6ae0d9029495e025fd84aa24

SHA512
ad8d2a8c1d9d8d109dfad1d4aaec99fc8a58556b65de5817842061d03620be63c35333d47e5b5d7abf66bee37d6a89b627cf7dc120be797f8895f884be886d54

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2141340605_0821072153353_4.sft

MD5
4ffad9d522cca659b6d6cb7c647f125f

SHA1
6fc64bc4e111473c5ed92c71bce8ae7f6085cc6b

SHA256
daba467549e2324ed3bc5f0a77f8b893180a2dcc21245ee5fc6bf2c75ea35534

SHA512
8d602a59192bd771ae742e7818c545cbe0767a15251bdd54c8a22b9c87efd7f4652a926a327b2d6788839cde941f43bf4e9ea5689770affbf92e9fb4855408c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2141340605_0821072153353_5.sft

MD5
269bc6853e36fb00a14173a85f6dbf51

SHA1
95c00fbfeb257758889b545a07103192fcb4f1ab

SHA256
b147a31b6d245e29d18d45d905cbb7796b2a30d09461fc14fb99d4c7334382e2

SHA512
843a5cd3c34e50489006e458904c8a59ab7e718fd00d5f5e7edeb3bd14a8cf50d5fdbe1d5810c80732e4a00d8bb165954139f7c528eedde294af2b3bfcb70339

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2141340605_0821072153353_6.sft

MD5
9a438a62c5b142054c341f75055ecd6c

SHA1
daebcc6c8b1bf137fe33bcb06fb003debda4bd62

SHA256
f2e7dc838b0225ce029519070ee0724662fc0d6600ae3853375a7970d34bf8ca

SHA512
1147586da881330f3a55a81e2aaeae4dba76ede4882596695f1a8e3959dbbafa65a70395c8fcd81a09c0e5632b4873e9623b6f54424646bdf5a412ea415b2cfb

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2141340605_0821072153353_7.sft

MD5
d0459185cdd41e99de2f5e20b2c42c49

SHA1
e8baf371ba5967b5091f46c6ca932e52160e46f8

SHA256
bf0b3baee4fc056928fe5cd8836e3b003130ca314c6348850ad451c1979694df

SHA512
c5773799059ce5784d81acff32e2a877f5d133f90476460087e9d67a4ebcd0417eaf6885d17b9a28017e9acb0c6b2b82e30f8d3c0a8629697426787c24e89c63

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2141340605_0821072153431_0.sft

MD5
49945b0cadc2a7a570f6e2269ac2e118

SHA1
126721c5707d68ce9bb28918828e663aaadf9b52

SHA256
a6c54ee5620f79155d5e34e0a2397c0aafeee2f7d2a2e75509158b20d2a83e0d

SHA512
10465c9bd7388edd0d823505151529bc248879724f1b7ba9af0c90d0b4453789c33d8bcd8095c1d9ec84321ad0dbae2e6b82d142fbc42c15f5f3e020bc6505bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2141340605_0821072153587_0.sft

MD5
54a55523df9e0aa0f17689096a018c2a

SHA1
cfd061eacf2da6faf99cdc97c44419661bf342b3

SHA256
b273de8df7fa616993715e26cd9099e18aaaea19350fbe063671ef0ad030e2d2

SHA512
8689eec94605e4d9d68f9c1193397b6d82598ca68e9ad058d8b2fbe9c6d153abca4166c49898f0c8eb4d2c42261fcafcfa572181e1019603a9ff79026394329b

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2141340605_0821072153587_1.sft

MD5
1d8ccc56424401ddd20701b86851c6bc

SHA1
fb7e0f9f46fda23b9b0ea7d4fd3b744f38925c6e

SHA256
682fb5a0880b00712a9fb2f74703c4fca43bad01e0339aef04bdadac29cb2117

SHA512
45108a09bfbc9684882426ebfa6ce9cec5b063764f32f414c884b59ae170c7be62950d42cd9fbbae611f05fc7a943778188525f267c8a67922f88eae07c49f2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2141340605_0821072153587_2.sft

MD5
91933b3fc1a0fb57852c4665116c52c5

SHA1
6b55a8c131e322cd0fee672d71ea3ee7d72c1919

SHA256
ff12fb589d114b4ac653b93d5a1f441953dcfaf4f6bd1918ea85e72a31c2c209

SHA512
67fa1454bd91168afb0e6be7a4c2464b140ca6ce37239c13992a66bb171cc7a1aae65e136379f8eabca9288cbf507d04e501ef76c51c27ba06047f678eb07f04

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2141340605_0821072153587_3.sft

MD5
a69c1fb8a390e3d235962c76697f3afa

SHA1
fd895a318fa14a4434fb964f850abc2c873cf9d8

SHA256
86cd81ae99098cd8f9a4606debd0b4274bf6bb246f2768d3b41014f2312881be

SHA512
d850579c0c5f634f39e73ea814bd156912d429e970fab1e16b5341c1005749ba2459b2e0a633558bd28a5bbfa34d51acfa32c400c72e702831402fd7135258e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2141340605_0821072153587_4.sft

MD5
c4dd1620f2b2dd15d215ba9e41be19d7

SHA1
f3f1f315c01ba168cecee15c793336a4b9739dcb

SHA256
260140bcc04b1467e157ff333a5090a74d4223b8803fd2e14a7e0e9408897d0c

SHA512
a312b21bffe7acb4348efd498634e34bc9f07f51fc8b59267081ec1f8823054b8282b26ae5477fdaefa8dbd986d415979388251250d57162f98b94abb11f0f56

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2141340605_0821072153587_5.sft

MD5
c449c1acc754ae001c144da217ce4921

SHA1
33d3bdc68d8bf9d4d24a4387f8d1bfb98a5461d1

SHA256
39010695f1114dfbc159d2400d62133059b0febba6fe082c205870e40bac4269

SHA512
e2f325ef8a3da55a26f94a0e2ec24998226ad0af459026b1a9765fa19026aacd0ae60808c2156dc8105ff887bc93fa31535245b8766b20c1e6467ae755549601

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2141340605_0821072153587_6.sft

MD5
b3c2f545f2fa07a6defd428c3c39454b

SHA1
7f04fcc6a33cf0bb03d93b7ef1a2555ba7e5a4ab

SHA256
b9fac9c0e09b83bae00a2a5c1ec33243b607abee20f29d5aa65869095dafd93f

SHA512
8f5ee3d11dd146ad81c4a0f3748bc3ebc72c3b5ba74be1451726f9e41d069e88c092834893cab76cd229635c777dc357b13a92d9329af9f0ed0acb9d96f7752d

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2141340605_0821072153587_7.sft

MD5
82961b00c26ca4f48a913866fa1970a6

SHA1
8c33c1b809b922aa407b1e3539cf0cd72112fd66

SHA256
a77ddbdcedfc5ea885ab9efa042244df76bf7607eb700d5840cbe0a2c3363e49

SHA512
440947d6485337f0ea9223c12ac46037d44053baa480a1746dd361045b3811c7c07ebddc015c99e0f3d93521df4175c78f75e872be08f4236f2b39e5d85fa750

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2141340605_0821072153587_8.sft

MD5
e9f73d21ce240af3f620e81c67537d76

SHA1
8957bdafa71e3af8a16cbedd3840f5f485651a35

SHA256
f85e08545ebad1e9f0834b684df7b8d3b5a883ec415564a797a9c72bef209785

SHA512
8749806659d835943e1ff42ad21757a662eca7ab7543225770d81ea67bdcd00253edf31d2e78f679a438c725b67e278032c41de8fcc3bca489b6ccb0223d4e91

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2141340605_0821072153587_9.sft

MD5
a4665874c030e6ec946160c7df8472cd

SHA1
7dfe1fe6b0c19d751728c20504c95b245f85668b

SHA256
9682f38eabfc29437cf61c619eb0ca8047944e2969a82390475a9617a0fe1076

SHA512
812c940afe5db978378f13c4046dd81b418e2c9911c488792a685e9827b87eb3251433cca1ea36385df5d636c1c33b81a05f2a937343a7255c82dd0f7d37935d

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2141340605_0821072153681_0.sft

MD5
1bb981ab58ab477defdf3dc28b820b44

SHA1
3b6e649fe4cdb35e29ff0348b519fc3c0d2839f9

SHA256
6c7f1df9d39b9fb4f7ef7884fb967bdb78165777f83051426eec34eec6d5b83f

SHA512
2058e2ca35ee2bb4464d097466cd411d625d4eac942a26fe8e802e31d7de66248dda0c42fb7ca3ec9430eb2387751dad6e11866006c6e28b45b8659a2112ab88

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2141340605_0821072153759_0.sft

MD5
c8e3c3e3a92c69dafc23510782caca2c

SHA1
b1df2e4bb38cf6979efee51d75786946b44fe6c2

SHA256
99a34b5f42ccd9abadbd947f732daca0fda6f6fa2dd7194ee8a8fff70e80a0a9

SHA512
d20542ee0914e2d987bd31f872f9a7a485370288f2cb5df24b8874d56a938573da6a0cb6746f1d8216197b90f82b3bddcfdba0e02ae20d68754b15b4c2fb6e31

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2141340605_0821072153759_1.sft

MD5
4e5e8188e11555395f800a8486ac3f61

SHA1
44c9e4d0d22ed34cc4819f75f6f024abfdcb034c

SHA256
9f64760a4df1c8302f021bfbb9f024c31309f9a2c2105e1b570fd46b649e796f

SHA512
3c03a585f7d2dc46379edfe19c4425590f06eac1bbffa37d3809c7f290e80c379bdcdffd823d986aba88180787c0c8871a3b4de0683f60257f295b880fc8da37

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2141340605_0821072153759_2.sft

MD5
39687d121ce2ad20831cf628949209ed

SHA1
dcc773cbecab4e86cf7543f2da35ec5fe19e1492

SHA256
2fde33118daa1c6a6b2e6832b5fc7961e787b5657881f9bac511297f96d3a79a

SHA512
8e122da85e6e88839e2fc7e862af8e8c64a6020d8a3c3d8549f80df2b848547f2a734905168804612f21e4d1e8651cea9cffee71ecae4942b182ff8d0478d7ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2141340605_0821072153759_3.sft

MD5
c6df8113cfaf0071ed5120efce9a47e6

SHA1
f144d64291da24904dc0920702a3a00cbc9e5f2c

SHA256
08af76d7cfa066f1edc324eb5b0fa155f8da27238033ac0459f612276adfc5a2

SHA512
f73769e7e7987a9d231133f9a09636c80b54dd8340e5ae223eea1648d3a4eacc1a0c7c48c9a7a5c8d2a5022e6e081b61a0e84637db1b6fbfc1f22422fd298272

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2141340605_0821072153759_4.sft

MD5
38bbdb67ecce45ba3b540a60a049672e

SHA1
ede8da8b55f038a9a6f29ac2bdda1ddedbc87e20

SHA256
1aa9485e715e6a6305e1a43afd1dc05f9e52c11fdba42418682a3330dc1871e7

SHA512
68b75428692592af625058b27775419fa2b56fc063baa1f5906c2aaa8a0ce148d6d6a2e16d269061f3818d802022d55c1500aad9c5f1c30759bbec1f4970137b

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2141340605_0821072153837_0.sft

MD5
5b0a0c4738ad18b2fc714622a696e59a

SHA1
3f8adeda72a442a1cb89a7cf7ca2c6369aa9e4b8

SHA256
2385ce55b2c333f6464e1956756ef511adb6c939f696bf8ea2616f2dd2592f2a

SHA512
a2517d7f6617fabbba41964eb7ced7b1d5d740783ab83ab628ae412c837cab680c81fcbb9a80d4c284e3ca5803cf37242c1a86a9f50f03548c2fe1a29fad8b54

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2141340605_0821072153837_1.sft

MD5
bbac2d7fdfe5b6fa97a38222ccf5789b

SHA1
7808f11073c3bfdfdf28e50a7654b7e094da2e6e

SHA256
12299d74d00c087e233c6de162303608f7df7aa75cd6f5d4deb493906bb8456a

SHA512
7fe3f9fd61bde75fe5f36382a0dd9bfd77ba57275d58b2df09073fa4de4c7e6420140e26db121b0b936fe0d86ab6874b3a9e673b38da97d345a36cdfe28008e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2141340605_0821072153837_2.sft

MD5
28a202fc0cece7907630e97bcc625745

SHA1
5975d365257f1596d1ee65139ba11eeb7d2ded38

SHA256
e36672337a1f96ed0ee6a6cb92e436c20e314aa7c8855f25a670cb300f699849

SHA512
c5d4d982837c35834c2fbc8d826953c15a4c0d2d8652560350ead97e79bf2acbbc5b0d9b9f6020fca21c0cc4eab0c7a81bfe9a0d8c411f0b39a649c49edd0257

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2141340605_0821072153837_3.sft

MD5
81671c2dbcd6867bf1d06b2305429bff

SHA1
ed6482488a4a0ad79895fac249984fb121a54796

SHA256
e449d8b9b348f9450c5725e995bfdd6b6aa3d9c1d255944a7cf1aeb8d6a5debf

SHA512
9d59bcb343082cf00786c598de4d9e31dbd147472f4e2334ccab30ed35686379a129e1ef647182dae6d6d52f63d444d2c59f7cdbdabb64d00a41c29ebe1d8817

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2141340605_0821072153837_4.sft

MD5
0c7abe38cff0ea74e29f50357228bbc5

SHA1
def518b73d7cc58911fbe6cf2919655ecb8b1e66

SHA256
b036cab91414a71f085f47f1dd4f6994946359ec4a4aa4154ebc5a54638a7248

SHA512
5fb67ee36bf0e0d66ead2334b1fd1775d20885a8fdfebd70838e24f51a076bb3f075a41c751372c4af01de5af0180fda35cc171be32ccb0f8812654a452960bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2141340605_0821072153837_5.sft

MD5
42f8c73a393508422659af7da214ae26

SHA1
87af01b8538919a6d86041524cc36008d25750c3

SHA256
9d0f6b0c40eaaee9ff277915189045eab137a66a860a047612a999b715b011d0

SHA512
1999f0a00cdfadafbe1fa53dfa96f8c34459bf0ed8f1a1c9ec6f7e73762cc83fc3e62b66df9dcab711b48c86099293aa24103b34477758c304311dbf8042b8a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2141340605_0821072153837_6.sft

MD5
636216d0b31cf6c4648f0a7c1fc5750a

SHA1
0998a36a61a334ee030530e7ad1941d442d60bc2

SHA256
868967c5ef3d8b12a88c4c389d1d6261a859e0bf848de420750379fff52e630c

SHA512
7941bc90acca4566fb60c2ad45acd31b6ea28b197df2dde6a3795ac0424e641d35c2be4e64e0d6238b13d5c5bbc356f9505e24cc40b1ede74057ac2487359f84

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2141340605_0821072153837_7.sft

MD5
1dfe181322142961c2710b307de35711

SHA1
7882406df9c374459424a2abc7c559a702b1b955

SHA256
e2ccc6db4f6710624567eb18869086b1684a88d28e4467c402aa1bae6703c504

SHA512
edc9f19f00ffb099d02f6c2ff025584b242dde760dad9d2f9bfc8e999d61cf45975fc86a2516622a817fdb88fc3094f72f15a62c3fe4937ad4a5bc168f9c0f8d

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2141340605_0821072153837_8.sft

MD5
85f79ba3b13a5a34257fb69588dca3f4

SHA1
6e422e228a9407505738378e95083bcdfe274d9a

SHA256
dfbcb9df99fe32f364ec4e02259b312983fa14f9a11fee46ffab6793252b4fdf

SHA512
4a83a9c0783ae5dd25714c9bb791ac421ee8a15c4bf50a8f85dc200329245ae9167f119db701dc1a407a5e2b38d1424e9bcc8f2e66389d8dfdcfde43f62242a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2141340605_0821072153884_0.sft

MD5
cf4b9bad4c374bc61bf6d475e6575623

SHA1
8469dbc7a33d820f8d21fc8b1b4e1bf70acd8b7a

SHA256
72a3a48be146746b8f5907c153c0ac47f9ad9592201fdbfedbb8ae71460d67df

SHA512
f7b0a6b935cf8153f73b9ecfc30f4818cf87fd20e45e8b1048322222f650b60383cc05ed686da790430c3043ddad0274fdc046b1b6864af6d1dd934398990967

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2141340605_0821072153931_0.sft

MD5
f6dee78d58192590f9e62581fddb493f

SHA1
46b2133c86630f938d30cbe2b2a5a4171a5d032f

SHA256
3ff2d9efbe2cf53a35bec0be614f117a21c3bd82bc9d325d194ff6a8ec5dca27

SHA512
11246b65eaf574fa7d7bb91e1868c18d135c7f163a994f0be998bf707aaaba477af7ab769f1aa8fe6485e912d4f7e320e8242d95335143adf18f672353c36f01

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2141340605_0821072153931_1.sft

MD5
b5e88bc4e877cce3d7fe5f2346be1ef4

SHA1
46a4f2c6f91d5c478975620680ad90a95bd24249

SHA256
00ddad7e18b3091782fc6833eac6414e890d56723af2f0c384566bffc7023f88

SHA512
2967044bbeff897a462981a40b6e538d58dba4b58c238c71ddb891996ba387e61637d0c19000094cef791c2e3cf1a2be674a7429dca55a300a4e32ac6bde1668

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2141340605_0821072153931_2.sft

MD5
2bdd54053eb6433903e89ee6e21d4e52

SHA1
7b6fb00730294b10a955dea91c662df70e0cbc2f

SHA256
c72996b6fe098d49dcdf1cf49a0084b9c8a304db700a1d03ba94766018504aac

SHA512
6cedf33fda21bfda83df98b84f4b33ddd12548226160c14820e071502b16247551413a467385a97e9b278e24d06779450ece1b2711b444441012c5e8ae817efc

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2141340605_0821072153931_3.sft

MD5
304cb290a0ae7daf0da33700b1929695

SHA1
f8a3895f9ee1b444b10d23848a5439ef9576bcda

SHA256
bbb9aebad45e06f2827f620ffd144109f93a93a3f58e1299333e06a2b8b20e98

SHA512
f3b6a7d1793ca7c85e275d0c5e384f5806a53fd8ba0d99ff2d8f86faaa8cae4458ba1403e9d5782bc90cadf579a3546687da2ebf7399ef0b6b21627216d07c39

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2141340605_0821072153931_4.sft

MD5
e873228cde3815c8d8e896d98d9f046b

SHA1
5f3287f8f9afdb41e7d9b8a092b34bd53af67594

SHA256
d787ec4def09593d0255d0f3232e361db138dee6c66fcd9d774e7cdbdf1d10e9

SHA512
559552f480907c5dc485aed52249cc1174e15ea8ef6e30f44e822c160fc2a785dd0c41e36e92a35944d9afe00af7d3728b4b8429d5ea3018e2d0129233ff4ddd

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2141340605_0821072153931_5.sft

MD5
7e05d72128ed7d536a076de20c16c406

SHA1
9e4de2cf5d1d7ff1a440957c0455231601530a9c

SHA256
cc88da9bc724525b64d348cd98a6d7d0d9d0f2df35bc6e4204487fdc3aa2bdaa

SHA512
ee02b2374f9c5451de635218236f4d4ecd47082498548b080655263e6aea268ac5fa60b686ecc60eef93b6e43904fdb4c12efb7227ec1f690c2dcb191f50bed6

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2141340605_0821072153978_0.sft

MD5
ee2ca2a78e4083a64cd0b41bd67586bb

SHA1
8014d7df9bfdfc4060106cd605ac88a4e4221621

SHA256
631338edee9fea611e436577fc674818df576328360ed9f850c4622768ee6831

SHA512
47def162938a8a6abf6efd16690db865a49b72c56a299b0338f54f849ab63feacfd25ade4e7b8ade1e268786516e6a19f88f4c81a4857b7c04453232f6e60bce

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2141340605_0821072153978_1.sft

MD5
fb1efb9da2ca823ea6f2bcfde11def23

SHA1
8ec79fe40ad0d299ba171ed4b9c2bba8ba037aaa

SHA256
c19c4767e71c181e3eb1ca165bbf91be52bc80d2ccac8c222f482ae981a492c5

SHA512
e130afeffbc1d9437db14062d08b36a63c51c2f32756f62da4c9e90e6ec21769a368c79022b9cfe2ff31227c5ffc60a0fa9f8dabfd567076bcd2cf918d603b18

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2141340605_0821072153978_2.sft

MD5
9bbe9bb5a8a224ec500a6d966f9e56e3

SHA1
fd937ec6c706ba910e1100572b36d5072aa54e6f

SHA256
ba6fdde2735963afc5331565fc4bdee12701ea63982ef5afa54468f8f956a4bc

SHA512
9dad22869d62b3f04cb9000302a871029b6691dcc43d4528e48b5eadcca3008dbf54fc656b77b100051eb051ad34f5e9ad0ff55b352f6f7584115c6e395b8e0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2141340605_0821072153978_3.sft

MD5
b4dffc8b80e891d121ec5092d9f03185

SHA1
387725e05fc086b4db3fab5a1f93884235b6df78

SHA256
86584c2ef0a09aea4cb06e4e290b4c005044c1e3553bbff672b90b05d95c4d9b

SHA512
2899a1898b9145c3cedd17ccd71eadfa89e88e892569594e61b9692550744743ee0963984a3e3764df1367c1642a9f5d982deace6dde892d7cd3ab19f7d3b887

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2141340605_0821072153978_4.sft

MD5
7256717eaa57b800978acdbbbdbfa4e7

SHA1
71531ca8c1f9f9e7c6e593665e2c698185ca2d6d

SHA256
f8f6f6661705a395ab10b08c84e18f0b84db69a9d403b321469b28a7f4c9a5fa

SHA512
a606039ef85300d1e1e62d825f1f1553802821fb29f3fb9feb9d044122cfbf44a3de984215d3dc6dcbdf95cc70f70625f53a47fb927449a5438938d62e613752

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2141340605_0821072153978_5.sft

MD5
398def0d2cd1fb9c24100c1ba9dd30a2

SHA1
153626a0e25a1474d233663cbb6967b8e9e02dd2

SHA256
5efb9d6ed2b14dd7263597d3bccd6c28109a174484c6d73423e74b0a2008a1c0

SHA512
e96737f59c95450d3eaf89aedd8a0b8904781d6bea090d92a6f14019e09ec74362922730ef2deda397a9c09e0d79ca89b28f4055c10c967bcc9339116886b59a

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\nvwmisrv.exe

MD5
0f609dd490b21c85e9c8d1db8995e791

SHA1
30d448d7457818e4404b3b5e2079efa3d8d60bc3

SHA256
dfd0f4b821438d8a9277728e42ab58bdc2667aa7173892ffd6ede75a5d5645f5

SHA512
9f5951dc5c3b20c3faebb3bd0f8ad5c9ad1eba5dda2e45309d25600b5a8eaab90490fb06057e3c92b4ba89af8a61ae103840db3b23a5bc30b37c32d41487f79e

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\nvwmisrv.exe

MD5
0f609dd490b21c85e9c8d1db8995e791

SHA1
30d448d7457818e4404b3b5e2079efa3d8d60bc3

SHA256
dfd0f4b821438d8a9277728e42ab58bdc2667aa7173892ffd6ede75a5d5645f5

SHA512
9f5951dc5c3b20c3faebb3bd0f8ad5c9ad1eba5dda2e45309d25600b5a8eaab90490fb06057e3c92b4ba89af8a61ae103840db3b23a5bc30b37c32d41487f79e

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\winmsism.exe

MD5
f050cfe9ded513f1b8e9a4846a0fa3a7

SHA1
64cb47c16c5636bdc5046107480aa3c7c97a2bf3

SHA256
d9402b75daf385ed652cc1d8c3bf7f3ea306fbc16996dead5a8741eff4f54b2f

SHA512
41d3b428696c41ac7dcefbd4fe7dbdb21977597fe906fff2e98ffa5a5bf32096bdad8b535aa0af961482d41a6ce843b4354fc7e5a0baf127f96806f2d53efb49

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\winmsism.exe

MD5
f050cfe9ded513f1b8e9a4846a0fa3a7

SHA1
64cb47c16c5636bdc5046107480aa3c7c97a2bf3

SHA256
d9402b75daf385ed652cc1d8c3bf7f3ea306fbc16996dead5a8741eff4f54b2f

SHA512
41d3b428696c41ac7dcefbd4fe7dbdb21977597fe906fff2e98ffa5a5bf32096bdad8b535aa0af961482d41a6ce843b4354fc7e5a0baf127f96806f2d53efb49

Download Submit
memory/1288-114-0x0000000000000000-mapping.dmp

Download
memory/1288-127-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/1348-115-0x0000000000000000-mapping.dmp

Download
memory/2452-121-0x0000000000000000-mapping.dmp

Download
memory/2752-128-0x00000000001E0000-0x00000000001E1000-memory.dmp

Filesize
4KB

Download
memory/2752-124-0x0000000000000000-mapping.dmp

Download