strongpity | d9120629675b34e1a33b9bd34fadd0249ce1a903d510045565c31769e4881e78

Analysis

max time kernel
151s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-en-20220112
submitted
24-02-2022 04:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d9120629675b34e1a33b9bd34fadd0249ce1a903d510045565c31769e4881e78.exe
Size

2.4MB
MD5

469c0460e4c1fefd01db4ae9f79c53c7
SHA1

975e5ac0f82b26eb4df8c718207c61dd8afee9ff
SHA256

d9120629675b34e1a33b9bd34fadd0249ce1a903d510045565c31769e4881e78
SHA512

d7a109e33abd2f6383c50b973db5c252f5c6e0b0c079ba1b5ccd3281e4e73b43422236149d8cdf76842f4c4ccabc07a34bc23c46c2f01715afb29436464af0ec

Score

10^/10

strongpity persistence spyware stealer

Malware Config

Signatures

StrongPity
StrongPity is a spyware developed by PROMETHIUM APT group mainly used in government sponsored attacks.
stealer spyware strongpity

StrongPity Spyware 2 IoCs

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\ndaData\nvwmisrv.exe	family_strongpity
C:\Users\Admin\AppData\Local\Temp\ndaData\nvwmisrv.exe	family_strongpity

Executes dropped EXE 4 IoCs

Processes:

fnmsetup.exefnmsetup.tmpnvwmisrv.exewinmsism.exe

pid process

3224 fnmsetup.exe
2252 fnmsetup.tmp
2428 nvwmisrv.exe
2472 winmsism.exe

pid	process
3224	fnmsetup.exe
2252	fnmsetup.tmp
2428	nvwmisrv.exe
2472	winmsism.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

d9120629675b34e1a33b9bd34fadd0249ce1a903d510045565c31769e4881e78.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-790714498-1549421491-1643397139-1000\Software\Microsoft\Windows\CurrentVersion\Run	d9120629675b34e1a33b9bd34fadd0249ce1a903d510045565c31769e4881e78.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-790714498-1549421491-1643397139-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\KeyStoreUpdater = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ndaData\\nvwmisrv.exe"	d9120629675b34e1a33b9bd34fadd0249ce1a903d510045565c31769e4881e78.exe

Suspicious use of WriteProcessMemory 12 IoCs

Processes:

d9120629675b34e1a33b9bd34fadd0249ce1a903d510045565c31769e4881e78.exefnmsetup.exenvwmisrv.exe

description	pid	process	target process
PID 3956 wrote to memory of 3224	3956	d9120629675b34e1a33b9bd34fadd0249ce1a903d510045565c31769e4881e78.exe	fnmsetup.exe
PID 3956 wrote to memory of 3224	3956	d9120629675b34e1a33b9bd34fadd0249ce1a903d510045565c31769e4881e78.exe	fnmsetup.exe
PID 3956 wrote to memory of 3224	3956	d9120629675b34e1a33b9bd34fadd0249ce1a903d510045565c31769e4881e78.exe	fnmsetup.exe
PID 3224 wrote to memory of 2252	3224	fnmsetup.exe	fnmsetup.tmp
PID 3224 wrote to memory of 2252	3224	fnmsetup.exe	fnmsetup.tmp
PID 3224 wrote to memory of 2252	3224	fnmsetup.exe	fnmsetup.tmp
PID 3956 wrote to memory of 2428	3956	d9120629675b34e1a33b9bd34fadd0249ce1a903d510045565c31769e4881e78.exe	nvwmisrv.exe
PID 3956 wrote to memory of 2428	3956	d9120629675b34e1a33b9bd34fadd0249ce1a903d510045565c31769e4881e78.exe	nvwmisrv.exe
PID 3956 wrote to memory of 2428	3956	d9120629675b34e1a33b9bd34fadd0249ce1a903d510045565c31769e4881e78.exe	nvwmisrv.exe
PID 2428 wrote to memory of 2472	2428	nvwmisrv.exe	winmsism.exe
PID 2428 wrote to memory of 2472	2428	nvwmisrv.exe	winmsism.exe
PID 2428 wrote to memory of 2472	2428	nvwmisrv.exe	winmsism.exe

C:\Users\Admin\AppData\Local\Temp\d9120629675b34e1a33b9bd34fadd0249ce1a903d510045565c31769e4881e78.exe
"C:\Users\Admin\AppData\Local\Temp\d9120629675b34e1a33b9bd34fadd0249ce1a903d510045565c31769e4881e78.exe"
1⤵
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:3956

C:\Users\Admin\AppData\Local\Temp\fnmsetup.exe
"C:\Users\Admin\AppData\Local\Temp\fnmsetup.exe"
2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3224

C:\Users\Admin\AppData\Local\Temp\is-NH99O.tmp\fnmsetup.tmp
"C:\Users\Admin\AppData\Local\Temp\is-NH99O.tmp\fnmsetup.tmp" /SL5="$801C8,1480519,54272,C:\Users\Admin\AppData\Local\Temp\fnmsetup.exe"
3⤵
- Executes dropped EXE
PID:2252

C:\Users\Admin\AppData\Local\Temp\ndaData\nvwmisrv.exe
"C:\Users\Admin\AppData\Local\Temp\ndaData\nvwmisrv.exe"
2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2428

C:\Users\Admin\AppData\Local\Temp\ndaData\winmsism.exe
"C:\Users\Admin\AppData\Local\Temp\ndaData\winmsism.exe"
3⤵
- Executes dropped EXE
PID:2472

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\fnmsetup.exe
MD5
65689075a82a08bb797bb9a5cc2932c9

SHA1
a13b3baeedc3456bf8a03e6f7fd43b8ccfabc7e2

SHA256
803b09f5863b583114d4db7d19ac0c5f64163c0075992bcfc289d27feea3a3ab

SHA512
20a1ac3df849e09fe361d0de8c04f9d8598457e95427a30df9ab74316c2644aa30f782b88b171ffadd7be4b6fc85970ec539d003aa1244434be6a12bbb9b6ee6

Download Submit
C:\Users\Admin\AppData\Local\Temp\fnmsetup.exe
MD5
65689075a82a08bb797bb9a5cc2932c9

SHA1
a13b3baeedc3456bf8a03e6f7fd43b8ccfabc7e2

SHA256
803b09f5863b583114d4db7d19ac0c5f64163c0075992bcfc289d27feea3a3ab

SHA512
20a1ac3df849e09fe361d0de8c04f9d8598457e95427a30df9ab74316c2644aa30f782b88b171ffadd7be4b6fc85970ec539d003aa1244434be6a12bbb9b6ee6

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-NH99O.tmp\fnmsetup.tmp
MD5
8f144bcbcad0417e7823dd8e60218530

SHA1
9df092a764b8ad278ed574f00d1c065683eef6ac

SHA256
39dfa032878743bba8244c73173c263e669131f0084a38f22c52b1383f627ba0

SHA512
e093f69030fee17d8b55bde8337d409e8dfb583c97a81ed37425fb72122318d4c1f996d0d1bca28f24182ff5c8afe2be25eadc27951463ddca5c0abceca2a72d

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-NH99O.tmp\fnmsetup.tmp
MD5
8f144bcbcad0417e7823dd8e60218530

SHA1
9df092a764b8ad278ed574f00d1c065683eef6ac

SHA256
39dfa032878743bba8244c73173c263e669131f0084a38f22c52b1383f627ba0

SHA512
e093f69030fee17d8b55bde8337d409e8dfb583c97a81ed37425fb72122318d4c1f996d0d1bca28f24182ff5c8afe2be25eadc27951463ddca5c0abceca2a72d

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2590360312_0224050134164_0.sft
MD5
aea560c95e91a5b80ec2a4c619a45e48

SHA1
c18aeac5dd51fbcbb91c6982153af3f9b5571336

SHA256
36d0e6399435c19af77cde18b6f30ad1aa7141a8f5dba7891cd92a0e8f35caa0

SHA512
02310d177e3627369548aeda9f3c5ad4c3ca1a1d9842318977fb9f857c1574e0257a972ed2a668c814be11fbcd9d3934e05f085501ffcdba402f94a22e731f8b

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2590360312_0224050134211_0.sft
MD5
b5b20be457642d4e0db1416845848b7b

SHA1
54e86c0621ba32a18cf43044691c617c8176b536

SHA256
de120298f6e2b05099a432fdfc194556a8684697f06f68df2263849f0ccc57d9

SHA512
a1703c50f9c31ef4e6c366805a634f31256a8caa79855b6b9f80e7c7c83bcca886f02dfe765843b1c8181d232dd510d1995a4f37e779063846c4d1a6435667ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2590360312_0224050134211_1.sft
MD5
a3d21ac908753b4f9addaadb590f7f85

SHA1
c8d11e45ab3ba5cb95010bec8bedaa5338646dad

SHA256
45f35ea4f18a300b20689d9729c5470dd229d91546fa47c31c3da35dcfde44c4

SHA512
1660a8ec8d57647225d1c8ba59106ddf1c642171c85c02f79c1dda09a5544e4dcbf856b6da5ff6b12c54dd1267b22f89e945e653d25302c78b50204e2d91c13c

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2590360312_0224050134211_2.sft
MD5
5b06514316208c4c1c13a9d601cc8325

SHA1
e3d2c56fcb4d4a8002cb6e5837bb1a1b66f55b42

SHA256
9fd5c3fd09195dc394d9249eb71f305d6ccfaba3360a62a49fd14eecde28545a

SHA512
2a23b1222281e41379f8b33406d2f2116cc76bf08a2ce2c64c4583eea7207dfd03d0faddf24f75f54f8fb4c0ae6829eaf00958cece39847f28939304e136263c

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2590360312_0224050134211_3.sft
MD5
aeb6e1f0cb85d3ce4f401916593c0b2b

SHA1
d5365f13f4bba069ddbaa4788e503083b046effa

SHA256
54332657ad2873183173c82deafbf730d405972fa88c24f50b79cfbb213ee6ba

SHA512
d049b903b86312d7320778047fe55971a4746a74d468879a9166e4b9306e3f68135911ec87534d3910bd8528312187933b4d9f79f9e56f5cac37b7cb7a28cd10

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2590360312_0224050134211_4.sft
MD5
27c86a7800786079489b07a745617f33

SHA1
5333dd4ea070d92cbc1ad56fafd56bd85f2b109c

SHA256
f0de2d03b2562be950e98f779d890785b10616c3a6ad833cb19137b2dd0a0a1e

SHA512
d6c3fc4cea4570bfabd8f2ffe3b7b59fb89b7f4df442cf23285953fdd846d9d2df2266c11d8a8dc099116697a16e06dd0bccadf64301b5374b0a1d944456e93c

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2590360312_0224050134211_5.sft
MD5
6a86cde3a15c8610c59d63da6c3c6893

SHA1
6ecc5377cd0ee1e622b332c958acb3699526d5ec

SHA256
27823af24ab69578d05f4452dcd637852a6d63c615266ad1a4ced5260248d8cc

SHA512
5692547aa2a26130ad881ca23e117c60bd95cfb7635ae45013fddab600ad138f06ea0e2a09361aef4314593487dabcc1b022c20c72a212032ff5f9cdd2b9fb5a

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2590360312_0224050134274_0.sft
MD5
908d43ec7228272c81c9de12ca459c4f

SHA1
eec9ce701f58ae35ca2ab7ee7c4adb6a9032779d

SHA256
6b9abeb7f028a6fe5187b83403bde180f8c648f900f8903425a39e6165115f59

SHA512
7e02cf2274e8d2ae9a999bd00c0b47be5faa66e28585e43839ed03f1a595976af3803e5a153556609207bb6bc2ced889c2f3a1ef88e4dc74fcdc3c449f283212

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2590360312_0224050134274_1.sft
MD5
132726cd24f01b37e1d3f3ee50d63e51

SHA1
6bccf4d31b527e616b4b6922a220cb875ff374a7

SHA256
4dcbd870f710531debbe22c5d0219d9183983eb8c832fcb7ade9e6d8494dd7ea

SHA512
b57ab250ed4cd715258bfe92b9a210d0ec3db3954e85ecd8784a8ebb2364ac77c0efbc7ec3ea749acb2146f000cb0fcf1059cdc4375214fedaa07b5a148533ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2590360312_0224050134274_2.sft
MD5
b77019ce804f2bf010a8e111c9afea74

SHA1
c8a7c55a11b23d5a485661c5f15f3a14f8fa2d85

SHA256
aa73805e3e8741ae0589cab58065ccc16ee2980f06b78bcc7b193942fa1f98fd

SHA512
daa1df6280ca05dfc852ed34fbb01f6e7b70d1a5c0ba836d60289242b353727b1e2a313902cac90e720b8e092159a5dcc3523fa55b2a11b32c7d7f9ae70c1796

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2590360312_0224050134274_3.sft
MD5
787d2d96cb1f97a79a9a8fc02e435bb0

SHA1
d0f55116f40e1947781634519b17e753c7a993c5

SHA256
565dd7b1cc7638272d46936274caa1e4373ee8f0e22d7b87ac1ec18981e2d03f

SHA512
34a4c761ce99e411fffd0436a944210b3d305b5ee5b26aa23f5c14f87b23c0e093ec2ed84da8ae0b6d968380c038b7b247f03387838680490c10f2d69bde2d5d

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2590360312_0224050134289_0.sft
MD5
c8be7240a176cad9b5d717bf100afa2d

SHA1
b1f93725fe74aed3ff15da104cf02e153d92015f

SHA256
bc00f1b50509359ac20763407e2ade0d923f5d92bd733a45d0da29c90bccb23e

SHA512
b13e262a99f83af9ece4c6fd3e65dd57f7d80f93d9e0fc944794d566a3b20ff37fd7c35de30ed2e4f25e23e3007b5277747192677778b9f5056d92df1e220421

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2590360312_0224050134321_0.sft
MD5
9358eef070411c77f578c02c7c60c510

SHA1
1bc1b6373b4a3ff6bac64557e6aecf1d813d44f7

SHA256
c6417b7745c45c85642a3d53e65abe21710b831d9a9caacc9bc977751a1c54cf

SHA512
5cd9dc49fb67f76b8a26fd4941cf620a5407c0e79878aa81657e8c3f2bb653d301c229e52cbbc1759b0b5eb1b2ae34ff97b8c4796919b930d5bf14bc44ca4e9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2590360312_0224050134321_1.sft
MD5
ae372d46c79fc67bd9af71a310d9f229

SHA1
2418b981f9f57e52d48695f1583d15472b0d9f11

SHA256
244a74a8fb83bd82ffe07d98acdbb374abe5cb52f417e5c71fe51dc8fc1683f8

SHA512
eee918a97b15a1e28b07543d1458e8ac704de2096256ec0699b7522fa7c8ca78e704fd8b65957f634460b13e292395ac89c10aef08cae30617afd601a49b2fe0

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2590360312_0224050134321_2.sft
MD5
45a85426140da2fc12029a8578b390fa

SHA1
5842921cf23a1cc0ec24426dcdf4e33063dee281

SHA256
50e7e02deff8c6ca4ad7621c791fc66dae9e607f6d98e18be800cf7ef3cf4040

SHA512
ec2342bfe94597580f30b8169507642c73258e4734f0f3796c95461ac41db92d0f07afa8549c1118a726b8c69398269e310168c0a34b4d700614213fcf7854b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2590360312_0224050134321_3.sft
MD5
d608a757cd04d1b5f1d6febabb13bb4f

SHA1
2ad56ef23a3244e6645931a397d8a19a6740fe81

SHA256
3bdcb1f87e1238b6ab5b0f77b286aed700060201c578e5db5bb0f38eca043d02

SHA512
9563970e28ad65ed0e5f8d7c72d7c508c50fff0aba21929999e468a3ef7fd57f3a60cae752336ec7d0dd4a90fc81e9c6dfd0907de8a457322b7b3724028c190c

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2590360312_0224050134321_4.sft
MD5
87cd5eb771f750c9a2129556ff78c9ff

SHA1
6e479340662a3eaba4b1e130a298fd45abd20495

SHA256
d02f7b64a80cde88840c8a26811ecd6712afaa7518c9fdbd66307e38f8d8133b

SHA512
8041c77269bb528a1da77ef625019f482d41bc593a5c788ce54662d391e4c0c5d7d82dad4968ff65b7bd9b524d1b4a4b13bef557925dc721282579addc888338

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2590360312_0224050134383_0.sft
MD5
b7dec362db26d7e90540f634ad8bb85e

SHA1
dfa5b0ad09084ae70ddf5b42a21a2f14e3dbb184

SHA256
d226f75365116d03caa7125b770efeea0f2f4ae67702e6b34552cedd44f0db89

SHA512
dac2bd6569dcf670bd7415e6e2c7bb638047a946d309a32f12f7f2ca7ba14aa580a625132159efad5f3283ab35e93942d0490875645715f6f6ff2f869d143fab

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2590360312_0224050134414_0.sft
MD5
8576c53a91b6fe07c8bc53bf18cb2592

SHA1
a5eb813bd86de11e1f52b15380bd8d9a4b22372e

SHA256
1988fbfc2f3bd8af53ee779611876d0ccbab9c8705a68335483b79ee0982e542

SHA512
0be676560a1fa79df92644d9187c87495128a77b924cfb6b773b521931866d6b52de9aed35ea625c7759f1372e953c85153488f3e487160c106340608f5d840f

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2590360312_0224050134414_1.sft
MD5
e7c1d51f95783a82867c2c3b1732d5d6

SHA1
153cc86dcf38a67a88a0e51490f64cce22472f49

SHA256
70c2d8843f0d5ed7c7625cf0cfeafa3fb4e5da2d5d4452dcb8d7af205f0d0138

SHA512
e64fc1fc3106352816ce28bd13c612c10e5eee8fab184ee52d9eadcba9dc8d8c68f5ee0a2123d48100a0b0dc86a3dd3390be44f57c29841be0fb3d673a0ed901

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2590360312_0224050134414_2.sft
MD5
0a7d64ae7d95c35561db252a3ddb2afc

SHA1
a292066c5f2b6b8d5200cf7f567654dbf57d2538

SHA256
fa058dc9dc838e9ae669f02d646d17c01751096675214dddf066de1323656bcc

SHA512
0afba2364542121adeebb3ce355c5b43a5bc9bf6163349361895ccabef5ceaff5156f030f359342169cdeebd9d7fc7a9756311bd4fbf6564dbaa34176a531105

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2590360312_0224050134414_3.sft
MD5
8fe8e051b6549960cbc09c14cf84c724

SHA1
4ef9f4d687c1d3b2b0e245824f6b9b1cccd05c98

SHA256
e0f029175ce7a799c59bebb7d4fb1a9b7c18a2713fd7435c0a1f2da42f6873cb

SHA512
9c18ae76a2072d8abf51dd1734aacc9353d60b8e25e38bff0ca4c72b9a619a3882a85d0a39025dbd9804caf9344bda53664af742c539e385e8a13dc31a37be3c

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2590360312_0224050134414_4.sft
MD5
34d612e4454415c4dd9b1e86c40df81b

SHA1
c36d28736520c7ff83e417e46571034708d27a05

SHA256
941e3a4ea78808503a62abea72ad9e9f2ee0b895f716d191f662ddf322c21dc6

SHA512
a4d4938cedf97ae4a9341bb047e618744804f19d4c553682b25930acc2e65a9695a93f0eb8e3a56dd79f5d0e9730260f2e6123ab902706a51ba31f40de582e12

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2590360312_0224050134414_5.sft
MD5
163414102b36568a06127a48627cb7e9

SHA1
c9db286cd907d0e3dac2cc699c7b83112c1d8e91

SHA256
de6e45940f32261bef1122663dae3c42df19012801994221b098079bfb7172cf

SHA512
79fa022e1bd031d3ae41a0fce73df2d307acfc94c5a0ba8504cfde06986d0209355b778dd45c69756c6e5f6fc2382d6edaaf9e009f5b10df8861756ad53330b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2590360312_0224050134446_0.sft
MD5
cc5ae89a823bad5f3ad054f31d3ac7c9

SHA1
dbad82abc0a8a0bb584366a285d3dd9fbd5cc847

SHA256
dfc66d2d1388e894e7db8ea7921bf98c43085bcd861211ef71cf73df17d9aebd

SHA512
c4a3489efc164b824b81caa382a5176a03579fccfc59fcc6a5d3ffc8d6f6ccebfb07f6ec5445fed95744ccb7da47db00065f0be6896d4fe070f473a1dade3a5c

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2590360312_0224050134477_0.sft
MD5
7a187d63e1fc3d7bc2d586baa1ab5f28

SHA1
a0b9e4369f50bf65e912d32efa259725721e069b

SHA256
572c895bbfe905e8ec07156d9d2a47842c389484804f3290dc898b9d0fe53736

SHA512
7b9769efec8e2800bd8dc64599946c9da7b3d19227e3df11e1c62ba640158f92dc81275eca90b079a52bc50c93eaec41760f8dec582004b0bd22d69d7e479ea6

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2590360312_0224050134477_1.sft
MD5
de03dcaeee5ad7f17aa4b61710a71e50

SHA1
b71bf03c222c51e8f0c336d236cc6b355c10e3a5

SHA256
954633979e9ec59af4c15da28b0510584677a3330b772557e390f72273dcb3d1

SHA512
3f35ded073faf5cad036008cbb5148ab66fa6209a423a6ecda859cdcf1386a919b730119bfa5ae8e2ef03730568231906c85aa6d6e67b7e4129e0a36b894b3d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2590360312_0224050134477_2.sft
MD5
d8548aa1301d6388cd6ede2dd61ca1f3

SHA1
92f3bc1d76e60a129e90118e74193d76751696d4

SHA256
945e0ab2d718f35145cc6b705bfb1af41c1dca27f244cfa2feb12175222de60d

SHA512
b3c3d8541cda15f13cd0055e75c056c1a3ac756cb2937245f0db15e0e225cf5e4685cbdb404cbeab0a726feb4a65e5d71b71b041a4d682860cd3f26d5edc895f

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2590360312_0224050134477_3.sft
MD5
db6a10fd1ba1e33aba0a26ae4d66f89e

SHA1
4072659881ea34672125a08cab6514135952f536

SHA256
89860d2dcd1b6957b8d1571d6ef661beefe8f98834654f228990e889a99b3034

SHA512
31dcb4aa723a33984d20b5afa6d6a3210f3a4be1bd71fcd1386d86111b31e365d41264ad0b51a47420b599f249d1696f71aa4cc4484f340541ea4a89c7a86ea1

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2590360312_0224050134477_4.sft
MD5
3d5176fd8b086874756faf01f4352f41

SHA1
123a0a2df28b1f751e6d754682a8ac13ceaebef0

SHA256
a92a2893054f3fe1c46be7b30af566130f4a3cee70d2dafd6cddbafefe2cde7d

SHA512
bf1519c87885baf42da0ed5cb651ea844a0852e25631dfe01df946524c2a47f9d284ef4ccc16e3d695fe187e342f59a4f4a4c513f2d65394bfd8e2be1cbf811e

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2590360312_0224050134477_5.sft
MD5
50121fa9c34872d35b27695368b3f9cb

SHA1
235e7b752323208a1982ee24aff0de4444e511a3

SHA256
d841deddae21426eb237c1f3b6d9aa06fe03016ae04987bd40839595e5959f3e

SHA512
e1cc85d0a853e19df63831a933f302e0bd82e4b4e3b09ca9c0a1f3035467df5a4c6467d23c41d1289cd13262e7ab9d7c1569a4753af8063efb3037a083d0915b

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2590360312_0224050134555_0.sft
MD5
61f7b5643710648d85a1142e77269063

SHA1
56efe932f2d3e2c8bbdcd9dd0d0365564f19eaee

SHA256
6b2c643b02bc7505b3e6ac07f923c99ba9abc6fe92e876e1be0d5eada3b32364

SHA512
7e6d10edc2898a236b7851dc2d30f79fb014c4baec7ab90b16a9219f53a90c8013bd14e8f661c00df35ea6e32686e23cf51b9f2aeccab443121bd3920ddcd2f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2590360312_0224050134555_1.sft
MD5
3bc2be2a8892a5f41376d3830cc647e4

SHA1
07b9b4e6446ece8c67ac755c5ea688861b8e5708

SHA256
f059eef8f5b877a53e86f07a4d1ae46c612f18e90aa8f99300fb643852242c5f

SHA512
4e83d3b1b173ea02091e76ba1544f4b9f5085658a40c6a9c0ad38f708cdf221dfe50fa9714af46bda6fc661627ba1d1e8a5121dfba11f2a348ed547fad89c6c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2590360312_0224050134555_2.sft
MD5
4ef5c7de26b06577b406380f446d5400

SHA1
47fc646140b8e9021af75902c1a3006e6528ed61

SHA256
5a03b43a626b5527a5e8b2b88dda724579c3bbe571888bdcd364fb8c630d44c2

SHA512
c99ce1d0d04c81458a9ba8ea5a0c36362c08e5a828bca5676a94d5cf757451b4cfd3079a7bafbc1d5ab99c539cc6e97265036605e869e1ed8a8121e91adcbe54

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2590360312_0224050134555_3.sft
MD5
db0799adbcecb119aac4649e25a62251

SHA1
a35c3e972bb2532424862366fcc87659398461f3

SHA256
17dbbdd99c8906e74b2ac422a7f290800cb573f91660e9280861793a3e2cb7ba

SHA512
8a01d0bb214467de54ae0782d773927648f563af6badf2314d3387e5f2052070dc95e116f551032d81b4213ecd39e6dda05c47718ad42c69ab240cd656ae01a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2590360312_0224050134555_4.sft
MD5
23ba5214ccaa9231b349003bcd9e27f2

SHA1
6b1dc6dc393c4b6e6884e76dc6b04c70a99259ed

SHA256
88731a5f7d75f713c6f7c7333d454c0f52bd36bfb6930b8a63d3425c47609585

SHA512
e4f893305b64a85db23facd5691cc2b020826101db024ffd3ab1d6767682bedc53f273e300e6bad81145574f0f89db0778d11e954603836106d84c4c380e1cf2

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2590360312_0224050134618_0.sft
MD5
81c7941c8d0b2a4937fcd8cf503b2e23

SHA1
1bd5d44c33833806aa972a3ae780ce4ad10f3141

SHA256
7b55b0552f422273470696c3b4eee3a43b9b8706aa7f128826913d6e128c9652

SHA512
357dc2b30cc88bf8192706609f8473602805f850544238ecbcd05dea09ab5a78b875d39f965903ee47f7b4000abedac258a2e2c5fa4e3102ce98b2c277cef801

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2590360312_0224050134618_1.sft
MD5
41acd611418809ab5d3a873355b043fc

SHA1
b1ccb80662df0e2a3cb1573ef91bf7e27c21db14

SHA256
3112ec601905c5e76dccdc6fdfcdf308ecc2a67c2502518bbc1f48f0a26e17db

SHA512
2965117fe86952e08a2a2def15b689347906d623d7c4408cda5f013f161ddc8f9d54c8731d74dfb68e622e1ce42c3da8faaa2415d4dcfb1613a104ef17a33a73

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2590360312_0224050134618_2.sft
MD5
032c3c71304cd4d0b3f60bbcfd618e80

SHA1
d19af524f805f49465a018c78af36e3048a895ea

SHA256
d746a46f0dc4f5b92f422eec4b08cf5aa1fd04d6303f2f40e8b4eb4425faacdd

SHA512
b861512e97688ec52186c911428441f1291fc39463b2a941d7f938d1eb63612aed1844088123d78a6f2f517b232a5c6cfe968a7549b2b92e375f74fd219149f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2590360312_0224050134618_3.sft
MD5
eeead17f4903865000b27e264f97ec95

SHA1
a91daa6febffdb453381d6ca4430652a2360d516

SHA256
d4c54eb0833d118001a5c6d9d1063ebecca0acd9e415155387b5b968940070ec

SHA512
b4473eb79a519b18be7664dea426bfa7ded6fd8648356f87bf1f684e41af92a9c2ba2f57f84568fcbdb60030ecbd3062b1f0432d5dd8ed8fcd744cd8b1900ce3

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2590360312_0224050134665_0.sft
MD5
fc304f0c3a7589e9c7a7cce2367635b3

SHA1
74a9afba0f6dd465b7b2e5e0cb710d724461c4c3

SHA256
4061266853be3a615c66370e71374a7bc6fcd90341a97f6b22f80d3a7a47c900

SHA512
c95e00f76d2ec5d32f482e1cd326421f666da0cc472b9d521aef7b2e3940cee8c52252df407e25d6036f2ec6087aa4f8bb6332a379e1f5bd183903e1260f64e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2590360312_0224050134711_0.sft
MD5
68716fd398d7dd4786aca1c2873f5314

SHA1
95c34eadf93b8dc625d3c113000fd8a7e49388ad

SHA256
5d04b9328a6d58f702dfec0f2e83dced812be7cf67627a0485ef55f9d0532746

SHA512
0d407f23ab50b33a46175ce0667a2e86fe1fb9656563a3fa379a35881431800915eebb60f7fd92a416df874fb27eee44bdac41a3dcd1dd00f5cf79e60c45a7e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2590360312_0224050134711_1.sft
MD5
685415f3748d4cb39cb3935e758ddf62

SHA1
04f4bfe0f03716807d088807b672cfd11334b9cd

SHA256
c12956a740503b32fd5963776ecba5df92c19fefb59c38beee8b4b6ce0ca19ce

SHA512
e77511062cc316bf1456ffaffcd1c3923e5bd023acb7df56c940a22a7a09056ce029dad98e1b0447386e9539024201646eefd733f01dc7a4957c4a9e8b3d7770

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2590360312_0224050134711_2.sft
MD5
d5a78a3770f63e4d159572f45eb06252

SHA1
0596a321e5ae1cded13d53482b7eec8fb5f73a29

SHA256
5d16e1a88b716a9cf48b753815a550bb79589eb24db305ce922dc2b1fa59a12d

SHA512
a072984ef0741c458970fb15e87e7659d739df01384cbb139efb0eb5c0ba7994fe4780041188e5132d8c431a3890b24e80fd52dc101ab62f99479feed257033f

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2590360312_0224050134711_3.sft
MD5
4eb62dac26c17561b555e156344ab78c

SHA1
67935db3d45f6a0ed923fcf6cceb9aae6a3ee4c8

SHA256
af13b76c16faec1fbf38c66f6edd73e5b68c2e3f3b80a329fedd568fb9c3c3c4

SHA512
38b60e9e599c467cb5c6eb79c848878b88b57fab399c6703721e2c3c1d01163c9a414f2fe2b1f2eb1a54701f784d21320195ff0587c6f54aaa7b5c7ebf90d2e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2590360312_0224050134711_4.sft
MD5
9829dbb202a77563d0caaf438e3f58d1

SHA1
c98d913ae8eec47a4a03bb21a589fd2dac6fdccf

SHA256
7261c17f8b9189c63d3fa8bf756effbd668cdd1d88ed5895061d0547740ef679

SHA512
f56a43574090b1aa55150158716ef775c247d7a62cf9e50c0fd2270680be8b2144b95c00d9049104f14be48351846e3510b43e20f58da8d7c6713664871436bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2590360312_0224050134711_5.sft
MD5
d6106bf83d2f61ecf840201508f69fb9

SHA1
7812182e4fe7b85ac47cc33ba3b9e44864b3f13b

SHA256
78b05ebfc67ec30401f84a26b46f86fd65eb25d7eff713e8a66ec0e754ab2f27

SHA512
04c039f1604e33ee781ca8465dd5960a339dfa06527a7061a5981ab1abaf386c61ca8cb4db910472a88414d4c7b2b1aa023aa7fdb171d1410478653b0d91861d

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2590360312_0224050134711_6.sft
MD5
62ac7abcee6ab833e77525b6d85c99a5

SHA1
5affb7179c6a2e803ff2939a8ab293b23023658d

SHA256
12b9a0cc10d2ef8aaa68ed919c1a28d0061192b12ef9dc282f08ce1d3c2de1fa

SHA512
83752ae98d21abf2cde8af2da9a4122f4b6f677faf8f568428a11f82d8dcb88e6974bca70ddedaed6b6eadda76685c21e966ae469e09a4d313b4bd69d2267f3a

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2590360312_0224050134758_0.sft
MD5
f2541571ef9543c595792da27f202de4

SHA1
d0d571a6026525b880f43a7ce103aab690ccbc9b

SHA256
a08a19488f70ba9e501341e9e921273b4017d26fcf0c74b2f5ead0203b638f6d

SHA512
5f6d5131bfab416d439685fb9092dcd6dd39a7c2f1caea31a75e56ce92fd53d02f91d5d6361251307fd7b334f6c4cbad179c3fb6bbe4f71ef0b847f4c63c76cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2590360312_0224050134758_1.sft
MD5
b891f178a883d0418d6b6172b0da3943

SHA1
e3bcec380ce46157ca52da1b03918446cccb19dc

SHA256
ca679eb3c76396fee11ed683f49c264f630515a8dd1dbbab445248461129a14e

SHA512
74e447febe4db9f2491bdc8fb419e0303bbf0b52d4dd48ed477ad4c906126935da8049cd6b67038121e761806c17c6d3b6debbd6467a1fe26f814b8e81befd42

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2590360312_0224050134758_2.sft
MD5
5bcf459493e4a3d50a2e3a90aa685c38

SHA1
a3457ae9b723c78142b23d65acfe2ef6bd72630a

SHA256
62188ce7701850c559728ce545acae9a7991e41276c8e47f8afa4228642de614

SHA512
dc86a4aae14eb664cd3d08df4788c099f6c56cc14a4ad3567cbf39b883b74382d9c976fb0cd5b65675c9d052a15df558110400095ff578320939bb6a3dae8e79

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2590360312_0224050134758_3.sft
MD5
324711971858ef46fa7528625d0e4863

SHA1
5c2a12e274f4bad3b749c70e3bc339d57243d1a1

SHA256
123c2dee368549cb3a38b7226848e0395425ed238e22e5ffb3b95a423c6f5b94

SHA512
cf274b62bac60251db5a9a7cac4fac1deb90e887c9e537eefd4f2a9703cccef23aa9f771f0a2fa6a349178bff60fb63384798e5b31d4a42021fca3ebcc39faf6

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2590360312_0224050134758_4.sft
MD5
b6ea29057f71929d14f7d71a1f07ae07

SHA1
156e1b08279c464932d5f917b4c3312da42daddf

SHA256
f4deb1b6e527a4abdc0d697a93ba960ab570b5e9b5da65ef460bb30f245ab799

SHA512
3ce0dec9186ee3271097eda8dc94e16d6fc8459dde7878bc3c99b8a8a87a10a6726d162b263c17f36a415ca98f282c1dde038a231902439d86e9819d27200e1d

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2590360312_0224050134852_0.sft
MD5
1d437532c95f2675bdc7d33b50a061f8

SHA1
b1def162303210ff04f3f950ec0b908484b94878

SHA256
ff3a582eb9b592138c8ad902ed0dcdea8201fd6bc337217306970407feb3c8cb

SHA512
5ee9ec2a0a2347c8cec4995e516fd12a378898f2d0b41a0fb2e52221bfdf08f2ac36e8a80fac80f681ff4c427d4ab2658926d146addd7d4090e3850f91aa73e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2590360312_0224050134852_1.sft
MD5
da1924ed36b014cb4c3f94210e97b37b

SHA1
936bbb0109bebc0b18847fd2d69716ac61ed8619

SHA256
dcdf434f94cfa56a665d9ab634a5efb78fb685d7569a086a35982de165bbdcbc

SHA512
bbe56f1f98d82552a6768cf6bfcaa98791171e8526113d559031feb164efb31b076fb52dc935e8f341ad2a0d74102a268b61e7a95a98b3339fdb8c8b1fb6f774

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_2590360312_0224050134852_2.sft
MD5
96701d4b2984eac2804a74a110e88e35

SHA1
6ec050b7483cbff1b0e0cd0c09df746184ddd52c

SHA256
ba6db5a1937b9de774b435f6422951911e7959babf56f626796abf3dc47094d7

SHA512
d8ae5cae6a7f8229864bc0eb3d6ad170582e9418dc1ca5fcd16028bf610c7f7f2f521f4b5471dcc51eb6b6c44e4fdd47cb518b907964e3528b65bbe48dfdfafd

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\nvwmisrv.exe
MD5
81390ce601d34f384bff9198eef793a9

SHA1
6067bb07169464ca2261fb7b9f3a50868a8d412f

SHA256
1185998fd595936708c1fc5a3ddeadbdd46b88e216419597da0b461e136ddfa7

SHA512
48eab568a08b20c5046d12b2a061bef562cbd1e2e2de692d805873bc6ae7bc5c47adb5a3b3c5ccd818aff12c2be8becd70314e59e16b2d598d14711111e8a33a

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\nvwmisrv.exe
MD5
81390ce601d34f384bff9198eef793a9

SHA1
6067bb07169464ca2261fb7b9f3a50868a8d412f

SHA256
1185998fd595936708c1fc5a3ddeadbdd46b88e216419597da0b461e136ddfa7

SHA512
48eab568a08b20c5046d12b2a061bef562cbd1e2e2de692d805873bc6ae7bc5c47adb5a3b3c5ccd818aff12c2be8becd70314e59e16b2d598d14711111e8a33a

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\winmsism.exe
MD5
8c24dd49d037121212985c722e1c7d03

SHA1
6080cf16925c33fb0edbeeaf2a549a3749d99c9b

SHA256
9b499b3945d8f979fdbb46342e1fd3dd5b2b5aa4322e9447df13598817c670e1

SHA512
3790a519b479a2c7718cfd51d408563043bc745918e92dc7bfbdc82e61444b719669123568e7dab8142699d350dd66287eb6512fbcaf6f0b35d1e9376d5379d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\winmsism.exe
MD5
8c24dd49d037121212985c722e1c7d03

SHA1
6080cf16925c33fb0edbeeaf2a549a3749d99c9b

SHA256
9b499b3945d8f979fdbb46342e1fd3dd5b2b5aa4322e9447df13598817c670e1

SHA512
3790a519b479a2c7718cfd51d408563043bc745918e92dc7bfbdc82e61444b719669123568e7dab8142699d350dd66287eb6512fbcaf6f0b35d1e9376d5379d8

Download Submit
memory/2252-136-0x0000000000790000-0x0000000000791000-memory.dmp

Filesize
4KB

Download
memory/3224-132-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/3224-135-0x0000000000401000-0x000000000040B000-memory.dmp

Filesize
40KB

Download