221bb51389e60bce4d07d55bc0b94e4bb81c991defc113098bf9931a70562e83

Analysis

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
04-11-2022 22:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

221bb51389e60bce4d07d55bc0b94e4bb81c991defc113098bf9931a70562e83.exe
Size

18.7MB
MD5

9df8c81a885782e1211fa35da9490983
SHA1

8e98b35fc49e84e32c284dfa139a599da339551a
SHA256

221bb51389e60bce4d07d55bc0b94e4bb81c991defc113098bf9931a70562e83
SHA512

112d0bef89b10f1b53e5d55b2d02ca54963ee426f4948494932049af5c3f8651b7225891583cdf5d2e6522a34880dfebd333e75da0823bd23de5b52a3a616164
SSDEEP

393216:1Jr6rdKH/d3v+Bxi/WoGW0ZHNIz4syLFMPZvRYL5wq32O2INwSzUPM/Bd:8dKH/ei/eZScnsdO2izCM/Bd

Score

8^/10

persistence

Malware Config

Signatures

Creates new service(s) 1 TTPs
persistence

New Service
T1050

Executes dropped EXE 1 IoCs

pid	Process
2892	HiviewService.exe

Loads dropped DLL 41 IoCs

pid	Process
4812	221bb51389e60bce4d07d55bc0b94e4bb81c991defc113098bf9931a70562e83.exe
4812	221bb51389e60bce4d07d55bc0b94e4bb81c991defc113098bf9931a70562e83.exe
2892	HiviewService.exe
2892	HiviewService.exe
2892	HiviewService.exe
2892	HiviewService.exe
2892	HiviewService.exe
2892	HiviewService.exe
2892	HiviewService.exe
2892	HiviewService.exe
2892	HiviewService.exe
2892	HiviewService.exe
2892	HiviewService.exe
2892	HiviewService.exe
2892	HiviewService.exe
2892	HiviewService.exe
2892	HiviewService.exe
2892	HiviewService.exe
2892	HiviewService.exe
2892	HiviewService.exe
2892	HiviewService.exe
2892	HiviewService.exe
2892	HiviewService.exe
2892	HiviewService.exe
2892	HiviewService.exe
2892	HiviewService.exe
2892	HiviewService.exe
2892	HiviewService.exe
2892	HiviewService.exe
2892	HiviewService.exe
2892	HiviewService.exe
2892	HiviewService.exe
2892	HiviewService.exe
2892	HiviewService.exe
2892	HiviewService.exe
2892	HiviewService.exe
2892	HiviewService.exe
2892	HiviewService.exe
4812	221bb51389e60bce4d07d55bc0b94e4bb81c991defc113098bf9931a70562e83.exe
4812	221bb51389e60bce4d07d55bc0b94e4bb81c991defc113098bf9931a70562e83.exe
4812	221bb51389e60bce4d07d55bc0b94e4bb81c991defc113098bf9931a70562e83.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Huawei\Hiview\mfc140jpn.dll	221bb51389e60bce4d07d55bc0b94e4bb81c991defc113098bf9931a70562e83.exe
File created	C:\Program Files\Huawei\Hiview\updateDir\NotifyRules.xml	221bb51389e60bce4d07d55bc0b94e4bb81c991defc113098bf9931a70562e83.exe
File created	C:\Program Files\Huawei\Hiview\updateDir\plugin_config	221bb51389e60bce4d07d55bc0b94e4bb81c991defc113098bf9931a70562e83.exe
File created	C:\Program Files\Huawei\Hiview\updateDir\remotedebug_upload_config.xml	221bb51389e60bce4d07d55bc0b94e4bb81c991defc113098bf9931a70562e83.exe
File created	C:\Program Files\Huawei\Hiview\config\AppUpdateStatus.xml	221bb51389e60bce4d07d55bc0b94e4bb81c991defc113098bf9931a70562e83.exe
File created	C:\Program Files\Huawei\Hiview\MBATipsSDK.dll	221bb51389e60bce4d07d55bc0b94e4bb81c991defc113098bf9931a70562e83.exe
File created	C:\Program Files\Huawei\Hiview\HiviewService.exe	221bb51389e60bce4d07d55bc0b94e4bb81c991defc113098bf9931a70562e83.exe
File created	C:\Program Files\Huawei\Hiview\hiviewlite.dll	221bb51389e60bce4d07d55bc0b94e4bb81c991defc113098bf9931a70562e83.exe
File created	C:\Program Files\Huawei\Hiview\updateDir\diagnosis_task.xml	221bb51389e60bce4d07d55bc0b94e4bb81c991defc113098bf9931a70562e83.exe
File created	C:\Program Files\Huawei\Hiview\libcrypto-1_1-x64.dll	221bb51389e60bce4d07d55bc0b94e4bb81c991defc113098bf9931a70562e83.exe
File created	C:\Program Files\Huawei\Hiview\common.dll	221bb51389e60bce4d07d55bc0b94e4bb81c991defc113098bf9931a70562e83.exe
File created	C:\Program Files\Huawei\Hiview\concrt140.dll	221bb51389e60bce4d07d55bc0b94e4bb81c991defc113098bf9931a70562e83.exe
File created	C:\Program Files\Huawei\Hiview\updateDir\event_id_template_list.xml	221bb51389e60bce4d07d55bc0b94e4bb81c991defc113098bf9931a70562e83.exe
File created	C:\Program Files\Huawei\Hiview\AudioBaseAPI.dll	221bb51389e60bce4d07d55bc0b94e4bb81c991defc113098bf9931a70562e83.exe
File created	C:\Program Files\Huawei\Hiview\faulttreeengine.dll	221bb51389e60bce4d07d55bc0b94e4bb81c991defc113098bf9931a70562e83.exe
File created	C:\Program Files\Huawei\Hiview\updateDir\AppConfig.xml	HiviewService.exe
File created	C:\Program Files\Huawei\Hiview\updateDir\stability_config.xml	221bb51389e60bce4d07d55bc0b94e4bb81c991defc113098bf9931a70562e83.exe
File created	C:\Program Files\Huawei\Hiview\config\cacert.pem	221bb51389e60bce4d07d55bc0b94e4bb81c991defc113098bf9931a70562e83.exe
File created	C:\Program Files\Huawei\Hiview\LogHelper.dll	221bb51389e60bce4d07d55bc0b94e4bb81c991defc113098bf9931a70562e83.exe
File created	C:\Program Files\Huawei\Hiview\PresentMon.dll	221bb51389e60bce4d07d55bc0b94e4bb81c991defc113098bf9931a70562e83.exe
File created	C:\Program Files\Huawei\Hiview\mfc140chs.dll	221bb51389e60bce4d07d55bc0b94e4bb81c991defc113098bf9931a70562e83.exe
File created	C:\Program Files\Huawei\Hiview\mfc140deu.dll	221bb51389e60bce4d07d55bc0b94e4bb81c991defc113098bf9931a70562e83.exe
File created	C:\Program Files\Huawei\Hiview\updateDir\native_ue_tmp\ue_event_id.xml	HiviewService.exe
File created	C:\Program Files\Huawei\Hiview\updateDir\FaultTrees.xml	221bb51389e60bce4d07d55bc0b94e4bb81c991defc113098bf9931a70562e83.exe
File created	C:\Program Files\Huawei\Hiview\config\product_adapter\MachineTypeList.dat	221bb51389e60bce4d07d55bc0b94e4bb81c991defc113098bf9931a70562e83.exe
File created	C:\Program Files\Huawei\Hiview\huawei_secure_c.dll	221bb51389e60bce4d07d55bc0b94e4bb81c991defc113098bf9931a70562e83.exe
File created	C:\Program Files\Huawei\Hiview\WmiUtil.dll	221bb51389e60bce4d07d55bc0b94e4bb81c991defc113098bf9931a70562e83.exe
File created	C:\Program Files\Huawei\Hiview\updateDir\AppFrameWhiteList.xml	221bb51389e60bce4d07d55bc0b94e4bb81c991defc113098bf9931a70562e83.exe
File created	C:\Program Files\Huawei\Hiview\updateDir\hiview_platform_config	221bb51389e60bce4d07d55bc0b94e4bb81c991defc113098bf9931a70562e83.exe
File created	C:\Program Files\Huawei\Hiview\updateDir\thirdappconfig.xml	221bb51389e60bce4d07d55bc0b94e4bb81c991defc113098bf9931a70562e83.exe
File created	C:\Program Files\Huawei\Hiview\config\grsConfig.json	221bb51389e60bce4d07d55bc0b94e4bb81c991defc113098bf9931a70562e83.exe
File created	C:\Program Files\Huawei\Hiview\libssl-1_1-x64.dll	221bb51389e60bce4d07d55bc0b94e4bb81c991defc113098bf9931a70562e83.exe
File created	C:\Program Files\Huawei\Hiview\zlib1.dll	221bb51389e60bce4d07d55bc0b94e4bb81c991defc113098bf9931a70562e83.exe
File created	C:\Program Files\Huawei\Hiview\HwDataReport.dll	221bb51389e60bce4d07d55bc0b94e4bb81c991defc113098bf9931a70562e83.exe
File created	C:\Program Files\Huawei\Hiview\MemoryUtil.dll	221bb51389e60bce4d07d55bc0b94e4bb81c991defc113098bf9931a70562e83.exe
File created	C:\Program Files\Huawei\Hiview\HwDriverAdapter.dll	221bb51389e60bce4d07d55bc0b94e4bb81c991defc113098bf9931a70562e83.exe
File created	C:\Program Files\Huawei\Hiview\InteractInfoWithMCU.dll	221bb51389e60bce4d07d55bc0b94e4bb81c991defc113098bf9931a70562e83.exe
File created	C:\Program Files\Huawei\Hiview\sqlite3.dll	221bb51389e60bce4d07d55bc0b94e4bb81c991defc113098bf9931a70562e83.exe
File created	C:\Program Files\Huawei\Hiview\mfc140cht.dll	221bb51389e60bce4d07d55bc0b94e4bb81c991defc113098bf9931a70562e83.exe
File created	C:\Program Files\Huawei\Hiview\mfc140ita.dll	221bb51389e60bce4d07d55bc0b94e4bb81c991defc113098bf9931a70562e83.exe
File created	C:\Program Files\Huawei\Hiview\mfc140rus.dll	221bb51389e60bce4d07d55bc0b94e4bb81c991defc113098bf9931a70562e83.exe
File created	C:\Program Files\Huawei\Hiview\mfc140u.dll	221bb51389e60bce4d07d55bc0b94e4bb81c991defc113098bf9931a70562e83.exe
File created	C:\Program Files\Huawei\Hiview\updateDir\upload_threshold.xml	221bb51389e60bce4d07d55bc0b94e4bb81c991defc113098bf9931a70562e83.exe
File created	C:\Program Files\Huawei\Hiview\updateDir\version_config.xml	221bb51389e60bce4d07d55bc0b94e4bb81c991defc113098bf9931a70562e83.exe
File created	C:\Program Files\Huawei\Hiview\cjson.dll	221bb51389e60bce4d07d55bc0b94e4bb81c991defc113098bf9931a70562e83.exe
File created	C:\Program Files\Huawei\Hiview\AgreementService.dll	221bb51389e60bce4d07d55bc0b94e4bb81c991defc113098bf9931a70562e83.exe
File created	C:\Program Files\Huawei\Hiview\HwUpgradeMgr.dll	221bb51389e60bce4d07d55bc0b94e4bb81c991defc113098bf9931a70562e83.exe
File created	C:\Program Files\Huawei\Hiview\hievent.dll	221bb51389e60bce4d07d55bc0b94e4bb81c991defc113098bf9931a70562e83.exe
File created	C:\Program Files\Huawei\Hiview\zlib.dll	221bb51389e60bce4d07d55bc0b94e4bb81c991defc113098bf9931a70562e83.exe
File created	C:\Program Files\Huawei\Hiview\mfcm140u.dll	221bb51389e60bce4d07d55bc0b94e4bb81c991defc113098bf9931a70562e83.exe
File created	C:\Program Files\Huawei\Hiview\config\product_adapter\DriverList.xml	221bb51389e60bce4d07d55bc0b94e4bb81c991defc113098bf9931a70562e83.exe
File created	C:\Program Files\Huawei\Hiview\ProductAdaptMgr.dll	221bb51389e60bce4d07d55bc0b94e4bb81c991defc113098bf9931a70562e83.exe
File created	C:\Program Files\Huawei\Hiview\mfc140.dll	221bb51389e60bce4d07d55bc0b94e4bb81c991defc113098bf9931a70562e83.exe
File created	C:\Program Files\Huawei\Hiview\updateDir\FaultTreeRules.xml	221bb51389e60bce4d07d55bc0b94e4bb81c991defc113098bf9931a70562e83.exe
File created	C:\Program Files\Huawei\Hiview\updateDir\hiview_system_config.xml	221bb51389e60bce4d07d55bc0b94e4bb81c991defc113098bf9931a70562e83.exe
File created	C:\Program Files\Huawei\Hiview\HwFileUtil.dll	221bb51389e60bce4d07d55bc0b94e4bb81c991defc113098bf9931a70562e83.exe
File created	C:\Program Files\Huawei\Hiview\HardwareHal.dll	221bb51389e60bce4d07d55bc0b94e4bb81c991defc113098bf9931a70562e83.exe
File created	C:\Program Files\Huawei\Hiview\MBADownload.dll	221bb51389e60bce4d07d55bc0b94e4bb81c991defc113098bf9931a70562e83.exe
File created	C:\Program Files\Huawei\Hiview\vccorlib140.dll	221bb51389e60bce4d07d55bc0b94e4bb81c991defc113098bf9931a70562e83.exe
File created	C:\Program Files\Huawei\Hiview\persistDir\uuid	HiviewService.exe
File created	C:\Program Files\Huawei\Hiview\updateDir\schema_library\221024100.zip	HiviewService.exe
File created	C:\Program Files\Huawei\Hiview\updateDir\AppFrameWhiteList_Beta.xml	221bb51389e60bce4d07d55bc0b94e4bb81c991defc113098bf9931a70562e83.exe
File created	C:\Program Files\Huawei\Hiview\updateDir\area_config.xml	221bb51389e60bce4d07d55bc0b94e4bb81c991defc113098bf9931a70562e83.exe
File created	C:\Program Files\Huawei\Hiview\updateDir\bios_ec_mapping.xml	221bb51389e60bce4d07d55bc0b94e4bb81c991defc113098bf9931a70562e83.exe

Launches sc.exe 5 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
3140	sc.exe
2440	sc.exe
4596	sc.exe
3424	sc.exe
800	sc.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	HiviewService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID	HiviewService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	HiviewService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	HiviewService.exe

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	HiviewService.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	HiviewService.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	HiviewService.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	HiviewService.exe

Enumerates system info in registry 2 TTPs 5 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	HiviewService.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSSerialNumber	HiviewService.exe
Key created	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	HiviewService.exe
Set value (str)	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSSerialNumber	HiviewService.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Product	HiviewService.exe

Gathers network information 2 TTPs 1 IoCs

Uses commandline utility to view network configuration.

System Information Discovery

T1082

Command-Line Interface

T1059

pid	Process
2152	ipconfig.exe

Modifies data under HKEY_USERS 10 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\@%SystemRoot%\system32\powrprof.dll,-516 = "Display brightness"	powercfg.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\@%SystemRoot%\system32\powrprof.dll,-81 = "%"	powercfg.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\@%SystemRoot%\system32\powrprof.dll,-413 = "Enable adaptive brightness"	powercfg.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\@%SystemRoot%\system32\powrprof.dll,-115 = "On"	powercfg.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\@%SystemRoot%\system32\powrprof.dll,-401 = "Display"	powercfg.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\@%SystemRoot%\system32\powrprof.dll,-80 = "Seconds"	powercfg.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\@%SystemRoot%\system32\powrprof.dll,-522 = "Dimmed display brightness"	powercfg.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\@%SystemRoot%\system32\powrprof.dll,-117 = "Off"	powercfg.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\@%SystemRoot%\system32\powrprof.dll,-13 = "High performance"	powercfg.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\@%SystemRoot%\system32\powrprof.dll,-403 = "Turn off display after"	powercfg.exe

Suspicious behavior: EnumeratesProcesses 9 IoCs

pid	Process
2892	HiviewService.exe
2892	HiviewService.exe
2892	HiviewService.exe
2892	HiviewService.exe
2892	HiviewService.exe
2892	HiviewService.exe
2892	HiviewService.exe
2892	HiviewService.exe
2892	HiviewService.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3016	powercfg.exe
Token: SeCreatePagefilePrivilege	3016	powercfg.exe
Token: SeShutdownPrivilege	676	powercfg.exe
Token: SeCreatePagefilePrivilege	676	powercfg.exe

Suspicious use of WriteProcessMemory 33 IoCs

description	pid	Process	procid_target
PID 4812 wrote to memory of 3140	4812	221bb51389e60bce4d07d55bc0b94e4bb81c991defc113098bf9931a70562e83.exe	80
PID 4812 wrote to memory of 3140	4812	221bb51389e60bce4d07d55bc0b94e4bb81c991defc113098bf9931a70562e83.exe	80
PID 4812 wrote to memory of 3140	4812	221bb51389e60bce4d07d55bc0b94e4bb81c991defc113098bf9931a70562e83.exe	80
PID 4812 wrote to memory of 2440	4812	221bb51389e60bce4d07d55bc0b94e4bb81c991defc113098bf9931a70562e83.exe	82
PID 4812 wrote to memory of 2440	4812	221bb51389e60bce4d07d55bc0b94e4bb81c991defc113098bf9931a70562e83.exe	82
PID 4812 wrote to memory of 2440	4812	221bb51389e60bce4d07d55bc0b94e4bb81c991defc113098bf9931a70562e83.exe	82
PID 2892 wrote to memory of 1840	2892	HiviewService.exe	95
PID 2892 wrote to memory of 1840	2892	HiviewService.exe	95
PID 1840 wrote to memory of 2152	1840	cmd.exe	87
PID 1840 wrote to memory of 2152	1840	cmd.exe	87
PID 2892 wrote to memory of 3196	2892	HiviewService.exe	88
PID 2892 wrote to memory of 3196	2892	HiviewService.exe	88
PID 2892 wrote to memory of 1980	2892	HiviewService.exe	92
PID 2892 wrote to memory of 1980	2892	HiviewService.exe	92
PID 4812 wrote to memory of 4596	4812	221bb51389e60bce4d07d55bc0b94e4bb81c991defc113098bf9931a70562e83.exe	89
PID 4812 wrote to memory of 4596	4812	221bb51389e60bce4d07d55bc0b94e4bb81c991defc113098bf9931a70562e83.exe	89
PID 4812 wrote to memory of 4596	4812	221bb51389e60bce4d07d55bc0b94e4bb81c991defc113098bf9931a70562e83.exe	89
PID 1980 wrote to memory of 536	1980	cmd.exe	91
PID 1980 wrote to memory of 536	1980	cmd.exe	91
PID 4812 wrote to memory of 3424	4812	221bb51389e60bce4d07d55bc0b94e4bb81c991defc113098bf9931a70562e83.exe	98
PID 4812 wrote to memory of 3424	4812	221bb51389e60bce4d07d55bc0b94e4bb81c991defc113098bf9931a70562e83.exe	98
PID 4812 wrote to memory of 3424	4812	221bb51389e60bce4d07d55bc0b94e4bb81c991defc113098bf9931a70562e83.exe	98
PID 4812 wrote to memory of 800	4812	221bb51389e60bce4d07d55bc0b94e4bb81c991defc113098bf9931a70562e83.exe	102
PID 4812 wrote to memory of 800	4812	221bb51389e60bce4d07d55bc0b94e4bb81c991defc113098bf9931a70562e83.exe	102
PID 4812 wrote to memory of 800	4812	221bb51389e60bce4d07d55bc0b94e4bb81c991defc113098bf9931a70562e83.exe	102
PID 2892 wrote to memory of 2268	2892	HiviewService.exe	105
PID 2892 wrote to memory of 2268	2892	HiviewService.exe	105
PID 2268 wrote to memory of 3016	2268	cmd.exe	107
PID 2268 wrote to memory of 3016	2268	cmd.exe	107
PID 2892 wrote to memory of 4400	2892	HiviewService.exe	108
PID 2892 wrote to memory of 4400	2892	HiviewService.exe	108
PID 4400 wrote to memory of 676	4400	cmd.exe	110
PID 4400 wrote to memory of 676	4400	cmd.exe	110

C:\Users\Admin\AppData\Local\Temp\221bb51389e60bce4d07d55bc0b94e4bb81c991defc113098bf9931a70562e83.exe
"C:\Users\Admin\AppData\Local\Temp\221bb51389e60bce4d07d55bc0b94e4bb81c991defc113098bf9931a70562e83.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:4812
- C:\Windows\SysWOW64\sc.exe
  "C:\Windows\system32\sc.exe" create HiviewService DisplayName= "Huawei Hiview Windows Service" start= auto binPath= "\"C:\Program Files\Huawei\Hiview\HiviewService.exe"\"
  2⤵
  - Launches sc.exe
  PID:3140
- C:\Windows\SysWOW64\sc.exe
  C:\Windows\system32\sc.exe start HiviewService
  2⤵
  - Launches sc.exe
  PID:2440
- C:\Windows\SysWOW64\sc.exe
  "C:\Windows\system32\sc.exe" description HiviewService "Huawei Hiview Windows Service"
  2⤵
  - Launches sc.exe
  PID:4596
- C:\Windows\SysWOW64\sc.exe
  C:\Windows\system32\sc.exe failure HiviewService reset=86400 actions=restart/1000
  2⤵
  - Launches sc.exe
  PID:3424
- C:\Windows\SysWOW64\sc.exe
  C:\Windows\system32\sc.exe start HiviewService
  2⤵
  - Launches sc.exe
  PID:800

C:\Program Files\Huawei\Hiview\HiviewService.exe
"C:\Program Files\Huawei\Hiview\HiviewService.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Checks SCSI registry key(s)
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2892
- C:\Windows\system32\cmd.exe
  "C:\Windows\system32\cmd.exe" /C dir /d c:\users
  2⤵
  PID:3196
- C:\Windows\system32\cmd.exe
  "C:\Windows\system32\cmd.exe" /C hostname
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1980
- C:\Windows\system32\cmd.exe
  "C:\Windows\system32\cmd.exe" /C ipconfig /all
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1840
- C:\Windows\system32\cmd.exe
  "C:\Windows\system32\cmd.exe" /C "powercfg /getactivescheme"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2268
- - C:\Windows\system32\powercfg.exe
    powercfg /getactivescheme
    3⤵
    - Modifies data under HKEY_USERS
    - Suspicious use of AdjustPrivilegeToken
    PID:3016
- C:\Windows\system32\cmd.exe
  "C:\Windows\system32\cmd.exe" /C "powercfg /q 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c 7516b95f-f776-4464-8c53-06167f40cc99"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4400
- - C:\Windows\system32\powercfg.exe
    powercfg /q 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c 7516b95f-f776-4464-8c53-06167f40cc99
    3⤵
    - Modifies data under HKEY_USERS
    - Suspicious use of AdjustPrivilegeToken
    PID:676

C:\Windows\system32\ipconfig.exe
ipconfig /all
1⤵
- Gathers network information
PID:2152

C:\Windows\system32\HOSTNAME.EXE
hostname
1⤵
PID:536

C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\unsecapp.exe -Embedding
1⤵
PID:4884

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x378 0x43c
1⤵
PID:4624

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Command-Line Interface

T1059

Persistence

New Service

T1050

Privilege Escalation

New Service

T1050

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Huawei\Hiview\DetectCommon.dll

Filesize
229KB

MD5
1d2788071b3c75b36bce42654eac2cbf

SHA1
081cbd02db6c10b47592ec0fb1d6944f3100f7f0

SHA256
fad9d229a0aa92b1d42389cd86cfb561593d6852c7cd2d53ba5ca6de850c7225

SHA512
42332f3398e77d9a7b1abc90985de6166b18e94bf473509019dd5da775d3126e495fa432ba74d0bf958fb0589b9c0afd808505dae6acc08198a51a1b474e6af8

Download Submit
C:\Program Files\Huawei\Hiview\DetectCommon.dll

Filesize
229KB

MD5
1d2788071b3c75b36bce42654eac2cbf

SHA1
081cbd02db6c10b47592ec0fb1d6944f3100f7f0

SHA256
fad9d229a0aa92b1d42389cd86cfb561593d6852c7cd2d53ba5ca6de850c7225

SHA512
42332f3398e77d9a7b1abc90985de6166b18e94bf473509019dd5da775d3126e495fa432ba74d0bf958fb0589b9c0afd808505dae6acc08198a51a1b474e6af8

Download Submit
C:\Program Files\Huawei\Hiview\FunSetWinRt.dll

Filesize
20KB

MD5
82d95ef527f86d21dd3f3570ae0e5075

SHA1
bfba838861f4907548ed48e13313fed38ca6a098

SHA256
53d4665ee0cdbb5c4b4a3e054685f72f5640fc96ef0990829906d9dee6cd2bf2

SHA512
4749b99fb9ce7752210cae8cd13908b792a0e5d5bd88f407a16b6d350824a1e7051d59a2f1dd117f331374105962997410c90f979ccbceec8293f1fa77a928e8

Download Submit
C:\Program Files\Huawei\Hiview\FunSetWinRt.dll

Filesize
20KB

MD5
82d95ef527f86d21dd3f3570ae0e5075

SHA1
bfba838861f4907548ed48e13313fed38ca6a098

SHA256
53d4665ee0cdbb5c4b4a3e054685f72f5640fc96ef0990829906d9dee6cd2bf2

SHA512
4749b99fb9ce7752210cae8cd13908b792a0e5d5bd88f407a16b6d350824a1e7051d59a2f1dd117f331374105962997410c90f979ccbceec8293f1fa77a928e8

Download Submit
C:\Program Files\Huawei\Hiview\HardwareHal.dll

Filesize
584KB

MD5
7ab820a705be61b9776c82a9f36dc64f

SHA1
247528732acdf395fa7ca68606320d3df3334f24

SHA256
ffbba5b76949ff9f84921986c5fe7df55822e03c9a40adda6ed7e1277c57b351

SHA512
e974527b9941f92b84443e7a31d85505a9c0f7f46476ca17481e175ab20a15cc98cb66dce9c47037595a1f4243052f23c2a6f39e427adb50ae5195d4eaf0b179

Download Submit
C:\Program Files\Huawei\Hiview\HardwareHal.dll

Filesize
584KB

MD5
7ab820a705be61b9776c82a9f36dc64f

SHA1
247528732acdf395fa7ca68606320d3df3334f24

SHA256
ffbba5b76949ff9f84921986c5fe7df55822e03c9a40adda6ed7e1277c57b351

SHA512
e974527b9941f92b84443e7a31d85505a9c0f7f46476ca17481e175ab20a15cc98cb66dce9c47037595a1f4243052f23c2a6f39e427adb50ae5195d4eaf0b179

Download Submit
C:\Program Files\Huawei\Hiview\HiviewService.exe

Filesize
10.4MB

MD5
8cae17d566a119d5ce17f52e4646d502

SHA1
0c7752eb04d6e3fde5096a9456cc35cb795ed890

SHA256
8b8705a3ab6fa39e435e3ac66c3366e5af07e875b46a68d822aa9d5528e4b594

SHA512
65c10c370470872e42f417d961253b7eeb3ed213f218e8ae12d700847b64d3a6c96159f080bfc1f535dcdf3a37a62304a5f8085c585b0b9b98e1a20b7ac0ee55

Download Submit
C:\Program Files\Huawei\Hiview\HiviewService.exe

Filesize
10.4MB

MD5
8cae17d566a119d5ce17f52e4646d502

SHA1
0c7752eb04d6e3fde5096a9456cc35cb795ed890

SHA256
8b8705a3ab6fa39e435e3ac66c3366e5af07e875b46a68d822aa9d5528e4b594

SHA512
65c10c370470872e42f417d961253b7eeb3ed213f218e8ae12d700847b64d3a6c96159f080bfc1f535dcdf3a37a62304a5f8085c585b0b9b98e1a20b7ac0ee55

Download Submit
C:\Program Files\Huawei\Hiview\HwDataReport.dll

Filesize
70KB

MD5
90eec8fc5155bd52af2df3b5c46897c8

SHA1
3a4bcf950ce4f2014feced0c24c9a17d96b6fe0d

SHA256
33568048ef620d024166bdb30f61bbd9119f3223a6bd97c46feae0169981bd6e

SHA512
6be83a2662df3f81025e3c820179833a22740fa9d15c2df17bc90e7e3ff6f3c95ca34b497e97b753496bfa770559a91f78a474bc8daa8ea47b2611391683bdb3

Download Submit
C:\Program Files\Huawei\Hiview\HwDataReport.dll

Filesize
70KB

MD5
90eec8fc5155bd52af2df3b5c46897c8

SHA1
3a4bcf950ce4f2014feced0c24c9a17d96b6fe0d

SHA256
33568048ef620d024166bdb30f61bbd9119f3223a6bd97c46feae0169981bd6e

SHA512
6be83a2662df3f81025e3c820179833a22740fa9d15c2df17bc90e7e3ff6f3c95ca34b497e97b753496bfa770559a91f78a474bc8daa8ea47b2611391683bdb3

Download Submit
C:\Program Files\Huawei\Hiview\HwDriverAdapter.dll

Filesize
354KB

MD5
6b8694eb96465d37700fc9ccbd2d0a9f

SHA1
5d1f75abe9bdc9da224c1713f75273c210f59f9d

SHA256
0576bdffa86029551dc693448ec8def83acc367c4aa0f5bf9f35fd5c7ec3f562

SHA512
81d362278b8a3249f1610f47a0341903330704cc8ee97a4b3749ebaaa74101aa00ec9d60d2c8b838e75e25b857d9b71c72e3db7db4a15922a0ee38b31fbb895f

Download Submit
C:\Program Files\Huawei\Hiview\HwDriverAdapter.dll

Filesize
354KB

MD5
6b8694eb96465d37700fc9ccbd2d0a9f

SHA1
5d1f75abe9bdc9da224c1713f75273c210f59f9d

SHA256
0576bdffa86029551dc693448ec8def83acc367c4aa0f5bf9f35fd5c7ec3f562

SHA512
81d362278b8a3249f1610f47a0341903330704cc8ee97a4b3749ebaaa74101aa00ec9d60d2c8b838e75e25b857d9b71c72e3db7db4a15922a0ee38b31fbb895f

Download Submit
C:\Program Files\Huawei\Hiview\HwFileUtil.dll

Filesize
1.0MB

MD5
5a7b3b110be281598d15b39b351f26b4

SHA1
98591e54dad3d490c35ac6a5831c61d01b3418b2

SHA256
6fb1c441a026c589030c0dc2844b113846a24f2c6a5c06d4606b50856066cbac

SHA512
0cd75033d7949cb298651bd9fee06e2d08e502a33c84116023d8527ad97cc5cf6fd32408436f7c6f35fa0c9776af4a104fe606bdd793d4f2d864f314aee6526c

Download Submit
C:\Program Files\Huawei\Hiview\HwFileUtil.dll

Filesize
1.0MB

MD5
5a7b3b110be281598d15b39b351f26b4

SHA1
98591e54dad3d490c35ac6a5831c61d01b3418b2

SHA256
6fb1c441a026c589030c0dc2844b113846a24f2c6a5c06d4606b50856066cbac

SHA512
0cd75033d7949cb298651bd9fee06e2d08e502a33c84116023d8527ad97cc5cf6fd32408436f7c6f35fa0c9776af4a104fe606bdd793d4f2d864f314aee6526c

Download Submit
C:\Program Files\Huawei\Hiview\HwUpgradeMgr.dll

Filesize
299KB

MD5
cd4d235609ef9f15e6f950239b8fd755

SHA1
92d3e58763629c0630f39ca7934ae36cb638358b

SHA256
b413db5827928f92828aa98328918f105e31739baced8925188883bd30469668

SHA512
5babbd908023f9ab041403ba2c56dd908e20014673bcac66dd8d5059a69e5dc6450471d5ce326962acc1d371debf1f6fd305f94a96d5244b5a1cf578b445199a

Download Submit
C:\Program Files\Huawei\Hiview\HwUpgradeMgr.dll

Filesize
299KB

MD5
cd4d235609ef9f15e6f950239b8fd755

SHA1
92d3e58763629c0630f39ca7934ae36cb638358b

SHA256
b413db5827928f92828aa98328918f105e31739baced8925188883bd30469668

SHA512
5babbd908023f9ab041403ba2c56dd908e20014673bcac66dd8d5059a69e5dc6450471d5ce326962acc1d371debf1f6fd305f94a96d5244b5a1cf578b445199a

Download Submit
C:\Program Files\Huawei\Hiview\IPCMessage.dll

Filesize
647KB

MD5
b0956c177ca721a3f3bec1ec13ee1c22

SHA1
12ad1e4d826227f0ab1681e73534813944646ac2

SHA256
7e30092ee972e339117c7dd857549883a83a4fc72694028062398d39c48519dc

SHA512
f7611dd707c4994b028cd8d9a51a7c346644240de55c73374aada377bdb75eff1f1422dc5b3479123b7acd30b7ea992abe5139e77663214d38c9303c828d9374

Download Submit
C:\Program Files\Huawei\Hiview\IPCMessage.dll

Filesize
647KB

MD5
b0956c177ca721a3f3bec1ec13ee1c22

SHA1
12ad1e4d826227f0ab1681e73534813944646ac2

SHA256
7e30092ee972e339117c7dd857549883a83a4fc72694028062398d39c48519dc

SHA512
f7611dd707c4994b028cd8d9a51a7c346644240de55c73374aada377bdb75eff1f1422dc5b3479123b7acd30b7ea992abe5139e77663214d38c9303c828d9374

Download Submit
C:\Program Files\Huawei\Hiview\InteractInfoWithMCU.dll

Filesize
342KB

MD5
16dea3b7f137f5609a978ea4eb461642

SHA1
98f93670ceeec7de61e51fdd3410d1942e142b8e

SHA256
4b4825c99a9e2250e4fded976686c07997f6f8762af4fc4e9a39bf828b9f9005

SHA512
5975055b90a54b6c0f5bbbfd47e0aedfef95831ff13a8e27d5d3e0578c2c5ae8956b40cf0e6e50be73cc5c0cf425e5aaedeaea292481bbe2cc18bb74247cf260

Download Submit
C:\Program Files\Huawei\Hiview\InteractInfoWithMCU.dll

Filesize
342KB

MD5
16dea3b7f137f5609a978ea4eb461642

SHA1
98f93670ceeec7de61e51fdd3410d1942e142b8e

SHA256
4b4825c99a9e2250e4fded976686c07997f6f8762af4fc4e9a39bf828b9f9005

SHA512
5975055b90a54b6c0f5bbbfd47e0aedfef95831ff13a8e27d5d3e0578c2c5ae8956b40cf0e6e50be73cc5c0cf425e5aaedeaea292481bbe2cc18bb74247cf260

Download Submit
C:\Program Files\Huawei\Hiview\LogHelper.dll

Filesize
285KB

MD5
0a6f86f08965b6806b0d262c60b245b4

SHA1
fbce7b0d7c7487f45eff5b7f2bb9b7a07b3bc61d

SHA256
cdd78734e98d7973d741658b47b2e78cc4712a4f4ca809cf2b8b6ad71cc5d85f

SHA512
eb9d36a1fcc199b51294f1c7ec7e0b59373e3ab01831c3cb5b4fa31c1f3bea31dd4803a5ab9455104a9fbcf38af44b642e789fd42a5b96c652539c8d7b42d244

Download Submit
C:\Program Files\Huawei\Hiview\LogHelper.dll

Filesize
285KB

MD5
0a6f86f08965b6806b0d262c60b245b4

SHA1
fbce7b0d7c7487f45eff5b7f2bb9b7a07b3bc61d

SHA256
cdd78734e98d7973d741658b47b2e78cc4712a4f4ca809cf2b8b6ad71cc5d85f

SHA512
eb9d36a1fcc199b51294f1c7ec7e0b59373e3ab01831c3cb5b4fa31c1f3bea31dd4803a5ab9455104a9fbcf38af44b642e789fd42a5b96c652539c8d7b42d244

Download Submit
C:\Program Files\Huawei\Hiview\MSVCP140.dll

Filesize
613KB

MD5
c1b066f9e3e2f3a6785161a8c7e0346a

SHA1
8b3b943e79c40bc81fdac1e038a276d034bbe812

SHA256
99e3e25cda404283fbd96b25b7683a8d213e7954674adefa2279123a8d0701fd

SHA512
36f9e6c86afbd80375295238b67e4f472eb86fcb84a590d8dba928d4e7a502d4f903971827fdc331353e5b3d06616664450759432fdc8d304a56e7dacb84b728

Download Submit
C:\Program Files\Huawei\Hiview\PresentMon.dll

Filesize
290KB

MD5
da9aa31b787e9e1b41d3339f0da94638

SHA1
3691f740890752478c08c424cbfe0f5599d03927

SHA256
0cdd977877429006cfffada03147d2d4ef49d4dcf14d4eb10c5fdbce7ed342e4

SHA512
9b4b9780fac58006a2c40e2a447b95d6672c2205d8b59c49871f7f7a3b7f606a8003d27042afe27fa01b92351e3c6bb9ca17847ce21349cfc910c77af39c15ed

Download Submit
C:\Program Files\Huawei\Hiview\PresentMon.dll

Filesize
290KB

MD5
da9aa31b787e9e1b41d3339f0da94638

SHA1
3691f740890752478c08c424cbfe0f5599d03927

SHA256
0cdd977877429006cfffada03147d2d4ef49d4dcf14d4eb10c5fdbce7ed342e4

SHA512
9b4b9780fac58006a2c40e2a447b95d6672c2205d8b59c49871f7f7a3b7f606a8003d27042afe27fa01b92351e3c6bb9ca17847ce21349cfc910c77af39c15ed

Download Submit
C:\Program Files\Huawei\Hiview\ProductAdaptMgr.dll

Filesize
982KB

MD5
b7fadc9f25870f1dad459dc2de3e3c1b

SHA1
5daba57d9c9afe81329ec5386ddbc3479aa35d3f

SHA256
aba8dc832a6c415b70ba29eb9b047f9d4b779f9738cb66d0c0ea1a7440babb38

SHA512
9ba145221b3c31583693c6009aec1603c92ccafef0eba16ecf23dfa5d130a2bfb66a00f6ac7a2f3cc7f54467af6576fb78371b45398727caaef956859cdc37d3

Download Submit
C:\Program Files\Huawei\Hiview\ProductAdaptMgr.dll

Filesize
982KB

MD5
b7fadc9f25870f1dad459dc2de3e3c1b

SHA1
5daba57d9c9afe81329ec5386ddbc3479aa35d3f

SHA256
aba8dc832a6c415b70ba29eb9b047f9d4b779f9738cb66d0c0ea1a7440babb38

SHA512
9ba145221b3c31583693c6009aec1603c92ccafef0eba16ecf23dfa5d130a2bfb66a00f6ac7a2f3cc7f54467af6576fb78371b45398727caaef956859cdc37d3

Download Submit
C:\Program Files\Huawei\Hiview\SceneRecognizer.dll

Filesize
220KB

MD5
b19f036923e2ea8f93bb3d34501582c5

SHA1
c5044d977419436efb97dfd10c425b586bf62383

SHA256
9c763008511fd2c5f2499376ae42ca705078886155a227de94e77fec9aadfa3e

SHA512
87044d912c627f5d05ef19a68b2a734f28050fbaa7d2c60a1aad61d336cfd981926e05d317e275ef280b743c6987a9db43ea036fe8b570caa0dfaf203271529a

Download Submit
C:\Program Files\Huawei\Hiview\SceneRecognizer.dll

Filesize
220KB

MD5
b19f036923e2ea8f93bb3d34501582c5

SHA1
c5044d977419436efb97dfd10c425b586bf62383

SHA256
9c763008511fd2c5f2499376ae42ca705078886155a227de94e77fec9aadfa3e

SHA512
87044d912c627f5d05ef19a68b2a734f28050fbaa7d2c60a1aad61d336cfd981926e05d317e275ef280b743c6987a9db43ea036fe8b570caa0dfaf203271529a

Download Submit
C:\Program Files\Huawei\Hiview\VCRUNTIME140.dll

Filesize
83KB

MD5
1453290db80241683288f33e6dd5e80e

SHA1
29fb9af50458df43ef40bfc8f0f516d0c0a106fd

SHA256
2b7602cc1521101d116995e3e2ddfe0943349806378a0d40add81ba64e359b6c

SHA512
4ea48a11e29ea7ac3957dcab1a7912f83fd1c922c43d7b7d78523178fe236b4418729455b78ac672bb5632ecd5400746179802c6a9690adb025270b0ade84e91

Download Submit
C:\Program Files\Huawei\Hiview\WmiUtil.dll

Filesize
117KB

MD5
9b0f06a4c903c7349eebd940899718de

SHA1
8021716d5e2497b741b4afc28c223765a98ff8d2

SHA256
2115eb2b5c31e6d339c899182d270da2c0dbddb90d29fee8030c01033f9c7792

SHA512
d370bdc024007f9ae100d85f64b6c3eeed2e27346ae39670e0bede10ee84cd2638522871bf40d8565ce7dcbbc6698cdcc7fa091104579e4feeb50fc9cdb8b75b

Download Submit
C:\Program Files\Huawei\Hiview\WmiUtil.dll

Filesize
117KB

MD5
9b0f06a4c903c7349eebd940899718de

SHA1
8021716d5e2497b741b4afc28c223765a98ff8d2

SHA256
2115eb2b5c31e6d339c899182d270da2c0dbddb90d29fee8030c01033f9c7792

SHA512
d370bdc024007f9ae100d85f64b6c3eeed2e27346ae39670e0bede10ee84cd2638522871bf40d8565ce7dcbbc6698cdcc7fa091104579e4feeb50fc9cdb8b75b

Download Submit
C:\Program Files\Huawei\Hiview\cjson.dll

Filesize
60KB

MD5
9bc2af7addf06e680d01247f2c57aceb

SHA1
f2484f3ea02442d09454a27931d2b7f4038439df

SHA256
12463cac5a917b4c075d82f52ade02d5f3ad933fde28c3955380fe26cb899dd5

SHA512
febb0eda4ecaa5fba97d6e590362a3f00b8b418c0da74bf7d0cc30cacc1c8eb32a84d34cbca681701917bc86d949ace75daf470d429c5678418efbf9b19215e4

Download Submit
C:\Program Files\Huawei\Hiview\cjson.dll

Filesize
60KB

MD5
9bc2af7addf06e680d01247f2c57aceb

SHA1
f2484f3ea02442d09454a27931d2b7f4038439df

SHA256
12463cac5a917b4c075d82f52ade02d5f3ad933fde28c3955380fe26cb899dd5

SHA512
febb0eda4ecaa5fba97d6e590362a3f00b8b418c0da74bf7d0cc30cacc1c8eb32a84d34cbca681701917bc86d949ace75daf470d429c5678418efbf9b19215e4

Download Submit
C:\Program Files\Huawei\Hiview\common.dll

Filesize
550KB

MD5
c3c22e239dac399176fed6b9c7dc9f61

SHA1
6407f4c6f8ac492e9206c5ccc845dc5c4ebd64c8

SHA256
f02dbb9e06399973abd6da25afb36b8fd33e0b384e6ab0c9dd748d830186af6f

SHA512
264a26e32345c613ed528d807cab046a0b759cf6932e5ee6819b5911e43e97577b50106eb51a203d027e39e5dcfc1cefa9bf41ecee864f03a5c1ecb7c9c84db2

Download Submit
C:\Program Files\Huawei\Hiview\common.dll

Filesize
550KB

MD5
c3c22e239dac399176fed6b9c7dc9f61

SHA1
6407f4c6f8ac492e9206c5ccc845dc5c4ebd64c8

SHA256
f02dbb9e06399973abd6da25afb36b8fd33e0b384e6ab0c9dd748d830186af6f

SHA512
264a26e32345c613ed528d807cab046a0b759cf6932e5ee6819b5911e43e97577b50106eb51a203d027e39e5dcfc1cefa9bf41ecee864f03a5c1ecb7c9c84db2

Download Submit
C:\Program Files\Huawei\Hiview\faulttreeengine.dll

Filesize
1.9MB

MD5
413837c89af0ac880a86f052184b4257

SHA1
b0f74669c7a2d6a9df0e7c0d37ed34cc8ed773d8

SHA256
ffe804277fbed7a673616f01241dd62e79e82dee31ca531a8f10a91e04d3ab47

SHA512
eba3eb5748e30fd089deee74f31855d168a78031782033658c03e3bf8bc34505e45d6881d0db72f7e9e18c57f23108306facae068481913525105ffa091d3605

Download Submit
C:\Program Files\Huawei\Hiview\faulttreeengine.dll

Filesize
1.9MB

MD5
413837c89af0ac880a86f052184b4257

SHA1
b0f74669c7a2d6a9df0e7c0d37ed34cc8ed773d8

SHA256
ffe804277fbed7a673616f01241dd62e79e82dee31ca531a8f10a91e04d3ab47

SHA512
eba3eb5748e30fd089deee74f31855d168a78031782033658c03e3bf8bc34505e45d6881d0db72f7e9e18c57f23108306facae068481913525105ffa091d3605

Download Submit
C:\Program Files\Huawei\Hiview\hievent.dll

Filesize
355KB

MD5
0019ddc6889db17f4e6fc75d866ae329

SHA1
faac83565d886e3ef0eefdd9282a5ebe00bda6e5

SHA256
4e2edc747946ed6cfdcf7f766d0ac54d3c4d0e78ce28a6b9a0130a1be882b041

SHA512
e8a004cba3e3b7e8531b7dc780b3df534bcb5d11b5f7880aad3720be6517ce4b26d7e2090ef0b2c468e115d20e41429bfbd46c0712baa012ae4d205028d0253d

Download Submit
C:\Program Files\Huawei\Hiview\hievent.dll

Filesize
355KB

MD5
0019ddc6889db17f4e6fc75d866ae329

SHA1
faac83565d886e3ef0eefdd9282a5ebe00bda6e5

SHA256
4e2edc747946ed6cfdcf7f766d0ac54d3c4d0e78ce28a6b9a0130a1be882b041

SHA512
e8a004cba3e3b7e8531b7dc780b3df534bcb5d11b5f7880aad3720be6517ce4b26d7e2090ef0b2c468e115d20e41429bfbd46c0712baa012ae4d205028d0253d

Download Submit
C:\Program Files\Huawei\Hiview\hiservice.dll

Filesize
425KB

MD5
38cc150ac62991eaaea79b19102cffd2

SHA1
0807f296a2b99b60b500b0fc8ec60f3ed4a5f88c

SHA256
0388a22c8738eb3d86acdc1db435c698a77111a9ebb01448f1ec3364145644a4

SHA512
cd7bcfb5c606f231cc68ba7a9e81216178ef10876c222d0dbc5f5d235485ddfafd4757f5cb3e919c6f3c4d99c992158f7a35fe7901175bbf2bad22e9af93e2c8

Download Submit
C:\Program Files\Huawei\Hiview\hiservice.dll

Filesize
425KB

MD5
38cc150ac62991eaaea79b19102cffd2

SHA1
0807f296a2b99b60b500b0fc8ec60f3ed4a5f88c

SHA256
0388a22c8738eb3d86acdc1db435c698a77111a9ebb01448f1ec3364145644a4

SHA512
cd7bcfb5c606f231cc68ba7a9e81216178ef10876c222d0dbc5f5d235485ddfafd4757f5cb3e919c6f3c4d99c992158f7a35fe7901175bbf2bad22e9af93e2c8

Download Submit
C:\Program Files\Huawei\Hiview\hiviewlite.dll

Filesize
4.8MB

MD5
7a16ef10e7ebef18e1ef7fe4738392c2

SHA1
415e3157a77f3631a1e413c624b762fe98043098

SHA256
2a9fbdcc4e20798b00e2bc146d5f47ad450519f6a48afb3886f35687f516444a

SHA512
1daf5206c54fb0c95ceb66f545e5cf96406e39461daef0d37694cf9259767b871d8442f2886ebd663fb59ba05a6fc9275bc67687b47216b76844d755cfe69c43

Download Submit
C:\Program Files\Huawei\Hiview\hiviewlite.dll

Filesize
4.8MB

MD5
7a16ef10e7ebef18e1ef7fe4738392c2

SHA1
415e3157a77f3631a1e413c624b762fe98043098

SHA256
2a9fbdcc4e20798b00e2bc146d5f47ad450519f6a48afb3886f35687f516444a

SHA512
1daf5206c54fb0c95ceb66f545e5cf96406e39461daef0d37694cf9259767b871d8442f2886ebd663fb59ba05a6fc9275bc67687b47216b76844d755cfe69c43

Download Submit
C:\Program Files\Huawei\Hiview\huawei_secure_c.dll

Filesize
47KB

MD5
7de75ce75c5ec23d870ab83a6b33a3a0

SHA1
a7b3c85aa949064d5753776cbded6b11e07a8e7c

SHA256
ccedf9899830c854333c42439f6760c422400d1b0df51f82faaecca477afb528

SHA512
ebe09f55280e4b5c889e7b3d6553d70eec3babb7850787a0831c79476eee2ff57b7bb346bf58ce1db6c7da9b7f2abcfa39dc08b6e79c30bca4869432a9de939e

Download Submit
C:\Program Files\Huawei\Hiview\huawei_secure_c.dll

Filesize
47KB

MD5
7de75ce75c5ec23d870ab83a6b33a3a0

SHA1
a7b3c85aa949064d5753776cbded6b11e07a8e7c

SHA256
ccedf9899830c854333c42439f6760c422400d1b0df51f82faaecca477afb528

SHA512
ebe09f55280e4b5c889e7b3d6553d70eec3babb7850787a0831c79476eee2ff57b7bb346bf58ce1db6c7da9b7f2abcfa39dc08b6e79c30bca4869432a9de939e

Download Submit
C:\Program Files\Huawei\Hiview\libcrypto-1_1-x64.dll

Filesize
2.7MB

MD5
f4a978a0779477ddec82b3e0856eca3a

SHA1
44c3cc5c775e2d437c594a95501d88f82a36832c

SHA256
d8fa419cd92fbf794bdc3b0066e2322d8a726929873eab84038beff1f7723a27

SHA512
8a769e77a00e159fadd4ec01377a0bf18483205af33a4200cd8977792d5aade7ac3829e70542533ad216c8c3faf5ce810cc856301021121e7384d7d120da3449

Download Submit
C:\Program Files\Huawei\Hiview\libcrypto-1_1-x64.dll

Filesize
2.7MB

MD5
f4a978a0779477ddec82b3e0856eca3a

SHA1
44c3cc5c775e2d437c594a95501d88f82a36832c

SHA256
d8fa419cd92fbf794bdc3b0066e2322d8a726929873eab84038beff1f7723a27

SHA512
8a769e77a00e159fadd4ec01377a0bf18483205af33a4200cd8977792d5aade7ac3829e70542533ad216c8c3faf5ce810cc856301021121e7384d7d120da3449

Download Submit
C:\Program Files\Huawei\Hiview\libcurl.dll

Filesize
408KB

MD5
dfc75461ceecb9e143130ee76b02cee7

SHA1
1e58e8c90e68d0db7a121d2c56aeecfa5edfc326

SHA256
62709cbb430eea02d8cbca51223b9600d92b06db04ef3f4e47a740f405601636

SHA512
685ea719bc6c27c8644b606d1693e6ba472c26eafba897a39932dac41ceeb0737daf951575b8e930647145aeaed7115418c64368af8162e09c53ab11d4aa512d

Download Submit
C:\Program Files\Huawei\Hiview\libcurl.dll

Filesize
408KB

MD5
dfc75461ceecb9e143130ee76b02cee7

SHA1
1e58e8c90e68d0db7a121d2c56aeecfa5edfc326

SHA256
62709cbb430eea02d8cbca51223b9600d92b06db04ef3f4e47a740f405601636

SHA512
685ea719bc6c27c8644b606d1693e6ba472c26eafba897a39932dac41ceeb0737daf951575b8e930647145aeaed7115418c64368af8162e09c53ab11d4aa512d

Download Submit
C:\Program Files\Huawei\Hiview\mfc140u.dll

Filesize
5.6MB

MD5
598536e5ce9c6b10db3579ac7b8bcc49

SHA1
193f8433207de516baa1b38dd8de31bac065d456

SHA256
ffc74cd49df7d8b6ddcb94de1e12a399897aebf066e4884c9e563067ed399c89

SHA512
e53a0fedce5adae83874c6d4bba0d9d0e523c6a65ae307dc1086271d81e09c878ac148a8ecfba67cfabdc6e59db464bd22a0d44c7d2c3474323b920fe75c14f9

Download Submit
C:\Program Files\Huawei\Hiview\msvcp140.dll

Filesize
613KB

MD5
c1b066f9e3e2f3a6785161a8c7e0346a

SHA1
8b3b943e79c40bc81fdac1e038a276d034bbe812

SHA256
99e3e25cda404283fbd96b25b7683a8d213e7954674adefa2279123a8d0701fd

SHA512
36f9e6c86afbd80375295238b67e4f472eb86fcb84a590d8dba928d4e7a502d4f903971827fdc331353e5b3d06616664450759432fdc8d304a56e7dacb84b728

Download Submit
C:\Program Files\Huawei\Hiview\procDriver.dll

Filesize
210KB

MD5
8d48fa7bbcb4a167d3761b93848acece

SHA1
243ef5ec08124ba098a70088b9517f5241548529

SHA256
b5d7ee8ecbb7945f24c4856fce812927dff4bdc7f9381ee9074bae014a73880f

SHA512
ee24d58ade33f5f837280b43103c2a03135f13bdf44c6a0f3c242bf59cacd025c0d8de5911ae869b4006327fd23ddac19015286be27266e03861c5ccb97429e1

Download Submit
C:\Program Files\Huawei\Hiview\procDriver.dll

Filesize
210KB

MD5
8d48fa7bbcb4a167d3761b93848acece

SHA1
243ef5ec08124ba098a70088b9517f5241548529

SHA256
b5d7ee8ecbb7945f24c4856fce812927dff4bdc7f9381ee9074bae014a73880f

SHA512
ee24d58ade33f5f837280b43103c2a03135f13bdf44c6a0f3c242bf59cacd025c0d8de5911ae869b4006327fd23ddac19015286be27266e03861c5ccb97429e1

Download Submit
C:\Program Files\Huawei\Hiview\sqlite3.dll

Filesize
903KB

MD5
2df4eb145df90d2701f1e27c6d45c697

SHA1
4bccda7efb8bd25ecfd6d318b30bec9e79af01de

SHA256
acc517973eb10962dede2038dd2bdde249b3ab9259652476228a82e0e52d9600

SHA512
b734455e2df6299052362067e053a319a0c9499cf714071ab86ed30377b8afa0edbc1b5ceab607deaf4cdd1e18b28ebfc0886a546d6ba3a0f6797702205bb7e2

Download Submit
C:\Program Files\Huawei\Hiview\tinyxml2.dll

Filesize
131KB

MD5
a0feff5ae15159117614961c9e106ffd

SHA1
5fef3ebf226500115809f0344e3190b6f90c4e3f

SHA256
69937a93355fbe63f0fdd8b9347c00adccceabe0e57027eb658b15f69c3b7386

SHA512
04feac174f1e832169b2884a5dee85d82662b44af188a4f3c6c7c1cc94166e045ee8838f0ef6369926f6d37fd9c6fab5cc2b5513a908cc82f57b4d53460a09ed

Download Submit
C:\Program Files\Huawei\Hiview\tinyxml2.dll

Filesize
131KB

MD5
a0feff5ae15159117614961c9e106ffd

SHA1
5fef3ebf226500115809f0344e3190b6f90c4e3f

SHA256
69937a93355fbe63f0fdd8b9347c00adccceabe0e57027eb658b15f69c3b7386

SHA512
04feac174f1e832169b2884a5dee85d82662b44af188a4f3c6c7c1cc94166e045ee8838f0ef6369926f6d37fd9c6fab5cc2b5513a908cc82f57b4d53460a09ed

Download Submit
C:\Program Files\Huawei\Hiview\vcruntime140.dll

Filesize
83KB

MD5
1453290db80241683288f33e6dd5e80e

SHA1
29fb9af50458df43ef40bfc8f0f516d0c0a106fd

SHA256
2b7602cc1521101d116995e3e2ddfe0943349806378a0d40add81ba64e359b6c

SHA512
4ea48a11e29ea7ac3957dcab1a7912f83fd1c922c43d7b7d78523178fe236b4418729455b78ac672bb5632ecd5400746179802c6a9690adb025270b0ade84e91

Download Submit
C:\Program Files\Huawei\Hiview\vcruntime140.dll

Filesize
83KB

MD5
1453290db80241683288f33e6dd5e80e

SHA1
29fb9af50458df43ef40bfc8f0f516d0c0a106fd

SHA256
2b7602cc1521101d116995e3e2ddfe0943349806378a0d40add81ba64e359b6c

SHA512
4ea48a11e29ea7ac3957dcab1a7912f83fd1c922c43d7b7d78523178fe236b4418729455b78ac672bb5632ecd5400746179802c6a9690adb025270b0ade84e91

Download Submit
C:\Program Files\Huawei\Hiview\zlib.dll

Filesize
119KB

MD5
57046b9ccad6f81b020ce7005b4bab0b

SHA1
0c9b095be64b7ff013e8c4025e141745f33b484e

SHA256
c2e18baf1a27c805c4d51bffc8575b4ebae95ef57ee4447a2cd504cdbd6ca6ee

SHA512
9c34bdef6c51d5c6644fd26a7df57a64ba22de591acbe243ba669db77e9b81e459dd1e2a1f4498fa086417c11ac2332b53e050b2f5b075e4931a4cf4603e9ae2

Download Submit
C:\Program Files\Huawei\Hiview\zlib.dll

Filesize
119KB

MD5
57046b9ccad6f81b020ce7005b4bab0b

SHA1
0c9b095be64b7ff013e8c4025e141745f33b484e

SHA256
c2e18baf1a27c805c4d51bffc8575b4ebae95ef57ee4447a2cd504cdbd6ca6ee

SHA512
9c34bdef6c51d5c6644fd26a7df57a64ba22de591acbe243ba669db77e9b81e459dd1e2a1f4498fa086417c11ac2332b53e050b2f5b075e4931a4cf4603e9ae2

Download Submit
C:\Program Files\Huawei\Hiview\zlib1.dll

Filesize
113KB

MD5
55cac626886abbcb778ba6a84a000d5b

SHA1
c7935da2ecffba9ca0e8a198741db0c61686576e

SHA256
eb7a94b2c2ef0f625a82faadef738c4d6a3d83aa0d730edbd93aa2e5009ee2eb

SHA512
6f86873afc2cc64efa47d89ad577bdbe179a7caee03ed1555f7cdf502ad5d9b37b70a3ea51f1b65f68fb0ced7e50e2020b39cce882525dd4a1c85e9fb8479d41

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswFEB9.tmp\nsExec.dll

Filesize
7KB

MD5
f27689c513e7d12c7c974d5f8ef710d6

SHA1
e305f2a2898d765a64c82c449dfb528665b4a892

SHA256
1f18f4126124b0551f3dbcd0fec7f34026f930ca509f04435657cedc32ae8c47

SHA512
734e9f3989ee47a86bee16838df7a09353c7fe085a09d77e70d281b21c5477b0b061616e72e8ac8fcb3dda1df0d5152f54dcc4c5a77f90fbf0f857557bf02fbc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswFEB9.tmp\nsExec.dll

Filesize
7KB

MD5
f27689c513e7d12c7c974d5f8ef710d6

SHA1
e305f2a2898d765a64c82c449dfb528665b4a892

SHA256
1f18f4126124b0551f3dbcd0fec7f34026f930ca509f04435657cedc32ae8c47

SHA512
734e9f3989ee47a86bee16838df7a09353c7fe085a09d77e70d281b21c5477b0b061616e72e8ac8fcb3dda1df0d5152f54dcc4c5a77f90fbf0f857557bf02fbc

Download Submit
memory/536-203-0x0000000000000000-mapping.dmp

Download
memory/676-209-0x0000000000000000-mapping.dmp

Download
memory/800-205-0x0000000000000000-mapping.dmp

Download
memory/1840-198-0x0000000000000000-mapping.dmp

Download
memory/1980-201-0x0000000000000000-mapping.dmp

Download
memory/2152-199-0x0000000000000000-mapping.dmp

Download
memory/2268-206-0x0000000000000000-mapping.dmp

Download
memory/2440-135-0x0000000000000000-mapping.dmp

Download
memory/3016-207-0x0000000000000000-mapping.dmp

Download
memory/3140-133-0x0000000000000000-mapping.dmp

Download
memory/3196-200-0x0000000000000000-mapping.dmp

Download
memory/3424-204-0x0000000000000000-mapping.dmp

Download
memory/4400-208-0x0000000000000000-mapping.dmp

Download
memory/4596-202-0x0000000000000000-mapping.dmp

Download