Analysis

  • max time kernel
    91s
  • max time network
    109s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-10-2022 16:15

General

  • Target

    ea4d43fa5cbf2137ea787ad6c7bf8e00af401b4052c0f3305306ec7ba0143361.exe

  • Size

    88KB

  • MD5

    81d90a0141a71a9ee32c5dccc97c80b1

  • SHA1

    7a5edeaa6cf821a3237f36c9f592d408b6471782

  • SHA256

    ea4d43fa5cbf2137ea787ad6c7bf8e00af401b4052c0f3305306ec7ba0143361

  • SHA512

    1e69ffd3b6caed3718e3a04fe6a14a33c7cc5ff9b6082ee30edea3d94c9368befba7bf1486b9cf8718aa4bfdfaf6c68a189369dbf8f1c997471312f11e72dcea

  • SSDEEP

    1536:etZHJGPKZi+unw3uzV1cuuAVBljDxppoNr9hTcOujjwGTr0aIiksSaV1K7ZNK:M3GCZi+u93XVBR2Nr9hoOVGToadTutNK

Score
8/10

Malware Config

Signatures

  • Sets DLL path for service in the registry 2 TTPs 14 IoCs
  • Loads dropped DLL 36 IoCs
  • Drops file in System32 directory 14 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ea4d43fa5cbf2137ea787ad6c7bf8e00af401b4052c0f3305306ec7ba0143361.exe
    "C:\Users\Admin\AppData\Local\Temp\ea4d43fa5cbf2137ea787ad6c7bf8e00af401b4052c0f3305306ec7ba0143361.exe"
    1⤵
    • Sets DLL path for service in the registry
    • Drops file in System32 directory
    • Suspicious behavior: EnumeratesProcesses
    PID:1628
  • C:\Windows\SysWOW64\svchost.exe
    C:\Windows\SysWOW64\svchost.exe -k netsvcs -s FastUserSwitchingCompatibility
    1⤵
    • Loads dropped DLL
    PID:1936
  • C:\Windows\SysWOW64\svchost.exe
    C:\Windows\SysWOW64\svchost.exe -k netsvcs -s Irmon
    1⤵
    • Loads dropped DLL
    PID:1812
  • C:\Windows\SysWOW64\svchost.exe
    C:\Windows\SysWOW64\svchost.exe -k netsvcs -s Nla
    1⤵
    • Loads dropped DLL
    PID:5088
  • C:\Windows\SysWOW64\svchost.exe
    C:\Windows\SysWOW64\svchost.exe -k netsvcs -s Ntmssvc
    1⤵
    • Loads dropped DLL
    PID:4808
  • C:\Windows\SysWOW64\svchost.exe
    C:\Windows\SysWOW64\svchost.exe -k netsvcs -s NWCWorkstation
    1⤵
    • Loads dropped DLL
    PID:4052
  • C:\Windows\SysWOW64\svchost.exe
    C:\Windows\SysWOW64\svchost.exe -k netsvcs -s Nwsapagent
    1⤵
    • Loads dropped DLL
    PID:208
  • C:\Windows\SysWOW64\svchost.exe
    C:\Windows\SysWOW64\svchost.exe -k netsvcs -s SRService
    1⤵
    • Loads dropped DLL
    PID:4464
  • C:\Windows\SysWOW64\svchost.exe
    C:\Windows\SysWOW64\svchost.exe -k netsvcs -s WmdmPmSp
    1⤵
    • Loads dropped DLL
    PID:1232
  • C:\Windows\SysWOW64\svchost.exe
    C:\Windows\SysWOW64\svchost.exe -k netsvcs -s LogonHours
    1⤵
    • Loads dropped DLL
    PID:2520
  • C:\Windows\SysWOW64\svchost.exe
    C:\Windows\SysWOW64\svchost.exe -k netsvcs -s PCAudit
    1⤵
    • Loads dropped DLL
    PID:980
  • C:\Windows\SysWOW64\svchost.exe
    C:\Windows\SysWOW64\svchost.exe -k netsvcs -s helpsvc
    1⤵
    • Loads dropped DLL
    PID:2784
  • C:\Windows\SysWOW64\svchost.exe
    C:\Windows\SysWOW64\svchost.exe -k netsvcs -s uploadmgr
    1⤵
    • Loads dropped DLL
    PID:3812

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\FastUserSwitchingCompatibility.dll

    Filesize

    88KB

    MD5

    ad34cef32f4c0b0c831999d1f1e99d51

    SHA1

    483430efc56f36c5a6fa47ace4a9b9c2b8479b70

    SHA256

    4aea3fd73c359c0170a4083fcf3288886eca8d470a4d8de664ac4ab32ed54863

    SHA512

    8b36211321c764980b7331140e28975beca25ef9da73cafd8e611b5015ca4c8ef68abd3da226541f2c6c61b3853b3deb625d326e20df289d8e343740679c42d6

  • C:\Windows\SysWOW64\FastUserSwitchingCompatibility.dll

    Filesize

    88KB

    MD5

    ad34cef32f4c0b0c831999d1f1e99d51

    SHA1

    483430efc56f36c5a6fa47ace4a9b9c2b8479b70

    SHA256

    4aea3fd73c359c0170a4083fcf3288886eca8d470a4d8de664ac4ab32ed54863

    SHA512

    8b36211321c764980b7331140e28975beca25ef9da73cafd8e611b5015ca4c8ef68abd3da226541f2c6c61b3853b3deb625d326e20df289d8e343740679c42d6

  • C:\Windows\SysWOW64\FastUserSwitchingCompatibility.dll

    Filesize

    88KB

    MD5

    ad34cef32f4c0b0c831999d1f1e99d51

    SHA1

    483430efc56f36c5a6fa47ace4a9b9c2b8479b70

    SHA256

    4aea3fd73c359c0170a4083fcf3288886eca8d470a4d8de664ac4ab32ed54863

    SHA512

    8b36211321c764980b7331140e28975beca25ef9da73cafd8e611b5015ca4c8ef68abd3da226541f2c6c61b3853b3deb625d326e20df289d8e343740679c42d6

  • C:\Windows\SysWOW64\Irmon.dll

    Filesize

    88KB

    MD5

    ad34cef32f4c0b0c831999d1f1e99d51

    SHA1

    483430efc56f36c5a6fa47ace4a9b9c2b8479b70

    SHA256

    4aea3fd73c359c0170a4083fcf3288886eca8d470a4d8de664ac4ab32ed54863

    SHA512

    8b36211321c764980b7331140e28975beca25ef9da73cafd8e611b5015ca4c8ef68abd3da226541f2c6c61b3853b3deb625d326e20df289d8e343740679c42d6

  • C:\Windows\SysWOW64\Irmon.dll

    Filesize

    88KB

    MD5

    ad34cef32f4c0b0c831999d1f1e99d51

    SHA1

    483430efc56f36c5a6fa47ace4a9b9c2b8479b70

    SHA256

    4aea3fd73c359c0170a4083fcf3288886eca8d470a4d8de664ac4ab32ed54863

    SHA512

    8b36211321c764980b7331140e28975beca25ef9da73cafd8e611b5015ca4c8ef68abd3da226541f2c6c61b3853b3deb625d326e20df289d8e343740679c42d6

  • C:\Windows\SysWOW64\Irmon.dll

    Filesize

    88KB

    MD5

    ad34cef32f4c0b0c831999d1f1e99d51

    SHA1

    483430efc56f36c5a6fa47ace4a9b9c2b8479b70

    SHA256

    4aea3fd73c359c0170a4083fcf3288886eca8d470a4d8de664ac4ab32ed54863

    SHA512

    8b36211321c764980b7331140e28975beca25ef9da73cafd8e611b5015ca4c8ef68abd3da226541f2c6c61b3853b3deb625d326e20df289d8e343740679c42d6

  • C:\Windows\SysWOW64\LogonHours.dll

    Filesize

    88KB

    MD5

    ad34cef32f4c0b0c831999d1f1e99d51

    SHA1

    483430efc56f36c5a6fa47ace4a9b9c2b8479b70

    SHA256

    4aea3fd73c359c0170a4083fcf3288886eca8d470a4d8de664ac4ab32ed54863

    SHA512

    8b36211321c764980b7331140e28975beca25ef9da73cafd8e611b5015ca4c8ef68abd3da226541f2c6c61b3853b3deb625d326e20df289d8e343740679c42d6

  • C:\Windows\SysWOW64\LogonHours.dll

    Filesize

    88KB

    MD5

    ad34cef32f4c0b0c831999d1f1e99d51

    SHA1

    483430efc56f36c5a6fa47ace4a9b9c2b8479b70

    SHA256

    4aea3fd73c359c0170a4083fcf3288886eca8d470a4d8de664ac4ab32ed54863

    SHA512

    8b36211321c764980b7331140e28975beca25ef9da73cafd8e611b5015ca4c8ef68abd3da226541f2c6c61b3853b3deb625d326e20df289d8e343740679c42d6

  • C:\Windows\SysWOW64\LogonHours.dll

    Filesize

    88KB

    MD5

    ad34cef32f4c0b0c831999d1f1e99d51

    SHA1

    483430efc56f36c5a6fa47ace4a9b9c2b8479b70

    SHA256

    4aea3fd73c359c0170a4083fcf3288886eca8d470a4d8de664ac4ab32ed54863

    SHA512

    8b36211321c764980b7331140e28975beca25ef9da73cafd8e611b5015ca4c8ef68abd3da226541f2c6c61b3853b3deb625d326e20df289d8e343740679c42d6

  • C:\Windows\SysWOW64\NWCWorkstation.dll

    Filesize

    88KB

    MD5

    ad34cef32f4c0b0c831999d1f1e99d51

    SHA1

    483430efc56f36c5a6fa47ace4a9b9c2b8479b70

    SHA256

    4aea3fd73c359c0170a4083fcf3288886eca8d470a4d8de664ac4ab32ed54863

    SHA512

    8b36211321c764980b7331140e28975beca25ef9da73cafd8e611b5015ca4c8ef68abd3da226541f2c6c61b3853b3deb625d326e20df289d8e343740679c42d6

  • C:\Windows\SysWOW64\NWCWorkstation.dll

    Filesize

    88KB

    MD5

    ad34cef32f4c0b0c831999d1f1e99d51

    SHA1

    483430efc56f36c5a6fa47ace4a9b9c2b8479b70

    SHA256

    4aea3fd73c359c0170a4083fcf3288886eca8d470a4d8de664ac4ab32ed54863

    SHA512

    8b36211321c764980b7331140e28975beca25ef9da73cafd8e611b5015ca4c8ef68abd3da226541f2c6c61b3853b3deb625d326e20df289d8e343740679c42d6

  • C:\Windows\SysWOW64\NWCWorkstation.dll

    Filesize

    88KB

    MD5

    ad34cef32f4c0b0c831999d1f1e99d51

    SHA1

    483430efc56f36c5a6fa47ace4a9b9c2b8479b70

    SHA256

    4aea3fd73c359c0170a4083fcf3288886eca8d470a4d8de664ac4ab32ed54863

    SHA512

    8b36211321c764980b7331140e28975beca25ef9da73cafd8e611b5015ca4c8ef68abd3da226541f2c6c61b3853b3deb625d326e20df289d8e343740679c42d6

  • C:\Windows\SysWOW64\Nla.dll

    Filesize

    88KB

    MD5

    ad34cef32f4c0b0c831999d1f1e99d51

    SHA1

    483430efc56f36c5a6fa47ace4a9b9c2b8479b70

    SHA256

    4aea3fd73c359c0170a4083fcf3288886eca8d470a4d8de664ac4ab32ed54863

    SHA512

    8b36211321c764980b7331140e28975beca25ef9da73cafd8e611b5015ca4c8ef68abd3da226541f2c6c61b3853b3deb625d326e20df289d8e343740679c42d6

  • C:\Windows\SysWOW64\Nla.dll

    Filesize

    88KB

    MD5

    ad34cef32f4c0b0c831999d1f1e99d51

    SHA1

    483430efc56f36c5a6fa47ace4a9b9c2b8479b70

    SHA256

    4aea3fd73c359c0170a4083fcf3288886eca8d470a4d8de664ac4ab32ed54863

    SHA512

    8b36211321c764980b7331140e28975beca25ef9da73cafd8e611b5015ca4c8ef68abd3da226541f2c6c61b3853b3deb625d326e20df289d8e343740679c42d6

  • C:\Windows\SysWOW64\Nla.dll

    Filesize

    88KB

    MD5

    ad34cef32f4c0b0c831999d1f1e99d51

    SHA1

    483430efc56f36c5a6fa47ace4a9b9c2b8479b70

    SHA256

    4aea3fd73c359c0170a4083fcf3288886eca8d470a4d8de664ac4ab32ed54863

    SHA512

    8b36211321c764980b7331140e28975beca25ef9da73cafd8e611b5015ca4c8ef68abd3da226541f2c6c61b3853b3deb625d326e20df289d8e343740679c42d6

  • C:\Windows\SysWOW64\Ntmssvc.dll

    Filesize

    88KB

    MD5

    ad34cef32f4c0b0c831999d1f1e99d51

    SHA1

    483430efc56f36c5a6fa47ace4a9b9c2b8479b70

    SHA256

    4aea3fd73c359c0170a4083fcf3288886eca8d470a4d8de664ac4ab32ed54863

    SHA512

    8b36211321c764980b7331140e28975beca25ef9da73cafd8e611b5015ca4c8ef68abd3da226541f2c6c61b3853b3deb625d326e20df289d8e343740679c42d6

  • C:\Windows\SysWOW64\Ntmssvc.dll

    Filesize

    88KB

    MD5

    ad34cef32f4c0b0c831999d1f1e99d51

    SHA1

    483430efc56f36c5a6fa47ace4a9b9c2b8479b70

    SHA256

    4aea3fd73c359c0170a4083fcf3288886eca8d470a4d8de664ac4ab32ed54863

    SHA512

    8b36211321c764980b7331140e28975beca25ef9da73cafd8e611b5015ca4c8ef68abd3da226541f2c6c61b3853b3deb625d326e20df289d8e343740679c42d6

  • C:\Windows\SysWOW64\Ntmssvc.dll

    Filesize

    88KB

    MD5

    ad34cef32f4c0b0c831999d1f1e99d51

    SHA1

    483430efc56f36c5a6fa47ace4a9b9c2b8479b70

    SHA256

    4aea3fd73c359c0170a4083fcf3288886eca8d470a4d8de664ac4ab32ed54863

    SHA512

    8b36211321c764980b7331140e28975beca25ef9da73cafd8e611b5015ca4c8ef68abd3da226541f2c6c61b3853b3deb625d326e20df289d8e343740679c42d6

  • C:\Windows\SysWOW64\Nwsapagent.dll

    Filesize

    88KB

    MD5

    ad34cef32f4c0b0c831999d1f1e99d51

    SHA1

    483430efc56f36c5a6fa47ace4a9b9c2b8479b70

    SHA256

    4aea3fd73c359c0170a4083fcf3288886eca8d470a4d8de664ac4ab32ed54863

    SHA512

    8b36211321c764980b7331140e28975beca25ef9da73cafd8e611b5015ca4c8ef68abd3da226541f2c6c61b3853b3deb625d326e20df289d8e343740679c42d6

  • C:\Windows\SysWOW64\Nwsapagent.dll

    Filesize

    88KB

    MD5

    ad34cef32f4c0b0c831999d1f1e99d51

    SHA1

    483430efc56f36c5a6fa47ace4a9b9c2b8479b70

    SHA256

    4aea3fd73c359c0170a4083fcf3288886eca8d470a4d8de664ac4ab32ed54863

    SHA512

    8b36211321c764980b7331140e28975beca25ef9da73cafd8e611b5015ca4c8ef68abd3da226541f2c6c61b3853b3deb625d326e20df289d8e343740679c42d6

  • C:\Windows\SysWOW64\Nwsapagent.dll

    Filesize

    88KB

    MD5

    ad34cef32f4c0b0c831999d1f1e99d51

    SHA1

    483430efc56f36c5a6fa47ace4a9b9c2b8479b70

    SHA256

    4aea3fd73c359c0170a4083fcf3288886eca8d470a4d8de664ac4ab32ed54863

    SHA512

    8b36211321c764980b7331140e28975beca25ef9da73cafd8e611b5015ca4c8ef68abd3da226541f2c6c61b3853b3deb625d326e20df289d8e343740679c42d6

  • C:\Windows\SysWOW64\PCAudit.dll

    Filesize

    88KB

    MD5

    ad34cef32f4c0b0c831999d1f1e99d51

    SHA1

    483430efc56f36c5a6fa47ace4a9b9c2b8479b70

    SHA256

    4aea3fd73c359c0170a4083fcf3288886eca8d470a4d8de664ac4ab32ed54863

    SHA512

    8b36211321c764980b7331140e28975beca25ef9da73cafd8e611b5015ca4c8ef68abd3da226541f2c6c61b3853b3deb625d326e20df289d8e343740679c42d6

  • C:\Windows\SysWOW64\PCAudit.dll

    Filesize

    88KB

    MD5

    ad34cef32f4c0b0c831999d1f1e99d51

    SHA1

    483430efc56f36c5a6fa47ace4a9b9c2b8479b70

    SHA256

    4aea3fd73c359c0170a4083fcf3288886eca8d470a4d8de664ac4ab32ed54863

    SHA512

    8b36211321c764980b7331140e28975beca25ef9da73cafd8e611b5015ca4c8ef68abd3da226541f2c6c61b3853b3deb625d326e20df289d8e343740679c42d6

  • C:\Windows\SysWOW64\PCAudit.dll

    Filesize

    88KB

    MD5

    ad34cef32f4c0b0c831999d1f1e99d51

    SHA1

    483430efc56f36c5a6fa47ace4a9b9c2b8479b70

    SHA256

    4aea3fd73c359c0170a4083fcf3288886eca8d470a4d8de664ac4ab32ed54863

    SHA512

    8b36211321c764980b7331140e28975beca25ef9da73cafd8e611b5015ca4c8ef68abd3da226541f2c6c61b3853b3deb625d326e20df289d8e343740679c42d6

  • C:\Windows\SysWOW64\SRService.dll

    Filesize

    88KB

    MD5

    ad34cef32f4c0b0c831999d1f1e99d51

    SHA1

    483430efc56f36c5a6fa47ace4a9b9c2b8479b70

    SHA256

    4aea3fd73c359c0170a4083fcf3288886eca8d470a4d8de664ac4ab32ed54863

    SHA512

    8b36211321c764980b7331140e28975beca25ef9da73cafd8e611b5015ca4c8ef68abd3da226541f2c6c61b3853b3deb625d326e20df289d8e343740679c42d6

  • C:\Windows\SysWOW64\SRService.dll

    Filesize

    88KB

    MD5

    ad34cef32f4c0b0c831999d1f1e99d51

    SHA1

    483430efc56f36c5a6fa47ace4a9b9c2b8479b70

    SHA256

    4aea3fd73c359c0170a4083fcf3288886eca8d470a4d8de664ac4ab32ed54863

    SHA512

    8b36211321c764980b7331140e28975beca25ef9da73cafd8e611b5015ca4c8ef68abd3da226541f2c6c61b3853b3deb625d326e20df289d8e343740679c42d6

  • C:\Windows\SysWOW64\SRService.dll

    Filesize

    88KB

    MD5

    ad34cef32f4c0b0c831999d1f1e99d51

    SHA1

    483430efc56f36c5a6fa47ace4a9b9c2b8479b70

    SHA256

    4aea3fd73c359c0170a4083fcf3288886eca8d470a4d8de664ac4ab32ed54863

    SHA512

    8b36211321c764980b7331140e28975beca25ef9da73cafd8e611b5015ca4c8ef68abd3da226541f2c6c61b3853b3deb625d326e20df289d8e343740679c42d6

  • C:\Windows\SysWOW64\WmdmPmSp.dll

    Filesize

    88KB

    MD5

    ad34cef32f4c0b0c831999d1f1e99d51

    SHA1

    483430efc56f36c5a6fa47ace4a9b9c2b8479b70

    SHA256

    4aea3fd73c359c0170a4083fcf3288886eca8d470a4d8de664ac4ab32ed54863

    SHA512

    8b36211321c764980b7331140e28975beca25ef9da73cafd8e611b5015ca4c8ef68abd3da226541f2c6c61b3853b3deb625d326e20df289d8e343740679c42d6

  • C:\Windows\SysWOW64\WmdmPmSp.dll

    Filesize

    88KB

    MD5

    ad34cef32f4c0b0c831999d1f1e99d51

    SHA1

    483430efc56f36c5a6fa47ace4a9b9c2b8479b70

    SHA256

    4aea3fd73c359c0170a4083fcf3288886eca8d470a4d8de664ac4ab32ed54863

    SHA512

    8b36211321c764980b7331140e28975beca25ef9da73cafd8e611b5015ca4c8ef68abd3da226541f2c6c61b3853b3deb625d326e20df289d8e343740679c42d6

  • C:\Windows\SysWOW64\WmdmPmSp.dll

    Filesize

    88KB

    MD5

    ad34cef32f4c0b0c831999d1f1e99d51

    SHA1

    483430efc56f36c5a6fa47ace4a9b9c2b8479b70

    SHA256

    4aea3fd73c359c0170a4083fcf3288886eca8d470a4d8de664ac4ab32ed54863

    SHA512

    8b36211321c764980b7331140e28975beca25ef9da73cafd8e611b5015ca4c8ef68abd3da226541f2c6c61b3853b3deb625d326e20df289d8e343740679c42d6

  • C:\Windows\SysWOW64\helpsvc.dll

    Filesize

    88KB

    MD5

    ad34cef32f4c0b0c831999d1f1e99d51

    SHA1

    483430efc56f36c5a6fa47ace4a9b9c2b8479b70

    SHA256

    4aea3fd73c359c0170a4083fcf3288886eca8d470a4d8de664ac4ab32ed54863

    SHA512

    8b36211321c764980b7331140e28975beca25ef9da73cafd8e611b5015ca4c8ef68abd3da226541f2c6c61b3853b3deb625d326e20df289d8e343740679c42d6

  • C:\Windows\SysWOW64\helpsvc.dll

    Filesize

    88KB

    MD5

    ad34cef32f4c0b0c831999d1f1e99d51

    SHA1

    483430efc56f36c5a6fa47ace4a9b9c2b8479b70

    SHA256

    4aea3fd73c359c0170a4083fcf3288886eca8d470a4d8de664ac4ab32ed54863

    SHA512

    8b36211321c764980b7331140e28975beca25ef9da73cafd8e611b5015ca4c8ef68abd3da226541f2c6c61b3853b3deb625d326e20df289d8e343740679c42d6

  • C:\Windows\SysWOW64\helpsvc.dll

    Filesize

    88KB

    MD5

    ad34cef32f4c0b0c831999d1f1e99d51

    SHA1

    483430efc56f36c5a6fa47ace4a9b9c2b8479b70

    SHA256

    4aea3fd73c359c0170a4083fcf3288886eca8d470a4d8de664ac4ab32ed54863

    SHA512

    8b36211321c764980b7331140e28975beca25ef9da73cafd8e611b5015ca4c8ef68abd3da226541f2c6c61b3853b3deb625d326e20df289d8e343740679c42d6

  • C:\Windows\SysWOW64\uploadmgr.dll

    Filesize

    88KB

    MD5

    ad34cef32f4c0b0c831999d1f1e99d51

    SHA1

    483430efc56f36c5a6fa47ace4a9b9c2b8479b70

    SHA256

    4aea3fd73c359c0170a4083fcf3288886eca8d470a4d8de664ac4ab32ed54863

    SHA512

    8b36211321c764980b7331140e28975beca25ef9da73cafd8e611b5015ca4c8ef68abd3da226541f2c6c61b3853b3deb625d326e20df289d8e343740679c42d6

  • C:\Windows\SysWOW64\uploadmgr.dll

    Filesize

    88KB

    MD5

    ad34cef32f4c0b0c831999d1f1e99d51

    SHA1

    483430efc56f36c5a6fa47ace4a9b9c2b8479b70

    SHA256

    4aea3fd73c359c0170a4083fcf3288886eca8d470a4d8de664ac4ab32ed54863

    SHA512

    8b36211321c764980b7331140e28975beca25ef9da73cafd8e611b5015ca4c8ef68abd3da226541f2c6c61b3853b3deb625d326e20df289d8e343740679c42d6

  • C:\Windows\SysWOW64\uploadmgr.dll

    Filesize

    88KB

    MD5

    ad34cef32f4c0b0c831999d1f1e99d51

    SHA1

    483430efc56f36c5a6fa47ace4a9b9c2b8479b70

    SHA256

    4aea3fd73c359c0170a4083fcf3288886eca8d470a4d8de664ac4ab32ed54863

    SHA512

    8b36211321c764980b7331140e28975beca25ef9da73cafd8e611b5015ca4c8ef68abd3da226541f2c6c61b3853b3deb625d326e20df289d8e343740679c42d6

  • \??\c:\windows\SysWOW64\fastuserswitchingcompatibility.dll

    Filesize

    88KB

    MD5

    ad34cef32f4c0b0c831999d1f1e99d51

    SHA1

    483430efc56f36c5a6fa47ace4a9b9c2b8479b70

    SHA256

    4aea3fd73c359c0170a4083fcf3288886eca8d470a4d8de664ac4ab32ed54863

    SHA512

    8b36211321c764980b7331140e28975beca25ef9da73cafd8e611b5015ca4c8ef68abd3da226541f2c6c61b3853b3deb625d326e20df289d8e343740679c42d6

  • \??\c:\windows\SysWOW64\helpsvc.dll

    Filesize

    88KB

    MD5

    ad34cef32f4c0b0c831999d1f1e99d51

    SHA1

    483430efc56f36c5a6fa47ace4a9b9c2b8479b70

    SHA256

    4aea3fd73c359c0170a4083fcf3288886eca8d470a4d8de664ac4ab32ed54863

    SHA512

    8b36211321c764980b7331140e28975beca25ef9da73cafd8e611b5015ca4c8ef68abd3da226541f2c6c61b3853b3deb625d326e20df289d8e343740679c42d6

  • \??\c:\windows\SysWOW64\irmon.dll

    Filesize

    88KB

    MD5

    ad34cef32f4c0b0c831999d1f1e99d51

    SHA1

    483430efc56f36c5a6fa47ace4a9b9c2b8479b70

    SHA256

    4aea3fd73c359c0170a4083fcf3288886eca8d470a4d8de664ac4ab32ed54863

    SHA512

    8b36211321c764980b7331140e28975beca25ef9da73cafd8e611b5015ca4c8ef68abd3da226541f2c6c61b3853b3deb625d326e20df289d8e343740679c42d6

  • \??\c:\windows\SysWOW64\logonhours.dll

    Filesize

    88KB

    MD5

    ad34cef32f4c0b0c831999d1f1e99d51

    SHA1

    483430efc56f36c5a6fa47ace4a9b9c2b8479b70

    SHA256

    4aea3fd73c359c0170a4083fcf3288886eca8d470a4d8de664ac4ab32ed54863

    SHA512

    8b36211321c764980b7331140e28975beca25ef9da73cafd8e611b5015ca4c8ef68abd3da226541f2c6c61b3853b3deb625d326e20df289d8e343740679c42d6

  • \??\c:\windows\SysWOW64\nla.dll

    Filesize

    88KB

    MD5

    ad34cef32f4c0b0c831999d1f1e99d51

    SHA1

    483430efc56f36c5a6fa47ace4a9b9c2b8479b70

    SHA256

    4aea3fd73c359c0170a4083fcf3288886eca8d470a4d8de664ac4ab32ed54863

    SHA512

    8b36211321c764980b7331140e28975beca25ef9da73cafd8e611b5015ca4c8ef68abd3da226541f2c6c61b3853b3deb625d326e20df289d8e343740679c42d6

  • \??\c:\windows\SysWOW64\ntmssvc.dll

    Filesize

    88KB

    MD5

    ad34cef32f4c0b0c831999d1f1e99d51

    SHA1

    483430efc56f36c5a6fa47ace4a9b9c2b8479b70

    SHA256

    4aea3fd73c359c0170a4083fcf3288886eca8d470a4d8de664ac4ab32ed54863

    SHA512

    8b36211321c764980b7331140e28975beca25ef9da73cafd8e611b5015ca4c8ef68abd3da226541f2c6c61b3853b3deb625d326e20df289d8e343740679c42d6

  • \??\c:\windows\SysWOW64\nwcworkstation.dll

    Filesize

    88KB

    MD5

    ad34cef32f4c0b0c831999d1f1e99d51

    SHA1

    483430efc56f36c5a6fa47ace4a9b9c2b8479b70

    SHA256

    4aea3fd73c359c0170a4083fcf3288886eca8d470a4d8de664ac4ab32ed54863

    SHA512

    8b36211321c764980b7331140e28975beca25ef9da73cafd8e611b5015ca4c8ef68abd3da226541f2c6c61b3853b3deb625d326e20df289d8e343740679c42d6

  • \??\c:\windows\SysWOW64\nwsapagent.dll

    Filesize

    88KB

    MD5

    ad34cef32f4c0b0c831999d1f1e99d51

    SHA1

    483430efc56f36c5a6fa47ace4a9b9c2b8479b70

    SHA256

    4aea3fd73c359c0170a4083fcf3288886eca8d470a4d8de664ac4ab32ed54863

    SHA512

    8b36211321c764980b7331140e28975beca25ef9da73cafd8e611b5015ca4c8ef68abd3da226541f2c6c61b3853b3deb625d326e20df289d8e343740679c42d6

  • \??\c:\windows\SysWOW64\pcaudit.dll

    Filesize

    88KB

    MD5

    ad34cef32f4c0b0c831999d1f1e99d51

    SHA1

    483430efc56f36c5a6fa47ace4a9b9c2b8479b70

    SHA256

    4aea3fd73c359c0170a4083fcf3288886eca8d470a4d8de664ac4ab32ed54863

    SHA512

    8b36211321c764980b7331140e28975beca25ef9da73cafd8e611b5015ca4c8ef68abd3da226541f2c6c61b3853b3deb625d326e20df289d8e343740679c42d6

  • \??\c:\windows\SysWOW64\srservice.dll

    Filesize

    88KB

    MD5

    ad34cef32f4c0b0c831999d1f1e99d51

    SHA1

    483430efc56f36c5a6fa47ace4a9b9c2b8479b70

    SHA256

    4aea3fd73c359c0170a4083fcf3288886eca8d470a4d8de664ac4ab32ed54863

    SHA512

    8b36211321c764980b7331140e28975beca25ef9da73cafd8e611b5015ca4c8ef68abd3da226541f2c6c61b3853b3deb625d326e20df289d8e343740679c42d6

  • \??\c:\windows\SysWOW64\uploadmgr.dll

    Filesize

    88KB

    MD5

    ad34cef32f4c0b0c831999d1f1e99d51

    SHA1

    483430efc56f36c5a6fa47ace4a9b9c2b8479b70

    SHA256

    4aea3fd73c359c0170a4083fcf3288886eca8d470a4d8de664ac4ab32ed54863

    SHA512

    8b36211321c764980b7331140e28975beca25ef9da73cafd8e611b5015ca4c8ef68abd3da226541f2c6c61b3853b3deb625d326e20df289d8e343740679c42d6

  • \??\c:\windows\SysWOW64\wmdmpmsp.dll

    Filesize

    88KB

    MD5

    ad34cef32f4c0b0c831999d1f1e99d51

    SHA1

    483430efc56f36c5a6fa47ace4a9b9c2b8479b70

    SHA256

    4aea3fd73c359c0170a4083fcf3288886eca8d470a4d8de664ac4ab32ed54863

    SHA512

    8b36211321c764980b7331140e28975beca25ef9da73cafd8e611b5015ca4c8ef68abd3da226541f2c6c61b3853b3deb625d326e20df289d8e343740679c42d6

  • memory/1628-151-0x00000000024E0000-0x00000000064E0000-memory.dmp

    Filesize

    64.0MB

  • memory/1628-146-0x0000000000290000-0x00000000002B2000-memory.dmp

    Filesize

    136KB

  • memory/1628-137-0x00000000024E0000-0x00000000064E0000-memory.dmp

    Filesize

    64.0MB

  • memory/1628-132-0x0000000000290000-0x00000000002B2000-memory.dmp

    Filesize

    136KB