Overview

overview

10

Static

static

3db145a70f...cb.exe

windows7-x64

10

3db145a70f...cb.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    187s
  • max time network
    191s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-11-2022 10:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3db145a70f75ceea54337275315ac77dcd61e7ae9cf38f240d17e196194b57cb.exe

  • Size

    127KB

  • MD5

    8786c0e7879e8351899954722ac3b2db

  • SHA1

    d26fbd63cc89fcd387e1bb3710dc66a00764a679

  • SHA256

    3db145a70f75ceea54337275315ac77dcd61e7ae9cf38f240d17e196194b57cb

  • SHA512

    2b6ee48a70dd1b86f4219c9791c26842ce1ac87269f17547818fc8ea29f5d9562528cef52c003cdfe0f5b005c9c542625444db67be4c42611a3c31c55c643931

  • SSDEEP

    1536:snqdu3rbBGy3G8V0iuoKYMUYU6U5jUdPQc+n35KZg8/nouy8Iu:sqYMPsLMYjUtQl78vout

Score
10/10
evasionpersistencetrojan

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 6 IoCs
    persistence
  • Modifies system executable filetype association 2 TTPs 8 IoCs
    persistence
  • Modifies visibility of file extensions in Explorer 2 TTPs 8 IoCs
    evasion
  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 8 IoCs
    evasion
  • UAC bypass 3 TTPs 6 IoCs
    evasiontrojan
  • Disables RegEdit via registry modification 6 IoCs
    evasion
  • Disables use of System Restore points 1 TTPs
    evasion
  • Executes dropped EXE 64 IoCs
  • Sets file execution options in registry 2 TTPs 64 IoCs
    persistence
  • Loads dropped DLL 64 IoCs
  • Adds Run key to start application 2 TTPs 38 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 6 IoCs
    evasiontrojan
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 64 IoCs
  • Drops file in Program Files directory 27 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 12 IoCs
    adwarespyware
  • Modifies registry class 48 IoCs
  • Runs ping.exe 1 TTPs 18 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 5 IoCs
  • Suspicious use of SetWindowsHookEx 64 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • System policy modification 1 TTPs 12 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\3db145a70f75ceea54337275315ac77dcd61e7ae9cf38f240d17e196194b57cb.exe
    "C:\Users\Admin\AppData\Local\Temp\3db145a70f75ceea54337275315ac77dcd61e7ae9cf38f240d17e196194b57cb.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:344
    • C:\Users\Admin\AppData\Local\Temp\3db145a70f75ceea54337275315ac77dcd61e7ae9cf38f240d17e196194b57cb.exe 
      C:\Users\Admin\AppData\Local\Temp\3db145a70f75ceea54337275315ac77dcd61e7ae9cf38f240d17e196194b57cb.exe 
      2⤵
      • Modifies WinLogon for persistence
      • Modifies system executable filetype association
      • Modifies visibility of file extensions in Explorer
      • Modifies visiblity of hidden/system files in Explorer
      • UAC bypass
      • Disables RegEdit via registry modification
      • Executes dropped EXE
      • Sets file execution options in registry
      • Adds Run key to start application
      • Checks whether UAC is enabled
      • Drops file in System32 directory
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      • System policy modification
      PID:4468
      • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exe
        C:\Windows\System32\~A~m~B~u~R~a~D~u~L~\csrss.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in System32 directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2576
        • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exe 
          C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exe 
          4⤵
          • Modifies WinLogon for persistence
          • Modifies system executable filetype association
          • Modifies visibility of file extensions in Explorer
          • Modifies visiblity of hidden/system files in Explorer
          • UAC bypass
          • Disables RegEdit via registry modification
          • Executes dropped EXE
          • Sets file execution options in registry
          • Loads dropped DLL
          • Adds Run key to start application
          • Checks whether UAC is enabled
          • Drops file in System32 directory
          • Modifies Internet Explorer settings
          • Modifies registry class
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          • System policy modification
          PID:3840
          • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exe
            C:\Windows\System32\~A~m~B~u~R~a~D~u~L~\csrss.exe
            5⤵
            • Modifies system executable filetype association
            • Modifies visibility of file extensions in Explorer
            • Modifies visiblity of hidden/system files in Explorer
            • Executes dropped EXE
            • Loads dropped DLL
            • Drops file in System32 directory
            • Modifies registry class
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:2596
            • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exe 
              C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exe 
              6⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • Suspicious use of SetWindowsHookEx
              PID:4396
            • \??\c:\Documents and Settings\Admin\Application Data\Microsoft\izha.exe
              "c:\Documents and Settings\Admin\Application Data\Microsoft\izha.exe" csrss
              6⤵
              • Modifies system executable filetype association
              • Modifies visibility of file extensions in Explorer
              • Modifies visiblity of hidden/system files in Explorer
              • Executes dropped EXE
              • Adds Run key to start application
              • Enumerates connected drives
              • Drops file in System32 directory
              • Drops file in Program Files directory
              • Modifies registry class
              • Suspicious use of SetWindowsHookEx
              PID:612
          • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exe
            C:\Windows\System32\~A~m~B~u~R~a~D~u~L~\smss.exe
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Drops file in System32 directory
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:3012
            • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exe 
              C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exe 
              6⤵
              • Modifies WinLogon for persistence
              • Modifies system executable filetype association
              • Modifies visibility of file extensions in Explorer
              • Modifies visiblity of hidden/system files in Explorer
              • UAC bypass
              • Disables RegEdit via registry modification
              • Executes dropped EXE
              • Sets file execution options in registry
              • Loads dropped DLL
              • Adds Run key to start application
              • Checks whether UAC is enabled
              • Drops file in System32 directory
              • Modifies Internet Explorer settings
              • Modifies registry class
              • Suspicious use of SetWindowsHookEx
              • Suspicious use of WriteProcessMemory
              • System policy modification
              PID:4384
              • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exe
                C:\Windows\System32\~A~m~B~u~R~a~D~u~L~\csrss.exe
                7⤵
                • Executes dropped EXE
                • Loads dropped DLL
                • Suspicious use of SetWindowsHookEx
                • Suspicious use of WriteProcessMemory
                PID:2124
                • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exe 
                  C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exe 
                  8⤵
                  • Executes dropped EXE
                  • Loads dropped DLL
                  • Suspicious use of SetWindowsHookEx
                  PID:3820
              • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exe
                C:\Windows\System32\~A~m~B~u~R~a~D~u~L~\smss.exe
                7⤵
                • Executes dropped EXE
                • Loads dropped DLL
                • Suspicious use of SetWindowsHookEx
                • Suspicious use of WriteProcessMemory
                PID:3608
                • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exe 
                  C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exe 
                  8⤵
                  • Executes dropped EXE
                  • Loads dropped DLL
                  • Suspicious use of SetWindowsHookEx
                  PID:4576
              • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exe
                C:\Windows\System32\~A~m~B~u~R~a~D~u~L~\lsass.exe
                7⤵
                • Executes dropped EXE
                • Loads dropped DLL
                • Suspicious behavior: EnumeratesProcesses
                • Suspicious use of SetWindowsHookEx
                • Suspicious use of WriteProcessMemory
                PID:2164
                • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exe 
                  C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exe 
                  8⤵
                  • Modifies WinLogon for persistence
                  • Modifies system executable filetype association
                  • Modifies visibility of file extensions in Explorer
                  • Modifies visiblity of hidden/system files in Explorer
                  • UAC bypass
                  • Disables RegEdit via registry modification
                  • Executes dropped EXE
                  • Sets file execution options in registry
                  • Loads dropped DLL
                  • Adds Run key to start application
                  • Checks whether UAC is enabled
                  • Drops file in System32 directory
                  • Modifies Internet Explorer settings
                  • Modifies registry class
                  • Suspicious use of SetWindowsHookEx
                  • Suspicious use of WriteProcessMemory
                  • System policy modification
                  PID:2188
                  • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exe
                    C:\Windows\System32\~A~m~B~u~R~a~D~u~L~\csrss.exe
                    9⤵
                    • Executes dropped EXE
                    • Loads dropped DLL
                    • Suspicious use of SetWindowsHookEx
                    • Suspicious use of WriteProcessMemory
                    PID:1936
                    • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exe 
                      C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exe 
                      10⤵
                      • Executes dropped EXE
                      • Loads dropped DLL
                      • Suspicious use of SetWindowsHookEx
                      PID:2184
                  • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exe
                    C:\Windows\System32\~A~m~B~u~R~a~D~u~L~\smss.exe
                    9⤵
                    • Executes dropped EXE
                    • Loads dropped DLL
                    • Suspicious use of SetWindowsHookEx
                    • Suspicious use of WriteProcessMemory
                    PID:2740
                    • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exe 
                      C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exe 
                      10⤵
                      • Executes dropped EXE
                      • Loads dropped DLL
                      • Suspicious use of SetWindowsHookEx
                      PID:5036
                  • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exe
                    C:\Windows\System32\~A~m~B~u~R~a~D~u~L~\lsass.exe
                    9⤵
                    • Executes dropped EXE
                    • Loads dropped DLL
                    • Suspicious use of SetWindowsHookEx
                    • Suspicious use of WriteProcessMemory
                    PID:1472
                    • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exe 
                      C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exe 
                      10⤵
                      • Executes dropped EXE
                      • Loads dropped DLL
                      • Suspicious use of SetWindowsHookEx
                      PID:4228
                  • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exe
                    C:\Windows\System32\~A~m~B~u~R~a~D~u~L~\services.exe
                    9⤵
                    • Executes dropped EXE
                    • Loads dropped DLL
                    • Drops file in System32 directory
                    • Suspicious use of SetWindowsHookEx
                    PID:3128
                    • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exe 
                      C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exe 
                      10⤵
                      • Executes dropped EXE
                      • Loads dropped DLL
                      • Suspicious use of SetWindowsHookEx
                      PID:4492
                  • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exe
                    C:\Windows\System32\~A~m~B~u~R~a~D~u~L~\winlogon.exe
                    9⤵
                    • Executes dropped EXE
                    • Loads dropped DLL
                    • Drops file in System32 directory
                    • Suspicious use of SetWindowsHookEx
                    PID:4400
                    • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exe 
                      C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exe 
                      10⤵
                      • Modifies WinLogon for persistence
                      • Modifies system executable filetype association
                      • Modifies visibility of file extensions in Explorer
                      • Modifies visiblity of hidden/system files in Explorer
                      • UAC bypass
                      • Disables RegEdit via registry modification
                      • Executes dropped EXE
                      • Sets file execution options in registry
                      • Loads dropped DLL
                      • Adds Run key to start application
                      • Checks whether UAC is enabled
                      • Drops file in System32 directory
                      • Modifies Internet Explorer settings
                      • Modifies registry class
                      • Suspicious use of SetWindowsHookEx
                      • System policy modification
                      PID:4888
                      • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exe
                        C:\Windows\System32\~A~m~B~u~R~a~D~u~L~\csrss.exe
                        11⤵
                        • Executes dropped EXE
                        • Loads dropped DLL
                        • Suspicious use of SetWindowsHookEx
                        PID:2808
                        • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exe 
                          C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exe 
                          12⤵
                          • Executes dropped EXE
                          • Loads dropped DLL
                          • Suspicious use of SetWindowsHookEx
                          PID:2592
                      • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exe
                        C:\Windows\System32\~A~m~B~u~R~a~D~u~L~\smss.exe
                        11⤵
                        • Executes dropped EXE
                        • Loads dropped DLL
                        • Suspicious use of SetWindowsHookEx
                        PID:2904
                        • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exe 
                          C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exe 
                          12⤵
                          • Executes dropped EXE
                          • Loads dropped DLL
                          • Suspicious use of SetWindowsHookEx
                          PID:1204
                      • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exe
                        C:\Windows\System32\~A~m~B~u~R~a~D~u~L~\lsass.exe
                        11⤵
                        • Executes dropped EXE
                        • Loads dropped DLL
                        • Drops file in System32 directory
                        • Suspicious use of SetWindowsHookEx
                        PID:1780
                        • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exe 
                          C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exe 
                          12⤵
                          • Executes dropped EXE
                          • Loads dropped DLL
                          • Suspicious use of SetWindowsHookEx
                          PID:4592
                      • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exe
                        C:\Windows\System32\~A~m~B~u~R~a~D~u~L~\services.exe
                        11⤵
                        • Executes dropped EXE
                        • Loads dropped DLL
                        • Drops file in System32 directory
                        • Suspicious use of SetWindowsHookEx
                        PID:2980
                        • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exe 
                          C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exe 
                          12⤵
                          • Executes dropped EXE
                          • Loads dropped DLL
                          • Suspicious use of SetWindowsHookEx
                          PID:3188
                      • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exe
                        C:\Windows\System32\~A~m~B~u~R~a~D~u~L~\winlogon.exe
                        11⤵
                        • Executes dropped EXE
                        • Loads dropped DLL
                        • Suspicious use of SetWindowsHookEx
                        PID:2092
                        • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exe 
                          C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exe 
                          12⤵
                          • Executes dropped EXE
                          • Loads dropped DLL
                          • Suspicious use of SetWindowsHookEx
                          PID:2664
                      • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_Community
                        C:\Windows\System32\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_Community
                        11⤵
                        • Executes dropped EXE
                        • Loads dropped DLL
                        • Drops file in System32 directory
                        PID:4912
                      • C:\Windows\SysWOW64\rundll32.exe
                        rundll32.exe C:\Windows\System32\shimgvw.dll, ImageView_Fullscreen
                        11⤵
                        • Suspicious use of FindShellTrayWindow
                        PID:1136
                      • C:\Windows\SysWOW64\ping.exe
                        ping www.rasasayang.com.my -n 65500 -l 1340
                        11⤵
                        • Runs ping.exe
                        PID:444
                      • C:\Windows\SysWOW64\ping.exe
                        ping www.data0.net -n 65500 -l 1340
                        11⤵
                        • Runs ping.exe
                        PID:5084
                      • C:\Windows\SysWOW64\ping.exe
                        ping www.duniasex.com -n 65500 -l 1340
                        11⤵
                        • Runs ping.exe
                        PID:4348
                  • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_Community
                    C:\Windows\System32\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_Community
                    9⤵
                    • Drops file in System32 directory
                    PID:4508
                  • C:\Windows\SysWOW64\rundll32.exe
                    rundll32.exe C:\Windows\System32\shimgvw.dll, ImageView_Fullscreen
                    9⤵
                    • Suspicious use of FindShellTrayWindow
                    PID:2612
                  • C:\Windows\SysWOW64\ping.exe
                    ping www.rasasayang.com.my -n 65500 -l 1340
                    9⤵
                    • Runs ping.exe
                    PID:3504
                  • C:\Windows\SysWOW64\ping.exe
                    ping www.data0.net -n 65500 -l 1340
                    9⤵
                    • Runs ping.exe
                    PID:520
                    • C:\Windows\System32\Conhost.exe
                      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      10⤵
                      • Executes dropped EXE
                      • Loads dropped DLL
                      • Suspicious use of SetWindowsHookEx
                      PID:2104
                  • C:\Windows\SysWOW64\ping.exe
                    ping www.duniasex.com -n 65500 -l 1340
                    9⤵
                    • Runs ping.exe
                    PID:1804
              • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exe
                C:\Windows\System32\~A~m~B~u~R~a~D~u~L~\services.exe
                7⤵
                • Executes dropped EXE
                • Loads dropped DLL
                • Drops file in System32 directory
                • Suspicious use of SetWindowsHookEx
                PID:2748
                • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exe 
                  C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exe 
                  8⤵
                  • Modifies WinLogon for persistence
                  • Modifies system executable filetype association
                  • Modifies visibility of file extensions in Explorer
                  • Modifies visiblity of hidden/system files in Explorer
                  • UAC bypass
                  • Disables RegEdit via registry modification
                  • Executes dropped EXE
                  • Sets file execution options in registry
                  • Loads dropped DLL
                  • Adds Run key to start application
                  • Checks whether UAC is enabled
                  • Drops file in System32 directory
                  • Modifies Internet Explorer settings
                  • Modifies registry class
                  • Suspicious use of SetWindowsHookEx
                  • System policy modification
                  PID:4744
                  • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exe
                    C:\Windows\System32\~A~m~B~u~R~a~D~u~L~\csrss.exe
                    9⤵
                    • Executes dropped EXE
                    • Loads dropped DLL
                    • Suspicious use of SetWindowsHookEx
                    PID:4996
                    • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exe 
                      C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exe 
                      10⤵
                      • Executes dropped EXE
                      • Loads dropped DLL
                      • Suspicious use of SetWindowsHookEx
                      PID:1436
                  • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exe
                    C:\Windows\System32\~A~m~B~u~R~a~D~u~L~\smss.exe
                    9⤵
                    • Executes dropped EXE
                    • Loads dropped DLL
                    • Drops file in System32 directory
                    • Suspicious use of SetWindowsHookEx
                    PID:4408
                    • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exe 
                      C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exe 
                      10⤵
                      • Executes dropped EXE
                      • Loads dropped DLL
                      • Suspicious use of SetWindowsHookEx
                      PID:3424
                  • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exe
                    C:\Windows\System32\~A~m~B~u~R~a~D~u~L~\lsass.exe
                    9⤵
                    • Executes dropped EXE
                    • Loads dropped DLL
                    • Suspicious use of SetWindowsHookEx
                    PID:3468
                    • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exe 
                      C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exe 
                      10⤵
                      • Executes dropped EXE
                      • Loads dropped DLL
                      • Suspicious use of SetWindowsHookEx
                      PID:4856
                  • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exe
                    C:\Windows\System32\~A~m~B~u~R~a~D~u~L~\services.exe
                    9⤵
                    • Executes dropped EXE
                    • Loads dropped DLL
                    • Suspicious use of SetWindowsHookEx
                    PID:4004
                    • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exe 
                      C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exe 
                      10⤵
                      • Executes dropped EXE
                      • Loads dropped DLL
                      • Suspicious use of SetWindowsHookEx
                      PID:3540
                  • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exe
                    C:\Windows\System32\~A~m~B~u~R~a~D~u~L~\winlogon.exe
                    9⤵
                    • Executes dropped EXE
                    • Loads dropped DLL
                    • Drops file in System32 directory
                    • Suspicious use of SetWindowsHookEx
                    PID:4212
                    • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exe 
                      C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exe 
                      10⤵
                      • Executes dropped EXE
                      • Loads dropped DLL
                      • Suspicious use of SetWindowsHookEx
                      PID:4016
                  • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_Community
                    C:\Windows\System32\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_Community
                    9⤵
                    • Executes dropped EXE
                    • Loads dropped DLL
                    • Drops file in System32 directory
                    • Suspicious use of SetWindowsHookEx
                    PID:1508
                  • C:\Windows\SysWOW64\rundll32.exe
                    rundll32.exe C:\Windows\System32\shimgvw.dll, ImageView_Fullscreen
                    9⤵
                    • Suspicious use of FindShellTrayWindow
                    PID:1556
                  • C:\Windows\SysWOW64\ping.exe
                    ping www.rasasayang.com.my -n 65500 -l 1340
                    9⤵
                    • Runs ping.exe
                    PID:2460
                  • C:\Windows\SysWOW64\ping.exe
                    ping www.data0.net -n 65500 -l 1340
                    9⤵
                    • Runs ping.exe
                    PID:3648
                  • C:\Windows\SysWOW64\ping.exe
                    ping www.duniasex.com -n 65500 -l 1340
                    9⤵
                    • Runs ping.exe
                    PID:2164
              • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exe
                C:\Windows\System32\~A~m~B~u~R~a~D~u~L~\winlogon.exe
                7⤵
                • Loads dropped DLL
                PID:4144
                • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exe 
                  C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exe 
                  8⤵
                  • Executes dropped EXE
                  • Loads dropped DLL
                  • Suspicious use of SetWindowsHookEx
                  PID:4232
              • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_Community
                C:\Windows\System32\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_Community
                7⤵
                • Drops file in System32 directory
                PID:4892
              • C:\Windows\SysWOW64\rundll32.exe
                rundll32.exe C:\Windows\System32\shimgvw.dll, ImageView_Fullscreen
                7⤵
                • Suspicious use of FindShellTrayWindow
                PID:936
              • C:\Windows\SysWOW64\ping.exe
                ping www.duniasex.com -n 65500 -l 1340
                7⤵
                • Runs ping.exe
                PID:3288
              • C:\Windows\SysWOW64\ping.exe
                ping www.data0.net -n 65500 -l 1340
                7⤵
                • Runs ping.exe
                PID:2244
              • C:\Windows\SysWOW64\ping.exe
                ping www.rasasayang.com.my -n 65500 -l 1340
                7⤵
                • Runs ping.exe
                PID:3496
          • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exe
            C:\Windows\System32\~A~m~B~u~R~a~D~u~L~\lsass.exe
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Suspicious use of SetWindowsHookEx
            PID:4208
            • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exe 
              C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exe 
              6⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • Suspicious use of SetWindowsHookEx
              PID:1028
          • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exe
            C:\Windows\System32\~A~m~B~u~R~a~D~u~L~\services.exe
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Suspicious use of SetWindowsHookEx
            PID:1912
            • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exe 
              C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exe 
              6⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • Suspicious use of SetWindowsHookEx
              PID:3372
          • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exe
            C:\Windows\System32\~A~m~B~u~R~a~D~u~L~\winlogon.exe
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Suspicious use of SetWindowsHookEx
            PID:3248
            • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exe 
              C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exe 
              6⤵
                PID:2104
            • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_Community
              C:\Windows\System32\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_Community
              5⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • Suspicious use of SetWindowsHookEx
              PID:2480
            • C:\Windows\SysWOW64\rundll32.exe
              rundll32.exe C:\Windows\System32\shimgvw.dll, ImageView_Fullscreen
              5⤵
                PID:2516
              • C:\Windows\SysWOW64\ping.exe
                ping www.duniasex.com -n 65500 -l 1340
                5⤵
                • Runs ping.exe
                PID:4436
              • C:\Windows\SysWOW64\ping.exe
                ping www.rasasayang.com.my -n 65500 -l 1340
                5⤵
                • Runs ping.exe
                PID:3916
              • C:\Windows\SysWOW64\ping.exe
                ping www.data0.net -n 65500 -l 1340
                5⤵
                • Runs ping.exe
                PID:3796
          • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exe
            C:\Windows\System32\~A~m~B~u~R~a~D~u~L~\smss.exe
            3⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Drops file in System32 directory
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:5008
            • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exe 
              C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exe 
              4⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • Suspicious use of SetWindowsHookEx
              PID:3460
          • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exe
            C:\Windows\System32\~A~m~B~u~R~a~D~u~L~\lsass.exe
            3⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Suspicious use of SetWindowsHookEx
            PID:3480
            • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exe 
              C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exe 
              4⤵
                PID:4232
            • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exe
              C:\Windows\System32\~A~m~B~u~R~a~D~u~L~\services.exe
              3⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • Drops file in System32 directory
              • Suspicious use of SetWindowsHookEx
              PID:2200
              • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exe 
                C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exe 
                4⤵
                • Executes dropped EXE
                • Loads dropped DLL
                • Suspicious use of SetWindowsHookEx
                PID:4448
            • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exe
              C:\Windows\System32\~A~m~B~u~R~a~D~u~L~\winlogon.exe
              3⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • Suspicious use of SetWindowsHookEx
              PID:1412
              • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exe 
                C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exe 
                4⤵
                • Executes dropped EXE
                • Loads dropped DLL
                • Suspicious use of SetWindowsHookEx
                PID:780
            • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_Community
              C:\Windows\System32\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_Community
              3⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • Suspicious use of SetWindowsHookEx
              PID:3684
            • C:\Windows\SysWOW64\rundll32.exe
              rundll32.exe C:\Windows\System32\shimgvw.dll, ImageView_Fullscreen
              3⤵
              • Suspicious use of FindShellTrayWindow
              PID:432
            • C:\Windows\SysWOW64\ping.exe
              ping www.duniasex.com -n 65500 -l 1340
              3⤵
              • Runs ping.exe
              PID:2120
            • C:\Windows\SysWOW64\ping.exe
              ping www.data0.net -n 65500 -l 1340
              3⤵
              • Runs ping.exe
              PID:2416
            • C:\Windows\SysWOW64\ping.exe
              ping www.rasasayang.com.my -n 65500 -l 1340
              3⤵
              • Runs ping.exe
              PID:4200

        Network

        MITRE ATT&CK Matrix ATT&CK v6

        Initial Access

        Execution

        Persistence

        Winlogon Helper DLL

        1
        T1004

        Change Default File Association

        1
        T1042

        Hidden Files and Directories

        2
        T1158

        Registry Run Keys / Startup Folder

        2
        T1060

        Privilege Escalation

        Bypass User Account Control

        1
        T1088

        Defense Evasion

        Modify Registry

        9
        T1112

        Hidden Files and Directories

        2
        T1158

        Bypass User Account Control

        1
        T1088

        Disabling Security Tools

        1
        T1089

        Credential Access

        Discovery

        System Information Discovery

        3
        T1082

        Query Registry

        1
        T1012

        Peripheral Device Discovery

        1
        T1120

        Remote System Discovery

        1
        T1018

        Lateral Movement

        Collection

        Exfiltration

        Command and Control

        Impact

        Inhibit System Recovery

        1
        T1490

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\3db145a70f75ceea54337275315ac77dcd61e7ae9cf38f240d17e196194b57cb.exe 
          Filesize

          50KB

          MD5

          940d24de51296709ead002014ae37c40

          SHA1

          7cebaccaa9a213585f71d2a845ca7fd7d2c1cb7d

          SHA256

          d9afef82aafa6709ca6879cdd7915e76999bc5b150301b3ccd73d7a8ef14c3b6

          SHA512

          6646e85234e44185762d30705a2baf591241ae25459700f4699f3931f72d9138723aa52da6a479c72d8e9b0366892584f660b9b14f54d8672279cce7c44e7c64

          Download Submit
        • C:\Users\Admin\AppData\Local\Temp\3db145a70f75ceea54337275315ac77dcd61e7ae9cf38f240d17e196194b57cb.exe 
          Filesize

          50KB

          MD5

          940d24de51296709ead002014ae37c40

          SHA1

          7cebaccaa9a213585f71d2a845ca7fd7d2c1cb7d

          SHA256

          d9afef82aafa6709ca6879cdd7915e76999bc5b150301b3ccd73d7a8ef14c3b6

          SHA512

          6646e85234e44185762d30705a2baf591241ae25459700f4699f3931f72d9138723aa52da6a479c72d8e9b0366892584f660b9b14f54d8672279cce7c44e7c64

          Download Submit
        • C:\Users\Admin\AppData\Roaming\Microsoft\izha.exe
          Filesize

          76KB

          MD5

          5d1fc77d939653384382582c648d3a0b

          SHA1

          96150f6ee0c1a98e005219848f5a56c79bc154f8

          SHA256

          079865c253287714c6f2f5355a727585ca572a5beafd65fe5914b272147e1097

          SHA512

          6291924b680fca01dd6761f24ea379adfcb0afeec601cfc98e9f4d6fe5c4aeb1082bc276631c2942cb09ec8669c9c06814c46c273474afb5fd5fcfe191aed3c6

          Download Submit
        • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\MSVBVM60.DLL
          Filesize

          1.4MB

          MD5

          25f62c02619174b35851b0e0455b3d94

          SHA1

          4e8ee85157f1769f6e3f61c0acbe59072209da71

          SHA256

          898288bd3b21d0e7d5f406df2e0b69a5bbfa4f241baf29a2cdf8a3cf4d4619f2

          SHA512

          f4529fd9eca4e4696f7f06874866ff98a1447a9b0d3a20ef0de54d4d694e2497fd39c452f73fab9b8a02962a7b2b88d1e85f6e35c7cbcb9555003c6828bebc3a

          Download Submit
        • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\Paraysutki_VM_Community
          Filesize

          127KB

          MD5

          b7422f357cba2a1d521f2e8ecf5fca73

          SHA1

          6352ec6ac218a362fe5b100f630d4783be28a8f6

          SHA256

          1b33b350eb0ee9ddb53ddce1f371300c795b1519f4c1b430ba8d7abcf1f1ea65

          SHA512

          e3badf35a7dcba5cc261005f35c30be0fa369612db9458a92c60878dac6e8d2d4858011c63a1a6cc2493344f594549c7737dd1a4be2921f73fdfb7234926538c

          Download Submit
        • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exe
          Filesize

          127KB

          MD5

          b7422f357cba2a1d521f2e8ecf5fca73

          SHA1

          6352ec6ac218a362fe5b100f630d4783be28a8f6

          SHA256

          1b33b350eb0ee9ddb53ddce1f371300c795b1519f4c1b430ba8d7abcf1f1ea65

          SHA512

          e3badf35a7dcba5cc261005f35c30be0fa369612db9458a92c60878dac6e8d2d4858011c63a1a6cc2493344f594549c7737dd1a4be2921f73fdfb7234926538c

          Download Submit
        • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exe
          Filesize

          127KB

          MD5

          b7422f357cba2a1d521f2e8ecf5fca73

          SHA1

          6352ec6ac218a362fe5b100f630d4783be28a8f6

          SHA256

          1b33b350eb0ee9ddb53ddce1f371300c795b1519f4c1b430ba8d7abcf1f1ea65

          SHA512

          e3badf35a7dcba5cc261005f35c30be0fa369612db9458a92c60878dac6e8d2d4858011c63a1a6cc2493344f594549c7737dd1a4be2921f73fdfb7234926538c

          Download Submit
        • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exe
          Filesize

          127KB

          MD5

          b7422f357cba2a1d521f2e8ecf5fca73

          SHA1

          6352ec6ac218a362fe5b100f630d4783be28a8f6

          SHA256

          1b33b350eb0ee9ddb53ddce1f371300c795b1519f4c1b430ba8d7abcf1f1ea65

          SHA512

          e3badf35a7dcba5cc261005f35c30be0fa369612db9458a92c60878dac6e8d2d4858011c63a1a6cc2493344f594549c7737dd1a4be2921f73fdfb7234926538c

          Download Submit
        • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exe
          Filesize

          127KB

          MD5

          b7422f357cba2a1d521f2e8ecf5fca73

          SHA1

          6352ec6ac218a362fe5b100f630d4783be28a8f6

          SHA256

          1b33b350eb0ee9ddb53ddce1f371300c795b1519f4c1b430ba8d7abcf1f1ea65

          SHA512

          e3badf35a7dcba5cc261005f35c30be0fa369612db9458a92c60878dac6e8d2d4858011c63a1a6cc2493344f594549c7737dd1a4be2921f73fdfb7234926538c

          Download Submit
        • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exe
          Filesize

          127KB

          MD5

          b7422f357cba2a1d521f2e8ecf5fca73

          SHA1

          6352ec6ac218a362fe5b100f630d4783be28a8f6

          SHA256

          1b33b350eb0ee9ddb53ddce1f371300c795b1519f4c1b430ba8d7abcf1f1ea65

          SHA512

          e3badf35a7dcba5cc261005f35c30be0fa369612db9458a92c60878dac6e8d2d4858011c63a1a6cc2493344f594549c7737dd1a4be2921f73fdfb7234926538c

          Download Submit
        • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exe 
          Filesize

          50KB

          MD5

          940d24de51296709ead002014ae37c40

          SHA1

          7cebaccaa9a213585f71d2a845ca7fd7d2c1cb7d

          SHA256

          d9afef82aafa6709ca6879cdd7915e76999bc5b150301b3ccd73d7a8ef14c3b6

          SHA512

          6646e85234e44185762d30705a2baf591241ae25459700f4699f3931f72d9138723aa52da6a479c72d8e9b0366892584f660b9b14f54d8672279cce7c44e7c64

          Download Submit
        • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exe 
          Filesize

          50KB

          MD5

          940d24de51296709ead002014ae37c40

          SHA1

          7cebaccaa9a213585f71d2a845ca7fd7d2c1cb7d

          SHA256

          d9afef82aafa6709ca6879cdd7915e76999bc5b150301b3ccd73d7a8ef14c3b6

          SHA512

          6646e85234e44185762d30705a2baf591241ae25459700f4699f3931f72d9138723aa52da6a479c72d8e9b0366892584f660b9b14f54d8672279cce7c44e7c64

          Download Submit
        • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exe 
          Filesize

          50KB

          MD5

          940d24de51296709ead002014ae37c40

          SHA1

          7cebaccaa9a213585f71d2a845ca7fd7d2c1cb7d

          SHA256

          d9afef82aafa6709ca6879cdd7915e76999bc5b150301b3ccd73d7a8ef14c3b6

          SHA512

          6646e85234e44185762d30705a2baf591241ae25459700f4699f3931f72d9138723aa52da6a479c72d8e9b0366892584f660b9b14f54d8672279cce7c44e7c64

          Download Submit
        • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exe 
          Filesize

          50KB

          MD5

          940d24de51296709ead002014ae37c40

          SHA1

          7cebaccaa9a213585f71d2a845ca7fd7d2c1cb7d

          SHA256

          d9afef82aafa6709ca6879cdd7915e76999bc5b150301b3ccd73d7a8ef14c3b6

          SHA512

          6646e85234e44185762d30705a2baf591241ae25459700f4699f3931f72d9138723aa52da6a479c72d8e9b0366892584f660b9b14f54d8672279cce7c44e7c64

          Download Submit
        • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\csrss.exe 
          Filesize

          50KB

          MD5

          940d24de51296709ead002014ae37c40

          SHA1

          7cebaccaa9a213585f71d2a845ca7fd7d2c1cb7d

          SHA256

          d9afef82aafa6709ca6879cdd7915e76999bc5b150301b3ccd73d7a8ef14c3b6

          SHA512

          6646e85234e44185762d30705a2baf591241ae25459700f4699f3931f72d9138723aa52da6a479c72d8e9b0366892584f660b9b14f54d8672279cce7c44e7c64

          Download Submit
        • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exe
          Filesize

          127KB

          MD5

          b7422f357cba2a1d521f2e8ecf5fca73

          SHA1

          6352ec6ac218a362fe5b100f630d4783be28a8f6

          SHA256

          1b33b350eb0ee9ddb53ddce1f371300c795b1519f4c1b430ba8d7abcf1f1ea65

          SHA512

          e3badf35a7dcba5cc261005f35c30be0fa369612db9458a92c60878dac6e8d2d4858011c63a1a6cc2493344f594549c7737dd1a4be2921f73fdfb7234926538c

          Download Submit
        • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exe
          Filesize

          127KB

          MD5

          b7422f357cba2a1d521f2e8ecf5fca73

          SHA1

          6352ec6ac218a362fe5b100f630d4783be28a8f6

          SHA256

          1b33b350eb0ee9ddb53ddce1f371300c795b1519f4c1b430ba8d7abcf1f1ea65

          SHA512

          e3badf35a7dcba5cc261005f35c30be0fa369612db9458a92c60878dac6e8d2d4858011c63a1a6cc2493344f594549c7737dd1a4be2921f73fdfb7234926538c

          Download Submit
        • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exe
          Filesize

          127KB

          MD5

          b7422f357cba2a1d521f2e8ecf5fca73

          SHA1

          6352ec6ac218a362fe5b100f630d4783be28a8f6

          SHA256

          1b33b350eb0ee9ddb53ddce1f371300c795b1519f4c1b430ba8d7abcf1f1ea65

          SHA512

          e3badf35a7dcba5cc261005f35c30be0fa369612db9458a92c60878dac6e8d2d4858011c63a1a6cc2493344f594549c7737dd1a4be2921f73fdfb7234926538c

          Download Submit
        • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exe 
          Filesize

          50KB

          MD5

          940d24de51296709ead002014ae37c40

          SHA1

          7cebaccaa9a213585f71d2a845ca7fd7d2c1cb7d

          SHA256

          d9afef82aafa6709ca6879cdd7915e76999bc5b150301b3ccd73d7a8ef14c3b6

          SHA512

          6646e85234e44185762d30705a2baf591241ae25459700f4699f3931f72d9138723aa52da6a479c72d8e9b0366892584f660b9b14f54d8672279cce7c44e7c64

          Download Submit
        • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exe 
          Filesize

          50KB

          MD5

          940d24de51296709ead002014ae37c40

          SHA1

          7cebaccaa9a213585f71d2a845ca7fd7d2c1cb7d

          SHA256

          d9afef82aafa6709ca6879cdd7915e76999bc5b150301b3ccd73d7a8ef14c3b6

          SHA512

          6646e85234e44185762d30705a2baf591241ae25459700f4699f3931f72d9138723aa52da6a479c72d8e9b0366892584f660b9b14f54d8672279cce7c44e7c64

          Download Submit
        • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\lsass.exe 
          Filesize

          50KB

          MD5

          940d24de51296709ead002014ae37c40

          SHA1

          7cebaccaa9a213585f71d2a845ca7fd7d2c1cb7d

          SHA256

          d9afef82aafa6709ca6879cdd7915e76999bc5b150301b3ccd73d7a8ef14c3b6

          SHA512

          6646e85234e44185762d30705a2baf591241ae25459700f4699f3931f72d9138723aa52da6a479c72d8e9b0366892584f660b9b14f54d8672279cce7c44e7c64

          Download Submit
        • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\msvbvm60.dll
          Filesize

          1.4MB

          MD5

          25f62c02619174b35851b0e0455b3d94

          SHA1

          4e8ee85157f1769f6e3f61c0acbe59072209da71

          SHA256

          898288bd3b21d0e7d5f406df2e0b69a5bbfa4f241baf29a2cdf8a3cf4d4619f2

          SHA512

          f4529fd9eca4e4696f7f06874866ff98a1447a9b0d3a20ef0de54d4d694e2497fd39c452f73fab9b8a02962a7b2b88d1e85f6e35c7cbcb9555003c6828bebc3a

          Download Submit
        • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\msvbvm60.dll
          Filesize

          1.4MB

          MD5

          25f62c02619174b35851b0e0455b3d94

          SHA1

          4e8ee85157f1769f6e3f61c0acbe59072209da71

          SHA256

          898288bd3b21d0e7d5f406df2e0b69a5bbfa4f241baf29a2cdf8a3cf4d4619f2

          SHA512

          f4529fd9eca4e4696f7f06874866ff98a1447a9b0d3a20ef0de54d4d694e2497fd39c452f73fab9b8a02962a7b2b88d1e85f6e35c7cbcb9555003c6828bebc3a

          Download Submit
        • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\msvbvm60.dll
          Filesize

          1.4MB

          MD5

          25f62c02619174b35851b0e0455b3d94

          SHA1

          4e8ee85157f1769f6e3f61c0acbe59072209da71

          SHA256

          898288bd3b21d0e7d5f406df2e0b69a5bbfa4f241baf29a2cdf8a3cf4d4619f2

          SHA512

          f4529fd9eca4e4696f7f06874866ff98a1447a9b0d3a20ef0de54d4d694e2497fd39c452f73fab9b8a02962a7b2b88d1e85f6e35c7cbcb9555003c6828bebc3a

          Download Submit
        • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\msvbvm60.dll
          Filesize

          1.4MB

          MD5

          25f62c02619174b35851b0e0455b3d94

          SHA1

          4e8ee85157f1769f6e3f61c0acbe59072209da71

          SHA256

          898288bd3b21d0e7d5f406df2e0b69a5bbfa4f241baf29a2cdf8a3cf4d4619f2

          SHA512

          f4529fd9eca4e4696f7f06874866ff98a1447a9b0d3a20ef0de54d4d694e2497fd39c452f73fab9b8a02962a7b2b88d1e85f6e35c7cbcb9555003c6828bebc3a

          Download Submit
        • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\msvbvm60.dll
          Filesize

          1.4MB

          MD5

          25f62c02619174b35851b0e0455b3d94

          SHA1

          4e8ee85157f1769f6e3f61c0acbe59072209da71

          SHA256

          898288bd3b21d0e7d5f406df2e0b69a5bbfa4f241baf29a2cdf8a3cf4d4619f2

          SHA512

          f4529fd9eca4e4696f7f06874866ff98a1447a9b0d3a20ef0de54d4d694e2497fd39c452f73fab9b8a02962a7b2b88d1e85f6e35c7cbcb9555003c6828bebc3a

          Download Submit
        • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\msvbvm60.dll
          Filesize

          1.4MB

          MD5

          25f62c02619174b35851b0e0455b3d94

          SHA1

          4e8ee85157f1769f6e3f61c0acbe59072209da71

          SHA256

          898288bd3b21d0e7d5f406df2e0b69a5bbfa4f241baf29a2cdf8a3cf4d4619f2

          SHA512

          f4529fd9eca4e4696f7f06874866ff98a1447a9b0d3a20ef0de54d4d694e2497fd39c452f73fab9b8a02962a7b2b88d1e85f6e35c7cbcb9555003c6828bebc3a

          Download Submit
        • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\msvbvm60.dll
          Filesize

          1.4MB

          MD5

          25f62c02619174b35851b0e0455b3d94

          SHA1

          4e8ee85157f1769f6e3f61c0acbe59072209da71

          SHA256

          898288bd3b21d0e7d5f406df2e0b69a5bbfa4f241baf29a2cdf8a3cf4d4619f2

          SHA512

          f4529fd9eca4e4696f7f06874866ff98a1447a9b0d3a20ef0de54d4d694e2497fd39c452f73fab9b8a02962a7b2b88d1e85f6e35c7cbcb9555003c6828bebc3a

          Download Submit
        • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\msvbvm60.dll
          Filesize

          1.4MB

          MD5

          25f62c02619174b35851b0e0455b3d94

          SHA1

          4e8ee85157f1769f6e3f61c0acbe59072209da71

          SHA256

          898288bd3b21d0e7d5f406df2e0b69a5bbfa4f241baf29a2cdf8a3cf4d4619f2

          SHA512

          f4529fd9eca4e4696f7f06874866ff98a1447a9b0d3a20ef0de54d4d694e2497fd39c452f73fab9b8a02962a7b2b88d1e85f6e35c7cbcb9555003c6828bebc3a

          Download Submit
        • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\msvbvm60.dll
          Filesize

          1.4MB

          MD5

          25f62c02619174b35851b0e0455b3d94

          SHA1

          4e8ee85157f1769f6e3f61c0acbe59072209da71

          SHA256

          898288bd3b21d0e7d5f406df2e0b69a5bbfa4f241baf29a2cdf8a3cf4d4619f2

          SHA512

          f4529fd9eca4e4696f7f06874866ff98a1447a9b0d3a20ef0de54d4d694e2497fd39c452f73fab9b8a02962a7b2b88d1e85f6e35c7cbcb9555003c6828bebc3a

          Download Submit
        • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\msvbvm60.dll
          Filesize

          1.4MB

          MD5

          25f62c02619174b35851b0e0455b3d94

          SHA1

          4e8ee85157f1769f6e3f61c0acbe59072209da71

          SHA256

          898288bd3b21d0e7d5f406df2e0b69a5bbfa4f241baf29a2cdf8a3cf4d4619f2

          SHA512

          f4529fd9eca4e4696f7f06874866ff98a1447a9b0d3a20ef0de54d4d694e2497fd39c452f73fab9b8a02962a7b2b88d1e85f6e35c7cbcb9555003c6828bebc3a

          Download Submit
        • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\msvbvm60.dll
          Filesize

          1.4MB

          MD5

          25f62c02619174b35851b0e0455b3d94

          SHA1

          4e8ee85157f1769f6e3f61c0acbe59072209da71

          SHA256

          898288bd3b21d0e7d5f406df2e0b69a5bbfa4f241baf29a2cdf8a3cf4d4619f2

          SHA512

          f4529fd9eca4e4696f7f06874866ff98a1447a9b0d3a20ef0de54d4d694e2497fd39c452f73fab9b8a02962a7b2b88d1e85f6e35c7cbcb9555003c6828bebc3a

          Download Submit
        • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\msvbvm60.dll
          Filesize

          1.4MB

          MD5

          25f62c02619174b35851b0e0455b3d94

          SHA1

          4e8ee85157f1769f6e3f61c0acbe59072209da71

          SHA256

          898288bd3b21d0e7d5f406df2e0b69a5bbfa4f241baf29a2cdf8a3cf4d4619f2

          SHA512

          f4529fd9eca4e4696f7f06874866ff98a1447a9b0d3a20ef0de54d4d694e2497fd39c452f73fab9b8a02962a7b2b88d1e85f6e35c7cbcb9555003c6828bebc3a

          Download Submit
        • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\msvbvm60.dll
          Filesize

          1.4MB

          MD5

          25f62c02619174b35851b0e0455b3d94

          SHA1

          4e8ee85157f1769f6e3f61c0acbe59072209da71

          SHA256

          898288bd3b21d0e7d5f406df2e0b69a5bbfa4f241baf29a2cdf8a3cf4d4619f2

          SHA512

          f4529fd9eca4e4696f7f06874866ff98a1447a9b0d3a20ef0de54d4d694e2497fd39c452f73fab9b8a02962a7b2b88d1e85f6e35c7cbcb9555003c6828bebc3a

          Download Submit
        • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\msvbvm60.dll
          Filesize

          1.4MB

          MD5

          25f62c02619174b35851b0e0455b3d94

          SHA1

          4e8ee85157f1769f6e3f61c0acbe59072209da71

          SHA256

          898288bd3b21d0e7d5f406df2e0b69a5bbfa4f241baf29a2cdf8a3cf4d4619f2

          SHA512

          f4529fd9eca4e4696f7f06874866ff98a1447a9b0d3a20ef0de54d4d694e2497fd39c452f73fab9b8a02962a7b2b88d1e85f6e35c7cbcb9555003c6828bebc3a

          Download Submit
        • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\msvbvm60.dll
          Filesize

          1.4MB

          MD5

          25f62c02619174b35851b0e0455b3d94

          SHA1

          4e8ee85157f1769f6e3f61c0acbe59072209da71

          SHA256

          898288bd3b21d0e7d5f406df2e0b69a5bbfa4f241baf29a2cdf8a3cf4d4619f2

          SHA512

          f4529fd9eca4e4696f7f06874866ff98a1447a9b0d3a20ef0de54d4d694e2497fd39c452f73fab9b8a02962a7b2b88d1e85f6e35c7cbcb9555003c6828bebc3a

          Download Submit
        • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\msvbvm60.dll
          Filesize

          1.4MB

          MD5

          25f62c02619174b35851b0e0455b3d94

          SHA1

          4e8ee85157f1769f6e3f61c0acbe59072209da71

          SHA256

          898288bd3b21d0e7d5f406df2e0b69a5bbfa4f241baf29a2cdf8a3cf4d4619f2

          SHA512

          f4529fd9eca4e4696f7f06874866ff98a1447a9b0d3a20ef0de54d4d694e2497fd39c452f73fab9b8a02962a7b2b88d1e85f6e35c7cbcb9555003c6828bebc3a

          Download Submit
        • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\msvbvm60.dll
          Filesize

          1.4MB

          MD5

          25f62c02619174b35851b0e0455b3d94

          SHA1

          4e8ee85157f1769f6e3f61c0acbe59072209da71

          SHA256

          898288bd3b21d0e7d5f406df2e0b69a5bbfa4f241baf29a2cdf8a3cf4d4619f2

          SHA512

          f4529fd9eca4e4696f7f06874866ff98a1447a9b0d3a20ef0de54d4d694e2497fd39c452f73fab9b8a02962a7b2b88d1e85f6e35c7cbcb9555003c6828bebc3a

          Download Submit
        • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\msvbvm60.dll
          Filesize

          1.4MB

          MD5

          25f62c02619174b35851b0e0455b3d94

          SHA1

          4e8ee85157f1769f6e3f61c0acbe59072209da71

          SHA256

          898288bd3b21d0e7d5f406df2e0b69a5bbfa4f241baf29a2cdf8a3cf4d4619f2

          SHA512

          f4529fd9eca4e4696f7f06874866ff98a1447a9b0d3a20ef0de54d4d694e2497fd39c452f73fab9b8a02962a7b2b88d1e85f6e35c7cbcb9555003c6828bebc3a

          Download Submit
        • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\msvbvm60.dll
          Filesize

          1.4MB

          MD5

          25f62c02619174b35851b0e0455b3d94

          SHA1

          4e8ee85157f1769f6e3f61c0acbe59072209da71

          SHA256

          898288bd3b21d0e7d5f406df2e0b69a5bbfa4f241baf29a2cdf8a3cf4d4619f2

          SHA512

          f4529fd9eca4e4696f7f06874866ff98a1447a9b0d3a20ef0de54d4d694e2497fd39c452f73fab9b8a02962a7b2b88d1e85f6e35c7cbcb9555003c6828bebc3a

          Download Submit
        • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\services.exe
          Filesize

          127KB

          MD5

          b7422f357cba2a1d521f2e8ecf5fca73

          SHA1

          6352ec6ac218a362fe5b100f630d4783be28a8f6

          SHA256

          1b33b350eb0ee9ddb53ddce1f371300c795b1519f4c1b430ba8d7abcf1f1ea65

          SHA512

          e3badf35a7dcba5cc261005f35c30be0fa369612db9458a92c60878dac6e8d2d4858011c63a1a6cc2493344f594549c7737dd1a4be2921f73fdfb7234926538c

          Download Submit
        • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exe
          Filesize

          127KB

          MD5

          b7422f357cba2a1d521f2e8ecf5fca73

          SHA1

          6352ec6ac218a362fe5b100f630d4783be28a8f6

          SHA256

          1b33b350eb0ee9ddb53ddce1f371300c795b1519f4c1b430ba8d7abcf1f1ea65

          SHA512

          e3badf35a7dcba5cc261005f35c30be0fa369612db9458a92c60878dac6e8d2d4858011c63a1a6cc2493344f594549c7737dd1a4be2921f73fdfb7234926538c

          Download Submit
        • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exe
          Filesize

          127KB

          MD5

          b7422f357cba2a1d521f2e8ecf5fca73

          SHA1

          6352ec6ac218a362fe5b100f630d4783be28a8f6

          SHA256

          1b33b350eb0ee9ddb53ddce1f371300c795b1519f4c1b430ba8d7abcf1f1ea65

          SHA512

          e3badf35a7dcba5cc261005f35c30be0fa369612db9458a92c60878dac6e8d2d4858011c63a1a6cc2493344f594549c7737dd1a4be2921f73fdfb7234926538c

          Download Submit
        • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exe
          Filesize

          127KB

          MD5

          b7422f357cba2a1d521f2e8ecf5fca73

          SHA1

          6352ec6ac218a362fe5b100f630d4783be28a8f6

          SHA256

          1b33b350eb0ee9ddb53ddce1f371300c795b1519f4c1b430ba8d7abcf1f1ea65

          SHA512

          e3badf35a7dcba5cc261005f35c30be0fa369612db9458a92c60878dac6e8d2d4858011c63a1a6cc2493344f594549c7737dd1a4be2921f73fdfb7234926538c

          Download Submit
        • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exe
          Filesize

          127KB

          MD5

          b7422f357cba2a1d521f2e8ecf5fca73

          SHA1

          6352ec6ac218a362fe5b100f630d4783be28a8f6

          SHA256

          1b33b350eb0ee9ddb53ddce1f371300c795b1519f4c1b430ba8d7abcf1f1ea65

          SHA512

          e3badf35a7dcba5cc261005f35c30be0fa369612db9458a92c60878dac6e8d2d4858011c63a1a6cc2493344f594549c7737dd1a4be2921f73fdfb7234926538c

          Download Submit
        • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exe
          Filesize

          127KB

          MD5

          b7422f357cba2a1d521f2e8ecf5fca73

          SHA1

          6352ec6ac218a362fe5b100f630d4783be28a8f6

          SHA256

          1b33b350eb0ee9ddb53ddce1f371300c795b1519f4c1b430ba8d7abcf1f1ea65

          SHA512

          e3badf35a7dcba5cc261005f35c30be0fa369612db9458a92c60878dac6e8d2d4858011c63a1a6cc2493344f594549c7737dd1a4be2921f73fdfb7234926538c

          Download Submit
        • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exe 
          Filesize

          50KB

          MD5

          940d24de51296709ead002014ae37c40

          SHA1

          7cebaccaa9a213585f71d2a845ca7fd7d2c1cb7d

          SHA256

          d9afef82aafa6709ca6879cdd7915e76999bc5b150301b3ccd73d7a8ef14c3b6

          SHA512

          6646e85234e44185762d30705a2baf591241ae25459700f4699f3931f72d9138723aa52da6a479c72d8e9b0366892584f660b9b14f54d8672279cce7c44e7c64

          Download Submit
        • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exe 
          Filesize

          50KB

          MD5

          940d24de51296709ead002014ae37c40

          SHA1

          7cebaccaa9a213585f71d2a845ca7fd7d2c1cb7d

          SHA256

          d9afef82aafa6709ca6879cdd7915e76999bc5b150301b3ccd73d7a8ef14c3b6

          SHA512

          6646e85234e44185762d30705a2baf591241ae25459700f4699f3931f72d9138723aa52da6a479c72d8e9b0366892584f660b9b14f54d8672279cce7c44e7c64

          Download Submit
        • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exe 
          Filesize

          50KB

          MD5

          940d24de51296709ead002014ae37c40

          SHA1

          7cebaccaa9a213585f71d2a845ca7fd7d2c1cb7d

          SHA256

          d9afef82aafa6709ca6879cdd7915e76999bc5b150301b3ccd73d7a8ef14c3b6

          SHA512

          6646e85234e44185762d30705a2baf591241ae25459700f4699f3931f72d9138723aa52da6a479c72d8e9b0366892584f660b9b14f54d8672279cce7c44e7c64

          Download Submit
        • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\smss.exe 
          Filesize

          50KB

          MD5

          940d24de51296709ead002014ae37c40

          SHA1

          7cebaccaa9a213585f71d2a845ca7fd7d2c1cb7d

          SHA256

          d9afef82aafa6709ca6879cdd7915e76999bc5b150301b3ccd73d7a8ef14c3b6

          SHA512

          6646e85234e44185762d30705a2baf591241ae25459700f4699f3931f72d9138723aa52da6a479c72d8e9b0366892584f660b9b14f54d8672279cce7c44e7c64

          Download Submit
        • C:\Windows\SysWOW64\~A~m~B~u~R~a~D~u~L~\winlogon.exe
          Filesize

          127KB

          MD5

          b7422f357cba2a1d521f2e8ecf5fca73

          SHA1

          6352ec6ac218a362fe5b100f630d4783be28a8f6

          SHA256

          1b33b350eb0ee9ddb53ddce1f371300c795b1519f4c1b430ba8d7abcf1f1ea65

          SHA512

          e3badf35a7dcba5cc261005f35c30be0fa369612db9458a92c60878dac6e8d2d4858011c63a1a6cc2493344f594549c7737dd1a4be2921f73fdfb7234926538c

          Download Submit
        • \??\c:\Documents and Settings\Admin\Application Data\Microsoft\izha.exe
          Filesize

          76KB

          MD5

          5d1fc77d939653384382582c648d3a0b

          SHA1

          96150f6ee0c1a98e005219848f5a56c79bc154f8

          SHA256

          079865c253287714c6f2f5355a727585ca572a5beafd65fe5914b272147e1097

          SHA512

          6291924b680fca01dd6761f24ea379adfcb0afeec601cfc98e9f4d6fe5c4aeb1082bc276631c2942cb09ec8669c9c06814c46c273474afb5fd5fcfe191aed3c6

          Download Submit
        • \??\c:\windows\SysWOW64\Windows 3D.scr
          Filesize

          76KB

          MD5

          fcdedd3fafb1c8b4a0ded75067d75b98

          SHA1

          af5f50f71c6b868e41ff732ba039fb179d11ba7f

          SHA256

          38cb7cd67ffccee3f0577a9b6dc7a1e860036d32f527f45aece2fb4bd8e68299

          SHA512

          0bceecc62255acbd460c195f36227b4abceed54c9e06d791aae51ee6f81ec3cad7eac9ab1494f161fd592e6e7018192d2b63c84213adbaced5e75134b064b33a

          Download Submit
        • \??\c:\windows\SysWOW64\maxtrox.txt
          Filesize

          8B

          MD5

          24865ca220aa1936cbac0a57685217c5

          SHA1

          37f687cafe79e91eae6cbdffbf2f7ad3975f5e83

          SHA256

          841e95fa333ed89085bfbab19bb658d96ed0c837d25721411233fa55c860c743

          SHA512

          c8d3f514c72f48fed5de9582c4252cf5466a9d32866d8df3631ba9274ed734bb95139e4909e8116a10947fc1afa1dbeb33809da6ec050e6e4eb83d5241aeb062

          Download Submit
        • \??\c:\windows\SysWOW64\maxtrox.txt
          Filesize

          8B

          MD5

          24865ca220aa1936cbac0a57685217c5

          SHA1

          37f687cafe79e91eae6cbdffbf2f7ad3975f5e83

          SHA256

          841e95fa333ed89085bfbab19bb658d96ed0c837d25721411233fa55c860c743

          SHA512

          c8d3f514c72f48fed5de9582c4252cf5466a9d32866d8df3631ba9274ed734bb95139e4909e8116a10947fc1afa1dbeb33809da6ec050e6e4eb83d5241aeb062

          Download Submit
        • \??\c:\windows\SysWOW64\maxtrox.txt
          Filesize

          8B

          MD5

          24865ca220aa1936cbac0a57685217c5

          SHA1

          37f687cafe79e91eae6cbdffbf2f7ad3975f5e83

          SHA256

          841e95fa333ed89085bfbab19bb658d96ed0c837d25721411233fa55c860c743

          SHA512

          c8d3f514c72f48fed5de9582c4252cf5466a9d32866d8df3631ba9274ed734bb95139e4909e8116a10947fc1afa1dbeb33809da6ec050e6e4eb83d5241aeb062

          Download Submit
        • \??\c:\windows\SysWOW64\maxtrox.txt
          Filesize

          8B

          MD5

          24865ca220aa1936cbac0a57685217c5

          SHA1

          37f687cafe79e91eae6cbdffbf2f7ad3975f5e83

          SHA256

          841e95fa333ed89085bfbab19bb658d96ed0c837d25721411233fa55c860c743

          SHA512

          c8d3f514c72f48fed5de9582c4252cf5466a9d32866d8df3631ba9274ed734bb95139e4909e8116a10947fc1afa1dbeb33809da6ec050e6e4eb83d5241aeb062

          Download Submit
        • \??\c:\windows\SysWOW64\maxtrox.txt
          Filesize

          8B

          MD5

          24865ca220aa1936cbac0a57685217c5

          SHA1

          37f687cafe79e91eae6cbdffbf2f7ad3975f5e83

          SHA256

          841e95fa333ed89085bfbab19bb658d96ed0c837d25721411233fa55c860c743

          SHA512

          c8d3f514c72f48fed5de9582c4252cf5466a9d32866d8df3631ba9274ed734bb95139e4909e8116a10947fc1afa1dbeb33809da6ec050e6e4eb83d5241aeb062

          Download Submit
        • \??\c:\windows\SysWOW64\maxtrox.txt
          Filesize

          8B

          MD5

          24865ca220aa1936cbac0a57685217c5

          SHA1

          37f687cafe79e91eae6cbdffbf2f7ad3975f5e83

          SHA256

          841e95fa333ed89085bfbab19bb658d96ed0c837d25721411233fa55c860c743

          SHA512

          c8d3f514c72f48fed5de9582c4252cf5466a9d32866d8df3631ba9274ed734bb95139e4909e8116a10947fc1afa1dbeb33809da6ec050e6e4eb83d5241aeb062

          Download Submit
        • \??\c:\windows\SysWOW64\maxtrox.txt
          Filesize

          8B

          MD5

          24865ca220aa1936cbac0a57685217c5

          SHA1

          37f687cafe79e91eae6cbdffbf2f7ad3975f5e83

          SHA256

          841e95fa333ed89085bfbab19bb658d96ed0c837d25721411233fa55c860c743

          SHA512

          c8d3f514c72f48fed5de9582c4252cf5466a9d32866d8df3631ba9274ed734bb95139e4909e8116a10947fc1afa1dbeb33809da6ec050e6e4eb83d5241aeb062

          Download Submit
        • \??\c:\windows\SysWOW64\maxtrox.txt
          Filesize

          8B

          MD5

          24865ca220aa1936cbac0a57685217c5

          SHA1

          37f687cafe79e91eae6cbdffbf2f7ad3975f5e83

          SHA256

          841e95fa333ed89085bfbab19bb658d96ed0c837d25721411233fa55c860c743

          SHA512

          c8d3f514c72f48fed5de9582c4252cf5466a9d32866d8df3631ba9274ed734bb95139e4909e8116a10947fc1afa1dbeb33809da6ec050e6e4eb83d5241aeb062

          Download Submit
        • \??\c:\windows\SysWOW64\maxtrox.txt
          Filesize

          8B

          MD5

          24865ca220aa1936cbac0a57685217c5

          SHA1

          37f687cafe79e91eae6cbdffbf2f7ad3975f5e83

          SHA256

          841e95fa333ed89085bfbab19bb658d96ed0c837d25721411233fa55c860c743

          SHA512

          c8d3f514c72f48fed5de9582c4252cf5466a9d32866d8df3631ba9274ed734bb95139e4909e8116a10947fc1afa1dbeb33809da6ec050e6e4eb83d5241aeb062

          Download Submit
        • \??\c:\windows\SysWOW64\maxtrox.txt
          Filesize

          8B

          MD5

          24865ca220aa1936cbac0a57685217c5

          SHA1

          37f687cafe79e91eae6cbdffbf2f7ad3975f5e83

          SHA256

          841e95fa333ed89085bfbab19bb658d96ed0c837d25721411233fa55c860c743

          SHA512

          c8d3f514c72f48fed5de9582c4252cf5466a9d32866d8df3631ba9274ed734bb95139e4909e8116a10947fc1afa1dbeb33809da6ec050e6e4eb83d5241aeb062

          Download Submit
        • \??\c:\windows\SysWOW64\maxtrox.txt
          Filesize

          8B

          MD5

          24865ca220aa1936cbac0a57685217c5

          SHA1

          37f687cafe79e91eae6cbdffbf2f7ad3975f5e83

          SHA256

          841e95fa333ed89085bfbab19bb658d96ed0c837d25721411233fa55c860c743

          SHA512

          c8d3f514c72f48fed5de9582c4252cf5466a9d32866d8df3631ba9274ed734bb95139e4909e8116a10947fc1afa1dbeb33809da6ec050e6e4eb83d5241aeb062

          Download Submit
        • memory/432-377-0x0000000000000000-mapping.dmp
          Download
        • memory/612-173-0x0000000000000000-mapping.dmp
          Download
        • memory/780-344-0x0000000000000000-mapping.dmp
          Download
        • memory/780-357-0x0000000000400000-0x0000000000429000-memory.dmp
          Filesize

          164KB

          Download
        • memory/1028-303-0x0000000000400000-0x0000000000429000-memory.dmp
          Filesize

          164KB

          Download
        • memory/1028-290-0x0000000000000000-mapping.dmp
          Download
        • memory/1204-387-0x0000000000400000-0x0000000000429000-memory.dmp
          Filesize

          164KB

          Download
        • memory/1204-374-0x0000000000000000-mapping.dmp
          Download
        • memory/1412-333-0x0000000000000000-mapping.dmp
          Download
        • memory/1436-316-0x0000000000000000-mapping.dmp
          Download
        • memory/1436-335-0x0000000000400000-0x0000000000429000-memory.dmp
          Filesize

          164KB

          Download
        • memory/1472-253-0x0000000000000000-mapping.dmp
          Download
        • memory/1780-386-0x0000000000000000-mapping.dmp
          Download
        • memory/1912-315-0x0000000000000000-mapping.dmp
          Download
        • memory/1936-229-0x0000000000000000-mapping.dmp
          Download
        • memory/2104-353-0x0000000000000000-mapping.dmp
          Download
        • memory/2104-365-0x0000000000400000-0x0000000000429000-memory.dmp
          Filesize

          164KB

          Download
        • memory/2120-410-0x0000000000000000-mapping.dmp
          Download
        • memory/2124-193-0x0000000000000000-mapping.dmp
          Download
        • memory/2164-217-0x0000000000000000-mapping.dmp
          Download
        • memory/2184-235-0x0000000000000000-mapping.dmp
          Download
        • memory/2184-240-0x0000000000400000-0x0000000000429000-memory.dmp
          Filesize

          164KB

          Download
        • memory/2188-223-0x0000000000000000-mapping.dmp
          Download
        • memory/2188-437-0x0000000000400000-0x0000000000429000-memory.dmp
          Filesize

          164KB

          Download
        • memory/2188-277-0x0000000000400000-0x0000000000429000-memory.dmp
          Filesize

          164KB

          Download
        • memory/2200-308-0x0000000000000000-mapping.dmp
          Download
        • memory/2480-367-0x0000000000000000-mapping.dmp
          Download
        • memory/2516-384-0x0000000000000000-mapping.dmp
          Download
        • memory/2576-140-0x0000000000000000-mapping.dmp
          Download
        • memory/2592-348-0x0000000000000000-mapping.dmp
          Download
        • memory/2592-363-0x0000000000400000-0x0000000000429000-memory.dmp
          Filesize

          164KB

          Download
        • memory/2596-159-0x0000000000000000-mapping.dmp
          Download
        • memory/2664-423-0x0000000000400000-0x0000000000429000-memory.dmp
          Filesize

          164KB

          Download
        • memory/2740-241-0x0000000000000000-mapping.dmp
          Download
        • memory/2748-279-0x0000000000000000-mapping.dmp
          Download
        • memory/2808-331-0x0000000000000000-mapping.dmp
          Download
        • memory/2904-361-0x0000000000000000-mapping.dmp
          Download
        • memory/2980-399-0x0000000000000000-mapping.dmp
          Download
        • memory/3012-180-0x0000000000000000-mapping.dmp
          Download
        • memory/3128-281-0x0000000000000000-mapping.dmp
          Download
        • memory/3188-413-0x0000000000400000-0x0000000000429000-memory.dmp
          Filesize

          164KB

          Download
        • memory/3188-405-0x0000000000000000-mapping.dmp
          Download
        • memory/3248-342-0x0000000000000000-mapping.dmp
          Download
        • memory/3372-327-0x0000000000000000-mapping.dmp
          Download
        • memory/3372-341-0x0000000000400000-0x0000000000429000-memory.dmp
          Filesize

          164KB

          Download
        • memory/3424-362-0x0000000000400000-0x0000000000429000-memory.dmp
          Filesize

          164KB

          Download
        • memory/3424-346-0x0000000000000000-mapping.dmp
          Download
        • memory/3460-285-0x0000000000400000-0x0000000000429000-memory.dmp
          Filesize

          164KB

          Download
        • memory/3460-271-0x0000000000000000-mapping.dmp
          Download
        • memory/3460-274-0x0000000000400000-0x0000000000429000-memory.dmp
          Filesize

          164KB

          Download
        • memory/3468-364-0x0000000000000000-mapping.dmp
          Download
        • memory/3480-280-0x0000000000000000-mapping.dmp
          Download
        • memory/3540-397-0x0000000000400000-0x0000000000429000-memory.dmp
          Filesize

          164KB

          Download
        • memory/3540-391-0x0000000000000000-mapping.dmp
          Download
        • memory/3608-205-0x0000000000000000-mapping.dmp
          Download
        • memory/3684-358-0x0000000000000000-mapping.dmp
          Download
        • memory/3820-199-0x0000000000000000-mapping.dmp
          Download
        • memory/3820-204-0x0000000000400000-0x0000000000429000-memory.dmp
          Filesize

          164KB

          Download
        • memory/3840-418-0x0000000000400000-0x0000000000429000-memory.dmp
          Filesize

          164KB

          Download
        • memory/3840-168-0x0000000000400000-0x0000000000429000-memory.dmp
          Filesize

          164KB

          Download
        • memory/3840-148-0x0000000000000000-mapping.dmp
          Download
        • memory/4004-383-0x0000000000000000-mapping.dmp
          Download
        • memory/4016-406-0x0000000000000000-mapping.dmp
          Download
        • memory/4016-416-0x0000000000400000-0x0000000000429000-memory.dmp
          Filesize

          164KB

          Download
        • memory/4208-276-0x0000000000000000-mapping.dmp
          Download
        • memory/4212-400-0x0000000000000000-mapping.dmp
          Download
        • memory/4228-259-0x0000000000000000-mapping.dmp
          Download
        • memory/4228-286-0x0000000000400000-0x0000000000429000-memory.dmp
          Filesize

          164KB

          Download
        • memory/4228-264-0x0000000000400000-0x0000000000429000-memory.dmp
          Filesize

          164KB

          Download
        • memory/4232-432-0x0000000000400000-0x0000000000429000-memory.dmp
          Filesize

          164KB

          Download
        • memory/4232-305-0x0000000000400000-0x0000000000429000-memory.dmp
          Filesize

          164KB

          Download
        • memory/4232-293-0x0000000000000000-mapping.dmp
          Download
        • memory/4384-275-0x0000000000400000-0x0000000000429000-memory.dmp
          Filesize

          164KB

          Download
        • memory/4384-186-0x0000000000000000-mapping.dmp
          Download
        • memory/4384-190-0x0000000000400000-0x0000000000429000-memory.dmp
          Filesize

          164KB

          Download
        • memory/4384-438-0x0000000000400000-0x0000000000429000-memory.dmp
          Filesize

          164KB

          Download
        • memory/4396-165-0x0000000000000000-mapping.dmp
          Download
        • memory/4396-172-0x0000000000400000-0x0000000000429000-memory.dmp
          Filesize

          164KB

          Download
        • memory/4396-169-0x0000000000400000-0x0000000000429000-memory.dmp
          Filesize

          164KB

          Download
        • memory/4400-307-0x0000000000000000-mapping.dmp
          Download
        • memory/4408-334-0x0000000000000000-mapping.dmp
          Download
        • memory/4436-412-0x0000000000000000-mapping.dmp
          Download
        • memory/4448-330-0x0000000000400000-0x0000000000429000-memory.dmp
          Filesize

          164KB

          Download
        • memory/4448-317-0x0000000000000000-mapping.dmp
          Download
        • memory/4468-134-0x0000000000000000-mapping.dmp
          Download
        • memory/4468-415-0x0000000000400000-0x0000000000429000-memory.dmp
          Filesize

          164KB

          Download
        • memory/4468-139-0x0000000000400000-0x0000000000429000-memory.dmp
          Filesize

          164KB

          Download
        • memory/4492-306-0x0000000000400000-0x0000000000429000-memory.dmp
          Filesize

          164KB

          Download
        • memory/4492-294-0x0000000000000000-mapping.dmp
          Download
        • memory/4576-211-0x0000000000000000-mapping.dmp
          Download
        • memory/4576-216-0x0000000000400000-0x0000000000429000-memory.dmp
          Filesize

          164KB

          Download
        • memory/4592-398-0x0000000000400000-0x0000000000429000-memory.dmp
          Filesize

          164KB

          Download
        • memory/4592-392-0x0000000000000000-mapping.dmp
          Download
        • memory/4744-324-0x0000000000400000-0x0000000000429000-memory.dmp
          Filesize

          164KB

          Download
        • memory/4744-426-0x0000000000400000-0x0000000000429000-memory.dmp
          Filesize

          164KB

          Download
        • memory/4744-292-0x0000000000000000-mapping.dmp
          Download
        • memory/4856-373-0x0000000000000000-mapping.dmp
          Download
        • memory/4856-382-0x0000000000400000-0x0000000000429000-memory.dmp
          Filesize

          164KB

          Download
        • memory/4888-328-0x0000000000400000-0x0000000000429000-memory.dmp
          Filesize

          164KB

          Download
        • memory/4888-318-0x0000000000000000-mapping.dmp
          Download
        • memory/4888-431-0x0000000000400000-0x0000000000429000-memory.dmp
          Filesize

          164KB

          Download
        • memory/4996-304-0x0000000000000000-mapping.dmp
          Download
        • memory/5008-265-0x0000000000000000-mapping.dmp
          Download
        • memory/5036-252-0x0000000000400000-0x0000000000429000-memory.dmp
          Filesize

          164KB

          Download
        • memory/5036-247-0x0000000000000000-mapping.dmp
          Download