883b77bafb72a4753b8c830cd92edb837fd22d91ad0f7494b88fbfd00aac29a9

Analysis

max time kernel
107s
max time network
182s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
20/10/2022, 02:06

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

883b77bafb72a4753b8c830cd92edb837fd22d91ad0f7494b88fbfd00aac29a9.exe
Size

139KB
MD5

78a51910b693f57e570f132cc75a6f80
SHA1

d63812571c59c440661481b5db49ffa4b4dffdc7
SHA256

883b77bafb72a4753b8c830cd92edb837fd22d91ad0f7494b88fbfd00aac29a9
SHA512

bd1130afd9c2f9a81e695a66379b42669ccfcc6c94dbe7312440f37307aaa33236b8ed5a18d7b1dc27e1d865be15c9e314cd8839bcbc4978214f8ef7ec0a0683
SSDEEP

3072:XMq3qCEqUTIzWodffH/oDYmKqdIkyygR7Lxnf4gNP:cq3q9bT1oxPwEmDdO3t4gl

Score

8^/10

persistence

Malware Config

Signatures

Sets DLL path for service in the registry 2 TTPs 14 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Ntmssvc\Parameters\ServiceDll = "C:\\Windows\\system32\\Ntmssvc.dll"	883b77bafb72a4753b8c830cd92edb837fd22d91ad0f7494b88fbfd00aac29a9.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Wmi\Parameters\ServiceDll = "C:\\Windows\\system32\\Wmi.dll"	883b77bafb72a4753b8c830cd92edb837fd22d91ad0f7494b88fbfd00aac29a9.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\LogonHours\Parameters\ServiceDll = "C:\\Windows\\system32\\LogonHours.dll"	883b77bafb72a4753b8c830cd92edb837fd22d91ad0f7494b88fbfd00aac29a9.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\helpsvc\Parameters\ServiceDll = "C:\\Windows\\system32\\helpsvc.dll"	883b77bafb72a4753b8c830cd92edb837fd22d91ad0f7494b88fbfd00aac29a9.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Nla\Parameters\ServiceDll = "C:\\Windows\\system32\\Nla.dll"	883b77bafb72a4753b8c830cd92edb837fd22d91ad0f7494b88fbfd00aac29a9.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Nwsapagent\Parameters\ServiceDll = "C:\\Windows\\system32\\Nwsapagent.dll"	883b77bafb72a4753b8c830cd92edb837fd22d91ad0f7494b88fbfd00aac29a9.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SRService\Parameters\ServiceDll = "C:\\Windows\\system32\\SRService.dll"	883b77bafb72a4753b8c830cd92edb837fd22d91ad0f7494b88fbfd00aac29a9.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WmdmPmSp\Parameters\ServiceDll = "C:\\Windows\\system32\\WmdmPmSp.dll"	883b77bafb72a4753b8c830cd92edb837fd22d91ad0f7494b88fbfd00aac29a9.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\PCAudit\Parameters\ServiceDll = "C:\\Windows\\system32\\PCAudit.dll"	883b77bafb72a4753b8c830cd92edb837fd22d91ad0f7494b88fbfd00aac29a9.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\FastUserSwitchingCompatibility\Parameters\ServiceDll = "C:\\Windows\\system32\\FastUserSwitchingCompatibility.dll"	883b77bafb72a4753b8c830cd92edb837fd22d91ad0f7494b88fbfd00aac29a9.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Ias\Parameters\ServiceDll = "C:\\Windows\\system32\\Ias.dll"	883b77bafb72a4753b8c830cd92edb837fd22d91ad0f7494b88fbfd00aac29a9.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\uploadmgr\Parameters\ServiceDll = "C:\\Windows\\system32\\uploadmgr.dll"	883b77bafb72a4753b8c830cd92edb837fd22d91ad0f7494b88fbfd00aac29a9.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Irmon\Parameters\ServiceDll = "C:\\Windows\\system32\\Irmon.dll"	883b77bafb72a4753b8c830cd92edb837fd22d91ad0f7494b88fbfd00aac29a9.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\NWCWorkstation\Parameters\ServiceDll = "C:\\Windows\\system32\\NWCWorkstation.dll"	883b77bafb72a4753b8c830cd92edb837fd22d91ad0f7494b88fbfd00aac29a9.exe

Loads dropped DLL 39 IoCs

pid	Process
4260	svchost.exe
4260	svchost.exe
4260	svchost.exe
1220	svchost.exe
1220	svchost.exe
1220	svchost.exe
2744	svchost.exe
2744	svchost.exe
2744	svchost.exe
3084	svchost.exe
3084	svchost.exe
3084	svchost.exe
3780	svchost.exe
3780	svchost.exe
3780	svchost.exe
3780	svchost.exe
3780	svchost.exe
3780	svchost.exe
5012	svchost.exe
5012	svchost.exe
5012	svchost.exe
4900	svchost.exe
4900	svchost.exe
4900	svchost.exe
3644	svchost.exe
3644	svchost.exe
3644	svchost.exe
2428	svchost.exe
2428	svchost.exe
2428	svchost.exe
1168	svchost.exe
1168	svchost.exe
1168	svchost.exe
2732	svchost.exe
2732	svchost.exe
2732	svchost.exe
3656	svchost.exe
3656	svchost.exe
3656	svchost.exe

Drops file in System32 directory 14 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\Ias.dll	883b77bafb72a4753b8c830cd92edb837fd22d91ad0f7494b88fbfd00aac29a9.exe
File opened for modification	C:\Windows\SysWOW64\WmdmPmSp.dll	883b77bafb72a4753b8c830cd92edb837fd22d91ad0f7494b88fbfd00aac29a9.exe
File opened for modification	C:\Windows\SysWOW64\FastUserSwitchingCompatibility.dll	883b77bafb72a4753b8c830cd92edb837fd22d91ad0f7494b88fbfd00aac29a9.exe
File opened for modification	C:\Windows\SysWOW64\Nla.dll	883b77bafb72a4753b8c830cd92edb837fd22d91ad0f7494b88fbfd00aac29a9.exe
File opened for modification	C:\Windows\SysWOW64\Nwsapagent.dll	883b77bafb72a4753b8c830cd92edb837fd22d91ad0f7494b88fbfd00aac29a9.exe
File opened for modification	C:\Windows\SysWOW64\PCAudit.dll	883b77bafb72a4753b8c830cd92edb837fd22d91ad0f7494b88fbfd00aac29a9.exe
File opened for modification	C:\Windows\SysWOW64\Irmon.dll	883b77bafb72a4753b8c830cd92edb837fd22d91ad0f7494b88fbfd00aac29a9.exe
File opened for modification	C:\Windows\SysWOW64\Ntmssvc.dll	883b77bafb72a4753b8c830cd92edb837fd22d91ad0f7494b88fbfd00aac29a9.exe
File opened for modification	C:\Windows\SysWOW64\SRService.dll	883b77bafb72a4753b8c830cd92edb837fd22d91ad0f7494b88fbfd00aac29a9.exe
File opened for modification	C:\Windows\SysWOW64\Wmi.dll	883b77bafb72a4753b8c830cd92edb837fd22d91ad0f7494b88fbfd00aac29a9.exe
File opened for modification	C:\Windows\SysWOW64\LogonHours.dll	883b77bafb72a4753b8c830cd92edb837fd22d91ad0f7494b88fbfd00aac29a9.exe
File opened for modification	C:\Windows\SysWOW64\uploadmgr.dll	883b77bafb72a4753b8c830cd92edb837fd22d91ad0f7494b88fbfd00aac29a9.exe
File opened for modification	C:\Windows\SysWOW64\NWCWorkstation.dll	883b77bafb72a4753b8c830cd92edb837fd22d91ad0f7494b88fbfd00aac29a9.exe
File opened for modification	C:\Windows\SysWOW64\helpsvc.dll	883b77bafb72a4753b8c830cd92edb837fd22d91ad0f7494b88fbfd00aac29a9.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3852	883b77bafb72a4753b8c830cd92edb837fd22d91ad0f7494b88fbfd00aac29a9.exe
3852	883b77bafb72a4753b8c830cd92edb837fd22d91ad0f7494b88fbfd00aac29a9.exe

C:\Users\Admin\AppData\Local\Temp\883b77bafb72a4753b8c830cd92edb837fd22d91ad0f7494b88fbfd00aac29a9.exe
"C:\Users\Admin\AppData\Local\Temp\883b77bafb72a4753b8c830cd92edb837fd22d91ad0f7494b88fbfd00aac29a9.exe"
1⤵
- Sets DLL path for service in the registry
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
PID:3852

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs -s FastUserSwitchingCompatibility
1⤵
- Loads dropped DLL
PID:4260

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs -s Irmon
1⤵
- Loads dropped DLL
PID:1220

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs -s Nla
1⤵
- Loads dropped DLL
PID:2744

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs -s Ntmssvc
1⤵
- Loads dropped DLL
PID:3084

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs -s NWCWorkstation
1⤵
- Loads dropped DLL
PID:3780

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs -s Nwsapagent
1⤵
- Loads dropped DLL
PID:5012

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs -s SRService
1⤵
- Loads dropped DLL
PID:4900

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs -s WmdmPmSp
1⤵
- Loads dropped DLL
PID:3644

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs -s LogonHours
1⤵
- Loads dropped DLL
PID:2428

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs -s PCAudit
1⤵
- Loads dropped DLL
PID:1168

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs -s helpsvc
1⤵
- Loads dropped DLL
PID:2732

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs -s uploadmgr
1⤵
- Loads dropped DLL
PID:3656

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\FastUserSwitchingCompatibility.dll

Filesize
139KB

MD5
0b610abfd736123bb9ea233965bc919e

SHA1
ab07392d6effcb594ce92936fee625009fd72296

SHA256
488f155a6075d5ecd010941847622f4354e36816f52c64221453cc2c33f26068

SHA512
5d38f611d5936671f11311ef65037ccc7f79e0b1c7462a1ec3f86192518ff7510df2c79ed26b8e7da55bd64ba26cf8c470abac3fe4155129a3dc1231b64309f8

Download Submit
C:\Windows\SysWOW64\FastUserSwitchingCompatibility.dll

Filesize
139KB

MD5
0b610abfd736123bb9ea233965bc919e

SHA1
ab07392d6effcb594ce92936fee625009fd72296

SHA256
488f155a6075d5ecd010941847622f4354e36816f52c64221453cc2c33f26068

SHA512
5d38f611d5936671f11311ef65037ccc7f79e0b1c7462a1ec3f86192518ff7510df2c79ed26b8e7da55bd64ba26cf8c470abac3fe4155129a3dc1231b64309f8

Download Submit
C:\Windows\SysWOW64\FastUserSwitchingCompatibility.dll

Filesize
139KB

MD5
0b610abfd736123bb9ea233965bc919e

SHA1
ab07392d6effcb594ce92936fee625009fd72296

SHA256
488f155a6075d5ecd010941847622f4354e36816f52c64221453cc2c33f26068

SHA512
5d38f611d5936671f11311ef65037ccc7f79e0b1c7462a1ec3f86192518ff7510df2c79ed26b8e7da55bd64ba26cf8c470abac3fe4155129a3dc1231b64309f8

Download Submit
C:\Windows\SysWOW64\Irmon.dll

Filesize
139KB

MD5
0b610abfd736123bb9ea233965bc919e

SHA1
ab07392d6effcb594ce92936fee625009fd72296

SHA256
488f155a6075d5ecd010941847622f4354e36816f52c64221453cc2c33f26068

SHA512
5d38f611d5936671f11311ef65037ccc7f79e0b1c7462a1ec3f86192518ff7510df2c79ed26b8e7da55bd64ba26cf8c470abac3fe4155129a3dc1231b64309f8

Download Submit
C:\Windows\SysWOW64\Irmon.dll

Filesize
139KB

MD5
0b610abfd736123bb9ea233965bc919e

SHA1
ab07392d6effcb594ce92936fee625009fd72296

SHA256
488f155a6075d5ecd010941847622f4354e36816f52c64221453cc2c33f26068

SHA512
5d38f611d5936671f11311ef65037ccc7f79e0b1c7462a1ec3f86192518ff7510df2c79ed26b8e7da55bd64ba26cf8c470abac3fe4155129a3dc1231b64309f8

Download Submit
C:\Windows\SysWOW64\Irmon.dll

Filesize
139KB

MD5
0b610abfd736123bb9ea233965bc919e

SHA1
ab07392d6effcb594ce92936fee625009fd72296

SHA256
488f155a6075d5ecd010941847622f4354e36816f52c64221453cc2c33f26068

SHA512
5d38f611d5936671f11311ef65037ccc7f79e0b1c7462a1ec3f86192518ff7510df2c79ed26b8e7da55bd64ba26cf8c470abac3fe4155129a3dc1231b64309f8

Download Submit
C:\Windows\SysWOW64\LogonHours.dll

Filesize
139KB

MD5
0b610abfd736123bb9ea233965bc919e

SHA1
ab07392d6effcb594ce92936fee625009fd72296

SHA256
488f155a6075d5ecd010941847622f4354e36816f52c64221453cc2c33f26068

SHA512
5d38f611d5936671f11311ef65037ccc7f79e0b1c7462a1ec3f86192518ff7510df2c79ed26b8e7da55bd64ba26cf8c470abac3fe4155129a3dc1231b64309f8

Download Submit
C:\Windows\SysWOW64\LogonHours.dll

Filesize
139KB

MD5
0b610abfd736123bb9ea233965bc919e

SHA1
ab07392d6effcb594ce92936fee625009fd72296

SHA256
488f155a6075d5ecd010941847622f4354e36816f52c64221453cc2c33f26068

SHA512
5d38f611d5936671f11311ef65037ccc7f79e0b1c7462a1ec3f86192518ff7510df2c79ed26b8e7da55bd64ba26cf8c470abac3fe4155129a3dc1231b64309f8

Download Submit
C:\Windows\SysWOW64\LogonHours.dll

Filesize
139KB

MD5
0b610abfd736123bb9ea233965bc919e

SHA1
ab07392d6effcb594ce92936fee625009fd72296

SHA256
488f155a6075d5ecd010941847622f4354e36816f52c64221453cc2c33f26068

SHA512
5d38f611d5936671f11311ef65037ccc7f79e0b1c7462a1ec3f86192518ff7510df2c79ed26b8e7da55bd64ba26cf8c470abac3fe4155129a3dc1231b64309f8

Download Submit
C:\Windows\SysWOW64\NWCWorkstation.dll

Filesize
139KB

MD5
0b610abfd736123bb9ea233965bc919e

SHA1
ab07392d6effcb594ce92936fee625009fd72296

SHA256
488f155a6075d5ecd010941847622f4354e36816f52c64221453cc2c33f26068

SHA512
5d38f611d5936671f11311ef65037ccc7f79e0b1c7462a1ec3f86192518ff7510df2c79ed26b8e7da55bd64ba26cf8c470abac3fe4155129a3dc1231b64309f8

Download Submit
C:\Windows\SysWOW64\NWCWorkstation.dll

Filesize
139KB

MD5
0b610abfd736123bb9ea233965bc919e

SHA1
ab07392d6effcb594ce92936fee625009fd72296

SHA256
488f155a6075d5ecd010941847622f4354e36816f52c64221453cc2c33f26068

SHA512
5d38f611d5936671f11311ef65037ccc7f79e0b1c7462a1ec3f86192518ff7510df2c79ed26b8e7da55bd64ba26cf8c470abac3fe4155129a3dc1231b64309f8

Download Submit
C:\Windows\SysWOW64\NWCWorkstation.dll

Filesize
139KB

MD5
0b610abfd736123bb9ea233965bc919e

SHA1
ab07392d6effcb594ce92936fee625009fd72296

SHA256
488f155a6075d5ecd010941847622f4354e36816f52c64221453cc2c33f26068

SHA512
5d38f611d5936671f11311ef65037ccc7f79e0b1c7462a1ec3f86192518ff7510df2c79ed26b8e7da55bd64ba26cf8c470abac3fe4155129a3dc1231b64309f8

Download Submit
C:\Windows\SysWOW64\NWCWorkstation.dll

Filesize
139KB

MD5
0b610abfd736123bb9ea233965bc919e

SHA1
ab07392d6effcb594ce92936fee625009fd72296

SHA256
488f155a6075d5ecd010941847622f4354e36816f52c64221453cc2c33f26068

SHA512
5d38f611d5936671f11311ef65037ccc7f79e0b1c7462a1ec3f86192518ff7510df2c79ed26b8e7da55bd64ba26cf8c470abac3fe4155129a3dc1231b64309f8

Download Submit
C:\Windows\SysWOW64\NWCWorkstation.dll

Filesize
139KB

MD5
0b610abfd736123bb9ea233965bc919e

SHA1
ab07392d6effcb594ce92936fee625009fd72296

SHA256
488f155a6075d5ecd010941847622f4354e36816f52c64221453cc2c33f26068

SHA512
5d38f611d5936671f11311ef65037ccc7f79e0b1c7462a1ec3f86192518ff7510df2c79ed26b8e7da55bd64ba26cf8c470abac3fe4155129a3dc1231b64309f8

Download Submit
C:\Windows\SysWOW64\NWCWorkstation.dll

Filesize
139KB

MD5
0b610abfd736123bb9ea233965bc919e

SHA1
ab07392d6effcb594ce92936fee625009fd72296

SHA256
488f155a6075d5ecd010941847622f4354e36816f52c64221453cc2c33f26068

SHA512
5d38f611d5936671f11311ef65037ccc7f79e0b1c7462a1ec3f86192518ff7510df2c79ed26b8e7da55bd64ba26cf8c470abac3fe4155129a3dc1231b64309f8

Download Submit
C:\Windows\SysWOW64\Nla.dll

Filesize
139KB

MD5
0b610abfd736123bb9ea233965bc919e

SHA1
ab07392d6effcb594ce92936fee625009fd72296

SHA256
488f155a6075d5ecd010941847622f4354e36816f52c64221453cc2c33f26068

SHA512
5d38f611d5936671f11311ef65037ccc7f79e0b1c7462a1ec3f86192518ff7510df2c79ed26b8e7da55bd64ba26cf8c470abac3fe4155129a3dc1231b64309f8

Download Submit
C:\Windows\SysWOW64\Nla.dll

Filesize
139KB

MD5
0b610abfd736123bb9ea233965bc919e

SHA1
ab07392d6effcb594ce92936fee625009fd72296

SHA256
488f155a6075d5ecd010941847622f4354e36816f52c64221453cc2c33f26068

SHA512
5d38f611d5936671f11311ef65037ccc7f79e0b1c7462a1ec3f86192518ff7510df2c79ed26b8e7da55bd64ba26cf8c470abac3fe4155129a3dc1231b64309f8

Download Submit
C:\Windows\SysWOW64\Nla.dll

Filesize
139KB

MD5
0b610abfd736123bb9ea233965bc919e

SHA1
ab07392d6effcb594ce92936fee625009fd72296

SHA256
488f155a6075d5ecd010941847622f4354e36816f52c64221453cc2c33f26068

SHA512
5d38f611d5936671f11311ef65037ccc7f79e0b1c7462a1ec3f86192518ff7510df2c79ed26b8e7da55bd64ba26cf8c470abac3fe4155129a3dc1231b64309f8

Download Submit
C:\Windows\SysWOW64\Ntmssvc.dll

Filesize
139KB

MD5
0b610abfd736123bb9ea233965bc919e

SHA1
ab07392d6effcb594ce92936fee625009fd72296

SHA256
488f155a6075d5ecd010941847622f4354e36816f52c64221453cc2c33f26068

SHA512
5d38f611d5936671f11311ef65037ccc7f79e0b1c7462a1ec3f86192518ff7510df2c79ed26b8e7da55bd64ba26cf8c470abac3fe4155129a3dc1231b64309f8

Download Submit
C:\Windows\SysWOW64\Ntmssvc.dll

Filesize
139KB

MD5
0b610abfd736123bb9ea233965bc919e

SHA1
ab07392d6effcb594ce92936fee625009fd72296

SHA256
488f155a6075d5ecd010941847622f4354e36816f52c64221453cc2c33f26068

SHA512
5d38f611d5936671f11311ef65037ccc7f79e0b1c7462a1ec3f86192518ff7510df2c79ed26b8e7da55bd64ba26cf8c470abac3fe4155129a3dc1231b64309f8

Download Submit
C:\Windows\SysWOW64\Ntmssvc.dll

Filesize
139KB

MD5
0b610abfd736123bb9ea233965bc919e

SHA1
ab07392d6effcb594ce92936fee625009fd72296

SHA256
488f155a6075d5ecd010941847622f4354e36816f52c64221453cc2c33f26068

SHA512
5d38f611d5936671f11311ef65037ccc7f79e0b1c7462a1ec3f86192518ff7510df2c79ed26b8e7da55bd64ba26cf8c470abac3fe4155129a3dc1231b64309f8

Download Submit
C:\Windows\SysWOW64\Nwsapagent.dll

Filesize
139KB

MD5
0b610abfd736123bb9ea233965bc919e

SHA1
ab07392d6effcb594ce92936fee625009fd72296

SHA256
488f155a6075d5ecd010941847622f4354e36816f52c64221453cc2c33f26068

SHA512
5d38f611d5936671f11311ef65037ccc7f79e0b1c7462a1ec3f86192518ff7510df2c79ed26b8e7da55bd64ba26cf8c470abac3fe4155129a3dc1231b64309f8

Download Submit
C:\Windows\SysWOW64\Nwsapagent.dll

Filesize
139KB

MD5
0b610abfd736123bb9ea233965bc919e

SHA1
ab07392d6effcb594ce92936fee625009fd72296

SHA256
488f155a6075d5ecd010941847622f4354e36816f52c64221453cc2c33f26068

SHA512
5d38f611d5936671f11311ef65037ccc7f79e0b1c7462a1ec3f86192518ff7510df2c79ed26b8e7da55bd64ba26cf8c470abac3fe4155129a3dc1231b64309f8

Download Submit
C:\Windows\SysWOW64\Nwsapagent.dll

Filesize
139KB

MD5
0b610abfd736123bb9ea233965bc919e

SHA1
ab07392d6effcb594ce92936fee625009fd72296

SHA256
488f155a6075d5ecd010941847622f4354e36816f52c64221453cc2c33f26068

SHA512
5d38f611d5936671f11311ef65037ccc7f79e0b1c7462a1ec3f86192518ff7510df2c79ed26b8e7da55bd64ba26cf8c470abac3fe4155129a3dc1231b64309f8

Download Submit
C:\Windows\SysWOW64\PCAudit.dll

Filesize
139KB

MD5
0b610abfd736123bb9ea233965bc919e

SHA1
ab07392d6effcb594ce92936fee625009fd72296

SHA256
488f155a6075d5ecd010941847622f4354e36816f52c64221453cc2c33f26068

SHA512
5d38f611d5936671f11311ef65037ccc7f79e0b1c7462a1ec3f86192518ff7510df2c79ed26b8e7da55bd64ba26cf8c470abac3fe4155129a3dc1231b64309f8

Download Submit
C:\Windows\SysWOW64\PCAudit.dll

Filesize
139KB

MD5
0b610abfd736123bb9ea233965bc919e

SHA1
ab07392d6effcb594ce92936fee625009fd72296

SHA256
488f155a6075d5ecd010941847622f4354e36816f52c64221453cc2c33f26068

SHA512
5d38f611d5936671f11311ef65037ccc7f79e0b1c7462a1ec3f86192518ff7510df2c79ed26b8e7da55bd64ba26cf8c470abac3fe4155129a3dc1231b64309f8

Download Submit
C:\Windows\SysWOW64\PCAudit.dll

Filesize
139KB

MD5
0b610abfd736123bb9ea233965bc919e

SHA1
ab07392d6effcb594ce92936fee625009fd72296

SHA256
488f155a6075d5ecd010941847622f4354e36816f52c64221453cc2c33f26068

SHA512
5d38f611d5936671f11311ef65037ccc7f79e0b1c7462a1ec3f86192518ff7510df2c79ed26b8e7da55bd64ba26cf8c470abac3fe4155129a3dc1231b64309f8

Download Submit
C:\Windows\SysWOW64\SRService.dll

Filesize
139KB

MD5
0b610abfd736123bb9ea233965bc919e

SHA1
ab07392d6effcb594ce92936fee625009fd72296

SHA256
488f155a6075d5ecd010941847622f4354e36816f52c64221453cc2c33f26068

SHA512
5d38f611d5936671f11311ef65037ccc7f79e0b1c7462a1ec3f86192518ff7510df2c79ed26b8e7da55bd64ba26cf8c470abac3fe4155129a3dc1231b64309f8

Download Submit
C:\Windows\SysWOW64\SRService.dll

Filesize
139KB

MD5
0b610abfd736123bb9ea233965bc919e

SHA1
ab07392d6effcb594ce92936fee625009fd72296

SHA256
488f155a6075d5ecd010941847622f4354e36816f52c64221453cc2c33f26068

SHA512
5d38f611d5936671f11311ef65037ccc7f79e0b1c7462a1ec3f86192518ff7510df2c79ed26b8e7da55bd64ba26cf8c470abac3fe4155129a3dc1231b64309f8

Download Submit
C:\Windows\SysWOW64\SRService.dll

Filesize
139KB

MD5
0b610abfd736123bb9ea233965bc919e

SHA1
ab07392d6effcb594ce92936fee625009fd72296

SHA256
488f155a6075d5ecd010941847622f4354e36816f52c64221453cc2c33f26068

SHA512
5d38f611d5936671f11311ef65037ccc7f79e0b1c7462a1ec3f86192518ff7510df2c79ed26b8e7da55bd64ba26cf8c470abac3fe4155129a3dc1231b64309f8

Download Submit
C:\Windows\SysWOW64\WmdmPmSp.dll

Filesize
139KB

MD5
0b610abfd736123bb9ea233965bc919e

SHA1
ab07392d6effcb594ce92936fee625009fd72296

SHA256
488f155a6075d5ecd010941847622f4354e36816f52c64221453cc2c33f26068

SHA512
5d38f611d5936671f11311ef65037ccc7f79e0b1c7462a1ec3f86192518ff7510df2c79ed26b8e7da55bd64ba26cf8c470abac3fe4155129a3dc1231b64309f8

Download Submit
C:\Windows\SysWOW64\WmdmPmSp.dll

Filesize
139KB

MD5
0b610abfd736123bb9ea233965bc919e

SHA1
ab07392d6effcb594ce92936fee625009fd72296

SHA256
488f155a6075d5ecd010941847622f4354e36816f52c64221453cc2c33f26068

SHA512
5d38f611d5936671f11311ef65037ccc7f79e0b1c7462a1ec3f86192518ff7510df2c79ed26b8e7da55bd64ba26cf8c470abac3fe4155129a3dc1231b64309f8

Download Submit
C:\Windows\SysWOW64\WmdmPmSp.dll

Filesize
139KB

MD5
0b610abfd736123bb9ea233965bc919e

SHA1
ab07392d6effcb594ce92936fee625009fd72296

SHA256
488f155a6075d5ecd010941847622f4354e36816f52c64221453cc2c33f26068

SHA512
5d38f611d5936671f11311ef65037ccc7f79e0b1c7462a1ec3f86192518ff7510df2c79ed26b8e7da55bd64ba26cf8c470abac3fe4155129a3dc1231b64309f8

Download Submit
C:\Windows\SysWOW64\helpsvc.dll

Filesize
139KB

MD5
0b610abfd736123bb9ea233965bc919e

SHA1
ab07392d6effcb594ce92936fee625009fd72296

SHA256
488f155a6075d5ecd010941847622f4354e36816f52c64221453cc2c33f26068

SHA512
5d38f611d5936671f11311ef65037ccc7f79e0b1c7462a1ec3f86192518ff7510df2c79ed26b8e7da55bd64ba26cf8c470abac3fe4155129a3dc1231b64309f8

Download Submit
C:\Windows\SysWOW64\helpsvc.dll

Filesize
139KB

MD5
0b610abfd736123bb9ea233965bc919e

SHA1
ab07392d6effcb594ce92936fee625009fd72296

SHA256
488f155a6075d5ecd010941847622f4354e36816f52c64221453cc2c33f26068

SHA512
5d38f611d5936671f11311ef65037ccc7f79e0b1c7462a1ec3f86192518ff7510df2c79ed26b8e7da55bd64ba26cf8c470abac3fe4155129a3dc1231b64309f8

Download Submit
C:\Windows\SysWOW64\helpsvc.dll

Filesize
139KB

MD5
0b610abfd736123bb9ea233965bc919e

SHA1
ab07392d6effcb594ce92936fee625009fd72296

SHA256
488f155a6075d5ecd010941847622f4354e36816f52c64221453cc2c33f26068

SHA512
5d38f611d5936671f11311ef65037ccc7f79e0b1c7462a1ec3f86192518ff7510df2c79ed26b8e7da55bd64ba26cf8c470abac3fe4155129a3dc1231b64309f8

Download Submit
C:\Windows\SysWOW64\uploadmgr.dll

Filesize
139KB

MD5
0b610abfd736123bb9ea233965bc919e

SHA1
ab07392d6effcb594ce92936fee625009fd72296

SHA256
488f155a6075d5ecd010941847622f4354e36816f52c64221453cc2c33f26068

SHA512
5d38f611d5936671f11311ef65037ccc7f79e0b1c7462a1ec3f86192518ff7510df2c79ed26b8e7da55bd64ba26cf8c470abac3fe4155129a3dc1231b64309f8

Download Submit
C:\Windows\SysWOW64\uploadmgr.dll

Filesize
139KB

MD5
0b610abfd736123bb9ea233965bc919e

SHA1
ab07392d6effcb594ce92936fee625009fd72296

SHA256
488f155a6075d5ecd010941847622f4354e36816f52c64221453cc2c33f26068

SHA512
5d38f611d5936671f11311ef65037ccc7f79e0b1c7462a1ec3f86192518ff7510df2c79ed26b8e7da55bd64ba26cf8c470abac3fe4155129a3dc1231b64309f8

Download Submit
C:\Windows\SysWOW64\uploadmgr.dll

Filesize
139KB

MD5
0b610abfd736123bb9ea233965bc919e

SHA1
ab07392d6effcb594ce92936fee625009fd72296

SHA256
488f155a6075d5ecd010941847622f4354e36816f52c64221453cc2c33f26068

SHA512
5d38f611d5936671f11311ef65037ccc7f79e0b1c7462a1ec3f86192518ff7510df2c79ed26b8e7da55bd64ba26cf8c470abac3fe4155129a3dc1231b64309f8

Download Submit
\??\c:\windows\SysWOW64\fastuserswitchingcompatibility.dll

Filesize
139KB

MD5
0b610abfd736123bb9ea233965bc919e

SHA1
ab07392d6effcb594ce92936fee625009fd72296

SHA256
488f155a6075d5ecd010941847622f4354e36816f52c64221453cc2c33f26068

SHA512
5d38f611d5936671f11311ef65037ccc7f79e0b1c7462a1ec3f86192518ff7510df2c79ed26b8e7da55bd64ba26cf8c470abac3fe4155129a3dc1231b64309f8

Download Submit
\??\c:\windows\SysWOW64\helpsvc.dll

Filesize
139KB

MD5
0b610abfd736123bb9ea233965bc919e

SHA1
ab07392d6effcb594ce92936fee625009fd72296

SHA256
488f155a6075d5ecd010941847622f4354e36816f52c64221453cc2c33f26068

SHA512
5d38f611d5936671f11311ef65037ccc7f79e0b1c7462a1ec3f86192518ff7510df2c79ed26b8e7da55bd64ba26cf8c470abac3fe4155129a3dc1231b64309f8

Download Submit
\??\c:\windows\SysWOW64\irmon.dll

Filesize
139KB

MD5
0b610abfd736123bb9ea233965bc919e

SHA1
ab07392d6effcb594ce92936fee625009fd72296

SHA256
488f155a6075d5ecd010941847622f4354e36816f52c64221453cc2c33f26068

SHA512
5d38f611d5936671f11311ef65037ccc7f79e0b1c7462a1ec3f86192518ff7510df2c79ed26b8e7da55bd64ba26cf8c470abac3fe4155129a3dc1231b64309f8

Download Submit
\??\c:\windows\SysWOW64\logonhours.dll

Filesize
139KB

MD5
0b610abfd736123bb9ea233965bc919e

SHA1
ab07392d6effcb594ce92936fee625009fd72296

SHA256
488f155a6075d5ecd010941847622f4354e36816f52c64221453cc2c33f26068

SHA512
5d38f611d5936671f11311ef65037ccc7f79e0b1c7462a1ec3f86192518ff7510df2c79ed26b8e7da55bd64ba26cf8c470abac3fe4155129a3dc1231b64309f8

Download Submit
\??\c:\windows\SysWOW64\nla.dll

Filesize
139KB

MD5
0b610abfd736123bb9ea233965bc919e

SHA1
ab07392d6effcb594ce92936fee625009fd72296

SHA256
488f155a6075d5ecd010941847622f4354e36816f52c64221453cc2c33f26068

SHA512
5d38f611d5936671f11311ef65037ccc7f79e0b1c7462a1ec3f86192518ff7510df2c79ed26b8e7da55bd64ba26cf8c470abac3fe4155129a3dc1231b64309f8

Download Submit
\??\c:\windows\SysWOW64\ntmssvc.dll

Filesize
139KB

MD5
0b610abfd736123bb9ea233965bc919e

SHA1
ab07392d6effcb594ce92936fee625009fd72296

SHA256
488f155a6075d5ecd010941847622f4354e36816f52c64221453cc2c33f26068

SHA512
5d38f611d5936671f11311ef65037ccc7f79e0b1c7462a1ec3f86192518ff7510df2c79ed26b8e7da55bd64ba26cf8c470abac3fe4155129a3dc1231b64309f8

Download Submit
\??\c:\windows\SysWOW64\nwcworkstation.dll

Filesize
139KB

MD5
0b610abfd736123bb9ea233965bc919e

SHA1
ab07392d6effcb594ce92936fee625009fd72296

SHA256
488f155a6075d5ecd010941847622f4354e36816f52c64221453cc2c33f26068

SHA512
5d38f611d5936671f11311ef65037ccc7f79e0b1c7462a1ec3f86192518ff7510df2c79ed26b8e7da55bd64ba26cf8c470abac3fe4155129a3dc1231b64309f8

Download Submit
\??\c:\windows\SysWOW64\nwsapagent.dll

Filesize
139KB

MD5
0b610abfd736123bb9ea233965bc919e

SHA1
ab07392d6effcb594ce92936fee625009fd72296

SHA256
488f155a6075d5ecd010941847622f4354e36816f52c64221453cc2c33f26068

SHA512
5d38f611d5936671f11311ef65037ccc7f79e0b1c7462a1ec3f86192518ff7510df2c79ed26b8e7da55bd64ba26cf8c470abac3fe4155129a3dc1231b64309f8

Download Submit
\??\c:\windows\SysWOW64\pcaudit.dll

Filesize
139KB

MD5
0b610abfd736123bb9ea233965bc919e

SHA1
ab07392d6effcb594ce92936fee625009fd72296

SHA256
488f155a6075d5ecd010941847622f4354e36816f52c64221453cc2c33f26068

SHA512
5d38f611d5936671f11311ef65037ccc7f79e0b1c7462a1ec3f86192518ff7510df2c79ed26b8e7da55bd64ba26cf8c470abac3fe4155129a3dc1231b64309f8

Download Submit
\??\c:\windows\SysWOW64\srservice.dll

Filesize
139KB

MD5
0b610abfd736123bb9ea233965bc919e

SHA1
ab07392d6effcb594ce92936fee625009fd72296

SHA256
488f155a6075d5ecd010941847622f4354e36816f52c64221453cc2c33f26068

SHA512
5d38f611d5936671f11311ef65037ccc7f79e0b1c7462a1ec3f86192518ff7510df2c79ed26b8e7da55bd64ba26cf8c470abac3fe4155129a3dc1231b64309f8

Download Submit
\??\c:\windows\SysWOW64\uploadmgr.dll

Filesize
139KB

MD5
0b610abfd736123bb9ea233965bc919e

SHA1
ab07392d6effcb594ce92936fee625009fd72296

SHA256
488f155a6075d5ecd010941847622f4354e36816f52c64221453cc2c33f26068

SHA512
5d38f611d5936671f11311ef65037ccc7f79e0b1c7462a1ec3f86192518ff7510df2c79ed26b8e7da55bd64ba26cf8c470abac3fe4155129a3dc1231b64309f8

Download Submit
\??\c:\windows\SysWOW64\wmdmpmsp.dll

Filesize
139KB

MD5
0b610abfd736123bb9ea233965bc919e

SHA1
ab07392d6effcb594ce92936fee625009fd72296

SHA256
488f155a6075d5ecd010941847622f4354e36816f52c64221453cc2c33f26068

SHA512
5d38f611d5936671f11311ef65037ccc7f79e0b1c7462a1ec3f86192518ff7510df2c79ed26b8e7da55bd64ba26cf8c470abac3fe4155129a3dc1231b64309f8

Download Submit
memory/3852-132-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/3852-135-0x00000000026F0000-0x00000000066F0000-memory.dmp

Filesize
64.0MB

Download
memory/3852-146-0x00000000026F0000-0x00000000066F0000-memory.dmp

Filesize
64.0MB

Download