b18f171e9f15af64c169b90e088b76e42a2585b255e0e45541feeff917c880fa

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
20/10/2022, 22:55

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

b18f171e9f15af64c169b90e088b76e42a2585b255e0e45541feeff917c880fa.exe
Size

234KB
MD5

2dc39b33046a5f6a440e4309efd9dde7
SHA1

680e6c660a917e586946068efae04cbfd15476d3
SHA256

b18f171e9f15af64c169b90e088b76e42a2585b255e0e45541feeff917c880fa
SHA512

47870e93a9a83815eafb532945a0a99adb2959a822de94dc7e44e128dc0d25af19a7a5eb0806a75f09f37669b2ead27898ce119df284cb0bf231344bac1ab3a9
SSDEEP

6144:XHl0ndE3gkCAaRDkubNawb9VOExRCiMOEo:VO2CAID9bswb9VOExxLE

Score

8^/10

persistence

Malware Config

Signatures

Sets DLL path for service in the registry 2 TTPs 14 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Wmi\Parameters\ServiceDll = "C:\\Windows\\system32\\Wmi.dll"	b18f171e9f15af64c169b90e088b76e42a2585b255e0e45541feeff917c880fa.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\LogonHours\Parameters\ServiceDll = "C:\\Windows\\system32\\LogonHours.dll"	b18f171e9f15af64c169b90e088b76e42a2585b255e0e45541feeff917c880fa.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\uploadmgr\Parameters\ServiceDll = "C:\\Windows\\system32\\uploadmgr.dll"	b18f171e9f15af64c169b90e088b76e42a2585b255e0e45541feeff917c880fa.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Irmon\Parameters\ServiceDll = "C:\\Windows\\system32\\Irmon.dll"	b18f171e9f15af64c169b90e088b76e42a2585b255e0e45541feeff917c880fa.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\NWCWorkstation\Parameters\ServiceDll = "C:\\Windows\\system32\\NWCWorkstation.dll"	b18f171e9f15af64c169b90e088b76e42a2585b255e0e45541feeff917c880fa.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WmdmPmSp\Parameters\ServiceDll = "C:\\Windows\\system32\\WmdmPmSp.dll"	b18f171e9f15af64c169b90e088b76e42a2585b255e0e45541feeff917c880fa.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Nla\Parameters\ServiceDll = "C:\\Windows\\system32\\Nla.dll"	b18f171e9f15af64c169b90e088b76e42a2585b255e0e45541feeff917c880fa.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SRService\Parameters\ServiceDll = "C:\\Windows\\system32\\SRService.dll"	b18f171e9f15af64c169b90e088b76e42a2585b255e0e45541feeff917c880fa.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\PCAudit\Parameters\ServiceDll = "C:\\Windows\\system32\\PCAudit.dll"	b18f171e9f15af64c169b90e088b76e42a2585b255e0e45541feeff917c880fa.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\FastUserSwitchingCompatibility\Parameters\ServiceDll = "C:\\Windows\\system32\\FastUserSwitchingCompatibility.dll"	b18f171e9f15af64c169b90e088b76e42a2585b255e0e45541feeff917c880fa.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Ias\Parameters\ServiceDll = "C:\\Windows\\system32\\Ias.dll"	b18f171e9f15af64c169b90e088b76e42a2585b255e0e45541feeff917c880fa.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Ntmssvc\Parameters\ServiceDll = "C:\\Windows\\system32\\Ntmssvc.dll"	b18f171e9f15af64c169b90e088b76e42a2585b255e0e45541feeff917c880fa.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Nwsapagent\Parameters\ServiceDll = "C:\\Windows\\system32\\Nwsapagent.dll"	b18f171e9f15af64c169b90e088b76e42a2585b255e0e45541feeff917c880fa.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\helpsvc\Parameters\ServiceDll = "C:\\Windows\\system32\\helpsvc.dll"	b18f171e9f15af64c169b90e088b76e42a2585b255e0e45541feeff917c880fa.exe

Loads dropped DLL 42 IoCs

pid	Process
1316	svchost.exe
1316	svchost.exe
1316	svchost.exe
1208	svchost.exe
1208	svchost.exe
1208	svchost.exe
2020	svchost.exe
2020	svchost.exe
2020	svchost.exe
3504	svchost.exe
3504	svchost.exe
3504	svchost.exe
3060	svchost.exe
3060	svchost.exe
3060	svchost.exe
4968	svchost.exe
4968	svchost.exe
4968	svchost.exe
4644	svchost.exe
4644	svchost.exe
4644	svchost.exe
632	svchost.exe
632	svchost.exe
632	svchost.exe
3464	svchost.exe
3464	svchost.exe
3464	svchost.exe
4448	svchost.exe
4448	svchost.exe
4448	svchost.exe
4448	svchost.exe
4448	svchost.exe
4448	svchost.exe
548	svchost.exe
548	svchost.exe
548	svchost.exe
4988	svchost.exe
4988	svchost.exe
4988	svchost.exe
4988	svchost.exe
4988	svchost.exe
4988	svchost.exe

Drops file in System32 directory 14 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\Ias.dll	b18f171e9f15af64c169b90e088b76e42a2585b255e0e45541feeff917c880fa.exe
File opened for modification	C:\Windows\SysWOW64\WmdmPmSp.dll	b18f171e9f15af64c169b90e088b76e42a2585b255e0e45541feeff917c880fa.exe
File opened for modification	C:\Windows\SysWOW64\LogonHours.dll	b18f171e9f15af64c169b90e088b76e42a2585b255e0e45541feeff917c880fa.exe
File opened for modification	C:\Windows\SysWOW64\FastUserSwitchingCompatibility.dll	b18f171e9f15af64c169b90e088b76e42a2585b255e0e45541feeff917c880fa.exe
File opened for modification	C:\Windows\SysWOW64\Nwsapagent.dll	b18f171e9f15af64c169b90e088b76e42a2585b255e0e45541feeff917c880fa.exe
File opened for modification	C:\Windows\SysWOW64\SRService.dll	b18f171e9f15af64c169b90e088b76e42a2585b255e0e45541feeff917c880fa.exe
File opened for modification	C:\Windows\SysWOW64\helpsvc.dll	b18f171e9f15af64c169b90e088b76e42a2585b255e0e45541feeff917c880fa.exe
File opened for modification	C:\Windows\SysWOW64\uploadmgr.dll	b18f171e9f15af64c169b90e088b76e42a2585b255e0e45541feeff917c880fa.exe
File opened for modification	C:\Windows\SysWOW64\Ntmssvc.dll	b18f171e9f15af64c169b90e088b76e42a2585b255e0e45541feeff917c880fa.exe
File opened for modification	C:\Windows\SysWOW64\NWCWorkstation.dll	b18f171e9f15af64c169b90e088b76e42a2585b255e0e45541feeff917c880fa.exe
File opened for modification	C:\Windows\SysWOW64\Wmi.dll	b18f171e9f15af64c169b90e088b76e42a2585b255e0e45541feeff917c880fa.exe
File opened for modification	C:\Windows\SysWOW64\PCAudit.dll	b18f171e9f15af64c169b90e088b76e42a2585b255e0e45541feeff917c880fa.exe
File opened for modification	C:\Windows\SysWOW64\Irmon.dll	b18f171e9f15af64c169b90e088b76e42a2585b255e0e45541feeff917c880fa.exe
File opened for modification	C:\Windows\SysWOW64\Nla.dll	b18f171e9f15af64c169b90e088b76e42a2585b255e0e45541feeff917c880fa.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1868	b18f171e9f15af64c169b90e088b76e42a2585b255e0e45541feeff917c880fa.exe
1868	b18f171e9f15af64c169b90e088b76e42a2585b255e0e45541feeff917c880fa.exe

C:\Users\Admin\AppData\Local\Temp\b18f171e9f15af64c169b90e088b76e42a2585b255e0e45541feeff917c880fa.exe
"C:\Users\Admin\AppData\Local\Temp\b18f171e9f15af64c169b90e088b76e42a2585b255e0e45541feeff917c880fa.exe"
1⤵
- Sets DLL path for service in the registry
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
PID:1868

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs -s FastUserSwitchingCompatibility
1⤵
- Loads dropped DLL
PID:1316

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs -s Irmon
1⤵
- Loads dropped DLL
PID:1208

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs -s Nla
1⤵
- Loads dropped DLL
PID:2020

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs -s Ntmssvc
1⤵
- Loads dropped DLL
PID:3504

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs -s NWCWorkstation
1⤵
- Loads dropped DLL
PID:3060

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs -s Nwsapagent
1⤵
- Loads dropped DLL
PID:4968

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs -s SRService
1⤵
- Loads dropped DLL
PID:4644

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs -s WmdmPmSp
1⤵
- Loads dropped DLL
PID:632

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs -s LogonHours
1⤵
- Loads dropped DLL
PID:3464

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs -s PCAudit
1⤵
- Loads dropped DLL
PID:4448

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs -s helpsvc
1⤵
- Loads dropped DLL
PID:548

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs -s uploadmgr
1⤵
- Loads dropped DLL
PID:4988

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\FastUserSwitchingCompatibility.dll

Filesize
234KB

MD5
83bba8acfad137f758de66c217ce14da

SHA1
400dacfeba2b64ed8e33344d1174daa174b641b1

SHA256
205c4e60ed9f9fb3f362050d1ccfae57613f501d84057772e12a9b98ad894b32

SHA512
34b6e3f630ad90762177da9d7dc3023c047ced93daa1727582290c80443ecfaac83bb62d927cd24eaf37ed63150d012b8b6f12ab5c6daf68461219232832ddca

Download Submit
C:\Windows\SysWOW64\FastUserSwitchingCompatibility.dll

Filesize
234KB

MD5
83bba8acfad137f758de66c217ce14da

SHA1
400dacfeba2b64ed8e33344d1174daa174b641b1

SHA256
205c4e60ed9f9fb3f362050d1ccfae57613f501d84057772e12a9b98ad894b32

SHA512
34b6e3f630ad90762177da9d7dc3023c047ced93daa1727582290c80443ecfaac83bb62d927cd24eaf37ed63150d012b8b6f12ab5c6daf68461219232832ddca

Download Submit
C:\Windows\SysWOW64\FastUserSwitchingCompatibility.dll

Filesize
234KB

MD5
83bba8acfad137f758de66c217ce14da

SHA1
400dacfeba2b64ed8e33344d1174daa174b641b1

SHA256
205c4e60ed9f9fb3f362050d1ccfae57613f501d84057772e12a9b98ad894b32

SHA512
34b6e3f630ad90762177da9d7dc3023c047ced93daa1727582290c80443ecfaac83bb62d927cd24eaf37ed63150d012b8b6f12ab5c6daf68461219232832ddca

Download Submit
C:\Windows\SysWOW64\Irmon.dll

Filesize
234KB

MD5
83bba8acfad137f758de66c217ce14da

SHA1
400dacfeba2b64ed8e33344d1174daa174b641b1

SHA256
205c4e60ed9f9fb3f362050d1ccfae57613f501d84057772e12a9b98ad894b32

SHA512
34b6e3f630ad90762177da9d7dc3023c047ced93daa1727582290c80443ecfaac83bb62d927cd24eaf37ed63150d012b8b6f12ab5c6daf68461219232832ddca

Download Submit
C:\Windows\SysWOW64\Irmon.dll

Filesize
234KB

MD5
83bba8acfad137f758de66c217ce14da

SHA1
400dacfeba2b64ed8e33344d1174daa174b641b1

SHA256
205c4e60ed9f9fb3f362050d1ccfae57613f501d84057772e12a9b98ad894b32

SHA512
34b6e3f630ad90762177da9d7dc3023c047ced93daa1727582290c80443ecfaac83bb62d927cd24eaf37ed63150d012b8b6f12ab5c6daf68461219232832ddca

Download Submit
C:\Windows\SysWOW64\Irmon.dll

Filesize
234KB

MD5
83bba8acfad137f758de66c217ce14da

SHA1
400dacfeba2b64ed8e33344d1174daa174b641b1

SHA256
205c4e60ed9f9fb3f362050d1ccfae57613f501d84057772e12a9b98ad894b32

SHA512
34b6e3f630ad90762177da9d7dc3023c047ced93daa1727582290c80443ecfaac83bb62d927cd24eaf37ed63150d012b8b6f12ab5c6daf68461219232832ddca

Download Submit
C:\Windows\SysWOW64\LogonHours.dll

Filesize
234KB

MD5
83bba8acfad137f758de66c217ce14da

SHA1
400dacfeba2b64ed8e33344d1174daa174b641b1

SHA256
205c4e60ed9f9fb3f362050d1ccfae57613f501d84057772e12a9b98ad894b32

SHA512
34b6e3f630ad90762177da9d7dc3023c047ced93daa1727582290c80443ecfaac83bb62d927cd24eaf37ed63150d012b8b6f12ab5c6daf68461219232832ddca

Download Submit
C:\Windows\SysWOW64\LogonHours.dll

Filesize
234KB

MD5
83bba8acfad137f758de66c217ce14da

SHA1
400dacfeba2b64ed8e33344d1174daa174b641b1

SHA256
205c4e60ed9f9fb3f362050d1ccfae57613f501d84057772e12a9b98ad894b32

SHA512
34b6e3f630ad90762177da9d7dc3023c047ced93daa1727582290c80443ecfaac83bb62d927cd24eaf37ed63150d012b8b6f12ab5c6daf68461219232832ddca

Download Submit
C:\Windows\SysWOW64\LogonHours.dll

Filesize
234KB

MD5
83bba8acfad137f758de66c217ce14da

SHA1
400dacfeba2b64ed8e33344d1174daa174b641b1

SHA256
205c4e60ed9f9fb3f362050d1ccfae57613f501d84057772e12a9b98ad894b32

SHA512
34b6e3f630ad90762177da9d7dc3023c047ced93daa1727582290c80443ecfaac83bb62d927cd24eaf37ed63150d012b8b6f12ab5c6daf68461219232832ddca

Download Submit
C:\Windows\SysWOW64\NWCWorkstation.dll

Filesize
234KB

MD5
83bba8acfad137f758de66c217ce14da

SHA1
400dacfeba2b64ed8e33344d1174daa174b641b1

SHA256
205c4e60ed9f9fb3f362050d1ccfae57613f501d84057772e12a9b98ad894b32

SHA512
34b6e3f630ad90762177da9d7dc3023c047ced93daa1727582290c80443ecfaac83bb62d927cd24eaf37ed63150d012b8b6f12ab5c6daf68461219232832ddca

Download Submit
C:\Windows\SysWOW64\NWCWorkstation.dll

Filesize
234KB

MD5
83bba8acfad137f758de66c217ce14da

SHA1
400dacfeba2b64ed8e33344d1174daa174b641b1

SHA256
205c4e60ed9f9fb3f362050d1ccfae57613f501d84057772e12a9b98ad894b32

SHA512
34b6e3f630ad90762177da9d7dc3023c047ced93daa1727582290c80443ecfaac83bb62d927cd24eaf37ed63150d012b8b6f12ab5c6daf68461219232832ddca

Download Submit
C:\Windows\SysWOW64\NWCWorkstation.dll

Filesize
234KB

MD5
83bba8acfad137f758de66c217ce14da

SHA1
400dacfeba2b64ed8e33344d1174daa174b641b1

SHA256
205c4e60ed9f9fb3f362050d1ccfae57613f501d84057772e12a9b98ad894b32

SHA512
34b6e3f630ad90762177da9d7dc3023c047ced93daa1727582290c80443ecfaac83bb62d927cd24eaf37ed63150d012b8b6f12ab5c6daf68461219232832ddca

Download Submit
C:\Windows\SysWOW64\Nla.dll

Filesize
234KB

MD5
83bba8acfad137f758de66c217ce14da

SHA1
400dacfeba2b64ed8e33344d1174daa174b641b1

SHA256
205c4e60ed9f9fb3f362050d1ccfae57613f501d84057772e12a9b98ad894b32

SHA512
34b6e3f630ad90762177da9d7dc3023c047ced93daa1727582290c80443ecfaac83bb62d927cd24eaf37ed63150d012b8b6f12ab5c6daf68461219232832ddca

Download Submit
C:\Windows\SysWOW64\Nla.dll

Filesize
234KB

MD5
83bba8acfad137f758de66c217ce14da

SHA1
400dacfeba2b64ed8e33344d1174daa174b641b1

SHA256
205c4e60ed9f9fb3f362050d1ccfae57613f501d84057772e12a9b98ad894b32

SHA512
34b6e3f630ad90762177da9d7dc3023c047ced93daa1727582290c80443ecfaac83bb62d927cd24eaf37ed63150d012b8b6f12ab5c6daf68461219232832ddca

Download Submit
C:\Windows\SysWOW64\Nla.dll

Filesize
234KB

MD5
83bba8acfad137f758de66c217ce14da

SHA1
400dacfeba2b64ed8e33344d1174daa174b641b1

SHA256
205c4e60ed9f9fb3f362050d1ccfae57613f501d84057772e12a9b98ad894b32

SHA512
34b6e3f630ad90762177da9d7dc3023c047ced93daa1727582290c80443ecfaac83bb62d927cd24eaf37ed63150d012b8b6f12ab5c6daf68461219232832ddca

Download Submit
C:\Windows\SysWOW64\Ntmssvc.dll

Filesize
234KB

MD5
83bba8acfad137f758de66c217ce14da

SHA1
400dacfeba2b64ed8e33344d1174daa174b641b1

SHA256
205c4e60ed9f9fb3f362050d1ccfae57613f501d84057772e12a9b98ad894b32

SHA512
34b6e3f630ad90762177da9d7dc3023c047ced93daa1727582290c80443ecfaac83bb62d927cd24eaf37ed63150d012b8b6f12ab5c6daf68461219232832ddca

Download Submit
C:\Windows\SysWOW64\Ntmssvc.dll

Filesize
234KB

MD5
83bba8acfad137f758de66c217ce14da

SHA1
400dacfeba2b64ed8e33344d1174daa174b641b1

SHA256
205c4e60ed9f9fb3f362050d1ccfae57613f501d84057772e12a9b98ad894b32

SHA512
34b6e3f630ad90762177da9d7dc3023c047ced93daa1727582290c80443ecfaac83bb62d927cd24eaf37ed63150d012b8b6f12ab5c6daf68461219232832ddca

Download Submit
C:\Windows\SysWOW64\Ntmssvc.dll

Filesize
234KB

MD5
83bba8acfad137f758de66c217ce14da

SHA1
400dacfeba2b64ed8e33344d1174daa174b641b1

SHA256
205c4e60ed9f9fb3f362050d1ccfae57613f501d84057772e12a9b98ad894b32

SHA512
34b6e3f630ad90762177da9d7dc3023c047ced93daa1727582290c80443ecfaac83bb62d927cd24eaf37ed63150d012b8b6f12ab5c6daf68461219232832ddca

Download Submit
C:\Windows\SysWOW64\Nwsapagent.dll

Filesize
234KB

MD5
83bba8acfad137f758de66c217ce14da

SHA1
400dacfeba2b64ed8e33344d1174daa174b641b1

SHA256
205c4e60ed9f9fb3f362050d1ccfae57613f501d84057772e12a9b98ad894b32

SHA512
34b6e3f630ad90762177da9d7dc3023c047ced93daa1727582290c80443ecfaac83bb62d927cd24eaf37ed63150d012b8b6f12ab5c6daf68461219232832ddca

Download Submit
C:\Windows\SysWOW64\Nwsapagent.dll

Filesize
234KB

MD5
83bba8acfad137f758de66c217ce14da

SHA1
400dacfeba2b64ed8e33344d1174daa174b641b1

SHA256
205c4e60ed9f9fb3f362050d1ccfae57613f501d84057772e12a9b98ad894b32

SHA512
34b6e3f630ad90762177da9d7dc3023c047ced93daa1727582290c80443ecfaac83bb62d927cd24eaf37ed63150d012b8b6f12ab5c6daf68461219232832ddca

Download Submit
C:\Windows\SysWOW64\Nwsapagent.dll

Filesize
234KB

MD5
83bba8acfad137f758de66c217ce14da

SHA1
400dacfeba2b64ed8e33344d1174daa174b641b1

SHA256
205c4e60ed9f9fb3f362050d1ccfae57613f501d84057772e12a9b98ad894b32

SHA512
34b6e3f630ad90762177da9d7dc3023c047ced93daa1727582290c80443ecfaac83bb62d927cd24eaf37ed63150d012b8b6f12ab5c6daf68461219232832ddca

Download Submit
C:\Windows\SysWOW64\PCAudit.dll

Filesize
234KB

MD5
83bba8acfad137f758de66c217ce14da

SHA1
400dacfeba2b64ed8e33344d1174daa174b641b1

SHA256
205c4e60ed9f9fb3f362050d1ccfae57613f501d84057772e12a9b98ad894b32

SHA512
34b6e3f630ad90762177da9d7dc3023c047ced93daa1727582290c80443ecfaac83bb62d927cd24eaf37ed63150d012b8b6f12ab5c6daf68461219232832ddca

Download Submit
C:\Windows\SysWOW64\PCAudit.dll

Filesize
234KB

MD5
83bba8acfad137f758de66c217ce14da

SHA1
400dacfeba2b64ed8e33344d1174daa174b641b1

SHA256
205c4e60ed9f9fb3f362050d1ccfae57613f501d84057772e12a9b98ad894b32

SHA512
34b6e3f630ad90762177da9d7dc3023c047ced93daa1727582290c80443ecfaac83bb62d927cd24eaf37ed63150d012b8b6f12ab5c6daf68461219232832ddca

Download Submit
C:\Windows\SysWOW64\PCAudit.dll

Filesize
234KB

MD5
83bba8acfad137f758de66c217ce14da

SHA1
400dacfeba2b64ed8e33344d1174daa174b641b1

SHA256
205c4e60ed9f9fb3f362050d1ccfae57613f501d84057772e12a9b98ad894b32

SHA512
34b6e3f630ad90762177da9d7dc3023c047ced93daa1727582290c80443ecfaac83bb62d927cd24eaf37ed63150d012b8b6f12ab5c6daf68461219232832ddca

Download Submit
C:\Windows\SysWOW64\PCAudit.dll

Filesize
234KB

MD5
83bba8acfad137f758de66c217ce14da

SHA1
400dacfeba2b64ed8e33344d1174daa174b641b1

SHA256
205c4e60ed9f9fb3f362050d1ccfae57613f501d84057772e12a9b98ad894b32

SHA512
34b6e3f630ad90762177da9d7dc3023c047ced93daa1727582290c80443ecfaac83bb62d927cd24eaf37ed63150d012b8b6f12ab5c6daf68461219232832ddca

Download Submit
C:\Windows\SysWOW64\PCAudit.dll

Filesize
234KB

MD5
83bba8acfad137f758de66c217ce14da

SHA1
400dacfeba2b64ed8e33344d1174daa174b641b1

SHA256
205c4e60ed9f9fb3f362050d1ccfae57613f501d84057772e12a9b98ad894b32

SHA512
34b6e3f630ad90762177da9d7dc3023c047ced93daa1727582290c80443ecfaac83bb62d927cd24eaf37ed63150d012b8b6f12ab5c6daf68461219232832ddca

Download Submit
C:\Windows\SysWOW64\PCAudit.dll

Filesize
234KB

MD5
83bba8acfad137f758de66c217ce14da

SHA1
400dacfeba2b64ed8e33344d1174daa174b641b1

SHA256
205c4e60ed9f9fb3f362050d1ccfae57613f501d84057772e12a9b98ad894b32

SHA512
34b6e3f630ad90762177da9d7dc3023c047ced93daa1727582290c80443ecfaac83bb62d927cd24eaf37ed63150d012b8b6f12ab5c6daf68461219232832ddca

Download Submit
C:\Windows\SysWOW64\SRService.dll

Filesize
234KB

MD5
83bba8acfad137f758de66c217ce14da

SHA1
400dacfeba2b64ed8e33344d1174daa174b641b1

SHA256
205c4e60ed9f9fb3f362050d1ccfae57613f501d84057772e12a9b98ad894b32

SHA512
34b6e3f630ad90762177da9d7dc3023c047ced93daa1727582290c80443ecfaac83bb62d927cd24eaf37ed63150d012b8b6f12ab5c6daf68461219232832ddca

Download Submit
C:\Windows\SysWOW64\SRService.dll

Filesize
234KB

MD5
83bba8acfad137f758de66c217ce14da

SHA1
400dacfeba2b64ed8e33344d1174daa174b641b1

SHA256
205c4e60ed9f9fb3f362050d1ccfae57613f501d84057772e12a9b98ad894b32

SHA512
34b6e3f630ad90762177da9d7dc3023c047ced93daa1727582290c80443ecfaac83bb62d927cd24eaf37ed63150d012b8b6f12ab5c6daf68461219232832ddca

Download Submit
C:\Windows\SysWOW64\SRService.dll

Filesize
234KB

MD5
83bba8acfad137f758de66c217ce14da

SHA1
400dacfeba2b64ed8e33344d1174daa174b641b1

SHA256
205c4e60ed9f9fb3f362050d1ccfae57613f501d84057772e12a9b98ad894b32

SHA512
34b6e3f630ad90762177da9d7dc3023c047ced93daa1727582290c80443ecfaac83bb62d927cd24eaf37ed63150d012b8b6f12ab5c6daf68461219232832ddca

Download Submit
C:\Windows\SysWOW64\WmdmPmSp.dll

Filesize
234KB

MD5
83bba8acfad137f758de66c217ce14da

SHA1
400dacfeba2b64ed8e33344d1174daa174b641b1

SHA256
205c4e60ed9f9fb3f362050d1ccfae57613f501d84057772e12a9b98ad894b32

SHA512
34b6e3f630ad90762177da9d7dc3023c047ced93daa1727582290c80443ecfaac83bb62d927cd24eaf37ed63150d012b8b6f12ab5c6daf68461219232832ddca

Download Submit
C:\Windows\SysWOW64\WmdmPmSp.dll

Filesize
234KB

MD5
83bba8acfad137f758de66c217ce14da

SHA1
400dacfeba2b64ed8e33344d1174daa174b641b1

SHA256
205c4e60ed9f9fb3f362050d1ccfae57613f501d84057772e12a9b98ad894b32

SHA512
34b6e3f630ad90762177da9d7dc3023c047ced93daa1727582290c80443ecfaac83bb62d927cd24eaf37ed63150d012b8b6f12ab5c6daf68461219232832ddca

Download Submit
C:\Windows\SysWOW64\WmdmPmSp.dll

Filesize
234KB

MD5
83bba8acfad137f758de66c217ce14da

SHA1
400dacfeba2b64ed8e33344d1174daa174b641b1

SHA256
205c4e60ed9f9fb3f362050d1ccfae57613f501d84057772e12a9b98ad894b32

SHA512
34b6e3f630ad90762177da9d7dc3023c047ced93daa1727582290c80443ecfaac83bb62d927cd24eaf37ed63150d012b8b6f12ab5c6daf68461219232832ddca

Download Submit
C:\Windows\SysWOW64\helpsvc.dll

Filesize
234KB

MD5
83bba8acfad137f758de66c217ce14da

SHA1
400dacfeba2b64ed8e33344d1174daa174b641b1

SHA256
205c4e60ed9f9fb3f362050d1ccfae57613f501d84057772e12a9b98ad894b32

SHA512
34b6e3f630ad90762177da9d7dc3023c047ced93daa1727582290c80443ecfaac83bb62d927cd24eaf37ed63150d012b8b6f12ab5c6daf68461219232832ddca

Download Submit
C:\Windows\SysWOW64\helpsvc.dll

Filesize
234KB

MD5
83bba8acfad137f758de66c217ce14da

SHA1
400dacfeba2b64ed8e33344d1174daa174b641b1

SHA256
205c4e60ed9f9fb3f362050d1ccfae57613f501d84057772e12a9b98ad894b32

SHA512
34b6e3f630ad90762177da9d7dc3023c047ced93daa1727582290c80443ecfaac83bb62d927cd24eaf37ed63150d012b8b6f12ab5c6daf68461219232832ddca

Download Submit
C:\Windows\SysWOW64\helpsvc.dll

Filesize
234KB

MD5
83bba8acfad137f758de66c217ce14da

SHA1
400dacfeba2b64ed8e33344d1174daa174b641b1

SHA256
205c4e60ed9f9fb3f362050d1ccfae57613f501d84057772e12a9b98ad894b32

SHA512
34b6e3f630ad90762177da9d7dc3023c047ced93daa1727582290c80443ecfaac83bb62d927cd24eaf37ed63150d012b8b6f12ab5c6daf68461219232832ddca

Download Submit
C:\Windows\SysWOW64\uploadmgr.dll

Filesize
234KB

MD5
83bba8acfad137f758de66c217ce14da

SHA1
400dacfeba2b64ed8e33344d1174daa174b641b1

SHA256
205c4e60ed9f9fb3f362050d1ccfae57613f501d84057772e12a9b98ad894b32

SHA512
34b6e3f630ad90762177da9d7dc3023c047ced93daa1727582290c80443ecfaac83bb62d927cd24eaf37ed63150d012b8b6f12ab5c6daf68461219232832ddca

Download Submit
C:\Windows\SysWOW64\uploadmgr.dll

Filesize
234KB

MD5
83bba8acfad137f758de66c217ce14da

SHA1
400dacfeba2b64ed8e33344d1174daa174b641b1

SHA256
205c4e60ed9f9fb3f362050d1ccfae57613f501d84057772e12a9b98ad894b32

SHA512
34b6e3f630ad90762177da9d7dc3023c047ced93daa1727582290c80443ecfaac83bb62d927cd24eaf37ed63150d012b8b6f12ab5c6daf68461219232832ddca

Download Submit
C:\Windows\SysWOW64\uploadmgr.dll

Filesize
234KB

MD5
83bba8acfad137f758de66c217ce14da

SHA1
400dacfeba2b64ed8e33344d1174daa174b641b1

SHA256
205c4e60ed9f9fb3f362050d1ccfae57613f501d84057772e12a9b98ad894b32

SHA512
34b6e3f630ad90762177da9d7dc3023c047ced93daa1727582290c80443ecfaac83bb62d927cd24eaf37ed63150d012b8b6f12ab5c6daf68461219232832ddca

Download Submit
C:\Windows\SysWOW64\uploadmgr.dll

Filesize
234KB

MD5
83bba8acfad137f758de66c217ce14da

SHA1
400dacfeba2b64ed8e33344d1174daa174b641b1

SHA256
205c4e60ed9f9fb3f362050d1ccfae57613f501d84057772e12a9b98ad894b32

SHA512
34b6e3f630ad90762177da9d7dc3023c047ced93daa1727582290c80443ecfaac83bb62d927cd24eaf37ed63150d012b8b6f12ab5c6daf68461219232832ddca

Download Submit
C:\Windows\SysWOW64\uploadmgr.dll

Filesize
234KB

MD5
83bba8acfad137f758de66c217ce14da

SHA1
400dacfeba2b64ed8e33344d1174daa174b641b1

SHA256
205c4e60ed9f9fb3f362050d1ccfae57613f501d84057772e12a9b98ad894b32

SHA512
34b6e3f630ad90762177da9d7dc3023c047ced93daa1727582290c80443ecfaac83bb62d927cd24eaf37ed63150d012b8b6f12ab5c6daf68461219232832ddca

Download Submit
C:\Windows\SysWOW64\uploadmgr.dll

Filesize
234KB

MD5
83bba8acfad137f758de66c217ce14da

SHA1
400dacfeba2b64ed8e33344d1174daa174b641b1

SHA256
205c4e60ed9f9fb3f362050d1ccfae57613f501d84057772e12a9b98ad894b32

SHA512
34b6e3f630ad90762177da9d7dc3023c047ced93daa1727582290c80443ecfaac83bb62d927cd24eaf37ed63150d012b8b6f12ab5c6daf68461219232832ddca

Download Submit
\??\c:\windows\SysWOW64\fastuserswitchingcompatibility.dll

Filesize
234KB

MD5
83bba8acfad137f758de66c217ce14da

SHA1
400dacfeba2b64ed8e33344d1174daa174b641b1

SHA256
205c4e60ed9f9fb3f362050d1ccfae57613f501d84057772e12a9b98ad894b32

SHA512
34b6e3f630ad90762177da9d7dc3023c047ced93daa1727582290c80443ecfaac83bb62d927cd24eaf37ed63150d012b8b6f12ab5c6daf68461219232832ddca

Download Submit
\??\c:\windows\SysWOW64\helpsvc.dll

Filesize
234KB

MD5
83bba8acfad137f758de66c217ce14da

SHA1
400dacfeba2b64ed8e33344d1174daa174b641b1

SHA256
205c4e60ed9f9fb3f362050d1ccfae57613f501d84057772e12a9b98ad894b32

SHA512
34b6e3f630ad90762177da9d7dc3023c047ced93daa1727582290c80443ecfaac83bb62d927cd24eaf37ed63150d012b8b6f12ab5c6daf68461219232832ddca

Download Submit
\??\c:\windows\SysWOW64\irmon.dll

Filesize
234KB

MD5
83bba8acfad137f758de66c217ce14da

SHA1
400dacfeba2b64ed8e33344d1174daa174b641b1

SHA256
205c4e60ed9f9fb3f362050d1ccfae57613f501d84057772e12a9b98ad894b32

SHA512
34b6e3f630ad90762177da9d7dc3023c047ced93daa1727582290c80443ecfaac83bb62d927cd24eaf37ed63150d012b8b6f12ab5c6daf68461219232832ddca

Download Submit
\??\c:\windows\SysWOW64\logonhours.dll

Filesize
234KB

MD5
83bba8acfad137f758de66c217ce14da

SHA1
400dacfeba2b64ed8e33344d1174daa174b641b1

SHA256
205c4e60ed9f9fb3f362050d1ccfae57613f501d84057772e12a9b98ad894b32

SHA512
34b6e3f630ad90762177da9d7dc3023c047ced93daa1727582290c80443ecfaac83bb62d927cd24eaf37ed63150d012b8b6f12ab5c6daf68461219232832ddca

Download Submit
\??\c:\windows\SysWOW64\nla.dll

Filesize
234KB

MD5
83bba8acfad137f758de66c217ce14da

SHA1
400dacfeba2b64ed8e33344d1174daa174b641b1

SHA256
205c4e60ed9f9fb3f362050d1ccfae57613f501d84057772e12a9b98ad894b32

SHA512
34b6e3f630ad90762177da9d7dc3023c047ced93daa1727582290c80443ecfaac83bb62d927cd24eaf37ed63150d012b8b6f12ab5c6daf68461219232832ddca

Download Submit
\??\c:\windows\SysWOW64\ntmssvc.dll

Filesize
234KB

MD5
83bba8acfad137f758de66c217ce14da

SHA1
400dacfeba2b64ed8e33344d1174daa174b641b1

SHA256
205c4e60ed9f9fb3f362050d1ccfae57613f501d84057772e12a9b98ad894b32

SHA512
34b6e3f630ad90762177da9d7dc3023c047ced93daa1727582290c80443ecfaac83bb62d927cd24eaf37ed63150d012b8b6f12ab5c6daf68461219232832ddca

Download Submit
\??\c:\windows\SysWOW64\nwcworkstation.dll

Filesize
234KB

MD5
83bba8acfad137f758de66c217ce14da

SHA1
400dacfeba2b64ed8e33344d1174daa174b641b1

SHA256
205c4e60ed9f9fb3f362050d1ccfae57613f501d84057772e12a9b98ad894b32

SHA512
34b6e3f630ad90762177da9d7dc3023c047ced93daa1727582290c80443ecfaac83bb62d927cd24eaf37ed63150d012b8b6f12ab5c6daf68461219232832ddca

Download Submit
\??\c:\windows\SysWOW64\nwsapagent.dll

Filesize
234KB

MD5
83bba8acfad137f758de66c217ce14da

SHA1
400dacfeba2b64ed8e33344d1174daa174b641b1

SHA256
205c4e60ed9f9fb3f362050d1ccfae57613f501d84057772e12a9b98ad894b32

SHA512
34b6e3f630ad90762177da9d7dc3023c047ced93daa1727582290c80443ecfaac83bb62d927cd24eaf37ed63150d012b8b6f12ab5c6daf68461219232832ddca

Download Submit
\??\c:\windows\SysWOW64\pcaudit.dll

Filesize
234KB

MD5
83bba8acfad137f758de66c217ce14da

SHA1
400dacfeba2b64ed8e33344d1174daa174b641b1

SHA256
205c4e60ed9f9fb3f362050d1ccfae57613f501d84057772e12a9b98ad894b32

SHA512
34b6e3f630ad90762177da9d7dc3023c047ced93daa1727582290c80443ecfaac83bb62d927cd24eaf37ed63150d012b8b6f12ab5c6daf68461219232832ddca

Download Submit
\??\c:\windows\SysWOW64\srservice.dll

Filesize
234KB

MD5
83bba8acfad137f758de66c217ce14da

SHA1
400dacfeba2b64ed8e33344d1174daa174b641b1

SHA256
205c4e60ed9f9fb3f362050d1ccfae57613f501d84057772e12a9b98ad894b32

SHA512
34b6e3f630ad90762177da9d7dc3023c047ced93daa1727582290c80443ecfaac83bb62d927cd24eaf37ed63150d012b8b6f12ab5c6daf68461219232832ddca

Download Submit
\??\c:\windows\SysWOW64\uploadmgr.dll

Filesize
234KB

MD5
83bba8acfad137f758de66c217ce14da

SHA1
400dacfeba2b64ed8e33344d1174daa174b641b1

SHA256
205c4e60ed9f9fb3f362050d1ccfae57613f501d84057772e12a9b98ad894b32

SHA512
34b6e3f630ad90762177da9d7dc3023c047ced93daa1727582290c80443ecfaac83bb62d927cd24eaf37ed63150d012b8b6f12ab5c6daf68461219232832ddca

Download Submit
\??\c:\windows\SysWOW64\wmdmpmsp.dll

Filesize
234KB

MD5
83bba8acfad137f758de66c217ce14da

SHA1
400dacfeba2b64ed8e33344d1174daa174b641b1

SHA256
205c4e60ed9f9fb3f362050d1ccfae57613f501d84057772e12a9b98ad894b32

SHA512
34b6e3f630ad90762177da9d7dc3023c047ced93daa1727582290c80443ecfaac83bb62d927cd24eaf37ed63150d012b8b6f12ab5c6daf68461219232832ddca

Download Submit
memory/1868-132-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/1868-133-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/1868-134-0x00000000022D0000-0x00000000062D0000-memory.dmp

Filesize
64.0MB

Download
memory/1868-147-0x00000000022D0000-0x00000000062D0000-memory.dmp

Filesize
64.0MB

Download
memory/1868-190-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download