strongpity | d9120629675b34e1a33b9bd34fadd0249ce1a903d510045565c31769e4881e78

Analysis

max time kernel
174s
max time network
187s
platform
windows10-2004_x64
resource
win10v2004-en-20220112
submitted
06-03-2022 06:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d9120629675b34e1a33b9bd34fadd0249ce1a903d510045565c31769e4881e78.exe
Size

2.4MB
MD5

469c0460e4c1fefd01db4ae9f79c53c7
SHA1

975e5ac0f82b26eb4df8c718207c61dd8afee9ff
SHA256

d9120629675b34e1a33b9bd34fadd0249ce1a903d510045565c31769e4881e78
SHA512

d7a109e33abd2f6383c50b973db5c252f5c6e0b0c079ba1b5ccd3281e4e73b43422236149d8cdf76842f4c4ccabc07a34bc23c46c2f01715afb29436464af0ec

Score

10^/10

strongpity persistence spyware stealer

Malware Config

Signatures

StrongPity
StrongPity is a spyware developed by PROMETHIUM APT group mainly used in government sponsored attacks.
stealer spyware strongpity

StrongPity Spyware 2 IoCs

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\ndaData\nvwmisrv.exe	family_strongpity
C:\Users\Admin\AppData\Local\Temp\ndaData\nvwmisrv.exe	family_strongpity

Executes dropped EXE 4 IoCs

Processes:

fnmsetup.exefnmsetup.tmpnvwmisrv.exewinmsism.exe

pid process

2460 fnmsetup.exe
960 fnmsetup.tmp
3504 nvwmisrv.exe
2164 winmsism.exe

pid	process
2460	fnmsetup.exe
960	fnmsetup.tmp
3504	nvwmisrv.exe
2164	winmsism.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

d9120629675b34e1a33b9bd34fadd0249ce1a903d510045565c31769e4881e78.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-790714498-1549421491-1643397139-1000\Software\Microsoft\Windows\CurrentVersion\Run	d9120629675b34e1a33b9bd34fadd0249ce1a903d510045565c31769e4881e78.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-790714498-1549421491-1643397139-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\KeyStoreUpdater = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ndaData\\nvwmisrv.exe"	d9120629675b34e1a33b9bd34fadd0249ce1a903d510045565c31769e4881e78.exe

Suspicious use of WriteProcessMemory 12 IoCs

Processes:

d9120629675b34e1a33b9bd34fadd0249ce1a903d510045565c31769e4881e78.exefnmsetup.exenvwmisrv.exe

description	pid	process	target process
PID 1552 wrote to memory of 2460	1552	d9120629675b34e1a33b9bd34fadd0249ce1a903d510045565c31769e4881e78.exe	fnmsetup.exe
PID 1552 wrote to memory of 2460	1552	d9120629675b34e1a33b9bd34fadd0249ce1a903d510045565c31769e4881e78.exe	fnmsetup.exe
PID 1552 wrote to memory of 2460	1552	d9120629675b34e1a33b9bd34fadd0249ce1a903d510045565c31769e4881e78.exe	fnmsetup.exe
PID 2460 wrote to memory of 960	2460	fnmsetup.exe	fnmsetup.tmp
PID 2460 wrote to memory of 960	2460	fnmsetup.exe	fnmsetup.tmp
PID 2460 wrote to memory of 960	2460	fnmsetup.exe	fnmsetup.tmp
PID 1552 wrote to memory of 3504	1552	d9120629675b34e1a33b9bd34fadd0249ce1a903d510045565c31769e4881e78.exe	nvwmisrv.exe
PID 1552 wrote to memory of 3504	1552	d9120629675b34e1a33b9bd34fadd0249ce1a903d510045565c31769e4881e78.exe	nvwmisrv.exe
PID 1552 wrote to memory of 3504	1552	d9120629675b34e1a33b9bd34fadd0249ce1a903d510045565c31769e4881e78.exe	nvwmisrv.exe
PID 3504 wrote to memory of 2164	3504	nvwmisrv.exe	winmsism.exe
PID 3504 wrote to memory of 2164	3504	nvwmisrv.exe	winmsism.exe
PID 3504 wrote to memory of 2164	3504	nvwmisrv.exe	winmsism.exe

C:\Users\Admin\AppData\Local\Temp\d9120629675b34e1a33b9bd34fadd0249ce1a903d510045565c31769e4881e78.exe
"C:\Users\Admin\AppData\Local\Temp\d9120629675b34e1a33b9bd34fadd0249ce1a903d510045565c31769e4881e78.exe"
1⤵
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:1552
- C:\Users\Admin\AppData\Local\Temp\fnmsetup.exe
  "C:\Users\Admin\AppData\Local\Temp\fnmsetup.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:2460
- - C:\Users\Admin\AppData\Local\Temp\is-6ADJE.tmp\fnmsetup.tmp
    "C:\Users\Admin\AppData\Local\Temp\is-6ADJE.tmp\fnmsetup.tmp" /SL5="$901E8,1480519,54272,C:\Users\Admin\AppData\Local\Temp\fnmsetup.exe"
    3⤵
    - Executes dropped EXE
    PID:960
- C:\Users\Admin\AppData\Local\Temp\ndaData\nvwmisrv.exe
  "C:\Users\Admin\AppData\Local\Temp\ndaData\nvwmisrv.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:3504
- - C:\Users\Admin\AppData\Local\Temp\ndaData\winmsism.exe
    "C:\Users\Admin\AppData\Local\Temp\ndaData\winmsism.exe"
    3⤵
    - Executes dropped EXE
    PID:2164

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\fnmsetup.exe

MD5
65689075a82a08bb797bb9a5cc2932c9

SHA1
a13b3baeedc3456bf8a03e6f7fd43b8ccfabc7e2

SHA256
803b09f5863b583114d4db7d19ac0c5f64163c0075992bcfc289d27feea3a3ab

SHA512
20a1ac3df849e09fe361d0de8c04f9d8598457e95427a30df9ab74316c2644aa30f782b88b171ffadd7be4b6fc85970ec539d003aa1244434be6a12bbb9b6ee6

Download Submit
C:\Users\Admin\AppData\Local\Temp\fnmsetup.exe

MD5
65689075a82a08bb797bb9a5cc2932c9

SHA1
a13b3baeedc3456bf8a03e6f7fd43b8ccfabc7e2

SHA256
803b09f5863b583114d4db7d19ac0c5f64163c0075992bcfc289d27feea3a3ab

SHA512
20a1ac3df849e09fe361d0de8c04f9d8598457e95427a30df9ab74316c2644aa30f782b88b171ffadd7be4b6fc85970ec539d003aa1244434be6a12bbb9b6ee6

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-6ADJE.tmp\fnmsetup.tmp

MD5
8f144bcbcad0417e7823dd8e60218530

SHA1
9df092a764b8ad278ed574f00d1c065683eef6ac

SHA256
39dfa032878743bba8244c73173c263e669131f0084a38f22c52b1383f627ba0

SHA512
e093f69030fee17d8b55bde8337d409e8dfb583c97a81ed37425fb72122318d4c1f996d0d1bca28f24182ff5c8afe2be25eadc27951463ddca5c0abceca2a72d

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-6ADJE.tmp\fnmsetup.tmp

MD5
8f144bcbcad0417e7823dd8e60218530

SHA1
9df092a764b8ad278ed574f00d1c065683eef6ac

SHA256
39dfa032878743bba8244c73173c263e669131f0084a38f22c52b1383f627ba0

SHA512
e093f69030fee17d8b55bde8337d409e8dfb583c97a81ed37425fb72122318d4c1f996d0d1bca28f24182ff5c8afe2be25eadc27951463ddca5c0abceca2a72d

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_1275657691_0306075419721_0.sft

MD5
c29ad2282ade588d0f8015fb78c1e0c9

SHA1
98d7a38e7e3a72103454a7162929203b63b15ab1

SHA256
a9cf27ccd276a7a2e2a2396fb582836cb257f441dcb436bb4b56f144990a2f33

SHA512
e9c117ac534f9e5a5ecf5dfe4e7bd4c469598b38a774ab6b336f16115053400be8363d73ed45127a06df86343bebbd958ceac22b9bd692aa1cfea7848058204d

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_1275657691_0306075419721_1.sft

MD5
158c042c1cd5d3957a793a7ba3c2ba03

SHA1
3383ae6dff9517c998cbc33ed48b110a60c2515e

SHA256
bc78c1790dafb3aaf63744debf53f485b430782e3690c1f7805746f14207af17

SHA512
15beaa8786b5e3c77544043a05e49be45319b74ea691ba8159fff5cd24756dc7f691d776be9811a07ee0e8f91a63264b2addc2f775004f432e672bb9418665d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_1275657691_0306075419721_2.sft

MD5
41b8ba05e019a6970d5a81da11251d92

SHA1
425ac44ccbae2b7ca54260ce7983b32b162d7a2d

SHA256
980a6b07fb52f30a4cd6c478806a2781585c303d9671e06cd3fd489ea2d355aa

SHA512
f8ae0d259e956bc9b198580911abd93cb4463952df75d68f3c6764d132cbcad49540113d66a42e72718ac23fdcb7477b430eeec94cdc22bf5342068e27d04509

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_1275657691_0306075419721_3.sft

MD5
b8740f55d205c2d222edd7da15a5f915

SHA1
4bf63812498b3eac75e117d0ed2db708419199d2

SHA256
cb3ed1c5570f5380a983bf4edb6c847464afb0de05eb33350bb3eb27b8a830a8

SHA512
8bba0bb4fa6099040d67d31b1bf2e79567d3b5e633f5b5a3fd7c98f87d1bf9327ffa8f26a09c19469180f42a503ef98a92685f9f79ac41a1514bd36675c98291

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_1275657691_0306075420221_0.sft

MD5
f920943c772a3dfd965aa28047944db7

SHA1
d9e772fe2922ce4b4f79f569aa94205d06afa306

SHA256
341043ef1a1e6d3afa2b023640676642dc6acaa715e1cefda78130de05f0df66

SHA512
059cef51bc7d123bc1890373fbaa27a9b8998d0356b9563d2a8520bb76db15cb84586cb102ad911643aec64235b2bb03195bb832b7176f2b1896108a220548bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_1275657691_0306075420221_1.sft

MD5
f28db7fef9060326c9cafafc3bfe819f

SHA1
b84a992050ccc660dc85e79101f71b7b163348eb

SHA256
9f8ca520423d6399faede009e3ba5fac7be7d89a328efbec6bb5dd390d69966e

SHA512
47099fb5db239bfa5c5f53361d2e53a8413d6cbe579ff81e7e968f88210313e9657a337fa022c5800d597f1f62454422207dc6a9af78e44add15dffa2f0790a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_1275657691_0306075420221_2.sft

MD5
d6ebf480fdd6f928ed6d294a84622833

SHA1
243051a8298c147531f9c73a0105ada511d984a2

SHA256
160ad643b539729afc709a6cbd03062386c2c64c84cb572ef3b864f9510549d5

SHA512
a0d25a763faaeb902010c2d97dc8e7e5e24fc4278a3a4339f95ac19eb8fe6d293b503a212384fa28778121c50922247cb2136f610a4fe31c6d4d9d244ea2d5c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_1275657691_0306075420362_0.sft

MD5
aea560c95e91a5b80ec2a4c619a45e48

SHA1
c18aeac5dd51fbcbb91c6982153af3f9b5571336

SHA256
36d0e6399435c19af77cde18b6f30ad1aa7141a8f5dba7891cd92a0e8f35caa0

SHA512
02310d177e3627369548aeda9f3c5ad4c3ca1a1d9842318977fb9f857c1574e0257a972ed2a668c814be11fbcd9d3934e05f085501ffcdba402f94a22e731f8b

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_1275657691_0306075420534_0.sft

MD5
dddd5c39c9dfb911e7648014e8d04c50

SHA1
75dd48bcbfc10a9b8cbd1f3aadc16aa82b34f649

SHA256
e61f994e8455655a6c207ec250afc14536479a16c7948d583545e720890f7e7d

SHA512
bc94b9934605d785cea6a6aad545a35dd58be81a28c626580f97e5b7390560c13c97fc15cb760d850c9410a920a62da5cd1b7fba9304e7d7a0a4736eb235f941

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_1275657691_0306075420534_1.sft

MD5
d5f5dab796bd8dbbf80432eb7ea7aa8c

SHA1
c53e8b49e4a3fb291c695c8638bc4a1039c6cfb5

SHA256
0861cc5c699115e2dfd693582983a55f345aa8776819f211cf20798f9014e292

SHA512
e3072f1fcf9690451f002711bd85d633d92238e9b3cc80ed5959457c792ca59d91911c4718e634f24d4e5ba8c78bfdc2b848d5baa313794d8b67a253ef405b2a

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_1275657691_0306075420534_10.sft

MD5
de9c5370413105bf259c9a92bf0aeb6d

SHA1
7c83b53fa5129bedd6e9f984f8aa19bc5ee2abe4

SHA256
cc87474a430342b4069afa4c2aba6c24fb1c0e8377019633f3a36ac566fbcbac

SHA512
8e01e1a364924711600c82e94450fcd95f108cab61fb013bed22997dc7cafccfed71a0fed9370233cf35c290ff39e2f875292e293c7436191e75b411f999fefc

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_1275657691_0306075420534_11.sft

MD5
2e64e20a3d01e536a52ae626bb5da2c9

SHA1
0b073f25f722e8e5af4e196740a5d02e5dd35901

SHA256
9f82d9be9ca89ee8d127c8503d00f7f6839151e44d8055283f584fce7c3bbda2

SHA512
029b47286ed089b570fc0e76632fee3eb02681a11833902a07779c1eb6bc74f0631abdf48671690293f812e0c4f431b190a21465bb6aae217add5d6aed039a2d

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_1275657691_0306075420534_12.sft

MD5
3eb35244b1db6059c23382f52a78ae88

SHA1
416853eeb2ee9f37773738d54068d2409713e2fd

SHA256
09263d77672b7e0454aa026623be3a77430a8b7bead20a582700d1f36f17f4bc

SHA512
8647b7570bd850c8ff44f2300720af4d185261f4bca198d5471479b9c399629be90db3e27ecf5917c4295df9a0b13d9781ac518490dbdf50c440dffe10d7f970

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_1275657691_0306075420534_13.sft

MD5
606e90698f642179f706f1c28f50f7ff

SHA1
f061841507c2992f1ff4cb5f4b0c34440c0fedbb

SHA256
89c849d0d43d5c51ca737119e549695add0dc138ff5eb29c977ecb102290d93a

SHA512
2632f7d34f6c3cc3a3afcaa5175f1b55579fcd37620fb0dff4b517cc56b40d94c5c3a6591d23d636f0febf1a75830a9ac429a0cd269e87c9cd2c3817403f7754

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_1275657691_0306075420534_14.sft

MD5
a6d22565776507ea15c2c233720b317f

SHA1
954f8982896ceb20966033a9fa0f8d22992c521e

SHA256
968a6c3a02b67d702c32e84b728c6c1ad79d26be66837dc3e9db5e8ee670b107

SHA512
3e6647651bbf35716d205c77a54b5c7c82403a494fd7fe5d7edb308335c4f186cdc51edf3afa2f2ae203225bac8e355ab0690a77cd9b46d06ae068424c8f7373

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_1275657691_0306075420534_15.sft

MD5
723f4be3cba7c9f9184420e7b5610c6e

SHA1
bf904cb267681a8d6996ac72fa5781a7fd0ca184

SHA256
92718bc06d6dc11b1eed7fc3197bf3336a371a099af199489421369f9dcd9e6b

SHA512
826639cd1f175c8c56724be457d8d0315d0b89c80d91fabe1a87ba49c0a49b7fffbc2b623bbf06565e24ca3600df4698599d396071188831d75b3ecce5581124

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_1275657691_0306075420534_16.sft

MD5
39975524ba7c6080da38f040ba1e5381

SHA1
8fe69597ba6662d4a43516712326a1a478ab79f6

SHA256
e8d2df3aebdae0ddbfc0c074806aaa0065e37010a8760237f6c68efdc99fec7a

SHA512
9359131ed9b2ed2b582e5ddafc90750aedba8189cc500b74a008fd414555cb7949d9a8c9fd50cda3f79849c5eb1c64b5d8994c14fc68c4448e646dac07956cde

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_1275657691_0306075420534_17.sft

MD5
fc1c195bc18a1a2eadc0d27cc8266088

SHA1
881ff349863b69d4fc0318110c299c3d990cd47b

SHA256
8846c6e1321f550d906229cb1dc2826f36449f8d0ee11ee47642be5d0be794db

SHA512
fca0b3c79db2b6cb77db956a5ec44809b3cccebdb8380a09cfbb38de08b802aaecb915fae7c152ae47413333d32d76dc72cea790af58187393b57a450e3bdcb9

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_1275657691_0306075420534_18.sft

MD5
9d969989ce2b029a6e6af7fd0c535c11

SHA1
4b20b6dcc2d3208fee747e88a396a41c7264406a

SHA256
ce13877b668b9b7f32f1776fa882f201becea49ad9969af7db0f96a4cf9642ea

SHA512
9222da4b352beb55116669a20db07f3e4ca48191a8d3a157dde575e88f3433a25e1a74270d7fec06a19f40df7761e6382776cc1703fbd0ee82b448b77b47e9ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_1275657691_0306075420534_19.sft

MD5
60d1435d560721514ad705ba84197e2a

SHA1
eb65536cc4db381a0dc54b414857418c3efe5317

SHA256
bacd1bc6090c182bb36b3311dd52251cb720e357f1e209af4ebfa09016451da5

SHA512
d085bef8e1ae4d8bf141326d1c76662b7bed0384c379e19b6dfe38cdc58b11399520066356f89420077a132b8a67574fcd7dce5f2901ed37397376a9a27d34ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_1275657691_0306075420534_2.sft

MD5
2a5bd06170d686d0eb6f00fd32ed5315

SHA1
61b1dc3abbbe3add2000fcb757064dc66cee38fc

SHA256
e89de03e09b36fb95c66362d0179bb10f8e96fb3c341d39d6b643f552fee0b0c

SHA512
faf56558beb165a55351a86fb7e61ecf3432cd2970ee52705c8a21d3043a94e9b35daa9937ec8baabdcfdc656c8e5c7c0b645689b819bd2868057715e3c9336d

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_1275657691_0306075420534_20.sft

MD5
08512fd0169b1aafbeaec71afd41e439

SHA1
b0196a668424d7f168fe4aba7f665442551d76a2

SHA256
98f8cdbacfc0bb86808be7dab7eb2618ba451ba9093a9aba4cdf9ef47121346e

SHA512
86fdf95f2cfaa41bcd9aa71bd305b19cbc0118474920736354540cbfd12bb64679163f7c3d9b4318074e86ed40d812f438ae698b30a8bc55f354ac7c74c5c7f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_1275657691_0306075420534_21.sft

MD5
7794b528a5f50b376e1091b157f91988

SHA1
c3a2e52316ccd0b303de53fcd594779baf78c8ce

SHA256
564b810063e432883d8da52a5ace46cbd0ee3231d403dff5af4a9e835bb71489

SHA512
fadd4a6ddb845521a83a36aea17b896778a4ef81e009cc1d78ccd8a7a7f2682ff52c2544dded5cd80da3e4b2621eb08c8d1ade52dd4206f854e377fcd42b7386

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_1275657691_0306075420534_22.sft

MD5
4806944faeb2e8f3fde55037be7ef903

SHA1
b7b10db97d05773de61eac7cc4a9b99869dfaf8d

SHA256
4eb269d6b869bcf1e249fdd7bcb8895d452e6b368348d458d3dcd099f0ae1c30

SHA512
8e018d8bd2c15a20441f42dfb3432fb8574793dfab0c899a267db6b9278b2e6caea61fe15ca3880e8f57894ece53fb1ff3a5d042f929bf4f29cd3b2dd2858dca

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_1275657691_0306075420534_23.sft

MD5
922c864e14153886d365077583694cab

SHA1
1556921d714cdb4fd914afbdbf96044473e68256

SHA256
5e65eb6776ce760bc0b860ea0f8bb10bb1d9c4e05671448ac9355b24e0cf7b50

SHA512
c94bebde489d63019823b608f45084931060a76c59735e86931a4c8c2a09e1464fbc4172f06b025b8fc8c36102d1f1ff04901f2d7a13c622d5357674b18244c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_1275657691_0306075420534_24.sft

MD5
f89a068f24a9766001b8fa0beacf2481

SHA1
e73a7f82bae2fdeea8d62e2653ae950a875b0454

SHA256
c13f275ecfb0b1c0bd2f424b29a64f1d2a27ad3b8eaa4b86e2aa240843dbac1f

SHA512
330b99486281539bd84b1bca171110955fb2f6f6b291372d2e216f323f0bb7f8915d583810c21cc9a8451512d9f45a8677433e3c354ea3472697dd6aefc9a0c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_1275657691_0306075420534_25.sft

MD5
131fa663c0b2abad5c5c78e653876c84

SHA1
cb34552333b014be6d4e63b09a653738f2ecae67

SHA256
39f603518fa128d1f4429d9352608f6da1ebd0c9ab1811ce16628c7d40c7634a

SHA512
0b4850c6bd37c8dc4d7994c075d37cf12f8d5c6f2137cfb23851c42daa825ef6cd10f556bf1b4c23b484facc9146cc9f492c31a8712241b5c57d791dab98d71c

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_1275657691_0306075420534_26.sft

MD5
56bfb7615e7b0032845bd75acde5d023

SHA1
be218da73e2958e4d72d79ad4f6baadc3a1c889d

SHA256
d7f8e30c46814c421bbf3deb851db744d16eedb4734781c1dfffae316335c9db

SHA512
fc1001dad5dc77aef46066b1d7206b51aaa9a56e6b765fb68180d6b3d18f4a3d6c741db20fabafdd562e1a68a62c700cdcb157becb4c660c0b3ca89307e306c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_1275657691_0306075420534_27.sft

MD5
445e9ee0f13b2d7612cb4ec2a339a2a1

SHA1
96bef552b65f7501073fd87a078342d35c132311

SHA256
55570095ccf8a63c81a3c9e78a061a27197525e0b32e6b5a374d402aa7a0cdbf

SHA512
421a65791175c4d05ad705c45ab7241d8415603a6bdbc13609a92863478d5a21ccdc79de6815bb8c900b6ad4758c041ffde80bfd719803e8311fb9b843d93fbe

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_1275657691_0306075420534_28.sft

MD5
43c09632f3b02ccd846bba90c8901134

SHA1
37b9946c6965c4f124d6b350ad716d292e62ba3a

SHA256
7646f19f368b9dede78677102632883f5196919961cdebe5ffe0e23eac9c4989

SHA512
1e2a65504c495ea53a880c5e1b6590f1872249ef730ce20cc1b211f5daf0b141a4a01db5c23f0239770f71021451db38eb70a9a0de9f0a65d5e6e063add30c35

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_1275657691_0306075420534_3.sft

MD5
bf1d4960300c6fe51797e194be7055aa

SHA1
5c4a96d709bb41812011803803bdbe5baaf50674

SHA256
f43283f60d61380268b121d105ae1fde4333fb1527278cadf5792c254d740583

SHA512
c6d1894a7384cfa8446b288e147051ee94be2888af5753772e43e7290169c150df672b34692cbf8217d65d98d41604be7179c00dbfd82f399c362d24c1707758

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_1275657691_0306075420534_4.sft

MD5
288de71ab57baed9c36cade6515c0ae2

SHA1
e075ff64d56c1c5d56d668b7cbe391493847309b

SHA256
8ae532ca41180afe48019890e9637cf0f011995654dcb87dc43743882820d2dd

SHA512
f1c050c59a83420807fa172ab9bb33c1166e869d5beab85f7d18977f2881595aed6102fd51db5ea57250f57a1ac1afd56d8c0939302ffd30fa6809682dd6574f

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_1275657691_0306075420534_5.sft

MD5
df948c79f2fd5f3410a0e120da1ffe16

SHA1
7b124bad56db6ce0a31e9e3ab8e1cbf3bb5d130a

SHA256
b58806c463c62b8ec1d44fcd07d4c8d717b9367c566a780add0b51ba1cde5d27

SHA512
4e276259cd0c03b221968620282628ea9921cb71aaf5a3634006297f995c2612710988d8bd6a2fa1c0424e7ac89a0c76a5afdd0ddf7ef427aade8dc75fe226cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_1275657691_0306075420534_6.sft

MD5
c6314b5e78ab989e62e179c001328e4b

SHA1
2c0cfefbc917e63b5fcfd7095f7a246696921bcc

SHA256
ac5e75bc857c0e7b5118d813d911751d058140a9bf829597ba923491c130e538

SHA512
ff4f3ab07d3489c458a7b7deb50afcd371b302f0401be1c1929fb9d67572a7548d6a2ec246cae9cb2e62c8fb50a6f3d19eed029983516439738a57f5facc179a

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_1275657691_0306075420534_7.sft

MD5
93feaf2141b7cea72592472b3f22bc07

SHA1
00be6adebc0447d55d0e30b6328429d5f9ddf15c

SHA256
b9ae18b5282d758db92ed249ff0c055f651e3f17bf8896bbe6777b415832ee16

SHA512
16c7134e26115623974500f8ab61f2674ecc880177a8405ff39231cf6b7d095f1a1bd9d9434e8102a98b5dabac5fe894249ac6267ddbbaf650169dccc8805a0f

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_1275657691_0306075420534_8.sft

MD5
8385aa409a871a3086ead1b8e0fd40e7

SHA1
5baac6433e4cea0dafa20ad5ba1557ccbc1bbc4c

SHA256
2500f3beb944c973ffeb030584b8b2afac5e2fa875902c73f829f4d5f65f22c2

SHA512
96c25f23f3102b0191afbdf60e867767ce6b9d85cae88f8ec2bc88eb91fdb9e478c620798b91b960758dfcc75a37efca380d83601fd9b2db162cfdfb9f6d7ce6

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_1275657691_0306075420534_9.sft

MD5
f0ae2a4b547bfdd58ed8eccccb6021cf

SHA1
d37401ed92ec7d67f191fe30b6a5a7397afe7afd

SHA256
83debf20df8a017de36c12619eca7adba541415813791ede55c452b9fdbfe07a

SHA512
2a144a045b16cf378dfbf5989bfb624c65d0dc9fc8d3e01a881afb6baea8d0b6a000db8de1a985e33525ac3f9c09edaa0b7b5b07d4ec4ad9c1f73490854557bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_1275657691_0306075420784_0.sft

MD5
c8be7240a176cad9b5d717bf100afa2d

SHA1
b1f93725fe74aed3ff15da104cf02e153d92015f

SHA256
bc00f1b50509359ac20763407e2ade0d923f5d92bd733a45d0da29c90bccb23e

SHA512
b13e262a99f83af9ece4c6fd3e65dd57f7d80f93d9e0fc944794d566a3b20ff37fd7c35de30ed2e4f25e23e3007b5277747192677778b9f5056d92df1e220421

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_1275657691_0306075421034_0.sft

MD5
b7dec362db26d7e90540f634ad8bb85e

SHA1
dfa5b0ad09084ae70ddf5b42a21a2f14e3dbb184

SHA256
d226f75365116d03caa7125b770efeea0f2f4ae67702e6b34552cedd44f0db89

SHA512
dac2bd6569dcf670bd7415e6e2c7bb638047a946d309a32f12f7f2ca7ba14aa580a625132159efad5f3283ab35e93942d0490875645715f6f6ff2f869d143fab

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_1275657691_0306075421127_0.sft

MD5
cc5ae89a823bad5f3ad054f31d3ac7c9

SHA1
dbad82abc0a8a0bb584366a285d3dd9fbd5cc847

SHA256
dfc66d2d1388e894e7db8ea7921bf98c43085bcd861211ef71cf73df17d9aebd

SHA512
c4a3489efc164b824b81caa382a5176a03579fccfc59fcc6a5d3ffc8d6f6ccebfb07f6ec5445fed95744ccb7da47db00065f0be6896d4fe070f473a1dade3a5c

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_1275657691_0306075421221_0.sft

MD5
a8b41baa1e59d4e8d79105121d6af455

SHA1
b2a0545ee15cbd1a4eebe131137d9eb499f66e11

SHA256
7d945377e816d4298478e2419045a6d15144371fc95cd6e05fd2a8af23c5a2e6

SHA512
0a7ea582a6bc03f9e34788c95f574edbc4608bf0573217032eeffc5d5289238250e2f248ab05b43af6518313b20da3cc9a7ed287b418d0384b58e635b002a66f

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_1275657691_0306075421221_1.sft

MD5
c5f30f50e1ebfaf44472f1fb4d76d5e1

SHA1
f8c40f1ed7a03ba6104a1f1aeee8cefcb3390637

SHA256
d807e0679333750a8502e0013bc8bc14672ffbed0d1cc80614a992b5499171f6

SHA512
42d605d14d8a8d65e49089069a94573d15ca4d2149ceccf118a66b99059e188f189657df01b677407afdba513aae7485ce7c186c62496aca2bf3135a5965b5f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_1275657691_0306075421221_10.sft

MD5
38dc1a276b4019edf59e28728d327008

SHA1
020193812f158d57ff3a93a6985043be87765914

SHA256
90a9492d21bb0147c1eac3ecf758710114bed1ce4fa0e62602df4b10eff632f7

SHA512
72cd073da8f7e888fa95fec9a489bb326f18fd15351dec98ea485231e767ed1b06b5e168d870ac786d18bcd73538dd4995037c88f4f60cb8fd86079cb0d5d754

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_1275657691_0306075421221_11.sft

MD5
6352f07989391139427990f589525a04

SHA1
633097f5182501588f8ac40599580edd83cc29c1

SHA256
e4c648c54186616a29a44ff53dbb9bd826934181f9644300b1afe8846bf38352

SHA512
dc0e72263982b727c4e9de4857898db2656ede2ed06296c2ca87e365672c712d91b7246c989be3f836c163c0f7b8619dc40b6d8769157e3760bcef9d631309b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_1275657691_0306075421221_12.sft

MD5
244b1a7454f0027233797b308367af0d

SHA1
16df51b27ebc465ef51bbcf5eb950bd923a82e61

SHA256
9db2df0d234559b4331a94baba98593ecfe3d8f9ece72b08db7f8e79c537692a

SHA512
9a3b193012ae9fc8432eaeb4e7f052d493cf1a4c0cbb36b01b54738268bf5c844e5870b7b2ae968f6f4376f594e755d2d1d6def21057661e3a26b57feb5e7038

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_1275657691_0306075421221_13.sft

MD5
4cfe235a80e439b61117c7ccec0ed27f

SHA1
0dbb52254e528a50b586b54a2bc362a871f12ccf

SHA256
88e845243d9cb8ca968773176115e1fc182d3dfcf9516ed2d9aa2e0a157a6c52

SHA512
e162652185d41b9815e0e91265523788e4060cd7210b35bc74216ac333b6eae383d0727c12da84578e958d64e6b64de1460e423f0662d3349228fd83d665a4d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_1275657691_0306075421221_14.sft

MD5
8918d9d8cba88a852c1835592fb8448a

SHA1
dcdf778646e565cb316577a2a958c14e1ed8b5a5

SHA256
4057dc845d7a63e9b96bbe375c9e4ddc95b23c37bcfc6921df2f8095ab805acf

SHA512
ffbb14cc2ad2d77aad75d72de4f5961287c82cfa127bbcd7877efac2f74b76eaa40849e365f85b9c163d93c3f1e9392a31c883524e658d96b3cdb57d881cf94c

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_1275657691_0306075421221_2.sft

MD5
964527caeea9629f0dc7b8124b95ac68

SHA1
582bfcffa88d9849fb65fc782ee3ce4fa44a8773

SHA256
7c09a3400a7036aba44633014612cb8b5e319d1dfd080f0515279a53c60ccd94

SHA512
beb2bb13c1a086f6c3268ed8f9b4c91eac944765ef3e5ed5787ac4dfcc89e1ee72ed3b5c773268d85acc0523c93af438f1f75c6525e7c64e79696a6af921a721

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_1275657691_0306075421221_3.sft

MD5
b8b120e4ab0e077d50029b0bfa52dca8

SHA1
01820b27eb6bfdcfd706600cd2372335a2382caf

SHA256
7ee80389bff7f0e37c1b825011c5e04b761e66acc39f5a08f83844435cc8feb0

SHA512
78b72e2c65f7a05af03d5f35873d70d9f75a2201837939ce9dcaff04fe61be367bd86fe093d77a28c747db864e6d9fa1f840cd09ea6abc1863076d9eeae65528

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_1275657691_0306075421221_4.sft

MD5
6f0dbc8a55f79138fddf6959becbb167

SHA1
831b8cc5a8c5b52922ab6444fdaafe4a4b542c8d

SHA256
244f79406becfe5e54367aa92d2b4461914a8909cbd101a739c9217388f65e15

SHA512
c4410ad8338ff85ee95a743473ff4c4c2cc72b448025d22b2962dc9985195957895651465d1e30b6259a8bdb990bd7b682d3390880379dedf706bab57ff35fd3

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_1275657691_0306075421221_5.sft

MD5
394115fdeea57a0e6dfb9f6ca55ad1cd

SHA1
e6c4f7ac1c202286f062c5c7f78d383cf6ca027d

SHA256
b11b3e92c793156d0ead0f8df3830541a62c34ee29be1e7e59b73c3810aa62f5

SHA512
b4ec9cf1d85b8613ca055d8005183a80039e9d2315599c99da9f359e978b252bfa686b2c9ab006ea8cee65d41350ef042f8bc2ffad470ae3dbbfa18c6e49e341

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_1275657691_0306075421221_6.sft

MD5
656cf42ea1817f4910ec533ce90e2930

SHA1
d7f4b44d32ab640b6539fec2d2a9c355c443288f

SHA256
1b9246711a11dc1fb6663df2bbf5879f17e2784670bbcd8a773a4b5d4e253740

SHA512
4cb0b20d1753d3a7ae469b6c1395fc93c876bf71b2ae25feeeb20d980ae3143e48417de0bd6176c9387c897f89dd77533a6d476eb5e788f5c1b959540fe7ac90

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_1275657691_0306075421221_7.sft

MD5
988b86f5fd80036617e5b44cd23be896

SHA1
b1bbbfc0636ada0fc775ad4190e302b23ab369db

SHA256
28e97a3204b7bfaa4bd08279120a7703e9992d087d9e6baf742d46df5685731a

SHA512
b62a37cabea88eaf28377d02ea258d5e74d6497d83c0c8dbf2c75814f6c118876810b3983eb68bf6b3c0fd58bd2452af5c36635f73ed122c3903a10ba030d8c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_1275657691_0306075421221_8.sft

MD5
3d13ba27bffb0b4045bb88ad2e85848b

SHA1
ce6fdabb9489950414f71f96aed3b9c8306ae071

SHA256
6da670574b55006eb9c2702c1a1efa81722f6aeeeff0ff0bc664987edba64782

SHA512
ca7dc8da9f32eadac1088ba667ec3338afbe847f56a8a9075eb87b2530b13cfe2ffb624dc79e5bdda1be2a675b02e7b885cdfb9a928fd43a925eac720d80cd1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_1275657691_0306075421221_9.sft

MD5
e5754aa2510f746dcbe288be7ca618c0

SHA1
5073735888f3915e5225a36e4ccb64b40679555c

SHA256
f6bfd384fcc19a775d0eb6b64f9a04b64678067f87b56839e44e9444f5af6811

SHA512
d73bb9ac54f14bae9ffea042e198dbae9a707494b370995c02affae81c2d18805fd3702ac9af8eb39134c8f4d69297cac874a78e5260c053a10ac34cad5eda21

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\guid_app0_1275657691_0306075421768_0.sft

MD5
fc304f0c3a7589e9c7a7cce2367635b3

SHA1
74a9afba0f6dd465b7b2e5e0cb710d724461c4c3

SHA256
4061266853be3a615c66370e71374a7bc6fcd90341a97f6b22f80d3a7a47c900

SHA512
c95e00f76d2ec5d32f482e1cd326421f666da0cc472b9d521aef7b2e3940cee8c52252df407e25d6036f2ec6087aa4f8bb6332a379e1f5bd183903e1260f64e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\nvwmisrv.exe

MD5
81390ce601d34f384bff9198eef793a9

SHA1
6067bb07169464ca2261fb7b9f3a50868a8d412f

SHA256
1185998fd595936708c1fc5a3ddeadbdd46b88e216419597da0b461e136ddfa7

SHA512
48eab568a08b20c5046d12b2a061bef562cbd1e2e2de692d805873bc6ae7bc5c47adb5a3b3c5ccd818aff12c2be8becd70314e59e16b2d598d14711111e8a33a

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\nvwmisrv.exe

MD5
81390ce601d34f384bff9198eef793a9

SHA1
6067bb07169464ca2261fb7b9f3a50868a8d412f

SHA256
1185998fd595936708c1fc5a3ddeadbdd46b88e216419597da0b461e136ddfa7

SHA512
48eab568a08b20c5046d12b2a061bef562cbd1e2e2de692d805873bc6ae7bc5c47adb5a3b3c5ccd818aff12c2be8becd70314e59e16b2d598d14711111e8a33a

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\winmsism.exe

MD5
8c24dd49d037121212985c722e1c7d03

SHA1
6080cf16925c33fb0edbeeaf2a549a3749d99c9b

SHA256
9b499b3945d8f979fdbb46342e1fd3dd5b2b5aa4322e9447df13598817c670e1

SHA512
3790a519b479a2c7718cfd51d408563043bc745918e92dc7bfbdc82e61444b719669123568e7dab8142699d350dd66287eb6512fbcaf6f0b35d1e9376d5379d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\ndaData\winmsism.exe

MD5
8c24dd49d037121212985c722e1c7d03

SHA1
6080cf16925c33fb0edbeeaf2a549a3749d99c9b

SHA256
9b499b3945d8f979fdbb46342e1fd3dd5b2b5aa4322e9447df13598817c670e1

SHA512
3790a519b479a2c7718cfd51d408563043bc745918e92dc7bfbdc82e61444b719669123568e7dab8142699d350dd66287eb6512fbcaf6f0b35d1e9376d5379d8

Download Submit
memory/960-136-0x0000000000690000-0x0000000000691000-memory.dmp

Filesize
4KB

Download
memory/2460-132-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/2460-133-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download