0d3f91f971da76264ff0e06e0ffa295785718cfc6f3711ce1fe14d0092659a40

Analysis

max time kernel
34s
max time network
38s
platform
windows7_x64
resource
win7-20220414-en
submitted
03-07-2022 10:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

39514.exe
Size

19.9MB
MD5

236776adc883fbac2fdaca33f631b73c
SHA1

395148e3130ca8ce6974db44a080a39e806e1360
SHA256

0d3f91f971da76264ff0e06e0ffa295785718cfc6f3711ce1fe14d0092659a40
SHA512

7da575bd1dbff32c864e941778f0397d028c636aca4ebbb0a76ce35fcb099eb16daba3724f42bb8f3290f4bb9624af888eb72ad6fda24a1f67e00d3e9df19ec6

Score

8^/10

aspackv2 discovery

Malware Config

Signatures

ASPack v2.12-2.42 21 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

Processes:

resource	yara_rule
\Program Files (x86)\EastFax Tc Personal\EastFaxServer\EastFaxService.exe	aspack_v212_v242
\Program Files (x86)\EastFax Tc Personal\EastFaxServer\EastFaxService.exe	aspack_v212_v242
C:\Program Files (x86)\EastFax Tc Personal\EastFaxServer\EastFaxService.exe	aspack_v212_v242
C:\Program Files (x86)\EastFax Tc Personal\EastFaxServer\forwavesdb.dll	aspack_v212_v242
\Program Files (x86)\EastFax Tc Personal\EastFaxServer\ForwaveSdb.dll	aspack_v212_v242
C:\Windows\SysWOW64\forwavemsgpipeu.dll	aspack_v212_v242
\Windows\SysWOW64\ForwaveMsgPipeU.dll	aspack_v212_v242
C:\Program Files (x86)\EastFax Tc Personal\EastFaxServer\eastfaxtableu.dll	aspack_v212_v242
\Program Files (x86)\EastFax Tc Personal\EastFaxServer\EastFaxTableU.dll	aspack_v212_v242
C:\Program Files (x86)\EastFax Tc Personal\EastFaxServer\forwavecomu.dll	aspack_v212_v242
\Program Files (x86)\EastFax Tc Personal\EastFaxServer\ForwaveCOMU.dll	aspack_v212_v242
C:\Program Files (x86)\EastFax Tc Personal\EastFaxServer\forwavelogu.dll	aspack_v212_v242
\Program Files (x86)\EastFax Tc Personal\EastFaxServer\ForwaveLogU.dll	aspack_v212_v242
C:\Windows\SysWOW64\eastfaxinterfactoryu.dll	aspack_v212_v242
\Windows\SysWOW64\EastFaxInterFactoryU.dll	aspack_v212_v242
\Program Files (x86)\EastFax Tc Personal\EastFaxServer\EastFaxDRVUpgrade.exe	aspack_v212_v242
C:\Program Files (x86)\EastFax Tc Personal\EastFaxServer\EastFaxDRVUpgrade.exe	aspack_v212_v242
C:\Program Files (x86)\EastFax Tc Personal\EastFaxServer\EastFaxDRVUpgrade.exe	aspack_v212_v242
\Program Files (x86)\EastFax Tc Personal\EastFaxServer\EastFaxDRVUpgrade.exe	aspack_v212_v242
\Program Files (x86)\EastFax Tc Personal\EastFaxServer\EastFaxDRVUpgrade.exe	aspack_v212_v242
\Program Files (x86)\EastFax Tc Personal\EastFaxServer\EastFaxDRVUpgrade.exe	aspack_v212_v242

Executes dropped EXE 3 IoCs

Processes:

EastFaxService.exeEastFaxDRVUpgrade.exeEastFaxDRVUpgrade.exe

pid process

1372 EastFaxService.exe
2012 EastFaxDRVUpgrade.exe
2004 EastFaxDRVUpgrade.exe

pid	process
1372	EastFaxService.exe
2012	EastFaxDRVUpgrade.exe
2004	EastFaxDRVUpgrade.exe

Loads dropped DLL 64 IoCs

Processes:

39514.exeEastFaxService.exeEastFaxDRVUpgrade.exe

pid	process
240	39514.exe
240	39514.exe
240	39514.exe
240	39514.exe
240	39514.exe
240	39514.exe
240	39514.exe
240	39514.exe
240	39514.exe
240	39514.exe
240	39514.exe
240	39514.exe
240	39514.exe
240	39514.exe
240	39514.exe
240	39514.exe
240	39514.exe
240	39514.exe
240	39514.exe
240	39514.exe
240	39514.exe
240	39514.exe
240	39514.exe
240	39514.exe
240	39514.exe
240	39514.exe
240	39514.exe
240	39514.exe
240	39514.exe
240	39514.exe
240	39514.exe
240	39514.exe
240	39514.exe
240	39514.exe
240	39514.exe
240	39514.exe
240	39514.exe
240	39514.exe
240	39514.exe
1372	EastFaxService.exe
1372	EastFaxService.exe
1372	EastFaxService.exe
1372	EastFaxService.exe
1372	EastFaxService.exe
1372	EastFaxService.exe
1372	EastFaxService.exe
240	39514.exe
2012	EastFaxDRVUpgrade.exe
2012	EastFaxDRVUpgrade.exe
2012	EastFaxDRVUpgrade.exe
732
732
732
732
732
732
732
732
732
732
732
732
732
240	39514.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in System32 directory 64 IoCs

Processes:

39514.exeEastFaxDRVUpgrade.exeEastFaxDRVUpgrade.exe

description	ioc	process
File created	C:\Windows\SysWOW64\msvcrt.dll	39514.exe
File created	C:\Windows\SysWOW64\ClassX.dll	39514.exe
File created	C:\Windows\SysWOW64\IMGSHL.DLL	39514.exe
File created	C:\Windows\System32\spool\drivers\x64\UNIDRV.DLL	EastFaxDRVUpgrade.exe
File created	C:\Windows\SysWOW64\EastFaxLanguageUJ.dll	39514.exe
File created	C:\Windows\SysWOW64\ForwaveMsgPipeU.dll	39514.exe
File created	C:\Windows\SysWOW64\mfc42.dll	39514.exe
File created	C:\Windows\SysWOW64\XpdfRasterizer.dll	39514.exe
File created	C:\Windows\SysWOW64\msvcr71.dll	39514.exe
File created	C:\Windows\SysWOW64\OIDIS400.DLL	39514.exe
File created	C:\Windows\System32\spool\drivers\x64\UNIRES.DLL	EastFaxDRVUpgrade.exe
File created	C:\Windows\SysWOW64\EastFaxLanguageUG.dll	39514.exe
File created	C:\Windows\SysWOW64\FmPrint4.ocx	39514.exe
File created	C:\Windows\SysWOW64\PrtCtl30.ocx	39514.exe
File created	C:\Windows\SysWOW64\EastFaxLanguageU.dll	39514.exe
File created	C:\Windows\SysWOW64\DTI.FaxManJr.dll	39514.exe
File created	C:\Windows\SysWOW64\IMGTHUMB.OCX	39514.exe
File created	C:\Windows\SysWOW64\JPEG2X32.DLL	39514.exe
File created	C:\Windows\SysWOW64\OIUI400.DLL	39514.exe
File created	C:\Windows\System32\spool\drivers\x64\efuniprn.gpd	EastFaxDRVUpgrade.exe
File opened for modification	C:\Windows\System32\spool\drivers\x64\UNIDRV.DLL	EastFaxDRVUpgrade.exe
File created	C:\Windows\SysWOW64\msvbvm60.dll	39514.exe
File created	C:\Windows\SysWOW64\DTI.FaxMan.Print.dll	39514.exe
File created	C:\Windows\SysWOW64\OIADM400.DLL	39514.exe
File created	C:\Windows\System32\spool\drivers\x64\efuniprn.inf	EastFaxDRVUpgrade.exe
File created	C:\Windows\SysWOW64\efprnmon.dll	EastFaxDRVUpgrade.exe
File opened for modification	C:\Windows\System32\spool\drivers\x64\efuniprn.dll	EastFaxDRVUpgrade.exe
File opened for modification	C:\Windows\System32\spool\drivers\x64\UNIDRV.HLP	EastFaxDRVUpgrade.exe
File created	C:\Windows\SysWOW64\efprnmon.dll	EastFaxDRVUpgrade.exe
File created	C:\Windows\SysWOW64\EastFaxInterFactoryU.dll	39514.exe
File created	C:\Windows\SysWOW64\IMGADMIN.OCX	39514.exe
File created	C:\Windows\SysWOW64\OIPRT400.DLL	39514.exe
File created	C:\Windows\System32\spool\drivers\x64\efuniprn.ini	EastFaxDRVUpgrade.exe
File created	C:\Windows\System32\spool\drivers\x64\UNIDRVUI.DLL	EastFaxDRVUpgrade.exe
File opened for modification	C:\Windows\System32\spool\drivers\x64\efuniimg.dll	EastFaxDRVUpgrade.exe
File created	C:\Windows\SysWOW64\IM32xfax.del	39514.exe
File created	C:\Windows\SysWOW64\IMGEDIT.OCX	39514.exe
File created	C:\Windows\System32\spool\drivers\x64\STDNAMES.GPD	EastFaxDRVUpgrade.exe
File created	C:\Windows\SysWOW64\classxps.dll	39514.exe
File opened for modification	C:\Windows\System32\spool\drivers\x64\efuniprn.ini	EastFaxDRVUpgrade.exe
File opened for modification	C:\Windows\System32\spool\drivers\x64\efuniprn.gpd	EastFaxDRVUpgrade.exe
File opened for modification	C:\Windows\System32\spool\drivers\x64\STDNAMES.GPD	EastFaxDRVUpgrade.exe
File created	C:\Windows\SysWOW64\IMGUTIL.DLL	39514.exe
File created	C:\Windows\SysWOW64\comcat.dll	39514.exe
File created	C:\Windows\SysWOW64\DTI.FaxMan.Core.dll	39514.exe
File created	C:\Windows\SysWOW64\OIFIL400.DLL	39514.exe
File created	C:\Windows\SysWOW64\EastFaxLanguageUE.dll	39514.exe
File opened for modification	C:\Windows\System32\spool\drivers\x64\efuniprn.inf	EastFaxDRVUpgrade.exe
File created	C:\Windows\SysWOW64\OISSQ400.DLL	39514.exe
File created	C:\Windows\SysWOW64\OICOM400.DLL	39514.exe
File created	C:\Windows\SysWOW64\OIGFS400.DLL	39514.exe
File created	C:\Windows\SysWOW64\IM32tif.dil	39514.exe
File created	C:\Windows\SysWOW64\OISLB400.DLL	39514.exe
File opened for modification	C:\Windows\System32\spool\drivers\x64\UNIDRVUI.DLL	EastFaxDRVUpgrade.exe
File created	C:\Windows\SysWOW64\IM32fax.dil	39514.exe
File created	C:\Windows\SysWOW64\IM32bmp.dil	39514.exe
File created	C:\Windows\System32\spool\drivers\x64\UNIDRV.HLP	EastFaxDRVUpgrade.exe
File opened for modification	C:\Windows\System32\spool\drivers\x64\UNIRES.DLL	EastFaxDRVUpgrade.exe
File created	C:\Windows\SysWOW64\OITWA400.DLL	39514.exe
File created	C:\Windows\SysWOW64\IM32pcx.dil	39514.exe
File created	C:\Windows\SysWOW64\msvcp71.dll	39514.exe
File created	C:\Windows\SysWOW64\IMGCMN.DLL	39514.exe
File created	C:\Windows\SysWOW64\IMGSCAN.OCX	39514.exe
File created	C:\Windows\SysWOW64\JPEG1X32.DLL	39514.exe

Drops file in Program Files directory 64 IoCs

Processes:

39514.exeEastFaxDRVUpgrade.exeEastFaxDRVUpgrade.exe

description	ioc	process
File created	C:\Program Files (x86)\EastFax Tc Personal\EastFaxServer\Voice\RecvBye.wav	39514.exe
File created	C:\Program Files (x86)\EastFax Tc Personal\EastFaxServer\Voice\SendFax.wav	39514.exe
File created	C:\Program Files (x86)\EastFax Tc Personal\EastFaxServer\EastFaxBmpPrinter.exe	39514.exe
File created	C:\Program Files (x86)\EastFax Tc Personal\EastFaxServer\EastFaxImageCoreU.dll	39514.exe
File created	C:\Program Files (x86)\EastFax Tc Personal\EastFaxClient\SendResult.wav	39514.exe
File created	C:\Program Files (x86)\EastFax Tc Personal\EastFaxClient\Secret.rtf	39514.exe
File created	C:\Program Files (x86)\EastFax Tc Personal\EastFaxClient\ForwaveImage2PdfU.dll	39514.exe
File created	C:\Program Files (x86)\EastFax Tc Personal\EastFaxServer\EastFaxPdfPrinter.exe	39514.exe
File created	C:\Program Files (x86)\EastFax Tc Personal\EastFaxServer\RingIn.wav	39514.exe
File created	C:\Program Files (x86)\EastFax Tc Personal\EastFaxServer\Standard.fhi	39514.exe
File created	C:\Program Files (x86)\EastFax Tc Personal\EastFaxClient\EastFaxClientStoreCore.dll	39514.exe
File created	C:\Program Files (x86)\EastFax Tc Personal\EastFaxServer\Uninstall.exe	39514.exe
File created	C:\Program Files (x86)\EastFax Tc Personal\EastFaxServer\ForwaveSdb.dll	39514.exe
File created	C:\Program Files (x86)\EastFax Tc Personal\EastFaxClient\EastFaxTableU.dll	39514.exe
File created	C:\Program Files (x86)\EastFax Tc Personal\EastFaxClient\amd64\efuniimg.dll	EastFaxDRVUpgrade.exe
File created	C:\Program Files (x86)\EastFax Tc Personal\EastFaxClient\amd64\efuniprn.inf	EastFaxDRVUpgrade.exe
File created	C:\Program Files (x86)\EastFax Tc Personal\EastFaxServer\EastFaxTransfer\Addons\EastFaxPostRecvAddons.dll	39514.exe
File created	C:\Program Files (x86)\EastFax Tc Personal\EastFaxServer\EastFaxDRVUpgrade.exe	39514.exe
File created	C:\Program Files (x86)\EastFax Tc Personal\EastFaxServer\ForwaveADOCore.dll	39514.exe
File created	C:\Program Files (x86)\EastFax Tc Personal\EastFaxServer\ForwaveImage2Pdf.dll	39514.exe
File created	C:\Program Files (x86)\EastFax Tc Personal\EastFaxServer\ForwaveImage2PdfU.dll	39514.exe
File created	C:\Program Files (x86)\EastFax Tc Personal\EastFaxClient\EastFaxOCRMaker.exe	39514.exe
File created	C:\Program Files (x86)\EastFax Tc Personal\EastFaxClient\ForwaveThreadPool.dll	39514.exe
File created	C:\Program Files (x86)\EastFax Tc Personal\EastFaxServer\EastFaxTransfer\Addons\EastFaxPostRecvAddons.ini	39514.exe
File created	C:\Program Files (x86)\EastFax Tc Personal\EastFaxClient\FaxReceived.wav	39514.exe
File created	C:\Program Files (x86)\EastFax Tc Personal\EastFaxClient\amd64\UNIDRVUI.DLL	EastFaxDRVUpgrade.exe
File opened for modification	C:\Program Files (x86)\EastFax Tc Personal\EastFaxServer\EastFaxPostRecvAddons.ini	39514.exe
File created	C:\Program Files (x86)\EastFax Tc Personal\EastFaxServer\amd64\efuniprn.inf	EastFaxDRVUpgrade.exe
File created	C:\Program Files (x86)\EastFax Tc Personal\EastFaxClient\amd64\STDNAMES.GPD	EastFaxDRVUpgrade.exe
File created	C:\Program Files (x86)\EastFax Tc Personal\EastFaxServer\EastFaxTableU.dll	39514.exe
File created	C:\Program Files (x86)\EastFax Tc Personal\EastFaxServer\ForwaveLDAPCore.dll	39514.exe
File created	C:\Program Files (x86)\EastFax Tc Personal\EastFaxClient\EastFaxImageCoreU.dll	39514.exe
File created	C:\Program Files (x86)\EastFax Tc Personal\EastFaxServer\EastFaxEP.ini	39514.exe
File created	C:\Program Files (x86)\EastFax Tc Personal\EastFaxServer\amd64\efuniprn.gpd	EastFaxDRVUpgrade.exe
File created	C:\Program Files (x86)\EastFax Tc Personal\EastFaxServer\EastFaxOCRMaker.exe	39514.exe
File created	C:\Program Files (x86)\EastFax Tc Personal\EastFaxServer\EastFaxTransfer.exe	39514.exe
File created	C:\Program Files (x86)\EastFax Tc Personal\EastFaxServer\efuniimg.dll	39514.exe
File created	C:\Program Files (x86)\EastFax Tc Personal\EastFaxClient\EastFaxClientUpgradeCore.dll	39514.exe
File created	C:\Program Files (x86)\EastFax Tc Personal\EastFaxServer\amd64\efuniimg.dll	EastFaxDRVUpgrade.exe
File created	C:\Program Files (x86)\EastFax Tc Personal\EastFaxServer\libsasl.dll	39514.exe
File created	C:\Program Files (x86)\EastFax Tc Personal\EastFaxClient\GdiPlus.dll	39514.exe
File created	C:\Program Files (x86)\EastFax Tc Personal\EastFaxClient\EastFaxClient.exe	39514.exe
File created	C:\Program Files (x86)\EastFax Tc Personal\EastFaxClient\Urgent.rtf	39514.exe
File created	C:\Program Files (x86)\EastFax Tc Personal\EastFaxClient\General.rtf	39514.exe
File created	C:\Program Files (x86)\EastFax Tc Personal\EastFaxServer\EastFaxTransfer\Addons\ForwaveADOCore.dll	39514.exe
File created	C:\Program Files (x86)\EastFax Tc Personal\EastFaxClient\amd64\efuniprn.ini	EastFaxDRVUpgrade.exe
File created	C:\Program Files (x86)\EastFax Tc Personal\EastFaxServer\EastFaxAutoPrint.exe	39514.exe
File created	C:\Program Files (x86)\EastFax Tc Personal\EastFaxClient\EastFaxClientProcessU.dll	39514.exe
File created	C:\Program Files (x86)\EastFax Tc Personal\EastFaxClient\ForwaveSdb.dll	39514.exe
File created	C:\Program Files (x86)\EastFax Tc Personal\EastFaxClient\ForwaveSqliteCore.dll	39514.exe
File created	C:\Program Files (x86)\EastFax Tc Personal\EastFaxServer\EastFaxS.ptc	39514.exe
File created	C:\Program Files (x86)\EastFax Tc Personal\EastFaxServer\ForwaveThreadPool.dll	39514.exe
File created	C:\Program Files (x86)\EastFax Tc Personal\EastFaxClient\Compact.fhi	39514.exe
File created	C:\Program Files (x86)\EastFax Tc Personal\EastFaxClient\Reference.rtf	39514.exe
File created	C:\Program Files (x86)\EastFax Tc Personal\EastFaxServer\EastFaxClientProcessU.dll	39514.exe
File created	C:\Program Files (x86)\EastFax Tc Personal\EastFaxServer\EastSmsLibMDP.dll	39514.exe
File created	C:\Program Files (x86)\EastFax Tc Personal\EastFaxClient\EastFaxPdfPrinter.exe	39514.exe
File created	C:\Program Files (x86)\EastFax Tc Personal\EastFaxClient\EastFaxEditor.exe	39514.exe
File opened for modification	C:\Program Files (x86)\EastFax Tc Personal\EastFaxServer\EastFaxImageCore.dll	39514.exe
File created	C:\Program Files (x86)\EastFax Tc Personal\EastFaxClient\ForwaveDominoMail.dll	39514.exe
File created	C:\Program Files (x86)\EastFax Tc Personal\EastFaxClient\libsasl.dll	39514.exe
File created	C:\Program Files (x86)\EastFax Tc Personal\EastFaxClient\Detail.fhi	39514.exe
File created	C:\Program Files (x86)\EastFax Tc Personal\EastFaxServer\Voice\RecvErr2.wav	39514.exe
File created	C:\Program Files (x86)\EastFax Tc Personal\EastFaxClient\EastFaxComPrinter.exe	39514.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies registry class 64 IoCs

Processes:

39514.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{2C228B97-82DC-41C2-81C9-22F7C90FCC65}	39514.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{15B443F9-9CC9-474B-982C-36FBD6D2DEA4}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	39514.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6D940280-9F11-11CE-83FD-02608C3EC08A}\Implemented Categories\{0DE86A50-2BAA-11CF-A229-00AA003D7352}	39514.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2FD0D751-6AC4-11D1-BA14-00002149093D}\ = "PSFactoryBuffer"	39514.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{33F3BCA0-1309-11D1-B3BE-0020AF29A31E}\ = "IFaxEvent"	39514.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DeviceDesc.DeviceDesc.1	39514.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{07728B4F-6223-11D2-BA57-00002149093D}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	39514.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{154E5B72-8874-11D2-BA61-00002149093D}\ProxyStubClsid32	39514.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CE1191A2-543E-4E06-A9D1-ADCBFCD5D368}\Version	39514.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{98C1D999-7B4E-4403-9CED-CE4B9B2D80D2}\TypeLib\Version = "1.0"	39514.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E3BDB1C2-49AA-11D2-B96B-00A0243D54A2}\1.0\0\win32	39514.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2FD0D752-6AC4-11D1-BA14-00002149093D}\InprocServer32\ = "C:\\Windows\\SysWow64\\ClassX.dll"	39514.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{33F3BCA0-1309-11D1-B3BE-0020AF29A31E}	39514.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{07728B50-6223-11D2-BA57-00002149093D}\TypeLib	39514.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{07728B40-6223-11D2-BA57-00002149093D}\1.0\0\win32	39514.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6D940287-9F11-11CE-83FD-02608C3EC08A}	39514.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{84926CA1-2941-101C-816F-0E6013114B7F}\ProxyStubClsid32	39514.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E1A6B8A0-3603-101C-AC6E-040224009C02}\Version\ = "1.0"	39514.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2FD0D752-6AC4-11D1-BA14-00002149093D}\VersionIndependentProgID\ = "FaxEnum.FaxEnum"	39514.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{07728B4F-6223-11D2-BA57-00002149093D}\TypeLib	39514.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FmPrint.FmPrint\CurVer	39514.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{009541A2-3B81-101C-92F3-040224009C02}\TypeLib\ = "{009541A3-3B81-101C-92F3-040224009C02}"	39514.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E1A6B8A1-3603-101C-AC6E-040224009C02}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	39514.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface	39514.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A5929EC6-74CF-11D2-BA5E-00002149093D}\TypeLib\Version = "1.0"	39514.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{009541A3-3B81-101C-92F3-040224009C02}\2.0	39514.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{009541A0-3B81-101C-92F3-040224009C02}\ProgID	39514.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FaxEnum.FaxEnum	39514.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5929EC4-74CF-11D2-BA5E-00002149093D}\TypeLib\Version = "1.0"	39514.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6D940285-9F11-11CE-83FD-02608C3EC08A}\MiscStatus\1	39514.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{84926CA3-2941-101C-816F-0E6013114B7F}\1.0	39514.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{154E5B72-8874-11D2-BA61-00002149093D}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	39514.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5929EC4-74CF-11D2-BA5E-00002149093D}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	39514.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E3BDB1C2-49AA-11D2-B96B-00A0243D54A2}\1.0\0\win32\ = "C:\\Windows\\SysWow64\\PrtCtl30.ocx"	39514.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Component Categories	39514.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2FD0D752-6AC4-11D1-BA14-00002149093D}	39514.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{94D5E680-1307-11D1-B3BE-0020AF29A31E}\1.0\HELPDIR\ = "C:\\Windows\\SysWow64\\"	39514.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{07728B50-6223-11D2-BA57-00002149093D}\InprocServer32\ = "C:\\Windows\\SysWow64\\FMJR10.dll"	39514.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DeviceDesc.DeviceDesc\CurVer	39514.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6D940281-9F11-11CE-83FD-02608C3EC08A}\TypeLib\Version = "2.1"	39514.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{94D5E680-1307-11D1-B3BE-0020AF29A31E}\1.0\HELPDIR	39514.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{33F3BCA2-1309-11D1-B3BE-0020AF29A31E}	39514.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{07728B4F-6223-11D2-BA57-00002149093D}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	39514.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{98C1D998-7B4E-4403-9CED-CE4B9B2D80D2}\TypeLib\ = "{2C228B97-82DC-41C2-81C9-22F7C90FCC65}"	39514.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6D940280-9F11-11CE-83FD-02608C3EC08A}\ToolboxBitmap32\ = "C:\\Windows\\SysWow64\\IMGEDIT.OCX, 1"	39514.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E1A6B8A0-3603-101C-AC6E-040224009C02}\InprocServer32	39514.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2FD0D752-6AC4-11D1-BA14-00002149093D}\ProgID	39514.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A5929EC4-74CF-11D2-BA5E-00002149093D}\ProxyStubClsid32	39514.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CE1191A2-543E-4E06-A9D1-ADCBFCD5D368}\ProgID	39514.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CE1191A2-543E-4E06-A9D1-ADCBFCD5D368}\InprocServer32\ThreadingModel = "apartment"	39514.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2FD0D751-6AC4-11D1-BA14-00002149093D}\ = "IFaxEnum"	39514.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{896F47D3-2678-49FD-A10F-7A7015E258BF}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	39514.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E3BDB1C1-49AA-11D2-B96B-00A0243D54A2}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	39514.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Imaging.EditCtrl.1\CLSID	39514.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DevProps.DevProps\ = "DevProps Class"	39514.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2FD0D751-6AC4-11D1-BA14-00002149093D}\NumMethods\ = "4"	39514.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CE1191A2-543E-4E06-A9D1-ADCBFCD5D368}\InprocServer32\ = "C:\\Windows\\SysWow64\\FmPrint4.ocx"	39514.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6D940287-9F11-11CE-83FD-02608C3EC08A}	39514.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\FaxJr.FaxJr\CurVer\ = "FaxMan Jr.FaxMan Jr.1"	39514.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5929EC4-74CF-11D2-BA5E-00002149093D}	39514.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6D940287-9F11-11CE-83FD-02608C3EC08A}\ProxyStubClsid32	39514.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{84926CA0-2941-101C-816F-0E6013114B7F}\TypeLib	39514.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Component Categories\{0DE86A58-2BAA-11CF-A229-00AA003D7352}	39514.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2FD0D752-6AC4-11D1-BA14-00002149093D}\ProgID	39514.exe

Suspicious use of FindShellTrayWindow 2 IoCs

Processes:

EastFaxDRVUpgrade.exeEastFaxDRVUpgrade.exe

pid process

2012 EastFaxDRVUpgrade.exe
2004 EastFaxDRVUpgrade.exe
Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

EastFaxDRVUpgrade.exeEastFaxDRVUpgrade.exe

pid process

2012 EastFaxDRVUpgrade.exe
2004 EastFaxDRVUpgrade.exe

pid	process
2012	EastFaxDRVUpgrade.exe
2004	EastFaxDRVUpgrade.exe

pid	process
2012	EastFaxDRVUpgrade.exe
2004	EastFaxDRVUpgrade.exe

Suspicious use of WriteProcessMemory 18 IoCs

Processes:

39514.exe

description	pid	process	target process
PID 240 wrote to memory of 1372	240	39514.exe	EastFaxService.exe
PID 240 wrote to memory of 1372	240	39514.exe	EastFaxService.exe
PID 240 wrote to memory of 1372	240	39514.exe	EastFaxService.exe
PID 240 wrote to memory of 1372	240	39514.exe	EastFaxService.exe
PID 240 wrote to memory of 2012	240	39514.exe	EastFaxDRVUpgrade.exe
PID 240 wrote to memory of 2012	240	39514.exe	EastFaxDRVUpgrade.exe
PID 240 wrote to memory of 2012	240	39514.exe	EastFaxDRVUpgrade.exe
PID 240 wrote to memory of 2012	240	39514.exe	EastFaxDRVUpgrade.exe
PID 240 wrote to memory of 2012	240	39514.exe	EastFaxDRVUpgrade.exe
PID 240 wrote to memory of 2012	240	39514.exe	EastFaxDRVUpgrade.exe
PID 240 wrote to memory of 2012	240	39514.exe	EastFaxDRVUpgrade.exe
PID 240 wrote to memory of 2004	240	39514.exe	EastFaxDRVUpgrade.exe
PID 240 wrote to memory of 2004	240	39514.exe	EastFaxDRVUpgrade.exe
PID 240 wrote to memory of 2004	240	39514.exe	EastFaxDRVUpgrade.exe
PID 240 wrote to memory of 2004	240	39514.exe	EastFaxDRVUpgrade.exe
PID 240 wrote to memory of 2004	240	39514.exe	EastFaxDRVUpgrade.exe
PID 240 wrote to memory of 2004	240	39514.exe	EastFaxDRVUpgrade.exe
PID 240 wrote to memory of 2004	240	39514.exe	EastFaxDRVUpgrade.exe

C:\Users\Admin\AppData\Local\Temp\39514.exe
"C:\Users\Admin\AppData\Local\Temp\39514.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Program Files directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:240

C:\Program Files (x86)\EastFax Tc Personal\EastFaxServer\EastFaxService.exe
"C:\Program Files (x86)\EastFax Tc Personal\EastFaxServer\EastFaxService.exe" /install
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1372

C:\Program Files (x86)\EastFax Tc Personal\EastFaxServer\EastFaxDRVUpgrade.exe
"C:\Program Files (x86)\EastFax Tc Personal\EastFaxServer\EastFaxDRVUpgrade.exe" "EastFax Ext Printer"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Program Files directory
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:2012

C:\Program Files (x86)\EastFax Tc Personal\EastFaxClient\EastFaxDRVUpgrade.exe
"C:\Program Files (x86)\EastFax Tc Personal\EastFaxClient\EastFaxDRVUpgrade.exe" "EastFax"
2⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:2004

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\EastFax Tc Personal\EastFaxServer\EastFaxDRVUpgrade.exe
Filesize
2.4MB

MD5
0490b131ad0faed9158e5850d5ab6f54

SHA1
88d920bb52b4e69e891d2032e6c0f8af8910a997

SHA256
8ec1d12db5d74283a942742a532f2f481064246c7254c37224b431f54ec09e85

SHA512
8d4a865f2ecf73fe64da66736ec9d9629241cd39f811e0d30ba88ca6d1bc9400024257bcbc9a162de33bddc5521f6889a4d3ee648f479af50f9f9e0b5b004ffe

Download Submit
C:\Program Files (x86)\EastFax Tc Personal\EastFaxServer\EastFaxDRVUpgrade.exe
Filesize
2.4MB

MD5
0490b131ad0faed9158e5850d5ab6f54

SHA1
88d920bb52b4e69e891d2032e6c0f8af8910a997

SHA256
8ec1d12db5d74283a942742a532f2f481064246c7254c37224b431f54ec09e85

SHA512
8d4a865f2ecf73fe64da66736ec9d9629241cd39f811e0d30ba88ca6d1bc9400024257bcbc9a162de33bddc5521f6889a4d3ee648f479af50f9f9e0b5b004ffe

Download Submit
C:\Program Files (x86)\EastFax Tc Personal\EastFaxServer\EastFaxService.exe
Filesize
137KB

MD5
edc7fd0348c675a308635c2ece06f1aa

SHA1
5e6b59693456e33d1f9aea853a756d0665ad3e1c

SHA256
d9395ceefd48df6e5facdef4c8a84e479220f817905cd534faa1ead52d48e655

SHA512
8c6317c813330664ce7aa463207cab626a195e117613e03f27be6e8fc69e21e72d0b849c1cb52558b9ba551ebeebb53e6d420fcacd42a617193585167269e2c2

Download Submit
C:\Program Files (x86)\EastFax Tc Personal\EastFaxServer\eastfaxtableu.dll
Filesize
759KB

MD5
f6f477eeec87521d9025b6f23d8dfe43

SHA1
edc5ed3a3013aa9c164342822763cf80d4e73db2

SHA256
f6409b33778e80342fe18ea182d031ece795a9960911e536592b4908c13f4809

SHA512
0b16d79399ddf3bd16e70ec68458b5c4731a61c0dfa7263528cadab5544ef3c879a9c270bc1988df834faa218c5cc454ab76c5a76bbde1465b24602ca18665b6

Download Submit
C:\Program Files (x86)\EastFax Tc Personal\EastFaxServer\forwavecomu.dll
Filesize
600KB

MD5
951c26059f3edc5de7109e54b8d5c7cf

SHA1
0d3c0dbfa4500cd613ffa7ee24ed4357af57061e

SHA256
fc62323ca5c91605097316de60eff4132eb7b5e04272ed295919bf9de13e3f69

SHA512
dedc9f56a54c4037eba89fc64bd25b2ce20986631ba90c4848055bace58515dd759701e24f6aafd72347a70a8df00e3cce3b2244ea7c5a4daa82d0276470e900

Download Submit
C:\Program Files (x86)\EastFax Tc Personal\EastFaxServer\forwavelogu.dll
Filesize
57KB

MD5
feb3a30cc937d139d46cda20b8d69e19

SHA1
c51f4be34320a741f18db4d6d0809a03679bbd17

SHA256
a3181ea47d918ffe6b0c28c2e1c7628c9e41777e790bfd57b45344c41219c442

SHA512
3732b8df53899694758f4a415d875760d9ccb91669fb97aef576802f720b9bd0d9b7c2ed461b26239a18fd7e3546e6ce5fddaa425e837cd3bc1a64bde94bfc87

Download Submit
C:\Program Files (x86)\EastFax Tc Personal\EastFaxServer\forwavesdb.dll
Filesize
194KB

MD5
1d2aa7dd476d5caa5b1da59a965ea407

SHA1
3700590a7f5e6a0503f10e5ec2d63d9b5d79caca

SHA256
a0e72e5016e7dc704bee4b93a128d28db94dd7f0d847149a58a18a26ba726cd9

SHA512
a300aaef5e299534a78651f1da4b678fc0f7c13d83e0d1c45cf2d3674bfe1553fc32b9caac7d1d935e5b70946d685528c5bedb32983bb0ebb583f369407d9b99

Download Submit
C:\Program Files (x86)\EastFax Tc Personal\EastFaxServer\libsasl.dll
Filesize
76KB

MD5
e8f8c8b5eafb7e4dc8af56aaf1abcfda

SHA1
bac60f36651157733319ee2185953769083c8cc3

SHA256
adbe238696f83972a5654ce11ee19cd83170ff3ea071f32c46f3b9abdf06f174

SHA512
3164524e5369729afd3554e2bdaa79a5c2187aac436e64a2ca1faeab78eb43695050fbb05d75af92e4eb6c15b2ed0e6198a197dd0d88bc9515f7b7934d96989b

Download Submit
C:\Windows\SysWOW64\eastfaxinterfactoryu.dll
Filesize
36KB

MD5
d0bd1bea6da18d01ad923cae13f817d4

SHA1
8df0062bf9da919fc6f5aff7d4e8e57926a471ec

SHA256
63c5d4a24520283f9463b5a918239323e7ed960a801624c0f1550d70eed9c552

SHA512
97ae48cf7ad65eca7bc91044f112fb9de1c436ece66c8dde7eb006cc75d88357a645af691b3f1b8a149bd8edd4e51dc99080a81053613c3c7c9c76b1c7eab474

Download Submit
C:\Windows\SysWOW64\forwavemsgpipeu.dll
Filesize
56KB

MD5
23f3f71c8b47a2189c75ef492dc2066b

SHA1
acc58efcb79b6f900f542f3c8a2c5555c71b0d93

SHA256
bbaf5327492fbfd7c42ae5af4820b571aa8b177b58a1281f40833835ff553ba8

SHA512
52b3146970fa82dcec47b344d044eee5879e9889b756b35c8991c0046d5c2129499578a86c5133a0de191382c9d072710c17bb2f88eba75b3275baca715b3368

Download Submit
\Program Files (x86)\EastFax Tc Personal\EastFaxServer\EastFaxDRVUpgrade.exe
Filesize
2.4MB

MD5
0490b131ad0faed9158e5850d5ab6f54

SHA1
88d920bb52b4e69e891d2032e6c0f8af8910a997

SHA256
8ec1d12db5d74283a942742a532f2f481064246c7254c37224b431f54ec09e85

SHA512
8d4a865f2ecf73fe64da66736ec9d9629241cd39f811e0d30ba88ca6d1bc9400024257bcbc9a162de33bddc5521f6889a4d3ee648f479af50f9f9e0b5b004ffe

Download Submit
\Program Files (x86)\EastFax Tc Personal\EastFaxServer\EastFaxDRVUpgrade.exe
Filesize
2.4MB

MD5
0490b131ad0faed9158e5850d5ab6f54

SHA1
88d920bb52b4e69e891d2032e6c0f8af8910a997

SHA256
8ec1d12db5d74283a942742a532f2f481064246c7254c37224b431f54ec09e85

SHA512
8d4a865f2ecf73fe64da66736ec9d9629241cd39f811e0d30ba88ca6d1bc9400024257bcbc9a162de33bddc5521f6889a4d3ee648f479af50f9f9e0b5b004ffe

Download Submit
\Program Files (x86)\EastFax Tc Personal\EastFaxServer\EastFaxDRVUpgrade.exe
Filesize
2.4MB

MD5
0490b131ad0faed9158e5850d5ab6f54

SHA1
88d920bb52b4e69e891d2032e6c0f8af8910a997

SHA256
8ec1d12db5d74283a942742a532f2f481064246c7254c37224b431f54ec09e85

SHA512
8d4a865f2ecf73fe64da66736ec9d9629241cd39f811e0d30ba88ca6d1bc9400024257bcbc9a162de33bddc5521f6889a4d3ee648f479af50f9f9e0b5b004ffe

Download Submit
\Program Files (x86)\EastFax Tc Personal\EastFaxServer\EastFaxDRVUpgrade.exe
Filesize
2.4MB

MD5
0490b131ad0faed9158e5850d5ab6f54

SHA1
88d920bb52b4e69e891d2032e6c0f8af8910a997

SHA256
8ec1d12db5d74283a942742a532f2f481064246c7254c37224b431f54ec09e85

SHA512
8d4a865f2ecf73fe64da66736ec9d9629241cd39f811e0d30ba88ca6d1bc9400024257bcbc9a162de33bddc5521f6889a4d3ee648f479af50f9f9e0b5b004ffe

Download Submit
\Program Files (x86)\EastFax Tc Personal\EastFaxServer\EastFaxService.exe
Filesize
137KB

MD5
edc7fd0348c675a308635c2ece06f1aa

SHA1
5e6b59693456e33d1f9aea853a756d0665ad3e1c

SHA256
d9395ceefd48df6e5facdef4c8a84e479220f817905cd534faa1ead52d48e655

SHA512
8c6317c813330664ce7aa463207cab626a195e117613e03f27be6e8fc69e21e72d0b849c1cb52558b9ba551ebeebb53e6d420fcacd42a617193585167269e2c2

Download Submit
\Program Files (x86)\EastFax Tc Personal\EastFaxServer\EastFaxService.exe
Filesize
137KB

MD5
edc7fd0348c675a308635c2ece06f1aa

SHA1
5e6b59693456e33d1f9aea853a756d0665ad3e1c

SHA256
d9395ceefd48df6e5facdef4c8a84e479220f817905cd534faa1ead52d48e655

SHA512
8c6317c813330664ce7aa463207cab626a195e117613e03f27be6e8fc69e21e72d0b849c1cb52558b9ba551ebeebb53e6d420fcacd42a617193585167269e2c2

Download Submit
\Program Files (x86)\EastFax Tc Personal\EastFaxServer\EastFaxTableU.dll
Filesize
759KB

MD5
f6f477eeec87521d9025b6f23d8dfe43

SHA1
edc5ed3a3013aa9c164342822763cf80d4e73db2

SHA256
f6409b33778e80342fe18ea182d031ece795a9960911e536592b4908c13f4809

SHA512
0b16d79399ddf3bd16e70ec68458b5c4731a61c0dfa7263528cadab5544ef3c879a9c270bc1988df834faa218c5cc454ab76c5a76bbde1465b24602ca18665b6

Download Submit
\Program Files (x86)\EastFax Tc Personal\EastFaxServer\ForwaveCOMU.dll
Filesize
600KB

MD5
951c26059f3edc5de7109e54b8d5c7cf

SHA1
0d3c0dbfa4500cd613ffa7ee24ed4357af57061e

SHA256
fc62323ca5c91605097316de60eff4132eb7b5e04272ed295919bf9de13e3f69

SHA512
dedc9f56a54c4037eba89fc64bd25b2ce20986631ba90c4848055bace58515dd759701e24f6aafd72347a70a8df00e3cce3b2244ea7c5a4daa82d0276470e900

Download Submit
\Program Files (x86)\EastFax Tc Personal\EastFaxServer\ForwaveLogU.dll
Filesize
57KB

MD5
feb3a30cc937d139d46cda20b8d69e19

SHA1
c51f4be34320a741f18db4d6d0809a03679bbd17

SHA256
a3181ea47d918ffe6b0c28c2e1c7628c9e41777e790bfd57b45344c41219c442

SHA512
3732b8df53899694758f4a415d875760d9ccb91669fb97aef576802f720b9bd0d9b7c2ed461b26239a18fd7e3546e6ce5fddaa425e837cd3bc1a64bde94bfc87

Download Submit
\Program Files (x86)\EastFax Tc Personal\EastFaxServer\ForwaveSdb.dll
Filesize
194KB

MD5
1d2aa7dd476d5caa5b1da59a965ea407

SHA1
3700590a7f5e6a0503f10e5ec2d63d9b5d79caca

SHA256
a0e72e5016e7dc704bee4b93a128d28db94dd7f0d847149a58a18a26ba726cd9

SHA512
a300aaef5e299534a78651f1da4b678fc0f7c13d83e0d1c45cf2d3674bfe1553fc32b9caac7d1d935e5b70946d685528c5bedb32983bb0ebb583f369407d9b99

Download Submit
\Program Files (x86)\EastFax Tc Personal\EastFaxServer\libsasl.dll
Filesize
76KB

MD5
e8f8c8b5eafb7e4dc8af56aaf1abcfda

SHA1
bac60f36651157733319ee2185953769083c8cc3

SHA256
adbe238696f83972a5654ce11ee19cd83170ff3ea071f32c46f3b9abdf06f174

SHA512
3164524e5369729afd3554e2bdaa79a5c2187aac436e64a2ca1faeab78eb43695050fbb05d75af92e4eb6c15b2ed0e6198a197dd0d88bc9515f7b7934d96989b

Download Submit
\Users\Admin\AppData\Local\Temp\nsj52C4.tmp\InstallOptions.dll
Filesize
15KB

MD5
828a94a3b9a080f79e84015b55fce227

SHA1
c15c615925bb72531ba32194253eefa49edaa93a

SHA256
1d0a17641f697203fd0c0b9ba0b715436299203c9c1be90c458fe668a1eb68d2

SHA512
c3d41a3f9377a8c18a85eec50a3eb3cf5a4ec8ea4bbffd73992455cb01aaed9f158183bc647684f82c516534266a46ccfcd7c2c0b3e1b73774c3bedc9e80054a

Download Submit
\Windows\SysWOW64\ClassX.dll
Filesize
276KB

MD5
64a591086632d71087d43d7055be5c0a

SHA1
caa30e89e78d64af46a04ef00b8b2b94c93da265

SHA256
052111d6593c093d47efc85d12ee0f382cac9a1864701640cfa46aa93b2f5989

SHA512
51c52d807ae1685f79ad40d80be3e224a64d6a4d1ae98ffab0494b972ea839f5b39be3a72e36e304e6a43a00b710b092c6c88af5dcac0e338ac5ef6f0af1a46f

Download Submit
\Windows\SysWOW64\ClassX.dll
Filesize
276KB

MD5
64a591086632d71087d43d7055be5c0a

SHA1
caa30e89e78d64af46a04ef00b8b2b94c93da265

SHA256
052111d6593c093d47efc85d12ee0f382cac9a1864701640cfa46aa93b2f5989

SHA512
51c52d807ae1685f79ad40d80be3e224a64d6a4d1ae98ffab0494b972ea839f5b39be3a72e36e304e6a43a00b710b092c6c88af5dcac0e338ac5ef6f0af1a46f

Download Submit
\Windows\SysWOW64\EastFaxInterFactoryU.dll
Filesize
36KB

MD5
d0bd1bea6da18d01ad923cae13f817d4

SHA1
8df0062bf9da919fc6f5aff7d4e8e57926a471ec

SHA256
63c5d4a24520283f9463b5a918239323e7ed960a801624c0f1550d70eed9c552

SHA512
97ae48cf7ad65eca7bc91044f112fb9de1c436ece66c8dde7eb006cc75d88357a645af691b3f1b8a149bd8edd4e51dc99080a81053613c3c7c9c76b1c7eab474

Download Submit
\Windows\SysWOW64\FMJR10.dll
Filesize
164KB

MD5
170c7a53c80004d3b72e7804f78f2bcf

SHA1
12712543e87b7d07d4d933bce257102d97cf1cff

SHA256
be5ea19c7fa5d8604404077b3da84ba9515ee73c7409c20b4d08a7aafc7f3142

SHA512
19e49a012b33207b774e3a95db184b3d15411fec9059afbae7d432dbee4a7017c240a227f6e050b8d598df03345907365a894586e7df449064748ae25bec34c0

Download Submit
\Windows\SysWOW64\FmPrint4.ocx
Filesize
1.8MB

MD5
a4f87e75839bbaa50360ae11d73431b1

SHA1
f977b28f77d9e84724c7d01c4c12c2cc2ba03354

SHA256
d090e3a555750ddd1dd689fee2663ae3544c88f8c6c31f39c13125a39d461eee

SHA512
2e6611c3b9f3bfa178c7c9a33ad137a3e77883ef061717f2577e344e6bd14fa3ab8204d04124c53817d052bf56ea19d25906a91a71f2d4570d1cd42a5f9b21e6

Download Submit
\Windows\SysWOW64\ForwaveMsgPipeU.dll
Filesize
56KB

MD5
23f3f71c8b47a2189c75ef492dc2066b

SHA1
acc58efcb79b6f900f542f3c8a2c5555c71b0d93

SHA256
bbaf5327492fbfd7c42ae5af4820b571aa8b177b58a1281f40833835ff553ba8

SHA512
52b3146970fa82dcec47b344d044eee5879e9889b756b35c8991c0046d5c2129499578a86c5133a0de191382c9d072710c17bb2f88eba75b3275baca715b3368

Download Submit
\Windows\SysWOW64\IMGADMIN.OCX
Filesize
104KB

MD5
2846629778d3236e8cf8ee3254ba2182

SHA1
1a28880e19ded7ebd6526c7b21dff2bf95b56b58

SHA256
c91bc49861b7f8211f92a56da295f1005a82402e917151d0ffeeeebf1549f016

SHA512
8064a557fd13e6b1e187138c5a52176bd0cf9758388df1e0a9d52713fbf89bb4936a95cd7d56fb62305c095e9f3f2c657bd559720fef91c00e75b07c45713d1e

Download Submit
\Windows\SysWOW64\IMGCMN.DLL
Filesize
68KB

MD5
f32ed04a9dc3b16ae778ec3e5deda5fc

SHA1
c85a4e033e4f5cffc897956db4db5d98775f754a

SHA256
8e90b5d221ab6106a262e1b4199f0fdb0187286ec4ca254389f064740e444304

SHA512
b85facc262c80f283b3579d6654ecb3747678a53005ce9624f7ede759660acc641b9b7382a3cdae4fe034b08dd4142b6fa4026d066125c71ecafc8513efed2b9

Download Submit
\Windows\SysWOW64\IMGCMN.DLL
Filesize
68KB

MD5
f32ed04a9dc3b16ae778ec3e5deda5fc

SHA1
c85a4e033e4f5cffc897956db4db5d98775f754a

SHA256
8e90b5d221ab6106a262e1b4199f0fdb0187286ec4ca254389f064740e444304

SHA512
b85facc262c80f283b3579d6654ecb3747678a53005ce9624f7ede759660acc641b9b7382a3cdae4fe034b08dd4142b6fa4026d066125c71ecafc8513efed2b9

Download Submit
\Windows\SysWOW64\IMGCMN.DLL
Filesize
68KB

MD5
f32ed04a9dc3b16ae778ec3e5deda5fc

SHA1
c85a4e033e4f5cffc897956db4db5d98775f754a

SHA256
8e90b5d221ab6106a262e1b4199f0fdb0187286ec4ca254389f064740e444304

SHA512
b85facc262c80f283b3579d6654ecb3747678a53005ce9624f7ede759660acc641b9b7382a3cdae4fe034b08dd4142b6fa4026d066125c71ecafc8513efed2b9

Download Submit
\Windows\SysWOW64\IMGCMN.DLL
Filesize
68KB

MD5
f32ed04a9dc3b16ae778ec3e5deda5fc

SHA1
c85a4e033e4f5cffc897956db4db5d98775f754a

SHA256
8e90b5d221ab6106a262e1b4199f0fdb0187286ec4ca254389f064740e444304

SHA512
b85facc262c80f283b3579d6654ecb3747678a53005ce9624f7ede759660acc641b9b7382a3cdae4fe034b08dd4142b6fa4026d066125c71ecafc8513efed2b9

Download Submit
\Windows\SysWOW64\IMGEDIT.OCX
Filesize
324KB

MD5
fce70a0a9d186efe005343be28445e9c

SHA1
1589b16fc87620766690175e6fec48a4ba733494

SHA256
e289d1c27857f27a015be3a764b7d71b6a62bfed64b7d7d59301acfdda91996a

SHA512
1d167ebff3876c66e2083961030109776c573a992d6bb9349a056e29e3f8da449ee669b33e60c572b62248e70b43439b1d752ba1ad967997fb4c1de9e8426290

Download Submit
\Windows\SysWOW64\IMGSCAN.OCX
Filesize
119KB

MD5
eb21b4f2759a98d3276bc07399f47fd9

SHA1
07c262b5f6dcccbfaec756295cbf1d8012607d30

SHA256
57d690b0dcf0f963caea448d5011758139670c45584c825ad8c86b5b26dda0a3

SHA512
144d231aecb8a40d58c22f2478abcec2fabb7eb696cd43c5a2cdb4583578b41c82210d6b26fe41c59f1dfc7eaaf2bc7eb224627acfd3d311a3ed2a688480a9f9

Download Submit
\Windows\SysWOW64\IMGTHUMB.OCX
Filesize
113KB

MD5
7376df3c75c134fdbd1592f227ae377e

SHA1
643d5efe32c736000683acf65bba75edfa2c0689

SHA256
213843a90e3f1f9ca34cfa89ab904ac8f506d4f2e6dcb02892b7b2462a5c3ce3

SHA512
ddc0ea6c375835f8d6bc6578a6d7cd32b2f19646e7f3c678f30c254c7306955859c382f3be64f6d3708cc63480da1aa78a2779d02eeb51f39fd6346ce895bf9b

Download Submit
\Windows\SysWOW64\OIADM400.DLL
Filesize
36KB

MD5
1a6e7c331f871e8099f544d2f81a6e74

SHA1
d3f815f1ef7a7a10e6454e0b1a96184e87b95351

SHA256
b76d7332b857f02abbc9b180d723df44aac0a5ca51729f9a223b17b714a5d582

SHA512
b1be722d2ba7ede5e30851c9621fb6bd1693f870988e5c325041d10534a4b6ee084aeff1d02ab4f5761ac24f411f5e6378ee09e102a37aaa794e3fb66a37ee86

Download Submit
\Windows\SysWOW64\OIADM400.DLL
Filesize
36KB

MD5
1a6e7c331f871e8099f544d2f81a6e74

SHA1
d3f815f1ef7a7a10e6454e0b1a96184e87b95351

SHA256
b76d7332b857f02abbc9b180d723df44aac0a5ca51729f9a223b17b714a5d582

SHA512
b1be722d2ba7ede5e30851c9621fb6bd1693f870988e5c325041d10534a4b6ee084aeff1d02ab4f5761ac24f411f5e6378ee09e102a37aaa794e3fb66a37ee86

Download Submit
\Windows\SysWOW64\OIADM400.DLL
Filesize
36KB

MD5
1a6e7c331f871e8099f544d2f81a6e74

SHA1
d3f815f1ef7a7a10e6454e0b1a96184e87b95351

SHA256
b76d7332b857f02abbc9b180d723df44aac0a5ca51729f9a223b17b714a5d582

SHA512
b1be722d2ba7ede5e30851c9621fb6bd1693f870988e5c325041d10534a4b6ee084aeff1d02ab4f5761ac24f411f5e6378ee09e102a37aaa794e3fb66a37ee86

Download Submit
\Windows\SysWOW64\OIADM400.DLL
Filesize
36KB

MD5
1a6e7c331f871e8099f544d2f81a6e74

SHA1
d3f815f1ef7a7a10e6454e0b1a96184e87b95351

SHA256
b76d7332b857f02abbc9b180d723df44aac0a5ca51729f9a223b17b714a5d582

SHA512
b1be722d2ba7ede5e30851c9621fb6bd1693f870988e5c325041d10534a4b6ee084aeff1d02ab4f5761ac24f411f5e6378ee09e102a37aaa794e3fb66a37ee86

Download Submit
\Windows\SysWOW64\OIDIS400.DLL
Filesize
344KB

MD5
89d0bd8c2e9c3596b97d47fae11ccce1

SHA1
ee7da5514a6a6fccad31da6fdbbb1082a34dea68

SHA256
4f55a8bb5e2b7180508df65ebd646c8658581fc393efcf42bc745c4da5cc8203

SHA512
b43ac28091cf5f1bc0a46e45486bcf440a406ff158a0d04aae2aa6ce473ae38e0d762141b792b9e84dd7436da68c854f88a2dc81a04d2c81d9a11468590ccc92

Download Submit
\Windows\SysWOW64\OIDIS400.DLL
Filesize
344KB

MD5
89d0bd8c2e9c3596b97d47fae11ccce1

SHA1
ee7da5514a6a6fccad31da6fdbbb1082a34dea68

SHA256
4f55a8bb5e2b7180508df65ebd646c8658581fc393efcf42bc745c4da5cc8203

SHA512
b43ac28091cf5f1bc0a46e45486bcf440a406ff158a0d04aae2aa6ce473ae38e0d762141b792b9e84dd7436da68c854f88a2dc81a04d2c81d9a11468590ccc92

Download Submit
\Windows\SysWOW64\OIDIS400.DLL
Filesize
344KB

MD5
89d0bd8c2e9c3596b97d47fae11ccce1

SHA1
ee7da5514a6a6fccad31da6fdbbb1082a34dea68

SHA256
4f55a8bb5e2b7180508df65ebd646c8658581fc393efcf42bc745c4da5cc8203

SHA512
b43ac28091cf5f1bc0a46e45486bcf440a406ff158a0d04aae2aa6ce473ae38e0d762141b792b9e84dd7436da68c854f88a2dc81a04d2c81d9a11468590ccc92

Download Submit
\Windows\SysWOW64\OIDIS400.DLL
Filesize
344KB

MD5
89d0bd8c2e9c3596b97d47fae11ccce1

SHA1
ee7da5514a6a6fccad31da6fdbbb1082a34dea68

SHA256
4f55a8bb5e2b7180508df65ebd646c8658581fc393efcf42bc745c4da5cc8203

SHA512
b43ac28091cf5f1bc0a46e45486bcf440a406ff158a0d04aae2aa6ce473ae38e0d762141b792b9e84dd7436da68c854f88a2dc81a04d2c81d9a11468590ccc92

Download Submit
\Windows\SysWOW64\OIFIL400.DLL
Filesize
116KB

MD5
cccb9b2e0ddb66953202a991e9e717b6

SHA1
0496a2ba8aa154800b2bfcc28342e477df6dcef8

SHA256
9160a466f6eb6e52c443f247b6ad88f80130c1e41eb519712c0ccfe7f92f9776

SHA512
e1f8f754d783c8b9598d244e379e8a41b86475a86b74c934da35c19ee594aebd2e7e78f058cd302e647e19f5ac7efaf4695d5d42a6cec447a25b662838ccf47e

Download Submit
\Windows\SysWOW64\OIFIL400.DLL
Filesize
116KB

MD5
cccb9b2e0ddb66953202a991e9e717b6

SHA1
0496a2ba8aa154800b2bfcc28342e477df6dcef8

SHA256
9160a466f6eb6e52c443f247b6ad88f80130c1e41eb519712c0ccfe7f92f9776

SHA512
e1f8f754d783c8b9598d244e379e8a41b86475a86b74c934da35c19ee594aebd2e7e78f058cd302e647e19f5ac7efaf4695d5d42a6cec447a25b662838ccf47e

Download Submit
\Windows\SysWOW64\OIFIL400.DLL
Filesize
116KB

MD5
cccb9b2e0ddb66953202a991e9e717b6

SHA1
0496a2ba8aa154800b2bfcc28342e477df6dcef8

SHA256
9160a466f6eb6e52c443f247b6ad88f80130c1e41eb519712c0ccfe7f92f9776

SHA512
e1f8f754d783c8b9598d244e379e8a41b86475a86b74c934da35c19ee594aebd2e7e78f058cd302e647e19f5ac7efaf4695d5d42a6cec447a25b662838ccf47e

Download Submit
\Windows\SysWOW64\OIFIL400.DLL
Filesize
116KB

MD5
cccb9b2e0ddb66953202a991e9e717b6

SHA1
0496a2ba8aa154800b2bfcc28342e477df6dcef8

SHA256
9160a466f6eb6e52c443f247b6ad88f80130c1e41eb519712c0ccfe7f92f9776

SHA512
e1f8f754d783c8b9598d244e379e8a41b86475a86b74c934da35c19ee594aebd2e7e78f058cd302e647e19f5ac7efaf4695d5d42a6cec447a25b662838ccf47e

Download Submit
\Windows\SysWOW64\OIGFS400.DLL
Filesize
148KB

MD5
683521adc21ee6c668518fe650464f15

SHA1
6a84276b32a36f97bd7635f459c25edf57a24e50

SHA256
626005d052a12cd7bb71d8a8410a58fc4b99e6df8933b529f769f1493f392112

SHA512
c6726040e616fd0ef556adff2cbc12f54a4cda2bf2c3c54a729bb5515bf1f6cecb63293592046ddde53b1258e09e3aa9b4e67d32ccd54f3c98fd5731aaa641f0

Download Submit
\Windows\SysWOW64\OIGFS400.DLL
Filesize
148KB

MD5
683521adc21ee6c668518fe650464f15

SHA1
6a84276b32a36f97bd7635f459c25edf57a24e50

SHA256
626005d052a12cd7bb71d8a8410a58fc4b99e6df8933b529f769f1493f392112

SHA512
c6726040e616fd0ef556adff2cbc12f54a4cda2bf2c3c54a729bb5515bf1f6cecb63293592046ddde53b1258e09e3aa9b4e67d32ccd54f3c98fd5731aaa641f0

Download Submit
\Windows\SysWOW64\OIGFS400.DLL
Filesize
148KB

MD5
683521adc21ee6c668518fe650464f15

SHA1
6a84276b32a36f97bd7635f459c25edf57a24e50

SHA256
626005d052a12cd7bb71d8a8410a58fc4b99e6df8933b529f769f1493f392112

SHA512
c6726040e616fd0ef556adff2cbc12f54a4cda2bf2c3c54a729bb5515bf1f6cecb63293592046ddde53b1258e09e3aa9b4e67d32ccd54f3c98fd5731aaa641f0

Download Submit
\Windows\SysWOW64\OIGFS400.DLL
Filesize
148KB

MD5
683521adc21ee6c668518fe650464f15

SHA1
6a84276b32a36f97bd7635f459c25edf57a24e50

SHA256
626005d052a12cd7bb71d8a8410a58fc4b99e6df8933b529f769f1493f392112

SHA512
c6726040e616fd0ef556adff2cbc12f54a4cda2bf2c3c54a729bb5515bf1f6cecb63293592046ddde53b1258e09e3aa9b4e67d32ccd54f3c98fd5731aaa641f0

Download Submit
\Windows\SysWOW64\OISLB400.DLL
Filesize
40KB

MD5
7a926b58fb15a4fddb1779e0dbdbe1a2

SHA1
b6a959a4657cb646f0957efa343d350ba07b1eeb

SHA256
a3f0f7cdce34c5d129b665f2da7c3dc217ad14f47fe3c22fd18014bb9fd582eb

SHA512
757200a154f4263075519b77a8db32559811ee60cd3bfed97e900d441a079efe6ab9fea68769e38b60e97346fcaef95e2a84e4d73515975fa395ebdffb500765

Download Submit
\Windows\SysWOW64\OISSQ400.DLL
Filesize
36KB

MD5
523aa26f553a42e4d5641e33a0195b67

SHA1
04f082a418b773be6496589d8c41bab1abe31a8a

SHA256
924918b0783fb9578c9b16e49a3131eb00cba62fd7369aeaf1c1edc009de3cf7

SHA512
c4cffe519eac915a4773fb2a5c5d943baa7d6283c99c7994e598ee2e23c7ef80b078c51583d82031ee70d9139bcbc329f9716cfb1252d11996f1988e6960b9b0

Download Submit
\Windows\SysWOW64\OITWA400.DLL
Filesize
44KB

MD5
d5b8af11ed8aa1d0ce5b54780c1e4188

SHA1
a8a568b3a4d1920368c8300811f6fab969a08898

SHA256
7a00bad8fb06de9a1866a9f416673451f401ddcbcfa6dd4f13784753bd6f094f

SHA512
7046768faa6a874a9f0d94732e4786c090185c5ee67f4a19b70f668d1cde484372eba7ba5c3880c1ac3b430eda409883185a9a707c4f3a21540d105d25115945

Download Submit
\Windows\SysWOW64\OIUI400.DLL
Filesize
64KB

MD5
505f41aa6a50bb7b5fad82f59fc7bb4c

SHA1
4cf5f27957efeb6286219e7eb271abe95ef42eaf

SHA256
6c9ae2c5d84c7e7833089f26c38bf97bfae0b896a8e8d7f8bde13984a8b3caf3

SHA512
7dcca8ba71a5c8ce353b24d0475fb8089a00e250c2a3c732c50c215383a1683acd6e94a7ce5402dce6edc7eaf22dfce3afbc17bacd8910e3b4748838bc2947da

Download Submit
\Windows\SysWOW64\PrtCtl30.ocx
Filesize
88KB

MD5
f8aa82a1afd51c731bd9702f7d367795

SHA1
82d9e7bdace604b2213a6a0f9aac6d276507a360

SHA256
86061b626037f10d26a8772076db8470c7f0f0b31a1c374ddd8c8e6ca245c10f

SHA512
44e7f43fadb7559d72b15817ac14fc1aeb46539816cc586eedba3450abd0ed7d87a4bd571f39cedb904ca2249c073b6b1e3a8f809f05a4bc6ea53dd1a4bc03e1

Download Submit
\Windows\SysWOW64\classxps.dll
Filesize
24KB

MD5
31e23ddca17f860ec560fec62394480c

SHA1
fd329bfa98295b8c138b066aa6552247657085fc

SHA256
e60eb115ca926895d1518f410a130115c26db988a66f9c62b87798b95ea0f963

SHA512
4a5a71d076140ead7cec2cb1acaea5e505e7b462f184ff91b7502bfcf3f66b069a3e9970dd57880a3eac6a6410c49fb8caa6b14a04634558daaed85f61183d28

Download Submit
\Windows\SysWOW64\efprnmon.dll
Filesize
17KB

MD5
d1fa55488db1d4edd5206945c95ffac6

SHA1
3e4e1b800bfec4d51103448572dce13b2b88492f

SHA256
c38fe1474bade908452de5429554141b686823180cbb6953dd7ce20da5d1b6ec

SHA512
b1c0be002ac73a74730f51d0dca77c22282e5932767664ccfa98bddc0751cf8ab7dbf3bfbe443e98aa365f4c3681dc12d5a2027f14c309f2dfa2102ea3c98bc7

Download Submit
\Windows\SysWOW64\msvcp71.dll
Filesize
492KB

MD5
a94dc60a90efd7a35c36d971e3ee7470

SHA1
f936f612bc779e4ba067f77514b68c329180a380

SHA256
6c483cbe349863c7dcf6f8cb7334e7d28c299e7d5aa063297ea2f62352f6bdd9

SHA512
ff6c41d56337cac074582002d60cbc57263a31480c67ee8999bc02fc473b331eefed93ee938718d297877cf48471c7512741b4aebc0636afc78991cdf6eddfab

Download Submit
\Windows\SysWOW64\msvcr71.dll
Filesize
340KB

MD5
ca2f560921b7b8be1cf555a5a18d54c3

SHA1
432dbcf54b6f1142058b413a9d52668a2bde011d

SHA256
c4d4339df314a27ff75a38967b7569d9962337b8d4cd4b0db3aba5ff72b2bfbb

SHA512
23e0bdd9458a5a8e0f9bbcb7f6ce4f87fcc9e47c1ee15f964c17ff9fe8d0f82dd3a0f90263daaf1ee87fad4a238aa0ee92a16b3e2c67f47c84d575768edba43e

Download Submit
\Windows\System32\spool\drivers\x64\UNIDRV.DLL
Filesize
468KB

MD5
10082d5492c7bd118fe703ac6ccb8afc

SHA1
26927a09a31371497d0717e0270ac32cac4f766a

SHA256
d3b18c3e4ae14807d80ba6e2033fd5a040b15dfeababaf00e7e9666e97c7c4c9

SHA512
eb27adca21d47e278a9c24d6f8b27959a71e894fd3d3b86536cffb4fb43434d591370e5dd5240048684a0995d6e15363e28462e7d3f43c9a046c36b0daaa89d2

Download Submit
\Windows\System32\spool\drivers\x64\UNIDRV.DLL
Filesize
468KB

MD5
10082d5492c7bd118fe703ac6ccb8afc

SHA1
26927a09a31371497d0717e0270ac32cac4f766a

SHA256
d3b18c3e4ae14807d80ba6e2033fd5a040b15dfeababaf00e7e9666e97c7c4c9

SHA512
eb27adca21d47e278a9c24d6f8b27959a71e894fd3d3b86536cffb4fb43434d591370e5dd5240048684a0995d6e15363e28462e7d3f43c9a046c36b0daaa89d2

Download Submit
\Windows\System32\spool\drivers\x64\UNIDRVUI.DLL
Filesize
863KB

MD5
70a72fc276267dbfdb39ac1fd358cfe0

SHA1
7c6dfe972fbf42f103d5e57192dd0074c74f970c

SHA256
7c2b922b9807b0d456906c4d1bb48baf2ccdf19b814d51451802021d6d009197

SHA512
03960b38c1f1b9451199aef6e03502b8d6d08d69263d5e7056010150c853bc575c8135b48feeaefe935732bd6b3025dcc9b047cc412f7df4e688b0faf0c200e8

Download Submit
memory/240-156-0x0000000003CC0000-0x0000000003CD0000-memory.dmp

Filesize
64KB

Download
memory/240-129-0x0000000003A40000-0x0000000003A90000-memory.dmp

Filesize
320KB

Download
memory/240-158-0x0000000003CC0000-0x0000000003CD0000-memory.dmp

Filesize
64KB

Download
memory/240-127-0x0000000003A40000-0x0000000003A90000-memory.dmp

Filesize
320KB

Download
memory/240-144-0x0000000003A40000-0x0000000003CEC000-memory.dmp

Filesize
2.7MB

Download
memory/240-54-0x00000000757C1000-0x00000000757C3000-memory.dmp

Filesize
8KB

Download
memory/240-155-0x0000000003CC0000-0x0000000003CD0000-memory.dmp

Filesize
64KB

Download
memory/240-157-0x0000000003CC0000-0x0000000003CD0000-memory.dmp

Filesize
64KB

Download
memory/1372-124-0x0000000000020000-0x000000000003E000-memory.dmp

Filesize
120KB

Download
memory/1372-123-0x0000000010000000-0x000000001005E000-memory.dmp

Filesize
376KB

Download
memory/1372-105-0x0000000000000000-mapping.dmp

Download
memory/1372-130-0x0000000000260000-0x0000000000275000-memory.dmp

Filesize
84KB

Download
memory/1372-128-0x0000000000240000-0x0000000000260000-memory.dmp

Filesize
128KB

Download
memory/1372-126-0x0000000000800000-0x0000000000940000-memory.dmp

Filesize
1.2MB

Download
memory/1372-125-0x0000000000640000-0x00000000007FD000-memory.dmp

Filesize
1.7MB

Download
memory/1372-117-0x0000000000220000-0x0000000000233000-memory.dmp

Filesize
76KB

Download
memory/1372-122-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download
memory/2004-152-0x0000000000FE0000-0x000000000128C000-memory.dmp

Filesize
2.7MB

Download
memory/2004-148-0x0000000000000000-mapping.dmp

Download
memory/2004-151-0x0000000000400000-0x00000000006AC000-memory.dmp

Filesize
2.7MB

Download
memory/2004-150-0x00000000747D1000-0x00000000747D3000-memory.dmp

Filesize
8KB

Download
memory/2004-153-0x0000000000FE0000-0x000000000128C000-memory.dmp

Filesize
2.7MB

Download
memory/2004-154-0x0000000000400000-0x00000000006AC000-memory.dmp

Filesize
2.7MB

Download
memory/2012-139-0x00000000745E1000-0x00000000745E3000-memory.dmp

Filesize
8KB

Download
memory/2012-147-0x0000000000400000-0x00000000006AC000-memory.dmp

Filesize
2.7MB

Download
memory/2012-145-0x0000000000400000-0x00000000006AC000-memory.dmp

Filesize
2.7MB

Download
memory/2012-146-0x0000000000CA0000-0x0000000000F4C000-memory.dmp

Filesize
2.7MB

Download
memory/2012-132-0x0000000000000000-mapping.dmp

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads