0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf

Analysis

max time kernel
41s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
26/10/2022, 22:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe
Size

17.6MB
MD5

225bc0288488af176cb9e9cd870bbed4
SHA1

7a1aa113896bb9665ae2f2253d56e54b11e1797d
SHA256

0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf
SHA512

15e46aa7d5e7f94ad35e5bed5c2039dd10298ee3ca3a52040bbfbeddf670031df3b78ac51d7ee5c39af66d7cb32d7b27266be3071b309abc241287dad1715f3f
SSDEEP

393216:VGsxacUdcfF/WB7cJQdk7iG95yfxOwDatwyRViUWA:VGsic987cJiKNTcxOwOtNRVlT

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 12 IoCs

pid	Process
980	pcit.exe
2004	pcit.exe
892	pcit.exe
1712	pcit.exe
1792	pcit.exe
564	bbclp.exe
1204	pcit.exe
1812	pcit.exe
1140	pcit.exe
668	pcit.exe
1036	pcit.exe
924	pcit.exe

Loads dropped DLL 64 IoCs

pid	Process
1660	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe
1660	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe
1660	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe
1660	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe
1660	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe
1660	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe
980	pcit.exe
980	pcit.exe
980	pcit.exe
1660	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe
1660	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe
1660	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe
1660	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe
2004	pcit.exe
2004	pcit.exe
2004	pcit.exe
1660	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe
1660	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe
1660	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe
1660	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe
1660	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe
892	pcit.exe
892	pcit.exe
892	pcit.exe
1660	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe
1660	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe
1660	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe
1660	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe
1712	pcit.exe
1712	pcit.exe
1712	pcit.exe
1660	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe
1660	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe
1660	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe
1660	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe
1792	pcit.exe
1792	pcit.exe
1792	pcit.exe
1660	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe
1660	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe
1660	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe
1660	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe
1660	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe
1660	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe
1660	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe
1660	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe
1660	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe
1204	pcit.exe
1204	pcit.exe
1204	pcit.exe
1660	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe
1660	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe
1660	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe
1660	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe
1812	pcit.exe
1812	pcit.exe
1812	pcit.exe
1660	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe
1660	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe
1660	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe
1660	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe
1140	pcit.exe
1140	pcit.exe
1140	pcit.exe

Drops file in System32 directory 52 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\GLBSINST.%$D	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe
File opened for modification	C:\Windows\SysWOW64\Pclient\blLog.dll	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe
File opened for modification	C:\Windows\SysWOW64\Pclient\devmgr.dll	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe
File created	C:\Windows\SysWOW64\Pclient\~GLH0015.TMP	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe
File opened for modification	C:\Windows\SysWOW64\Pclient\iobios125.dll	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe
File created	C:\Windows\SysWOW64\Pclient\~GLH001c.TMP	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe
File opened for modification	C:\Windows\SysWOW64\Pclient\nmfmgr.dll	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe
File created	C:\Windows\SysWOW64\Pclient\~GLH0020.TMP	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe
File opened for modification	C:\Windows\SysWOW64\Pclient\ats.xml	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe
File created	C:\Windows\SysWOW64\Pclient\~GLH0023.TMP	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe
File opened for modification	C:\Windows\SysWOW64\Pclient\ftdump.xml	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe
File created	C:\Windows\SysWOW64\Pclient\~GLH0014.TMP	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe
File created	C:\Windows\SysWOW64\Pclient\~GLH0019.TMP	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe
File opened for modification	C:\Windows\SysWOW64\Pclient\inf\nmfmgr.inf	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe
File created	C:\Windows\SysWOW64\Pclient\~GLH0021.TMP	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe
File created	C:\Windows\SysWOW64\Pclient\~GLH0024.TMP	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe
File created	C:\Windows\SysWOW64\Pclient\~GLH000d.TMP	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe
File opened for modification	C:\Windows\SysWOW64\Pclient\iobios.dll	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe
File created	C:\Windows\SysWOW64\Pclient\BrowseClassInfo\~GLH001b.TMP	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe
File opened for modification	C:\Windows\SysWOW64\Pclient\lpst.xml	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe
File created	C:\Windows\SysWOW64\Pclient\~GLH000e.TMP	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe
File created	C:\Windows\SysWOW64\Pclient\~GLH0010.TMP	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe
File created	C:\Windows\SysWOW64\Pclient\~GLH0011.TMP	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe
File opened for modification	C:\Windows\SysWOW64\Pclient\pfmtask.dll	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe
File opened for modification	C:\Windows\SysWOW64\Pclient\pnpmgr.dll	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe
File opened for modification	C:\Windows\SysWOW64\Pclient\scguardc.exe	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe
File created	C:\Windows\SysWOW64\Pclient\LanguageData\~GLH001a.TMP	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe
File opened for modification	C:\Windows\SysWOW64\Pclient\modules\GnacCltMgr.dll	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe
File created	C:\Windows\SysWOW64\Pclient\~GLH0022.TMP	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe
File opened for modification	C:\Windows\SysWOW64\Pclient\lps.xml	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe
File created	C:\Windows\SysWOW64\Pclient\~GLH000f.TMP	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe
File created	C:\Windows\SysWOW64\Pclient\~GLH0017.TMP	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe
File created	C:\Windows\SysWOW64\Pclient\~GLH0018.TMP	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe
File created	C:\Windows\SysWOW64\Pclient\inf\~GLH001e.TMP	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe
File opened for modification	C:\Windows\SysWOW64\Pclient\inf\nmfmgr_m.inf	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe
File opened for modification	C:\Windows\SysWOW64\Pclient\pfmcomm.dll	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe
File opened for modification	C:\Windows\SysWOW64\Pclient\sccltui.exe	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe
File opened for modification	C:\Windows\SysWOW64\Pclient\LanguageData\LanguageTranslate.xml	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe
File created	C:\Windows\SysWOW64\Pclient\inf\~GLH001f.TMP	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe
File opened for modification	C:\Windows\SysWOW64\Pclient\INSTALL.LOG	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe
File created	C:\Windows\SysWOW64\Pclient\~GLH000c.TMP	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe
File opened for modification	C:\Windows\SysWOW64\Pclient\pcit.exe	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe
File created	C:\Windows\SysWOW64\Pclient\~GLH0012.TMP	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe
File created	C:\Windows\SysWOW64\Pclient\~GLH0016.TMP	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe
File created	C:\Windows\SysWOW64\Pclient\INSTALL.LOG	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe
File opened for modification	C:\Windows\SysWOW64\Pclient\pfmscript.dll	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe
File created	C:\Windows\SysWOW64\Pclient\~GLH0013.TMP	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe
File opened for modification	C:\Windows\SysWOW64\Pclient\scclient.exe	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe
File opened for modification	C:\Windows\SysWOW64\Pclient\pfmtransmit.dll	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe
File opened for modification	C:\Windows\SysWOW64\Pclient\BrowseClassInfo\CookiesInfo.xml	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe
File created	C:\Windows\SysWOW64\Pclient\modules\~GLH001d.TMP	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe
File opened for modification	C:\Windows\SysWOW64\Pclient\init.xml	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\GSC\install\PhenixClient.log	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe
File created	C:\Program Files (x86)\GSC\install\~GLBS383.TMP	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\~GLH000b.TMP	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe
File opened for modification	C:\Windows\bbclp.exe	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
1204	pcit.exe
1812	pcit.exe
1140	pcit.exe
668	pcit.exe
1036	pcit.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	1204	pcit.exe
Token: SeDebugPrivilege	1812	pcit.exe
Token: SeDebugPrivilege	1140	pcit.exe
Token: SeDebugPrivilege	668	pcit.exe
Token: SeDebugPrivilege	1036	pcit.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1660 wrote to memory of 980	1660	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe	28
PID 1660 wrote to memory of 980	1660	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe	28
PID 1660 wrote to memory of 980	1660	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe	28
PID 1660 wrote to memory of 980	1660	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe	28
PID 1660 wrote to memory of 980	1660	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe	28
PID 1660 wrote to memory of 980	1660	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe	28
PID 1660 wrote to memory of 980	1660	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe	28
PID 1660 wrote to memory of 2004	1660	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe	29
PID 1660 wrote to memory of 2004	1660	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe	29
PID 1660 wrote to memory of 2004	1660	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe	29
PID 1660 wrote to memory of 2004	1660	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe	29
PID 1660 wrote to memory of 2004	1660	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe	29
PID 1660 wrote to memory of 2004	1660	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe	29
PID 1660 wrote to memory of 2004	1660	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe	29
PID 1660 wrote to memory of 892	1660	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe	30
PID 1660 wrote to memory of 892	1660	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe	30
PID 1660 wrote to memory of 892	1660	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe	30
PID 1660 wrote to memory of 892	1660	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe	30
PID 1660 wrote to memory of 892	1660	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe	30
PID 1660 wrote to memory of 892	1660	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe	30
PID 1660 wrote to memory of 892	1660	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe	30
PID 1660 wrote to memory of 1712	1660	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe	31
PID 1660 wrote to memory of 1712	1660	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe	31
PID 1660 wrote to memory of 1712	1660	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe	31
PID 1660 wrote to memory of 1712	1660	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe	31
PID 1660 wrote to memory of 1712	1660	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe	31
PID 1660 wrote to memory of 1712	1660	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe	31
PID 1660 wrote to memory of 1712	1660	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe	31
PID 1660 wrote to memory of 1792	1660	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe	32
PID 1660 wrote to memory of 1792	1660	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe	32
PID 1660 wrote to memory of 1792	1660	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe	32
PID 1660 wrote to memory of 1792	1660	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe	32
PID 1660 wrote to memory of 1792	1660	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe	32
PID 1660 wrote to memory of 1792	1660	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe	32
PID 1660 wrote to memory of 1792	1660	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe	32
PID 1660 wrote to memory of 564	1660	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe	33
PID 1660 wrote to memory of 564	1660	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe	33
PID 1660 wrote to memory of 564	1660	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe	33
PID 1660 wrote to memory of 564	1660	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe	33
PID 1660 wrote to memory of 564	1660	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe	33
PID 1660 wrote to memory of 564	1660	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe	33
PID 1660 wrote to memory of 564	1660	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe	33
PID 1660 wrote to memory of 1204	1660	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe	34
PID 1660 wrote to memory of 1204	1660	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe	34
PID 1660 wrote to memory of 1204	1660	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe	34
PID 1660 wrote to memory of 1204	1660	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe	34
PID 1660 wrote to memory of 1204	1660	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe	34
PID 1660 wrote to memory of 1204	1660	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe	34
PID 1660 wrote to memory of 1204	1660	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe	34
PID 1660 wrote to memory of 1812	1660	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe	35
PID 1660 wrote to memory of 1812	1660	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe	35
PID 1660 wrote to memory of 1812	1660	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe	35
PID 1660 wrote to memory of 1812	1660	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe	35
PID 1660 wrote to memory of 1812	1660	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe	35
PID 1660 wrote to memory of 1812	1660	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe	35
PID 1660 wrote to memory of 1812	1660	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe	35
PID 1660 wrote to memory of 1140	1660	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe	36
PID 1660 wrote to memory of 1140	1660	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe	36
PID 1660 wrote to memory of 1140	1660	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe	36
PID 1660 wrote to memory of 1140	1660	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe	36
PID 1660 wrote to memory of 1140	1660	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe	36
PID 1660 wrote to memory of 1140	1660	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe	36
PID 1660 wrote to memory of 1140	1660	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe	36
PID 1660 wrote to memory of 668	1660	0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe	37

C:\Users\Admin\AppData\Local\Temp\0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe
"C:\Users\Admin\AppData\Local\Temp\0499d7df407fe47222db8b2faa8e3ced163ba7282a813a7b3f1982fd6972debf.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1660
- C:\PHENIX~1\pcit.exe
  "C:\PHENIX~1\pcit.exe" -ChkUsr
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:980
- C:\PHENIX~1\pcit.exe
  "C:\PHENIX~1\pcit.exe" -DelReg "HKEY_LOCAL_MACHINE" "SOFTWARE\Microsoft\Windows\CurrentVersion" "DomainSetup"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2004
- C:\PHENIX~1\pcit.exe
  "C:\PHENIX~1\pcit.exe" -xpe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:892
- C:\PHENIX~1\pcit.exe
  "C:\PHENIX~1\pcit.exe" -virtual
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1712
- C:\PHENIX~1\pcit.exe
  "C:\PHENIX~1\pcit.exe" -xpe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1792
- C:\Windows\bbclp.exe
  "C:\Windows\bbclp.exe"
  2⤵
  - Executes dropped EXE
  PID:564
- C:\PHENIX~1\pcit.exe
  "C:\PHENIX~1\pcit.exe" -k "C:\Windows\System32\Pclient\scguardc.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1204
- C:\PHENIX~1\pcit.exe
  "C:\PHENIX~1\pcit.exe" -k "C:\Windows\System32\Pclient\scclient.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1812
- C:\PHENIX~1\pcit.exe
  "C:\PHENIX~1\pcit.exe" -k "C:\Windows\System32\Pclient\sccltui.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1140
- C:\PHENIX~1\pcit.exe
  "C:\PHENIX~1\pcit.exe" -k "C:\Windows\System32\Pclient\Svctrl.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:668
- C:\PHENIX~1\pcit.exe
  "C:\PHENIX~1\pcit.exe" -k "C:\Windows\System32\Pclient\Block.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1036
- C:\PHENIX~1\pcit.exe
  "C:\PHENIX~1\pcit.exe" -cltbadpnpdlls 0
  2⤵
  - Executes dropped EXE
  PID:924

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PHENIX~1\blLog.dll

Filesize
258KB

MD5
65912adc3edc651f5087e8619e214723

SHA1
d01d724053835071a01b51e3a4b0c5249bfcab5d

SHA256
1bfcf9c9c71b15ad4cdd9b2693556fd8fe92b6dfcbe9f64b620ae7195b694892

SHA512
73ac9aaa64a443c30f053bbd192e07e19339692dcb627ea08f44d35e36a14705c8ee8b071d06c3e263465ff9640ec1029f28ff507336c7cfb98ec7d09e29eef2

Download Submit
C:\PHENIX~1\pcit.exe

Filesize
806KB

MD5
8c6700450e43fcac519167176310252c

SHA1
baee91a0bb20da76b0d4ae5b4e22c68b4e9fec35

SHA256
c0ed9ae250ecda69ff2fdd84c8f668a0f0c0ebda2b15201de8a021d5054fa1ba

SHA512
57e9353de34a311fcdc1a65b4b410ba3877f7cbb68226cd045862ad137679861b7cc41d975f78c22c3d6e25a97fe38e76355d06c29380b6c08dd32d0408acfcd

Download Submit
C:\PHENIX~1\pcit.exe

Filesize
806KB

MD5
8c6700450e43fcac519167176310252c

SHA1
baee91a0bb20da76b0d4ae5b4e22c68b4e9fec35

SHA256
c0ed9ae250ecda69ff2fdd84c8f668a0f0c0ebda2b15201de8a021d5054fa1ba

SHA512
57e9353de34a311fcdc1a65b4b410ba3877f7cbb68226cd045862ad137679861b7cc41d975f78c22c3d6e25a97fe38e76355d06c29380b6c08dd32d0408acfcd

Download Submit
C:\PHENIX~1\pcit.exe

Filesize
806KB

MD5
8c6700450e43fcac519167176310252c

SHA1
baee91a0bb20da76b0d4ae5b4e22c68b4e9fec35

SHA256
c0ed9ae250ecda69ff2fdd84c8f668a0f0c0ebda2b15201de8a021d5054fa1ba

SHA512
57e9353de34a311fcdc1a65b4b410ba3877f7cbb68226cd045862ad137679861b7cc41d975f78c22c3d6e25a97fe38e76355d06c29380b6c08dd32d0408acfcd

Download Submit
C:\PHENIX~1\pcit.exe

Filesize
806KB

MD5
8c6700450e43fcac519167176310252c

SHA1
baee91a0bb20da76b0d4ae5b4e22c68b4e9fec35

SHA256
c0ed9ae250ecda69ff2fdd84c8f668a0f0c0ebda2b15201de8a021d5054fa1ba

SHA512
57e9353de34a311fcdc1a65b4b410ba3877f7cbb68226cd045862ad137679861b7cc41d975f78c22c3d6e25a97fe38e76355d06c29380b6c08dd32d0408acfcd

Download Submit
C:\PHENIX~1\pcit.exe

Filesize
806KB

MD5
8c6700450e43fcac519167176310252c

SHA1
baee91a0bb20da76b0d4ae5b4e22c68b4e9fec35

SHA256
c0ed9ae250ecda69ff2fdd84c8f668a0f0c0ebda2b15201de8a021d5054fa1ba

SHA512
57e9353de34a311fcdc1a65b4b410ba3877f7cbb68226cd045862ad137679861b7cc41d975f78c22c3d6e25a97fe38e76355d06c29380b6c08dd32d0408acfcd

Download Submit
C:\PHENIX~1\pcit.exe

Filesize
806KB

MD5
8c6700450e43fcac519167176310252c

SHA1
baee91a0bb20da76b0d4ae5b4e22c68b4e9fec35

SHA256
c0ed9ae250ecda69ff2fdd84c8f668a0f0c0ebda2b15201de8a021d5054fa1ba

SHA512
57e9353de34a311fcdc1a65b4b410ba3877f7cbb68226cd045862ad137679861b7cc41d975f78c22c3d6e25a97fe38e76355d06c29380b6c08dd32d0408acfcd

Download Submit
C:\PHENIX~1\pcit.exe

Filesize
806KB

MD5
8c6700450e43fcac519167176310252c

SHA1
baee91a0bb20da76b0d4ae5b4e22c68b4e9fec35

SHA256
c0ed9ae250ecda69ff2fdd84c8f668a0f0c0ebda2b15201de8a021d5054fa1ba

SHA512
57e9353de34a311fcdc1a65b4b410ba3877f7cbb68226cd045862ad137679861b7cc41d975f78c22c3d6e25a97fe38e76355d06c29380b6c08dd32d0408acfcd

Download Submit
C:\PHENIX~1\pcit.exe

Filesize
806KB

MD5
8c6700450e43fcac519167176310252c

SHA1
baee91a0bb20da76b0d4ae5b4e22c68b4e9fec35

SHA256
c0ed9ae250ecda69ff2fdd84c8f668a0f0c0ebda2b15201de8a021d5054fa1ba

SHA512
57e9353de34a311fcdc1a65b4b410ba3877f7cbb68226cd045862ad137679861b7cc41d975f78c22c3d6e25a97fe38e76355d06c29380b6c08dd32d0408acfcd

Download Submit
C:\Windows\bbclp.exe

Filesize
150KB

MD5
bc0c7eb89e14bc9c4ff4eaf16119b244

SHA1
dc2e89e789c99ab7f31c097b34baa57fbe21af95

SHA256
766c540b11d84279662ccbbff2589a0d63764e37106139e2d3d9c86ecd0ad7a3

SHA512
09029d291b73936c3f9ed19ce173f407f41a4560a23c1f4630dd00e33c1912c25efe8056a0a764be396a4448e59edba34d16179841a29a65a71344963f5e37e4

Download Submit
\PHENIX_CLIENT\setuputl.dll

Filesize
742KB

MD5
34d21b5936b0b226e292c9905a423720

SHA1
32677e6291e51a8392085bbd9b089a8dd6e9e99f

SHA256
b97b687dde340b765fb2c0823a75f880bf38ad08955778c3e68d48fde4d7cef0

SHA512
66dd563c36cd7a0e76c5dd78fdfd3979b7ad18d01d486191e5bfab0b9c1a9e2682fbabc9b8a5da0910d21478f5842b3d103d24a7ca4010fabbddca1f3e822047

Download Submit
\PHENIX~1\blLog.dll

Filesize
258KB

MD5
65912adc3edc651f5087e8619e214723

SHA1
d01d724053835071a01b51e3a4b0c5249bfcab5d

SHA256
1bfcf9c9c71b15ad4cdd9b2693556fd8fe92b6dfcbe9f64b620ae7195b694892

SHA512
73ac9aaa64a443c30f053bbd192e07e19339692dcb627ea08f44d35e36a14705c8ee8b071d06c3e263465ff9640ec1029f28ff507336c7cfb98ec7d09e29eef2

Download Submit
\PHENIX~1\blLog.dll

Filesize
258KB

MD5
65912adc3edc651f5087e8619e214723

SHA1
d01d724053835071a01b51e3a4b0c5249bfcab5d

SHA256
1bfcf9c9c71b15ad4cdd9b2693556fd8fe92b6dfcbe9f64b620ae7195b694892

SHA512
73ac9aaa64a443c30f053bbd192e07e19339692dcb627ea08f44d35e36a14705c8ee8b071d06c3e263465ff9640ec1029f28ff507336c7cfb98ec7d09e29eef2

Download Submit
\PHENIX~1\blLog.dll

Filesize
258KB

MD5
65912adc3edc651f5087e8619e214723

SHA1
d01d724053835071a01b51e3a4b0c5249bfcab5d

SHA256
1bfcf9c9c71b15ad4cdd9b2693556fd8fe92b6dfcbe9f64b620ae7195b694892

SHA512
73ac9aaa64a443c30f053bbd192e07e19339692dcb627ea08f44d35e36a14705c8ee8b071d06c3e263465ff9640ec1029f28ff507336c7cfb98ec7d09e29eef2

Download Submit
\PHENIX~1\blLog.dll

Filesize
258KB

MD5
65912adc3edc651f5087e8619e214723

SHA1
d01d724053835071a01b51e3a4b0c5249bfcab5d

SHA256
1bfcf9c9c71b15ad4cdd9b2693556fd8fe92b6dfcbe9f64b620ae7195b694892

SHA512
73ac9aaa64a443c30f053bbd192e07e19339692dcb627ea08f44d35e36a14705c8ee8b071d06c3e263465ff9640ec1029f28ff507336c7cfb98ec7d09e29eef2

Download Submit
\PHENIX~1\blLog.dll

Filesize
258KB

MD5
65912adc3edc651f5087e8619e214723

SHA1
d01d724053835071a01b51e3a4b0c5249bfcab5d

SHA256
1bfcf9c9c71b15ad4cdd9b2693556fd8fe92b6dfcbe9f64b620ae7195b694892

SHA512
73ac9aaa64a443c30f053bbd192e07e19339692dcb627ea08f44d35e36a14705c8ee8b071d06c3e263465ff9640ec1029f28ff507336c7cfb98ec7d09e29eef2

Download Submit
\PHENIX~1\blLog.dll

Filesize
258KB

MD5
65912adc3edc651f5087e8619e214723

SHA1
d01d724053835071a01b51e3a4b0c5249bfcab5d

SHA256
1bfcf9c9c71b15ad4cdd9b2693556fd8fe92b6dfcbe9f64b620ae7195b694892

SHA512
73ac9aaa64a443c30f053bbd192e07e19339692dcb627ea08f44d35e36a14705c8ee8b071d06c3e263465ff9640ec1029f28ff507336c7cfb98ec7d09e29eef2

Download Submit
\PHENIX~1\pcit.exe

Filesize
806KB

MD5
8c6700450e43fcac519167176310252c

SHA1
baee91a0bb20da76b0d4ae5b4e22c68b4e9fec35

SHA256
c0ed9ae250ecda69ff2fdd84c8f668a0f0c0ebda2b15201de8a021d5054fa1ba

SHA512
57e9353de34a311fcdc1a65b4b410ba3877f7cbb68226cd045862ad137679861b7cc41d975f78c22c3d6e25a97fe38e76355d06c29380b6c08dd32d0408acfcd

Download Submit
\PHENIX~1\pcit.exe

Filesize
806KB

MD5
8c6700450e43fcac519167176310252c

SHA1
baee91a0bb20da76b0d4ae5b4e22c68b4e9fec35

SHA256
c0ed9ae250ecda69ff2fdd84c8f668a0f0c0ebda2b15201de8a021d5054fa1ba

SHA512
57e9353de34a311fcdc1a65b4b410ba3877f7cbb68226cd045862ad137679861b7cc41d975f78c22c3d6e25a97fe38e76355d06c29380b6c08dd32d0408acfcd

Download Submit
\PHENIX~1\pcit.exe

Filesize
806KB

MD5
8c6700450e43fcac519167176310252c

SHA1
baee91a0bb20da76b0d4ae5b4e22c68b4e9fec35

SHA256
c0ed9ae250ecda69ff2fdd84c8f668a0f0c0ebda2b15201de8a021d5054fa1ba

SHA512
57e9353de34a311fcdc1a65b4b410ba3877f7cbb68226cd045862ad137679861b7cc41d975f78c22c3d6e25a97fe38e76355d06c29380b6c08dd32d0408acfcd

Download Submit
\PHENIX~1\pcit.exe

Filesize
806KB

MD5
8c6700450e43fcac519167176310252c

SHA1
baee91a0bb20da76b0d4ae5b4e22c68b4e9fec35

SHA256
c0ed9ae250ecda69ff2fdd84c8f668a0f0c0ebda2b15201de8a021d5054fa1ba

SHA512
57e9353de34a311fcdc1a65b4b410ba3877f7cbb68226cd045862ad137679861b7cc41d975f78c22c3d6e25a97fe38e76355d06c29380b6c08dd32d0408acfcd

Download Submit
\PHENIX~1\pcit.exe

Filesize
806KB

MD5
8c6700450e43fcac519167176310252c

SHA1
baee91a0bb20da76b0d4ae5b4e22c68b4e9fec35

SHA256
c0ed9ae250ecda69ff2fdd84c8f668a0f0c0ebda2b15201de8a021d5054fa1ba

SHA512
57e9353de34a311fcdc1a65b4b410ba3877f7cbb68226cd045862ad137679861b7cc41d975f78c22c3d6e25a97fe38e76355d06c29380b6c08dd32d0408acfcd

Download Submit
\PHENIX~1\pcit.exe

Filesize
806KB

MD5
8c6700450e43fcac519167176310252c

SHA1
baee91a0bb20da76b0d4ae5b4e22c68b4e9fec35

SHA256
c0ed9ae250ecda69ff2fdd84c8f668a0f0c0ebda2b15201de8a021d5054fa1ba

SHA512
57e9353de34a311fcdc1a65b4b410ba3877f7cbb68226cd045862ad137679861b7cc41d975f78c22c3d6e25a97fe38e76355d06c29380b6c08dd32d0408acfcd

Download Submit
\PHENIX~1\pcit.exe

Filesize
806KB

MD5
8c6700450e43fcac519167176310252c

SHA1
baee91a0bb20da76b0d4ae5b4e22c68b4e9fec35

SHA256
c0ed9ae250ecda69ff2fdd84c8f668a0f0c0ebda2b15201de8a021d5054fa1ba

SHA512
57e9353de34a311fcdc1a65b4b410ba3877f7cbb68226cd045862ad137679861b7cc41d975f78c22c3d6e25a97fe38e76355d06c29380b6c08dd32d0408acfcd

Download Submit
\PHENIX~1\pcit.exe

Filesize
806KB

MD5
8c6700450e43fcac519167176310252c

SHA1
baee91a0bb20da76b0d4ae5b4e22c68b4e9fec35

SHA256
c0ed9ae250ecda69ff2fdd84c8f668a0f0c0ebda2b15201de8a021d5054fa1ba

SHA512
57e9353de34a311fcdc1a65b4b410ba3877f7cbb68226cd045862ad137679861b7cc41d975f78c22c3d6e25a97fe38e76355d06c29380b6c08dd32d0408acfcd

Download Submit
\PHENIX~1\pcit.exe

Filesize
806KB

MD5
8c6700450e43fcac519167176310252c

SHA1
baee91a0bb20da76b0d4ae5b4e22c68b4e9fec35

SHA256
c0ed9ae250ecda69ff2fdd84c8f668a0f0c0ebda2b15201de8a021d5054fa1ba

SHA512
57e9353de34a311fcdc1a65b4b410ba3877f7cbb68226cd045862ad137679861b7cc41d975f78c22c3d6e25a97fe38e76355d06c29380b6c08dd32d0408acfcd

Download Submit
\PHENIX~1\pcit.exe

Filesize
806KB

MD5
8c6700450e43fcac519167176310252c

SHA1
baee91a0bb20da76b0d4ae5b4e22c68b4e9fec35

SHA256
c0ed9ae250ecda69ff2fdd84c8f668a0f0c0ebda2b15201de8a021d5054fa1ba

SHA512
57e9353de34a311fcdc1a65b4b410ba3877f7cbb68226cd045862ad137679861b7cc41d975f78c22c3d6e25a97fe38e76355d06c29380b6c08dd32d0408acfcd

Download Submit
\PHENIX~1\pcit.exe

Filesize
806KB

MD5
8c6700450e43fcac519167176310252c

SHA1
baee91a0bb20da76b0d4ae5b4e22c68b4e9fec35

SHA256
c0ed9ae250ecda69ff2fdd84c8f668a0f0c0ebda2b15201de8a021d5054fa1ba

SHA512
57e9353de34a311fcdc1a65b4b410ba3877f7cbb68226cd045862ad137679861b7cc41d975f78c22c3d6e25a97fe38e76355d06c29380b6c08dd32d0408acfcd

Download Submit
\PHENIX~1\pcit.exe

Filesize
806KB

MD5
8c6700450e43fcac519167176310252c

SHA1
baee91a0bb20da76b0d4ae5b4e22c68b4e9fec35

SHA256
c0ed9ae250ecda69ff2fdd84c8f668a0f0c0ebda2b15201de8a021d5054fa1ba

SHA512
57e9353de34a311fcdc1a65b4b410ba3877f7cbb68226cd045862ad137679861b7cc41d975f78c22c3d6e25a97fe38e76355d06c29380b6c08dd32d0408acfcd

Download Submit
\PHENIX~1\pcit.exe

Filesize
806KB

MD5
8c6700450e43fcac519167176310252c

SHA1
baee91a0bb20da76b0d4ae5b4e22c68b4e9fec35

SHA256
c0ed9ae250ecda69ff2fdd84c8f668a0f0c0ebda2b15201de8a021d5054fa1ba

SHA512
57e9353de34a311fcdc1a65b4b410ba3877f7cbb68226cd045862ad137679861b7cc41d975f78c22c3d6e25a97fe38e76355d06c29380b6c08dd32d0408acfcd

Download Submit
\PHENIX~1\pcit.exe

Filesize
806KB

MD5
8c6700450e43fcac519167176310252c

SHA1
baee91a0bb20da76b0d4ae5b4e22c68b4e9fec35

SHA256
c0ed9ae250ecda69ff2fdd84c8f668a0f0c0ebda2b15201de8a021d5054fa1ba

SHA512
57e9353de34a311fcdc1a65b4b410ba3877f7cbb68226cd045862ad137679861b7cc41d975f78c22c3d6e25a97fe38e76355d06c29380b6c08dd32d0408acfcd

Download Submit
\PHENIX~1\pcit.exe

Filesize
806KB

MD5
8c6700450e43fcac519167176310252c

SHA1
baee91a0bb20da76b0d4ae5b4e22c68b4e9fec35

SHA256
c0ed9ae250ecda69ff2fdd84c8f668a0f0c0ebda2b15201de8a021d5054fa1ba

SHA512
57e9353de34a311fcdc1a65b4b410ba3877f7cbb68226cd045862ad137679861b7cc41d975f78c22c3d6e25a97fe38e76355d06c29380b6c08dd32d0408acfcd

Download Submit
\PHENIX~1\pcit.exe

Filesize
806KB

MD5
8c6700450e43fcac519167176310252c

SHA1
baee91a0bb20da76b0d4ae5b4e22c68b4e9fec35

SHA256
c0ed9ae250ecda69ff2fdd84c8f668a0f0c0ebda2b15201de8a021d5054fa1ba

SHA512
57e9353de34a311fcdc1a65b4b410ba3877f7cbb68226cd045862ad137679861b7cc41d975f78c22c3d6e25a97fe38e76355d06c29380b6c08dd32d0408acfcd

Download Submit
\PHENIX~1\pcit.exe

Filesize
806KB

MD5
8c6700450e43fcac519167176310252c

SHA1
baee91a0bb20da76b0d4ae5b4e22c68b4e9fec35

SHA256
c0ed9ae250ecda69ff2fdd84c8f668a0f0c0ebda2b15201de8a021d5054fa1ba

SHA512
57e9353de34a311fcdc1a65b4b410ba3877f7cbb68226cd045862ad137679861b7cc41d975f78c22c3d6e25a97fe38e76355d06c29380b6c08dd32d0408acfcd

Download Submit
\PHENIX~1\pcit.exe

Filesize
806KB

MD5
8c6700450e43fcac519167176310252c

SHA1
baee91a0bb20da76b0d4ae5b4e22c68b4e9fec35

SHA256
c0ed9ae250ecda69ff2fdd84c8f668a0f0c0ebda2b15201de8a021d5054fa1ba

SHA512
57e9353de34a311fcdc1a65b4b410ba3877f7cbb68226cd045862ad137679861b7cc41d975f78c22c3d6e25a97fe38e76355d06c29380b6c08dd32d0408acfcd

Download Submit
\PHENIX~1\pcit.exe

Filesize
806KB

MD5
8c6700450e43fcac519167176310252c

SHA1
baee91a0bb20da76b0d4ae5b4e22c68b4e9fec35

SHA256
c0ed9ae250ecda69ff2fdd84c8f668a0f0c0ebda2b15201de8a021d5054fa1ba

SHA512
57e9353de34a311fcdc1a65b4b410ba3877f7cbb68226cd045862ad137679861b7cc41d975f78c22c3d6e25a97fe38e76355d06c29380b6c08dd32d0408acfcd

Download Submit
\PHENIX~1\pcit.exe

Filesize
806KB

MD5
8c6700450e43fcac519167176310252c

SHA1
baee91a0bb20da76b0d4ae5b4e22c68b4e9fec35

SHA256
c0ed9ae250ecda69ff2fdd84c8f668a0f0c0ebda2b15201de8a021d5054fa1ba

SHA512
57e9353de34a311fcdc1a65b4b410ba3877f7cbb68226cd045862ad137679861b7cc41d975f78c22c3d6e25a97fe38e76355d06c29380b6c08dd32d0408acfcd

Download Submit
\PHENIX~1\pcit.exe

Filesize
806KB

MD5
8c6700450e43fcac519167176310252c

SHA1
baee91a0bb20da76b0d4ae5b4e22c68b4e9fec35

SHA256
c0ed9ae250ecda69ff2fdd84c8f668a0f0c0ebda2b15201de8a021d5054fa1ba

SHA512
57e9353de34a311fcdc1a65b4b410ba3877f7cbb68226cd045862ad137679861b7cc41d975f78c22c3d6e25a97fe38e76355d06c29380b6c08dd32d0408acfcd

Download Submit
\PHENIX~1\pcit.exe

Filesize
806KB

MD5
8c6700450e43fcac519167176310252c

SHA1
baee91a0bb20da76b0d4ae5b4e22c68b4e9fec35

SHA256
c0ed9ae250ecda69ff2fdd84c8f668a0f0c0ebda2b15201de8a021d5054fa1ba

SHA512
57e9353de34a311fcdc1a65b4b410ba3877f7cbb68226cd045862ad137679861b7cc41d975f78c22c3d6e25a97fe38e76355d06c29380b6c08dd32d0408acfcd

Download Submit
\PHENIX~1\pcit.exe

Filesize
806KB

MD5
8c6700450e43fcac519167176310252c

SHA1
baee91a0bb20da76b0d4ae5b4e22c68b4e9fec35

SHA256
c0ed9ae250ecda69ff2fdd84c8f668a0f0c0ebda2b15201de8a021d5054fa1ba

SHA512
57e9353de34a311fcdc1a65b4b410ba3877f7cbb68226cd045862ad137679861b7cc41d975f78c22c3d6e25a97fe38e76355d06c29380b6c08dd32d0408acfcd

Download Submit
\PHENIX~1\pcit.exe

Filesize
806KB

MD5
8c6700450e43fcac519167176310252c

SHA1
baee91a0bb20da76b0d4ae5b4e22c68b4e9fec35

SHA256
c0ed9ae250ecda69ff2fdd84c8f668a0f0c0ebda2b15201de8a021d5054fa1ba

SHA512
57e9353de34a311fcdc1a65b4b410ba3877f7cbb68226cd045862ad137679861b7cc41d975f78c22c3d6e25a97fe38e76355d06c29380b6c08dd32d0408acfcd

Download Submit
\PHENIX~1\pcit.exe

Filesize
806KB

MD5
8c6700450e43fcac519167176310252c

SHA1
baee91a0bb20da76b0d4ae5b4e22c68b4e9fec35

SHA256
c0ed9ae250ecda69ff2fdd84c8f668a0f0c0ebda2b15201de8a021d5054fa1ba

SHA512
57e9353de34a311fcdc1a65b4b410ba3877f7cbb68226cd045862ad137679861b7cc41d975f78c22c3d6e25a97fe38e76355d06c29380b6c08dd32d0408acfcd

Download Submit
\PHENIX~1\pcit.exe

Filesize
806KB

MD5
8c6700450e43fcac519167176310252c

SHA1
baee91a0bb20da76b0d4ae5b4e22c68b4e9fec35

SHA256
c0ed9ae250ecda69ff2fdd84c8f668a0f0c0ebda2b15201de8a021d5054fa1ba

SHA512
57e9353de34a311fcdc1a65b4b410ba3877f7cbb68226cd045862ad137679861b7cc41d975f78c22c3d6e25a97fe38e76355d06c29380b6c08dd32d0408acfcd

Download Submit
\PHENIX~1\pcit.exe

Filesize
806KB

MD5
8c6700450e43fcac519167176310252c

SHA1
baee91a0bb20da76b0d4ae5b4e22c68b4e9fec35

SHA256
c0ed9ae250ecda69ff2fdd84c8f668a0f0c0ebda2b15201de8a021d5054fa1ba

SHA512
57e9353de34a311fcdc1a65b4b410ba3877f7cbb68226cd045862ad137679861b7cc41d975f78c22c3d6e25a97fe38e76355d06c29380b6c08dd32d0408acfcd

Download Submit
\PHENIX~1\pcit.exe

Filesize
806KB

MD5
8c6700450e43fcac519167176310252c

SHA1
baee91a0bb20da76b0d4ae5b4e22c68b4e9fec35

SHA256
c0ed9ae250ecda69ff2fdd84c8f668a0f0c0ebda2b15201de8a021d5054fa1ba

SHA512
57e9353de34a311fcdc1a65b4b410ba3877f7cbb68226cd045862ad137679861b7cc41d975f78c22c3d6e25a97fe38e76355d06c29380b6c08dd32d0408acfcd

Download Submit
\PHENIX~1\pcit.exe

Filesize
806KB

MD5
8c6700450e43fcac519167176310252c

SHA1
baee91a0bb20da76b0d4ae5b4e22c68b4e9fec35

SHA256
c0ed9ae250ecda69ff2fdd84c8f668a0f0c0ebda2b15201de8a021d5054fa1ba

SHA512
57e9353de34a311fcdc1a65b4b410ba3877f7cbb68226cd045862ad137679861b7cc41d975f78c22c3d6e25a97fe38e76355d06c29380b6c08dd32d0408acfcd

Download Submit
\PHENIX~1\pcit.exe

Filesize
806KB

MD5
8c6700450e43fcac519167176310252c

SHA1
baee91a0bb20da76b0d4ae5b4e22c68b4e9fec35

SHA256
c0ed9ae250ecda69ff2fdd84c8f668a0f0c0ebda2b15201de8a021d5054fa1ba

SHA512
57e9353de34a311fcdc1a65b4b410ba3877f7cbb68226cd045862ad137679861b7cc41d975f78c22c3d6e25a97fe38e76355d06c29380b6c08dd32d0408acfcd

Download Submit
\PHENIX~1\pcit.exe

Filesize
806KB

MD5
8c6700450e43fcac519167176310252c

SHA1
baee91a0bb20da76b0d4ae5b4e22c68b4e9fec35

SHA256
c0ed9ae250ecda69ff2fdd84c8f668a0f0c0ebda2b15201de8a021d5054fa1ba

SHA512
57e9353de34a311fcdc1a65b4b410ba3877f7cbb68226cd045862ad137679861b7cc41d975f78c22c3d6e25a97fe38e76355d06c29380b6c08dd32d0408acfcd

Download Submit
\PHENIX~1\pcit.exe

Filesize
806KB

MD5
8c6700450e43fcac519167176310252c

SHA1
baee91a0bb20da76b0d4ae5b4e22c68b4e9fec35

SHA256
c0ed9ae250ecda69ff2fdd84c8f668a0f0c0ebda2b15201de8a021d5054fa1ba

SHA512
57e9353de34a311fcdc1a65b4b410ba3877f7cbb68226cd045862ad137679861b7cc41d975f78c22c3d6e25a97fe38e76355d06c29380b6c08dd32d0408acfcd

Download Submit
\PHENIX~1\pcit.exe

Filesize
806KB

MD5
8c6700450e43fcac519167176310252c

SHA1
baee91a0bb20da76b0d4ae5b4e22c68b4e9fec35

SHA256
c0ed9ae250ecda69ff2fdd84c8f668a0f0c0ebda2b15201de8a021d5054fa1ba

SHA512
57e9353de34a311fcdc1a65b4b410ba3877f7cbb68226cd045862ad137679861b7cc41d975f78c22c3d6e25a97fe38e76355d06c29380b6c08dd32d0408acfcd

Download Submit
\PHENIX~1\pcit.exe

Filesize
806KB

MD5
8c6700450e43fcac519167176310252c

SHA1
baee91a0bb20da76b0d4ae5b4e22c68b4e9fec35

SHA256
c0ed9ae250ecda69ff2fdd84c8f668a0f0c0ebda2b15201de8a021d5054fa1ba

SHA512
57e9353de34a311fcdc1a65b4b410ba3877f7cbb68226cd045862ad137679861b7cc41d975f78c22c3d6e25a97fe38e76355d06c29380b6c08dd32d0408acfcd

Download Submit
\PHENIX~1\pcit.exe

Filesize
806KB

MD5
8c6700450e43fcac519167176310252c

SHA1
baee91a0bb20da76b0d4ae5b4e22c68b4e9fec35

SHA256
c0ed9ae250ecda69ff2fdd84c8f668a0f0c0ebda2b15201de8a021d5054fa1ba

SHA512
57e9353de34a311fcdc1a65b4b410ba3877f7cbb68226cd045862ad137679861b7cc41d975f78c22c3d6e25a97fe38e76355d06c29380b6c08dd32d0408acfcd

Download Submit
\PHENIX~1\pcit.exe

Filesize
806KB

MD5
8c6700450e43fcac519167176310252c

SHA1
baee91a0bb20da76b0d4ae5b4e22c68b4e9fec35

SHA256
c0ed9ae250ecda69ff2fdd84c8f668a0f0c0ebda2b15201de8a021d5054fa1ba

SHA512
57e9353de34a311fcdc1a65b4b410ba3877f7cbb68226cd045862ad137679861b7cc41d975f78c22c3d6e25a97fe38e76355d06c29380b6c08dd32d0408acfcd

Download Submit
\PHENIX~1\pcit.exe

Filesize
806KB

MD5
8c6700450e43fcac519167176310252c

SHA1
baee91a0bb20da76b0d4ae5b4e22c68b4e9fec35

SHA256
c0ed9ae250ecda69ff2fdd84c8f668a0f0c0ebda2b15201de8a021d5054fa1ba

SHA512
57e9353de34a311fcdc1a65b4b410ba3877f7cbb68226cd045862ad137679861b7cc41d975f78c22c3d6e25a97fe38e76355d06c29380b6c08dd32d0408acfcd

Download Submit
\PHENIX~1\pcit.exe

Filesize
806KB

MD5
8c6700450e43fcac519167176310252c

SHA1
baee91a0bb20da76b0d4ae5b4e22c68b4e9fec35

SHA256
c0ed9ae250ecda69ff2fdd84c8f668a0f0c0ebda2b15201de8a021d5054fa1ba

SHA512
57e9353de34a311fcdc1a65b4b410ba3877f7cbb68226cd045862ad137679861b7cc41d975f78c22c3d6e25a97fe38e76355d06c29380b6c08dd32d0408acfcd

Download Submit
\PHENIX~1\pcit.exe

Filesize
806KB

MD5
8c6700450e43fcac519167176310252c

SHA1
baee91a0bb20da76b0d4ae5b4e22c68b4e9fec35

SHA256
c0ed9ae250ecda69ff2fdd84c8f668a0f0c0ebda2b15201de8a021d5054fa1ba

SHA512
57e9353de34a311fcdc1a65b4b410ba3877f7cbb68226cd045862ad137679861b7cc41d975f78c22c3d6e25a97fe38e76355d06c29380b6c08dd32d0408acfcd

Download Submit
\PHENIX~1\pcit.exe

Filesize
806KB

MD5
8c6700450e43fcac519167176310252c

SHA1
baee91a0bb20da76b0d4ae5b4e22c68b4e9fec35

SHA256
c0ed9ae250ecda69ff2fdd84c8f668a0f0c0ebda2b15201de8a021d5054fa1ba

SHA512
57e9353de34a311fcdc1a65b4b410ba3877f7cbb68226cd045862ad137679861b7cc41d975f78c22c3d6e25a97fe38e76355d06c29380b6c08dd32d0408acfcd

Download Submit
\Users\Admin\AppData\Local\Temp\GLCF97C.tmp

Filesize
161KB

MD5
8c97d8bb1470c6498e47b12c5a03ce39

SHA1
15d233b22f1c3d756dca29bcc0021e6fb0b8cdf7

SHA256
a87f19f9fee475d2b2e82acfb4589be6d816b613064cd06826e1d4c147beb50a

SHA512
7ad0b2b0319da52152c2595ee45045d0c06b157cdaaa56ad57dde9736be3e45fd7357949126f80d3e72b21510f9bf69d010d51b3967a7644662808beed067c3f

Download Submit
\Users\Admin\AppData\Local\Temp\GLKF99D.tmp

Filesize
550KB

MD5
b5b71830f2dcdb9d4882af956e7ea366

SHA1
c95b3d5ed67693a30b41d4b8e82f27b04861ffcc

SHA256
55053827191186e6659ee9c15373cfe3b25b6708a79b990e4797c4c4e5d34b61

SHA512
e588f7e55467530617810dacd984fad3c567fbe50ddd774d84174febe60e5e3d612bd45df2f56e42851fe59e7ea650a92451e0545f7641129c23fcdd570bca15

Download Submit
\Users\Admin\AppData\Local\Temp\iospc.dll

Filesize
354KB

MD5
f829d66feaf81ec1d9f2d276ef30894c

SHA1
34d019da54c96797faa53623dfd6adc6248f9343

SHA256
7b4076aeafc16098c6eb351e00cdb30a4ae33a4ae596b900361386e9d6cbb2c5

SHA512
be2406136012422caa32756e9bdd34357cafd3fccb62ac378ed2e2641267e283f7e461e6c2fae459a18a78365470bac95f75b5a2f423d57b80db98579bc67835

Download Submit
\Windows\SysWOW64\Pclient\blLog.dll

Filesize
258KB

MD5
65912adc3edc651f5087e8619e214723

SHA1
d01d724053835071a01b51e3a4b0c5249bfcab5d

SHA256
1bfcf9c9c71b15ad4cdd9b2693556fd8fe92b6dfcbe9f64b620ae7195b694892

SHA512
73ac9aaa64a443c30f053bbd192e07e19339692dcb627ea08f44d35e36a14705c8ee8b071d06c3e263465ff9640ec1029f28ff507336c7cfb98ec7d09e29eef2

Download Submit
\Windows\SysWOW64\Pclient\blLog.dll

Filesize
258KB

MD5
65912adc3edc651f5087e8619e214723

SHA1
d01d724053835071a01b51e3a4b0c5249bfcab5d

SHA256
1bfcf9c9c71b15ad4cdd9b2693556fd8fe92b6dfcbe9f64b620ae7195b694892

SHA512
73ac9aaa64a443c30f053bbd192e07e19339692dcb627ea08f44d35e36a14705c8ee8b071d06c3e263465ff9640ec1029f28ff507336c7cfb98ec7d09e29eef2

Download Submit
\Windows\SysWOW64\Pclient\pcit.exe

Filesize
806KB

MD5
8c6700450e43fcac519167176310252c

SHA1
baee91a0bb20da76b0d4ae5b4e22c68b4e9fec35

SHA256
c0ed9ae250ecda69ff2fdd84c8f668a0f0c0ebda2b15201de8a021d5054fa1ba

SHA512
57e9353de34a311fcdc1a65b4b410ba3877f7cbb68226cd045862ad137679861b7cc41d975f78c22c3d6e25a97fe38e76355d06c29380b6c08dd32d0408acfcd

Download Submit
\Windows\SysWOW64\Pclient\pcit.exe

Filesize
806KB

MD5
8c6700450e43fcac519167176310252c

SHA1
baee91a0bb20da76b0d4ae5b4e22c68b4e9fec35

SHA256
c0ed9ae250ecda69ff2fdd84c8f668a0f0c0ebda2b15201de8a021d5054fa1ba

SHA512
57e9353de34a311fcdc1a65b4b410ba3877f7cbb68226cd045862ad137679861b7cc41d975f78c22c3d6e25a97fe38e76355d06c29380b6c08dd32d0408acfcd

Download Submit
memory/1660-116-0x0000000002D70000-0x0000000002E29000-memory.dmp

Filesize
740KB

Download
memory/1660-80-0x0000000002D70000-0x0000000002DC7000-memory.dmp

Filesize
348KB

Download
memory/1660-54-0x0000000075FB1000-0x0000000075FB3000-memory.dmp

Filesize
8KB

Download