46344c83c9f55912c382863d6064fdf1106b3ab7da7801d37149ed1f6fc920ea

Analysis

max time kernel
90s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
30/10/2022, 17:17

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

46344c83c9f55912c382863d6064fdf1106b3ab7da7801d37149ed1f6fc920ea.exe
Size

139KB
MD5

8204b625ede3c71c2c61b16c9445b5d1
SHA1

65454217f15dcf8da1d5084ecd74854a87616786
SHA256

46344c83c9f55912c382863d6064fdf1106b3ab7da7801d37149ed1f6fc920ea
SHA512

a76266ff1f5f5c02d1f6b4c1cbc45cb1bca7c9644caf98fd8c0d8ded573ffe07a8b4f7d700607e48a3bed97c4a3da5f1eeaa2bec274723cd4fb2c14efce7eee6
SSDEEP

3072:XMq3qCEqUTIzWodffH/oDYfdkyygR7Lxnf41sNf:cq3q9bT1oxPwEF3t4WZ

Score

8^/10

persistence

Malware Config

Signatures

Sets DLL path for service in the registry 2 TTPs 14 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Ias\Parameters\ServiceDll = "C:\\Windows\\system32\\Ias.dll"	46344c83c9f55912c382863d6064fdf1106b3ab7da7801d37149ed1f6fc920ea.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\NWCWorkstation\Parameters\ServiceDll = "C:\\Windows\\system32\\NWCWorkstation.dll"	46344c83c9f55912c382863d6064fdf1106b3ab7da7801d37149ed1f6fc920ea.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Nwsapagent\Parameters\ServiceDll = "C:\\Windows\\system32\\Nwsapagent.dll"	46344c83c9f55912c382863d6064fdf1106b3ab7da7801d37149ed1f6fc920ea.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\LogonHours\Parameters\ServiceDll = "C:\\Windows\\system32\\LogonHours.dll"	46344c83c9f55912c382863d6064fdf1106b3ab7da7801d37149ed1f6fc920ea.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\uploadmgr\Parameters\ServiceDll = "C:\\Windows\\system32\\uploadmgr.dll"	46344c83c9f55912c382863d6064fdf1106b3ab7da7801d37149ed1f6fc920ea.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\FastUserSwitchingCompatibility\Parameters\ServiceDll = "C:\\Windows\\system32\\FastUserSwitchingCompatibility.dll"	46344c83c9f55912c382863d6064fdf1106b3ab7da7801d37149ed1f6fc920ea.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Ntmssvc\Parameters\ServiceDll = "C:\\Windows\\system32\\Ntmssvc.dll"	46344c83c9f55912c382863d6064fdf1106b3ab7da7801d37149ed1f6fc920ea.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\helpsvc\Parameters\ServiceDll = "C:\\Windows\\system32\\helpsvc.dll"	46344c83c9f55912c382863d6064fdf1106b3ab7da7801d37149ed1f6fc920ea.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Irmon\Parameters\ServiceDll = "C:\\Windows\\system32\\Irmon.dll"	46344c83c9f55912c382863d6064fdf1106b3ab7da7801d37149ed1f6fc920ea.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Nla\Parameters\ServiceDll = "C:\\Windows\\system32\\Nla.dll"	46344c83c9f55912c382863d6064fdf1106b3ab7da7801d37149ed1f6fc920ea.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SRService\Parameters\ServiceDll = "C:\\Windows\\system32\\SRService.dll"	46344c83c9f55912c382863d6064fdf1106b3ab7da7801d37149ed1f6fc920ea.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Wmi\Parameters\ServiceDll = "C:\\Windows\\system32\\Wmi.dll"	46344c83c9f55912c382863d6064fdf1106b3ab7da7801d37149ed1f6fc920ea.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WmdmPmSp\Parameters\ServiceDll = "C:\\Windows\\system32\\WmdmPmSp.dll"	46344c83c9f55912c382863d6064fdf1106b3ab7da7801d37149ed1f6fc920ea.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\PCAudit\Parameters\ServiceDll = "C:\\Windows\\system32\\PCAudit.dll"	46344c83c9f55912c382863d6064fdf1106b3ab7da7801d37149ed1f6fc920ea.exe

Loads dropped DLL 48 IoCs

pid	Process
4580	svchost.exe
4580	svchost.exe
4580	svchost.exe
4580	svchost.exe
4580	svchost.exe
4580	svchost.exe
4820	svchost.exe
4820	svchost.exe
4820	svchost.exe
1616	svchost.exe
1616	svchost.exe
1616	svchost.exe
1616	svchost.exe
1616	svchost.exe
1616	svchost.exe
1604	svchost.exe
1604	svchost.exe
1604	svchost.exe
4444	svchost.exe
4444	svchost.exe
4444	svchost.exe
2288	svchost.exe
2288	svchost.exe
2288	svchost.exe
3276	svchost.exe
3276	svchost.exe
3276	svchost.exe
392	svchost.exe
392	svchost.exe
392	svchost.exe
392	svchost.exe
392	svchost.exe
392	svchost.exe
4392	svchost.exe
4392	svchost.exe
4392	svchost.exe
4392	svchost.exe
4392	svchost.exe
4392	svchost.exe
2540	svchost.exe
2540	svchost.exe
2540	svchost.exe
1344	svchost.exe
1344	svchost.exe
1344	svchost.exe
1976	svchost.exe
1976	svchost.exe
1976	svchost.exe

Drops file in System32 directory 14 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\Nwsapagent.dll	46344c83c9f55912c382863d6064fdf1106b3ab7da7801d37149ed1f6fc920ea.exe
File opened for modification	C:\Windows\SysWOW64\WmdmPmSp.dll	46344c83c9f55912c382863d6064fdf1106b3ab7da7801d37149ed1f6fc920ea.exe
File opened for modification	C:\Windows\SysWOW64\FastUserSwitchingCompatibility.dll	46344c83c9f55912c382863d6064fdf1106b3ab7da7801d37149ed1f6fc920ea.exe
File opened for modification	C:\Windows\SysWOW64\Nla.dll	46344c83c9f55912c382863d6064fdf1106b3ab7da7801d37149ed1f6fc920ea.exe
File opened for modification	C:\Windows\SysWOW64\LogonHours.dll	46344c83c9f55912c382863d6064fdf1106b3ab7da7801d37149ed1f6fc920ea.exe
File opened for modification	C:\Windows\SysWOW64\SRService.dll	46344c83c9f55912c382863d6064fdf1106b3ab7da7801d37149ed1f6fc920ea.exe
File opened for modification	C:\Windows\SysWOW64\Wmi.dll	46344c83c9f55912c382863d6064fdf1106b3ab7da7801d37149ed1f6fc920ea.exe
File opened for modification	C:\Windows\SysWOW64\uploadmgr.dll	46344c83c9f55912c382863d6064fdf1106b3ab7da7801d37149ed1f6fc920ea.exe
File opened for modification	C:\Windows\SysWOW64\Ias.dll	46344c83c9f55912c382863d6064fdf1106b3ab7da7801d37149ed1f6fc920ea.exe
File opened for modification	C:\Windows\SysWOW64\Ntmssvc.dll	46344c83c9f55912c382863d6064fdf1106b3ab7da7801d37149ed1f6fc920ea.exe
File opened for modification	C:\Windows\SysWOW64\PCAudit.dll	46344c83c9f55912c382863d6064fdf1106b3ab7da7801d37149ed1f6fc920ea.exe
File opened for modification	C:\Windows\SysWOW64\helpsvc.dll	46344c83c9f55912c382863d6064fdf1106b3ab7da7801d37149ed1f6fc920ea.exe
File opened for modification	C:\Windows\SysWOW64\Irmon.dll	46344c83c9f55912c382863d6064fdf1106b3ab7da7801d37149ed1f6fc920ea.exe
File opened for modification	C:\Windows\SysWOW64\NWCWorkstation.dll	46344c83c9f55912c382863d6064fdf1106b3ab7da7801d37149ed1f6fc920ea.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4060	46344c83c9f55912c382863d6064fdf1106b3ab7da7801d37149ed1f6fc920ea.exe
4060	46344c83c9f55912c382863d6064fdf1106b3ab7da7801d37149ed1f6fc920ea.exe

C:\Users\Admin\AppData\Local\Temp\46344c83c9f55912c382863d6064fdf1106b3ab7da7801d37149ed1f6fc920ea.exe
"C:\Users\Admin\AppData\Local\Temp\46344c83c9f55912c382863d6064fdf1106b3ab7da7801d37149ed1f6fc920ea.exe"
1⤵
- Sets DLL path for service in the registry
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
PID:4060

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs -s FastUserSwitchingCompatibility
1⤵
- Loads dropped DLL
PID:4580

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs -s Irmon
1⤵
- Loads dropped DLL
PID:4820

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs -s Nla
1⤵
- Loads dropped DLL
PID:1616

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs -s Ntmssvc
1⤵
- Loads dropped DLL
PID:1604

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs -s NWCWorkstation
1⤵
- Loads dropped DLL
PID:4444

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs -s Nwsapagent
1⤵
- Loads dropped DLL
PID:2288

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs -s SRService
1⤵
- Loads dropped DLL
PID:3276

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs -s WmdmPmSp
1⤵
- Loads dropped DLL
PID:392

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs -s LogonHours
1⤵
- Loads dropped DLL
PID:4392

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs -s PCAudit
1⤵
- Loads dropped DLL
PID:2540

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs -s helpsvc
1⤵
- Loads dropped DLL
PID:1344

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs -s uploadmgr
1⤵
- Loads dropped DLL
PID:1976

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\FastUserSwitchingCompatibility.dll

Filesize
139KB

MD5
aa366fe33632c75d2f6b96e67d43f152

SHA1
d2d6e59cd6c571668e5f39ce09c6e4d9516b2d4f

SHA256
8538ecaf3e513e823e35bd486c2e623a5bc025435dd6e5f2f2ae984377843a06

SHA512
0cf4671ef0f371e36552bba8c6553722e8102b3308b1b664955a4293a6095c0b99ea3dccb05b82ca4f935168ea59a25712d117def9797a8f1053efa9905ca767

Download Submit
C:\Windows\SysWOW64\FastUserSwitchingCompatibility.dll

Filesize
139KB

MD5
aa366fe33632c75d2f6b96e67d43f152

SHA1
d2d6e59cd6c571668e5f39ce09c6e4d9516b2d4f

SHA256
8538ecaf3e513e823e35bd486c2e623a5bc025435dd6e5f2f2ae984377843a06

SHA512
0cf4671ef0f371e36552bba8c6553722e8102b3308b1b664955a4293a6095c0b99ea3dccb05b82ca4f935168ea59a25712d117def9797a8f1053efa9905ca767

Download Submit
C:\Windows\SysWOW64\FastUserSwitchingCompatibility.dll

Filesize
139KB

MD5
aa366fe33632c75d2f6b96e67d43f152

SHA1
d2d6e59cd6c571668e5f39ce09c6e4d9516b2d4f

SHA256
8538ecaf3e513e823e35bd486c2e623a5bc025435dd6e5f2f2ae984377843a06

SHA512
0cf4671ef0f371e36552bba8c6553722e8102b3308b1b664955a4293a6095c0b99ea3dccb05b82ca4f935168ea59a25712d117def9797a8f1053efa9905ca767

Download Submit
C:\Windows\SysWOW64\FastUserSwitchingCompatibility.dll

Filesize
139KB

MD5
aa366fe33632c75d2f6b96e67d43f152

SHA1
d2d6e59cd6c571668e5f39ce09c6e4d9516b2d4f

SHA256
8538ecaf3e513e823e35bd486c2e623a5bc025435dd6e5f2f2ae984377843a06

SHA512
0cf4671ef0f371e36552bba8c6553722e8102b3308b1b664955a4293a6095c0b99ea3dccb05b82ca4f935168ea59a25712d117def9797a8f1053efa9905ca767

Download Submit
C:\Windows\SysWOW64\FastUserSwitchingCompatibility.dll

Filesize
139KB

MD5
aa366fe33632c75d2f6b96e67d43f152

SHA1
d2d6e59cd6c571668e5f39ce09c6e4d9516b2d4f

SHA256
8538ecaf3e513e823e35bd486c2e623a5bc025435dd6e5f2f2ae984377843a06

SHA512
0cf4671ef0f371e36552bba8c6553722e8102b3308b1b664955a4293a6095c0b99ea3dccb05b82ca4f935168ea59a25712d117def9797a8f1053efa9905ca767

Download Submit
C:\Windows\SysWOW64\FastUserSwitchingCompatibility.dll

Filesize
139KB

MD5
aa366fe33632c75d2f6b96e67d43f152

SHA1
d2d6e59cd6c571668e5f39ce09c6e4d9516b2d4f

SHA256
8538ecaf3e513e823e35bd486c2e623a5bc025435dd6e5f2f2ae984377843a06

SHA512
0cf4671ef0f371e36552bba8c6553722e8102b3308b1b664955a4293a6095c0b99ea3dccb05b82ca4f935168ea59a25712d117def9797a8f1053efa9905ca767

Download Submit
C:\Windows\SysWOW64\Irmon.dll

Filesize
139KB

MD5
aa366fe33632c75d2f6b96e67d43f152

SHA1
d2d6e59cd6c571668e5f39ce09c6e4d9516b2d4f

SHA256
8538ecaf3e513e823e35bd486c2e623a5bc025435dd6e5f2f2ae984377843a06

SHA512
0cf4671ef0f371e36552bba8c6553722e8102b3308b1b664955a4293a6095c0b99ea3dccb05b82ca4f935168ea59a25712d117def9797a8f1053efa9905ca767

Download Submit
C:\Windows\SysWOW64\Irmon.dll

Filesize
139KB

MD5
aa366fe33632c75d2f6b96e67d43f152

SHA1
d2d6e59cd6c571668e5f39ce09c6e4d9516b2d4f

SHA256
8538ecaf3e513e823e35bd486c2e623a5bc025435dd6e5f2f2ae984377843a06

SHA512
0cf4671ef0f371e36552bba8c6553722e8102b3308b1b664955a4293a6095c0b99ea3dccb05b82ca4f935168ea59a25712d117def9797a8f1053efa9905ca767

Download Submit
C:\Windows\SysWOW64\Irmon.dll

Filesize
139KB

MD5
aa366fe33632c75d2f6b96e67d43f152

SHA1
d2d6e59cd6c571668e5f39ce09c6e4d9516b2d4f

SHA256
8538ecaf3e513e823e35bd486c2e623a5bc025435dd6e5f2f2ae984377843a06

SHA512
0cf4671ef0f371e36552bba8c6553722e8102b3308b1b664955a4293a6095c0b99ea3dccb05b82ca4f935168ea59a25712d117def9797a8f1053efa9905ca767

Download Submit
C:\Windows\SysWOW64\LogonHours.dll

Filesize
139KB

MD5
aa366fe33632c75d2f6b96e67d43f152

SHA1
d2d6e59cd6c571668e5f39ce09c6e4d9516b2d4f

SHA256
8538ecaf3e513e823e35bd486c2e623a5bc025435dd6e5f2f2ae984377843a06

SHA512
0cf4671ef0f371e36552bba8c6553722e8102b3308b1b664955a4293a6095c0b99ea3dccb05b82ca4f935168ea59a25712d117def9797a8f1053efa9905ca767

Download Submit
C:\Windows\SysWOW64\LogonHours.dll

Filesize
139KB

MD5
aa366fe33632c75d2f6b96e67d43f152

SHA1
d2d6e59cd6c571668e5f39ce09c6e4d9516b2d4f

SHA256
8538ecaf3e513e823e35bd486c2e623a5bc025435dd6e5f2f2ae984377843a06

SHA512
0cf4671ef0f371e36552bba8c6553722e8102b3308b1b664955a4293a6095c0b99ea3dccb05b82ca4f935168ea59a25712d117def9797a8f1053efa9905ca767

Download Submit
C:\Windows\SysWOW64\LogonHours.dll

Filesize
139KB

MD5
aa366fe33632c75d2f6b96e67d43f152

SHA1
d2d6e59cd6c571668e5f39ce09c6e4d9516b2d4f

SHA256
8538ecaf3e513e823e35bd486c2e623a5bc025435dd6e5f2f2ae984377843a06

SHA512
0cf4671ef0f371e36552bba8c6553722e8102b3308b1b664955a4293a6095c0b99ea3dccb05b82ca4f935168ea59a25712d117def9797a8f1053efa9905ca767

Download Submit
C:\Windows\SysWOW64\LogonHours.dll

Filesize
139KB

MD5
aa366fe33632c75d2f6b96e67d43f152

SHA1
d2d6e59cd6c571668e5f39ce09c6e4d9516b2d4f

SHA256
8538ecaf3e513e823e35bd486c2e623a5bc025435dd6e5f2f2ae984377843a06

SHA512
0cf4671ef0f371e36552bba8c6553722e8102b3308b1b664955a4293a6095c0b99ea3dccb05b82ca4f935168ea59a25712d117def9797a8f1053efa9905ca767

Download Submit
C:\Windows\SysWOW64\LogonHours.dll

Filesize
139KB

MD5
aa366fe33632c75d2f6b96e67d43f152

SHA1
d2d6e59cd6c571668e5f39ce09c6e4d9516b2d4f

SHA256
8538ecaf3e513e823e35bd486c2e623a5bc025435dd6e5f2f2ae984377843a06

SHA512
0cf4671ef0f371e36552bba8c6553722e8102b3308b1b664955a4293a6095c0b99ea3dccb05b82ca4f935168ea59a25712d117def9797a8f1053efa9905ca767

Download Submit
C:\Windows\SysWOW64\LogonHours.dll

Filesize
139KB

MD5
aa366fe33632c75d2f6b96e67d43f152

SHA1
d2d6e59cd6c571668e5f39ce09c6e4d9516b2d4f

SHA256
8538ecaf3e513e823e35bd486c2e623a5bc025435dd6e5f2f2ae984377843a06

SHA512
0cf4671ef0f371e36552bba8c6553722e8102b3308b1b664955a4293a6095c0b99ea3dccb05b82ca4f935168ea59a25712d117def9797a8f1053efa9905ca767

Download Submit
C:\Windows\SysWOW64\NWCWorkstation.dll

Filesize
139KB

MD5
aa366fe33632c75d2f6b96e67d43f152

SHA1
d2d6e59cd6c571668e5f39ce09c6e4d9516b2d4f

SHA256
8538ecaf3e513e823e35bd486c2e623a5bc025435dd6e5f2f2ae984377843a06

SHA512
0cf4671ef0f371e36552bba8c6553722e8102b3308b1b664955a4293a6095c0b99ea3dccb05b82ca4f935168ea59a25712d117def9797a8f1053efa9905ca767

Download Submit
C:\Windows\SysWOW64\NWCWorkstation.dll

Filesize
139KB

MD5
aa366fe33632c75d2f6b96e67d43f152

SHA1
d2d6e59cd6c571668e5f39ce09c6e4d9516b2d4f

SHA256
8538ecaf3e513e823e35bd486c2e623a5bc025435dd6e5f2f2ae984377843a06

SHA512
0cf4671ef0f371e36552bba8c6553722e8102b3308b1b664955a4293a6095c0b99ea3dccb05b82ca4f935168ea59a25712d117def9797a8f1053efa9905ca767

Download Submit
C:\Windows\SysWOW64\NWCWorkstation.dll

Filesize
139KB

MD5
aa366fe33632c75d2f6b96e67d43f152

SHA1
d2d6e59cd6c571668e5f39ce09c6e4d9516b2d4f

SHA256
8538ecaf3e513e823e35bd486c2e623a5bc025435dd6e5f2f2ae984377843a06

SHA512
0cf4671ef0f371e36552bba8c6553722e8102b3308b1b664955a4293a6095c0b99ea3dccb05b82ca4f935168ea59a25712d117def9797a8f1053efa9905ca767

Download Submit
C:\Windows\SysWOW64\Nla.dll

Filesize
139KB

MD5
aa366fe33632c75d2f6b96e67d43f152

SHA1
d2d6e59cd6c571668e5f39ce09c6e4d9516b2d4f

SHA256
8538ecaf3e513e823e35bd486c2e623a5bc025435dd6e5f2f2ae984377843a06

SHA512
0cf4671ef0f371e36552bba8c6553722e8102b3308b1b664955a4293a6095c0b99ea3dccb05b82ca4f935168ea59a25712d117def9797a8f1053efa9905ca767

Download Submit
C:\Windows\SysWOW64\Nla.dll

Filesize
139KB

MD5
aa366fe33632c75d2f6b96e67d43f152

SHA1
d2d6e59cd6c571668e5f39ce09c6e4d9516b2d4f

SHA256
8538ecaf3e513e823e35bd486c2e623a5bc025435dd6e5f2f2ae984377843a06

SHA512
0cf4671ef0f371e36552bba8c6553722e8102b3308b1b664955a4293a6095c0b99ea3dccb05b82ca4f935168ea59a25712d117def9797a8f1053efa9905ca767

Download Submit
C:\Windows\SysWOW64\Nla.dll

Filesize
139KB

MD5
aa366fe33632c75d2f6b96e67d43f152

SHA1
d2d6e59cd6c571668e5f39ce09c6e4d9516b2d4f

SHA256
8538ecaf3e513e823e35bd486c2e623a5bc025435dd6e5f2f2ae984377843a06

SHA512
0cf4671ef0f371e36552bba8c6553722e8102b3308b1b664955a4293a6095c0b99ea3dccb05b82ca4f935168ea59a25712d117def9797a8f1053efa9905ca767

Download Submit
C:\Windows\SysWOW64\Nla.dll

Filesize
139KB

MD5
aa366fe33632c75d2f6b96e67d43f152

SHA1
d2d6e59cd6c571668e5f39ce09c6e4d9516b2d4f

SHA256
8538ecaf3e513e823e35bd486c2e623a5bc025435dd6e5f2f2ae984377843a06

SHA512
0cf4671ef0f371e36552bba8c6553722e8102b3308b1b664955a4293a6095c0b99ea3dccb05b82ca4f935168ea59a25712d117def9797a8f1053efa9905ca767

Download Submit
C:\Windows\SysWOW64\Nla.dll

Filesize
139KB

MD5
aa366fe33632c75d2f6b96e67d43f152

SHA1
d2d6e59cd6c571668e5f39ce09c6e4d9516b2d4f

SHA256
8538ecaf3e513e823e35bd486c2e623a5bc025435dd6e5f2f2ae984377843a06

SHA512
0cf4671ef0f371e36552bba8c6553722e8102b3308b1b664955a4293a6095c0b99ea3dccb05b82ca4f935168ea59a25712d117def9797a8f1053efa9905ca767

Download Submit
C:\Windows\SysWOW64\Nla.dll

Filesize
139KB

MD5
aa366fe33632c75d2f6b96e67d43f152

SHA1
d2d6e59cd6c571668e5f39ce09c6e4d9516b2d4f

SHA256
8538ecaf3e513e823e35bd486c2e623a5bc025435dd6e5f2f2ae984377843a06

SHA512
0cf4671ef0f371e36552bba8c6553722e8102b3308b1b664955a4293a6095c0b99ea3dccb05b82ca4f935168ea59a25712d117def9797a8f1053efa9905ca767

Download Submit
C:\Windows\SysWOW64\Ntmssvc.dll

Filesize
139KB

MD5
aa366fe33632c75d2f6b96e67d43f152

SHA1
d2d6e59cd6c571668e5f39ce09c6e4d9516b2d4f

SHA256
8538ecaf3e513e823e35bd486c2e623a5bc025435dd6e5f2f2ae984377843a06

SHA512
0cf4671ef0f371e36552bba8c6553722e8102b3308b1b664955a4293a6095c0b99ea3dccb05b82ca4f935168ea59a25712d117def9797a8f1053efa9905ca767

Download Submit
C:\Windows\SysWOW64\Ntmssvc.dll

Filesize
139KB

MD5
aa366fe33632c75d2f6b96e67d43f152

SHA1
d2d6e59cd6c571668e5f39ce09c6e4d9516b2d4f

SHA256
8538ecaf3e513e823e35bd486c2e623a5bc025435dd6e5f2f2ae984377843a06

SHA512
0cf4671ef0f371e36552bba8c6553722e8102b3308b1b664955a4293a6095c0b99ea3dccb05b82ca4f935168ea59a25712d117def9797a8f1053efa9905ca767

Download Submit
C:\Windows\SysWOW64\Ntmssvc.dll

Filesize
139KB

MD5
aa366fe33632c75d2f6b96e67d43f152

SHA1
d2d6e59cd6c571668e5f39ce09c6e4d9516b2d4f

SHA256
8538ecaf3e513e823e35bd486c2e623a5bc025435dd6e5f2f2ae984377843a06

SHA512
0cf4671ef0f371e36552bba8c6553722e8102b3308b1b664955a4293a6095c0b99ea3dccb05b82ca4f935168ea59a25712d117def9797a8f1053efa9905ca767

Download Submit
C:\Windows\SysWOW64\Nwsapagent.dll

Filesize
139KB

MD5
aa366fe33632c75d2f6b96e67d43f152

SHA1
d2d6e59cd6c571668e5f39ce09c6e4d9516b2d4f

SHA256
8538ecaf3e513e823e35bd486c2e623a5bc025435dd6e5f2f2ae984377843a06

SHA512
0cf4671ef0f371e36552bba8c6553722e8102b3308b1b664955a4293a6095c0b99ea3dccb05b82ca4f935168ea59a25712d117def9797a8f1053efa9905ca767

Download Submit
C:\Windows\SysWOW64\Nwsapagent.dll

Filesize
139KB

MD5
aa366fe33632c75d2f6b96e67d43f152

SHA1
d2d6e59cd6c571668e5f39ce09c6e4d9516b2d4f

SHA256
8538ecaf3e513e823e35bd486c2e623a5bc025435dd6e5f2f2ae984377843a06

SHA512
0cf4671ef0f371e36552bba8c6553722e8102b3308b1b664955a4293a6095c0b99ea3dccb05b82ca4f935168ea59a25712d117def9797a8f1053efa9905ca767

Download Submit
C:\Windows\SysWOW64\Nwsapagent.dll

Filesize
139KB

MD5
aa366fe33632c75d2f6b96e67d43f152

SHA1
d2d6e59cd6c571668e5f39ce09c6e4d9516b2d4f

SHA256
8538ecaf3e513e823e35bd486c2e623a5bc025435dd6e5f2f2ae984377843a06

SHA512
0cf4671ef0f371e36552bba8c6553722e8102b3308b1b664955a4293a6095c0b99ea3dccb05b82ca4f935168ea59a25712d117def9797a8f1053efa9905ca767

Download Submit
C:\Windows\SysWOW64\PCAudit.dll

Filesize
139KB

MD5
aa366fe33632c75d2f6b96e67d43f152

SHA1
d2d6e59cd6c571668e5f39ce09c6e4d9516b2d4f

SHA256
8538ecaf3e513e823e35bd486c2e623a5bc025435dd6e5f2f2ae984377843a06

SHA512
0cf4671ef0f371e36552bba8c6553722e8102b3308b1b664955a4293a6095c0b99ea3dccb05b82ca4f935168ea59a25712d117def9797a8f1053efa9905ca767

Download Submit
C:\Windows\SysWOW64\PCAudit.dll

Filesize
139KB

MD5
aa366fe33632c75d2f6b96e67d43f152

SHA1
d2d6e59cd6c571668e5f39ce09c6e4d9516b2d4f

SHA256
8538ecaf3e513e823e35bd486c2e623a5bc025435dd6e5f2f2ae984377843a06

SHA512
0cf4671ef0f371e36552bba8c6553722e8102b3308b1b664955a4293a6095c0b99ea3dccb05b82ca4f935168ea59a25712d117def9797a8f1053efa9905ca767

Download Submit
C:\Windows\SysWOW64\PCAudit.dll

Filesize
139KB

MD5
aa366fe33632c75d2f6b96e67d43f152

SHA1
d2d6e59cd6c571668e5f39ce09c6e4d9516b2d4f

SHA256
8538ecaf3e513e823e35bd486c2e623a5bc025435dd6e5f2f2ae984377843a06

SHA512
0cf4671ef0f371e36552bba8c6553722e8102b3308b1b664955a4293a6095c0b99ea3dccb05b82ca4f935168ea59a25712d117def9797a8f1053efa9905ca767

Download Submit
C:\Windows\SysWOW64\SRService.dll

Filesize
139KB

MD5
aa366fe33632c75d2f6b96e67d43f152

SHA1
d2d6e59cd6c571668e5f39ce09c6e4d9516b2d4f

SHA256
8538ecaf3e513e823e35bd486c2e623a5bc025435dd6e5f2f2ae984377843a06

SHA512
0cf4671ef0f371e36552bba8c6553722e8102b3308b1b664955a4293a6095c0b99ea3dccb05b82ca4f935168ea59a25712d117def9797a8f1053efa9905ca767

Download Submit
C:\Windows\SysWOW64\SRService.dll

Filesize
139KB

MD5
aa366fe33632c75d2f6b96e67d43f152

SHA1
d2d6e59cd6c571668e5f39ce09c6e4d9516b2d4f

SHA256
8538ecaf3e513e823e35bd486c2e623a5bc025435dd6e5f2f2ae984377843a06

SHA512
0cf4671ef0f371e36552bba8c6553722e8102b3308b1b664955a4293a6095c0b99ea3dccb05b82ca4f935168ea59a25712d117def9797a8f1053efa9905ca767

Download Submit
C:\Windows\SysWOW64\SRService.dll

Filesize
139KB

MD5
aa366fe33632c75d2f6b96e67d43f152

SHA1
d2d6e59cd6c571668e5f39ce09c6e4d9516b2d4f

SHA256
8538ecaf3e513e823e35bd486c2e623a5bc025435dd6e5f2f2ae984377843a06

SHA512
0cf4671ef0f371e36552bba8c6553722e8102b3308b1b664955a4293a6095c0b99ea3dccb05b82ca4f935168ea59a25712d117def9797a8f1053efa9905ca767

Download Submit
C:\Windows\SysWOW64\WmdmPmSp.dll

Filesize
139KB

MD5
aa366fe33632c75d2f6b96e67d43f152

SHA1
d2d6e59cd6c571668e5f39ce09c6e4d9516b2d4f

SHA256
8538ecaf3e513e823e35bd486c2e623a5bc025435dd6e5f2f2ae984377843a06

SHA512
0cf4671ef0f371e36552bba8c6553722e8102b3308b1b664955a4293a6095c0b99ea3dccb05b82ca4f935168ea59a25712d117def9797a8f1053efa9905ca767

Download Submit
C:\Windows\SysWOW64\WmdmPmSp.dll

Filesize
139KB

MD5
aa366fe33632c75d2f6b96e67d43f152

SHA1
d2d6e59cd6c571668e5f39ce09c6e4d9516b2d4f

SHA256
8538ecaf3e513e823e35bd486c2e623a5bc025435dd6e5f2f2ae984377843a06

SHA512
0cf4671ef0f371e36552bba8c6553722e8102b3308b1b664955a4293a6095c0b99ea3dccb05b82ca4f935168ea59a25712d117def9797a8f1053efa9905ca767

Download Submit
C:\Windows\SysWOW64\WmdmPmSp.dll

Filesize
139KB

MD5
aa366fe33632c75d2f6b96e67d43f152

SHA1
d2d6e59cd6c571668e5f39ce09c6e4d9516b2d4f

SHA256
8538ecaf3e513e823e35bd486c2e623a5bc025435dd6e5f2f2ae984377843a06

SHA512
0cf4671ef0f371e36552bba8c6553722e8102b3308b1b664955a4293a6095c0b99ea3dccb05b82ca4f935168ea59a25712d117def9797a8f1053efa9905ca767

Download Submit
C:\Windows\SysWOW64\WmdmPmSp.dll

Filesize
139KB

MD5
aa366fe33632c75d2f6b96e67d43f152

SHA1
d2d6e59cd6c571668e5f39ce09c6e4d9516b2d4f

SHA256
8538ecaf3e513e823e35bd486c2e623a5bc025435dd6e5f2f2ae984377843a06

SHA512
0cf4671ef0f371e36552bba8c6553722e8102b3308b1b664955a4293a6095c0b99ea3dccb05b82ca4f935168ea59a25712d117def9797a8f1053efa9905ca767

Download Submit
C:\Windows\SysWOW64\WmdmPmSp.dll

Filesize
139KB

MD5
aa366fe33632c75d2f6b96e67d43f152

SHA1
d2d6e59cd6c571668e5f39ce09c6e4d9516b2d4f

SHA256
8538ecaf3e513e823e35bd486c2e623a5bc025435dd6e5f2f2ae984377843a06

SHA512
0cf4671ef0f371e36552bba8c6553722e8102b3308b1b664955a4293a6095c0b99ea3dccb05b82ca4f935168ea59a25712d117def9797a8f1053efa9905ca767

Download Submit
C:\Windows\SysWOW64\WmdmPmSp.dll

Filesize
139KB

MD5
aa366fe33632c75d2f6b96e67d43f152

SHA1
d2d6e59cd6c571668e5f39ce09c6e4d9516b2d4f

SHA256
8538ecaf3e513e823e35bd486c2e623a5bc025435dd6e5f2f2ae984377843a06

SHA512
0cf4671ef0f371e36552bba8c6553722e8102b3308b1b664955a4293a6095c0b99ea3dccb05b82ca4f935168ea59a25712d117def9797a8f1053efa9905ca767

Download Submit
C:\Windows\SysWOW64\helpsvc.dll

Filesize
139KB

MD5
aa366fe33632c75d2f6b96e67d43f152

SHA1
d2d6e59cd6c571668e5f39ce09c6e4d9516b2d4f

SHA256
8538ecaf3e513e823e35bd486c2e623a5bc025435dd6e5f2f2ae984377843a06

SHA512
0cf4671ef0f371e36552bba8c6553722e8102b3308b1b664955a4293a6095c0b99ea3dccb05b82ca4f935168ea59a25712d117def9797a8f1053efa9905ca767

Download Submit
C:\Windows\SysWOW64\helpsvc.dll

Filesize
139KB

MD5
aa366fe33632c75d2f6b96e67d43f152

SHA1
d2d6e59cd6c571668e5f39ce09c6e4d9516b2d4f

SHA256
8538ecaf3e513e823e35bd486c2e623a5bc025435dd6e5f2f2ae984377843a06

SHA512
0cf4671ef0f371e36552bba8c6553722e8102b3308b1b664955a4293a6095c0b99ea3dccb05b82ca4f935168ea59a25712d117def9797a8f1053efa9905ca767

Download Submit
C:\Windows\SysWOW64\helpsvc.dll

Filesize
139KB

MD5
aa366fe33632c75d2f6b96e67d43f152

SHA1
d2d6e59cd6c571668e5f39ce09c6e4d9516b2d4f

SHA256
8538ecaf3e513e823e35bd486c2e623a5bc025435dd6e5f2f2ae984377843a06

SHA512
0cf4671ef0f371e36552bba8c6553722e8102b3308b1b664955a4293a6095c0b99ea3dccb05b82ca4f935168ea59a25712d117def9797a8f1053efa9905ca767

Download Submit
C:\Windows\SysWOW64\uploadmgr.dll

Filesize
139KB

MD5
aa366fe33632c75d2f6b96e67d43f152

SHA1
d2d6e59cd6c571668e5f39ce09c6e4d9516b2d4f

SHA256
8538ecaf3e513e823e35bd486c2e623a5bc025435dd6e5f2f2ae984377843a06

SHA512
0cf4671ef0f371e36552bba8c6553722e8102b3308b1b664955a4293a6095c0b99ea3dccb05b82ca4f935168ea59a25712d117def9797a8f1053efa9905ca767

Download Submit
C:\Windows\SysWOW64\uploadmgr.dll

Filesize
139KB

MD5
aa366fe33632c75d2f6b96e67d43f152

SHA1
d2d6e59cd6c571668e5f39ce09c6e4d9516b2d4f

SHA256
8538ecaf3e513e823e35bd486c2e623a5bc025435dd6e5f2f2ae984377843a06

SHA512
0cf4671ef0f371e36552bba8c6553722e8102b3308b1b664955a4293a6095c0b99ea3dccb05b82ca4f935168ea59a25712d117def9797a8f1053efa9905ca767

Download Submit
C:\Windows\SysWOW64\uploadmgr.dll

Filesize
139KB

MD5
aa366fe33632c75d2f6b96e67d43f152

SHA1
d2d6e59cd6c571668e5f39ce09c6e4d9516b2d4f

SHA256
8538ecaf3e513e823e35bd486c2e623a5bc025435dd6e5f2f2ae984377843a06

SHA512
0cf4671ef0f371e36552bba8c6553722e8102b3308b1b664955a4293a6095c0b99ea3dccb05b82ca4f935168ea59a25712d117def9797a8f1053efa9905ca767

Download Submit
\??\c:\windows\SysWOW64\fastuserswitchingcompatibility.dll

Filesize
139KB

MD5
aa366fe33632c75d2f6b96e67d43f152

SHA1
d2d6e59cd6c571668e5f39ce09c6e4d9516b2d4f

SHA256
8538ecaf3e513e823e35bd486c2e623a5bc025435dd6e5f2f2ae984377843a06

SHA512
0cf4671ef0f371e36552bba8c6553722e8102b3308b1b664955a4293a6095c0b99ea3dccb05b82ca4f935168ea59a25712d117def9797a8f1053efa9905ca767

Download Submit
\??\c:\windows\SysWOW64\helpsvc.dll

Filesize
139KB

MD5
aa366fe33632c75d2f6b96e67d43f152

SHA1
d2d6e59cd6c571668e5f39ce09c6e4d9516b2d4f

SHA256
8538ecaf3e513e823e35bd486c2e623a5bc025435dd6e5f2f2ae984377843a06

SHA512
0cf4671ef0f371e36552bba8c6553722e8102b3308b1b664955a4293a6095c0b99ea3dccb05b82ca4f935168ea59a25712d117def9797a8f1053efa9905ca767

Download Submit
\??\c:\windows\SysWOW64\irmon.dll

Filesize
139KB

MD5
aa366fe33632c75d2f6b96e67d43f152

SHA1
d2d6e59cd6c571668e5f39ce09c6e4d9516b2d4f

SHA256
8538ecaf3e513e823e35bd486c2e623a5bc025435dd6e5f2f2ae984377843a06

SHA512
0cf4671ef0f371e36552bba8c6553722e8102b3308b1b664955a4293a6095c0b99ea3dccb05b82ca4f935168ea59a25712d117def9797a8f1053efa9905ca767

Download Submit
\??\c:\windows\SysWOW64\logonhours.dll

Filesize
139KB

MD5
aa366fe33632c75d2f6b96e67d43f152

SHA1
d2d6e59cd6c571668e5f39ce09c6e4d9516b2d4f

SHA256
8538ecaf3e513e823e35bd486c2e623a5bc025435dd6e5f2f2ae984377843a06

SHA512
0cf4671ef0f371e36552bba8c6553722e8102b3308b1b664955a4293a6095c0b99ea3dccb05b82ca4f935168ea59a25712d117def9797a8f1053efa9905ca767

Download Submit
\??\c:\windows\SysWOW64\nla.dll

Filesize
139KB

MD5
aa366fe33632c75d2f6b96e67d43f152

SHA1
d2d6e59cd6c571668e5f39ce09c6e4d9516b2d4f

SHA256
8538ecaf3e513e823e35bd486c2e623a5bc025435dd6e5f2f2ae984377843a06

SHA512
0cf4671ef0f371e36552bba8c6553722e8102b3308b1b664955a4293a6095c0b99ea3dccb05b82ca4f935168ea59a25712d117def9797a8f1053efa9905ca767

Download Submit
\??\c:\windows\SysWOW64\ntmssvc.dll

Filesize
139KB

MD5
aa366fe33632c75d2f6b96e67d43f152

SHA1
d2d6e59cd6c571668e5f39ce09c6e4d9516b2d4f

SHA256
8538ecaf3e513e823e35bd486c2e623a5bc025435dd6e5f2f2ae984377843a06

SHA512
0cf4671ef0f371e36552bba8c6553722e8102b3308b1b664955a4293a6095c0b99ea3dccb05b82ca4f935168ea59a25712d117def9797a8f1053efa9905ca767

Download Submit
\??\c:\windows\SysWOW64\nwcworkstation.dll

Filesize
139KB

MD5
aa366fe33632c75d2f6b96e67d43f152

SHA1
d2d6e59cd6c571668e5f39ce09c6e4d9516b2d4f

SHA256
8538ecaf3e513e823e35bd486c2e623a5bc025435dd6e5f2f2ae984377843a06

SHA512
0cf4671ef0f371e36552bba8c6553722e8102b3308b1b664955a4293a6095c0b99ea3dccb05b82ca4f935168ea59a25712d117def9797a8f1053efa9905ca767

Download Submit
\??\c:\windows\SysWOW64\nwsapagent.dll

Filesize
139KB

MD5
aa366fe33632c75d2f6b96e67d43f152

SHA1
d2d6e59cd6c571668e5f39ce09c6e4d9516b2d4f

SHA256
8538ecaf3e513e823e35bd486c2e623a5bc025435dd6e5f2f2ae984377843a06

SHA512
0cf4671ef0f371e36552bba8c6553722e8102b3308b1b664955a4293a6095c0b99ea3dccb05b82ca4f935168ea59a25712d117def9797a8f1053efa9905ca767

Download Submit
\??\c:\windows\SysWOW64\pcaudit.dll

Filesize
139KB

MD5
aa366fe33632c75d2f6b96e67d43f152

SHA1
d2d6e59cd6c571668e5f39ce09c6e4d9516b2d4f

SHA256
8538ecaf3e513e823e35bd486c2e623a5bc025435dd6e5f2f2ae984377843a06

SHA512
0cf4671ef0f371e36552bba8c6553722e8102b3308b1b664955a4293a6095c0b99ea3dccb05b82ca4f935168ea59a25712d117def9797a8f1053efa9905ca767

Download Submit
\??\c:\windows\SysWOW64\srservice.dll

Filesize
139KB

MD5
aa366fe33632c75d2f6b96e67d43f152

SHA1
d2d6e59cd6c571668e5f39ce09c6e4d9516b2d4f

SHA256
8538ecaf3e513e823e35bd486c2e623a5bc025435dd6e5f2f2ae984377843a06

SHA512
0cf4671ef0f371e36552bba8c6553722e8102b3308b1b664955a4293a6095c0b99ea3dccb05b82ca4f935168ea59a25712d117def9797a8f1053efa9905ca767

Download Submit
\??\c:\windows\SysWOW64\uploadmgr.dll

Filesize
139KB

MD5
aa366fe33632c75d2f6b96e67d43f152

SHA1
d2d6e59cd6c571668e5f39ce09c6e4d9516b2d4f

SHA256
8538ecaf3e513e823e35bd486c2e623a5bc025435dd6e5f2f2ae984377843a06

SHA512
0cf4671ef0f371e36552bba8c6553722e8102b3308b1b664955a4293a6095c0b99ea3dccb05b82ca4f935168ea59a25712d117def9797a8f1053efa9905ca767

Download Submit
\??\c:\windows\SysWOW64\wmdmpmsp.dll

Filesize
139KB

MD5
aa366fe33632c75d2f6b96e67d43f152

SHA1
d2d6e59cd6c571668e5f39ce09c6e4d9516b2d4f

SHA256
8538ecaf3e513e823e35bd486c2e623a5bc025435dd6e5f2f2ae984377843a06

SHA512
0cf4671ef0f371e36552bba8c6553722e8102b3308b1b664955a4293a6095c0b99ea3dccb05b82ca4f935168ea59a25712d117def9797a8f1053efa9905ca767

Download Submit
memory/2288-180-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/2288-167-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/2288-168-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/4060-152-0x0000000002750000-0x0000000006750000-memory.dmp

Filesize
64.0MB

Download
memory/4060-133-0x0000000002750000-0x0000000006750000-memory.dmp

Filesize
64.0MB

Download
memory/4060-132-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/4444-160-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/4444-162-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download