46f2f0b0b216d340ed2717867a547dbaa413a26f6694fbe59e4d466d40cc9914

Analysis

max time kernel
113s
max time network
177s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
24-11-2022 00:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

46f2f0b0b216d340ed2717867a547dbaa413a26f6694fbe59e4d466d40cc9914.exe
Size

75KB
MD5

04a7496a1c6c4e670544be51e14df330
SHA1

0ba794a014e281397b1c23c25b0aea98437492e3
SHA256

46f2f0b0b216d340ed2717867a547dbaa413a26f6694fbe59e4d466d40cc9914
SHA512

e5cea6e2742632bee1a6dd03008cf9adc0956035e057073287b441c54b91242c7a54853fb4ef1c4954183b740e518bd0c224f7617bf8089a803c90b21c5b9c64
SSDEEP

1536:bPZ9vnrM5/wwPOPr6UHuwMF7rePnVqHGGHNYppoMvM:LZ9vo5Iw9UOwkefV0HhuM

Score

8^/10

persistence

Malware Config

Signatures

Sets DLL path for service in the registry 2 TTPs 14 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

46f2f0b0b216d340ed2717867a547dbaa413a26f6694fbe59e4d466d40cc9914.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\PCAudit\Parameters\ServiceDll = "C:\\Windows\\system32\\PCAudit.dll"	46f2f0b0b216d340ed2717867a547dbaa413a26f6694fbe59e4d466d40cc9914.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\helpsvc\Parameters\ServiceDll = "C:\\Windows\\system32\\helpsvc.dll"	46f2f0b0b216d340ed2717867a547dbaa413a26f6694fbe59e4d466d40cc9914.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\uploadmgr\Parameters\ServiceDll = "C:\\Windows\\system32\\uploadmgr.dll"	46f2f0b0b216d340ed2717867a547dbaa413a26f6694fbe59e4d466d40cc9914.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Irmon\Parameters\ServiceDll = "C:\\Windows\\system32\\Irmon.dll"	46f2f0b0b216d340ed2717867a547dbaa413a26f6694fbe59e4d466d40cc9914.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Nwsapagent\Parameters\ServiceDll = "C:\\Windows\\system32\\Nwsapagent.dll"	46f2f0b0b216d340ed2717867a547dbaa413a26f6694fbe59e4d466d40cc9914.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\LogonHours\Parameters\ServiceDll = "C:\\Windows\\system32\\LogonHours.dll"	46f2f0b0b216d340ed2717867a547dbaa413a26f6694fbe59e4d466d40cc9914.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WmdmPmSp\Parameters\ServiceDll = "C:\\Windows\\system32\\WmdmPmSp.dll"	46f2f0b0b216d340ed2717867a547dbaa413a26f6694fbe59e4d466d40cc9914.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\FastUserSwitchingCompatibility\Parameters\ServiceDll = "C:\\Windows\\system32\\FastUserSwitchingCompatibility.dll"	46f2f0b0b216d340ed2717867a547dbaa413a26f6694fbe59e4d466d40cc9914.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SRService\Parameters\ServiceDll = "C:\\Windows\\system32\\SRService.dll"	46f2f0b0b216d340ed2717867a547dbaa413a26f6694fbe59e4d466d40cc9914.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Wmi\Parameters\ServiceDll = "C:\\Windows\\system32\\Wmi.dll"	46f2f0b0b216d340ed2717867a547dbaa413a26f6694fbe59e4d466d40cc9914.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\NWCWorkstation\Parameters\ServiceDll = "C:\\Windows\\system32\\NWCWorkstation.dll"	46f2f0b0b216d340ed2717867a547dbaa413a26f6694fbe59e4d466d40cc9914.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Ias\Parameters\ServiceDll = "C:\\Windows\\system32\\Ias.dll"	46f2f0b0b216d340ed2717867a547dbaa413a26f6694fbe59e4d466d40cc9914.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Nla\Parameters\ServiceDll = "C:\\Windows\\system32\\Nla.dll"	46f2f0b0b216d340ed2717867a547dbaa413a26f6694fbe59e4d466d40cc9914.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Ntmssvc\Parameters\ServiceDll = "C:\\Windows\\system32\\Ntmssvc.dll"	46f2f0b0b216d340ed2717867a547dbaa413a26f6694fbe59e4d466d40cc9914.exe

Loads dropped DLL 36 IoCs

Processes:

svchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exe

pid	process
2568	svchost.exe
1516	svchost.exe
2220	svchost.exe
2568	svchost.exe
4056	svchost.exe
2220	svchost.exe
2220	svchost.exe
976	svchost.exe
3860	svchost.exe
3860	svchost.exe
3860	svchost.exe
2008	svchost.exe
2008	svchost.exe
2008	svchost.exe
2568	svchost.exe
3316	svchost.exe
3316	svchost.exe
3316	svchost.exe
1516	svchost.exe
4056	svchost.exe
976	svchost.exe
4056	svchost.exe
976	svchost.exe
1516	svchost.exe
2428	svchost.exe
2428	svchost.exe
2428	svchost.exe
1448	svchost.exe
1448	svchost.exe
1448	svchost.exe
4048	svchost.exe
4048	svchost.exe
4048	svchost.exe
3428	svchost.exe
3428	svchost.exe
3428	svchost.exe

Drops file in System32 directory 14 IoCs

Processes:

46f2f0b0b216d340ed2717867a547dbaa413a26f6694fbe59e4d466d40cc9914.exe

description	ioc	process
File opened for modification	C:\Windows\SysWOW64\SRService.dll	46f2f0b0b216d340ed2717867a547dbaa413a26f6694fbe59e4d466d40cc9914.exe
File opened for modification	C:\Windows\SysWOW64\PCAudit.dll	46f2f0b0b216d340ed2717867a547dbaa413a26f6694fbe59e4d466d40cc9914.exe
File opened for modification	C:\Windows\SysWOW64\Nla.dll	46f2f0b0b216d340ed2717867a547dbaa413a26f6694fbe59e4d466d40cc9914.exe
File opened for modification	C:\Windows\SysWOW64\Wmi.dll	46f2f0b0b216d340ed2717867a547dbaa413a26f6694fbe59e4d466d40cc9914.exe
File opened for modification	C:\Windows\SysWOW64\NWCWorkstation.dll	46f2f0b0b216d340ed2717867a547dbaa413a26f6694fbe59e4d466d40cc9914.exe
File opened for modification	C:\Windows\SysWOW64\FastUserSwitchingCompatibility.dll	46f2f0b0b216d340ed2717867a547dbaa413a26f6694fbe59e4d466d40cc9914.exe
File opened for modification	C:\Windows\SysWOW64\Ias.dll	46f2f0b0b216d340ed2717867a547dbaa413a26f6694fbe59e4d466d40cc9914.exe
File opened for modification	C:\Windows\SysWOW64\Irmon.dll	46f2f0b0b216d340ed2717867a547dbaa413a26f6694fbe59e4d466d40cc9914.exe
File opened for modification	C:\Windows\SysWOW64\LogonHours.dll	46f2f0b0b216d340ed2717867a547dbaa413a26f6694fbe59e4d466d40cc9914.exe
File opened for modification	C:\Windows\SysWOW64\helpsvc.dll	46f2f0b0b216d340ed2717867a547dbaa413a26f6694fbe59e4d466d40cc9914.exe
File opened for modification	C:\Windows\SysWOW64\uploadmgr.dll	46f2f0b0b216d340ed2717867a547dbaa413a26f6694fbe59e4d466d40cc9914.exe
File opened for modification	C:\Windows\SysWOW64\Ntmssvc.dll	46f2f0b0b216d340ed2717867a547dbaa413a26f6694fbe59e4d466d40cc9914.exe
File opened for modification	C:\Windows\SysWOW64\Nwsapagent.dll	46f2f0b0b216d340ed2717867a547dbaa413a26f6694fbe59e4d466d40cc9914.exe
File opened for modification	C:\Windows\SysWOW64\WmdmPmSp.dll	46f2f0b0b216d340ed2717867a547dbaa413a26f6694fbe59e4d466d40cc9914.exe

Program crash 24 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
4520	1516	WerFault.exe	svchost.exe
4440	2568	WerFault.exe	svchost.exe
4384	2568	WerFault.exe	svchost.exe
5080	4056	WerFault.exe	svchost.exe
4488	976	WerFault.exe	svchost.exe
3648	2568	WerFault.exe	svchost.exe
1568	4056	WerFault.exe	svchost.exe
4420	976	WerFault.exe	svchost.exe
1464	1516	WerFault.exe	svchost.exe
4664	4056	WerFault.exe	svchost.exe
4316	976	WerFault.exe	svchost.exe
1572	1516	WerFault.exe	svchost.exe
2932	2428	WerFault.exe	svchost.exe
3384	2428	WerFault.exe	svchost.exe
4228	2428	WerFault.exe	svchost.exe
3880	1448	WerFault.exe	svchost.exe
3472	1448	WerFault.exe	svchost.exe
5104	1448	WerFault.exe	svchost.exe
5108	4048	WerFault.exe	svchost.exe
4900	4048	WerFault.exe	svchost.exe
4940	4048	WerFault.exe	svchost.exe
3588	3428	WerFault.exe	svchost.exe
320	3428	WerFault.exe	svchost.exe
1916	3428	WerFault.exe	svchost.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

46f2f0b0b216d340ed2717867a547dbaa413a26f6694fbe59e4d466d40cc9914.exe

pid	process
3068	46f2f0b0b216d340ed2717867a547dbaa413a26f6694fbe59e4d466d40cc9914.exe
3068	46f2f0b0b216d340ed2717867a547dbaa413a26f6694fbe59e4d466d40cc9914.exe

C:\Users\Admin\AppData\Local\Temp\46f2f0b0b216d340ed2717867a547dbaa413a26f6694fbe59e4d466d40cc9914.exe
"C:\Users\Admin\AppData\Local\Temp\46f2f0b0b216d340ed2717867a547dbaa413a26f6694fbe59e4d466d40cc9914.exe"
1⤵
- Sets DLL path for service in the registry
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
PID:3068

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs -s FastUserSwitchingCompatibility
1⤵
- Loads dropped DLL
PID:2568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2568 -s 616
2⤵
- Program crash
PID:4440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2568 -s 608
2⤵
- Program crash
PID:4384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2568 -s 608
2⤵
- Program crash
PID:3648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 176 -p 2568 -ip 2568
1⤵
PID:4868

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs -s Irmon
1⤵
- Loads dropped DLL
PID:1516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 616
2⤵
- Program crash
PID:4520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 624
2⤵
- Program crash
PID:1464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 644
2⤵
- Program crash
PID:1572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 1516 -ip 1516
1⤵
PID:3476

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs -s Nla
1⤵
- Loads dropped DLL
PID:2220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 2220 -ip 2220
1⤵
PID:1916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 500 -p 2568 -ip 2568
1⤵
PID:320

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs -s Ntmssvc
1⤵
- Loads dropped DLL
PID:4056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4056 -s 608
2⤵
- Program crash
PID:5080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4056 -s 616
2⤵
- Program crash
PID:1568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4056 -s 644
2⤵
- Program crash
PID:4664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 4056 -ip 4056
1⤵
PID:4264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 2220 -ip 2220
1⤵
PID:3796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 2220 -ip 2220
1⤵
PID:608

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs -s NWCWorkstation
1⤵
- Loads dropped DLL
PID:976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 976 -s 616
2⤵
- Program crash
PID:4488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 976 -s 624
2⤵
- Program crash
PID:4420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 976 -s 644
2⤵
- Program crash
PID:4316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 976 -ip 976
1⤵
PID:1440

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs -s Nwsapagent
1⤵
- Loads dropped DLL
PID:3860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 3860 -ip 3860
1⤵
PID:4400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 3860 -ip 3860
1⤵
PID:1188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 3860 -ip 3860
1⤵
PID:1648

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs -s SRService
1⤵
- Loads dropped DLL
PID:2008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 2008 -ip 2008
1⤵
PID:3804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 2008 -ip 2008
1⤵
PID:1724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 2008 -ip 2008
1⤵
PID:2400

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs -s WmdmPmSp
1⤵
- Loads dropped DLL
PID:3316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 2568 -ip 2568
1⤵
PID:2028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 3316 -ip 3316
1⤵
PID:3708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 3316 -ip 3316
1⤵
PID:4004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 3316 -ip 3316
1⤵
PID:4268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 976 -ip 976
1⤵
PID:2360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 4056 -ip 4056
1⤵
PID:2760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 1516 -ip 1516
1⤵
PID:2468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 4056 -ip 4056
1⤵
PID:1396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 976 -ip 976
1⤵
PID:4748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 1516 -ip 1516
1⤵
PID:4448

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs -s LogonHours
1⤵
- Loads dropped DLL
PID:2428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2428 -s 608
2⤵
- Program crash
PID:2932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2428 -s 616
2⤵
- Program crash
PID:3384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2428 -s 628
2⤵
- Program crash
PID:4228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 2428 -ip 2428
1⤵
PID:2472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 2428 -ip 2428
1⤵
PID:3856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 2428 -ip 2428
1⤵
PID:1540

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs -s PCAudit
1⤵
- Loads dropped DLL
PID:1448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1448 -s 608
2⤵
- Program crash
PID:3880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1448 -s 616
2⤵
- Program crash
PID:3472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1448 -s 644
2⤵
- Program crash
PID:5104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 1448 -ip 1448
1⤵
PID:2524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 1448 -ip 1448
1⤵
PID:4076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 1448 -ip 1448
1⤵
PID:3160

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs -s helpsvc
1⤵
- Loads dropped DLL
PID:4048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4048 -s 616
2⤵
- Program crash
PID:5108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4048 -s 624
2⤵
- Program crash
PID:4900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4048 -s 644
2⤵
- Program crash
PID:4940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 4048 -ip 4048
1⤵
PID:2864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 4048 -ip 4048
1⤵
PID:4104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 4048 -ip 4048
1⤵
PID:3344

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs -s uploadmgr
1⤵
- Loads dropped DLL
PID:3428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3428 -s 608
2⤵
- Program crash
PID:3588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3428 -s 616
2⤵
- Program crash
PID:320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3428 -s 644
2⤵
- Program crash
PID:1916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 784 -p 3428 -ip 3428
1⤵
PID:3760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 3428 -ip 3428
1⤵
PID:112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 816 -p 3428 -ip 3428
1⤵
PID:5064

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\FastUserSwitchingCompatibility.dll

Filesize
75KB

MD5
13ba405f702fe457bfecf39fdfa627a0

SHA1
4e762c05ca67cc5ef0f1827a6460453e6cd143bd

SHA256
9288775907c70d9d49f0bb3cc29f3699f008eb2f1f9241c446ba11513e1be191

SHA512
247e983ef57d06dd4fd8f3ba781a3896fefc0ff929af73b43771d898efa2ba91d1e3b78f267c5d2d00ee9e6d38de6e06af1fb0dd0802644e129978cd08096063

Download Submit
C:\Windows\SysWOW64\FastUserSwitchingCompatibility.dll

Filesize
75KB

MD5
13ba405f702fe457bfecf39fdfa627a0

SHA1
4e762c05ca67cc5ef0f1827a6460453e6cd143bd

SHA256
9288775907c70d9d49f0bb3cc29f3699f008eb2f1f9241c446ba11513e1be191

SHA512
247e983ef57d06dd4fd8f3ba781a3896fefc0ff929af73b43771d898efa2ba91d1e3b78f267c5d2d00ee9e6d38de6e06af1fb0dd0802644e129978cd08096063

Download Submit
C:\Windows\SysWOW64\FastUserSwitchingCompatibility.dll

Filesize
75KB

MD5
13ba405f702fe457bfecf39fdfa627a0

SHA1
4e762c05ca67cc5ef0f1827a6460453e6cd143bd

SHA256
9288775907c70d9d49f0bb3cc29f3699f008eb2f1f9241c446ba11513e1be191

SHA512
247e983ef57d06dd4fd8f3ba781a3896fefc0ff929af73b43771d898efa2ba91d1e3b78f267c5d2d00ee9e6d38de6e06af1fb0dd0802644e129978cd08096063

Download Submit
C:\Windows\SysWOW64\Irmon.dll

Filesize
75KB

MD5
13ba405f702fe457bfecf39fdfa627a0

SHA1
4e762c05ca67cc5ef0f1827a6460453e6cd143bd

SHA256
9288775907c70d9d49f0bb3cc29f3699f008eb2f1f9241c446ba11513e1be191

SHA512
247e983ef57d06dd4fd8f3ba781a3896fefc0ff929af73b43771d898efa2ba91d1e3b78f267c5d2d00ee9e6d38de6e06af1fb0dd0802644e129978cd08096063

Download Submit
C:\Windows\SysWOW64\Irmon.dll

Filesize
75KB

MD5
13ba405f702fe457bfecf39fdfa627a0

SHA1
4e762c05ca67cc5ef0f1827a6460453e6cd143bd

SHA256
9288775907c70d9d49f0bb3cc29f3699f008eb2f1f9241c446ba11513e1be191

SHA512
247e983ef57d06dd4fd8f3ba781a3896fefc0ff929af73b43771d898efa2ba91d1e3b78f267c5d2d00ee9e6d38de6e06af1fb0dd0802644e129978cd08096063

Download Submit
C:\Windows\SysWOW64\Irmon.dll

Filesize
75KB

MD5
13ba405f702fe457bfecf39fdfa627a0

SHA1
4e762c05ca67cc5ef0f1827a6460453e6cd143bd

SHA256
9288775907c70d9d49f0bb3cc29f3699f008eb2f1f9241c446ba11513e1be191

SHA512
247e983ef57d06dd4fd8f3ba781a3896fefc0ff929af73b43771d898efa2ba91d1e3b78f267c5d2d00ee9e6d38de6e06af1fb0dd0802644e129978cd08096063

Download Submit
C:\Windows\SysWOW64\LogonHours.dll

Filesize
75KB

MD5
13ba405f702fe457bfecf39fdfa627a0

SHA1
4e762c05ca67cc5ef0f1827a6460453e6cd143bd

SHA256
9288775907c70d9d49f0bb3cc29f3699f008eb2f1f9241c446ba11513e1be191

SHA512
247e983ef57d06dd4fd8f3ba781a3896fefc0ff929af73b43771d898efa2ba91d1e3b78f267c5d2d00ee9e6d38de6e06af1fb0dd0802644e129978cd08096063

Download Submit
C:\Windows\SysWOW64\LogonHours.dll

Filesize
75KB

MD5
13ba405f702fe457bfecf39fdfa627a0

SHA1
4e762c05ca67cc5ef0f1827a6460453e6cd143bd

SHA256
9288775907c70d9d49f0bb3cc29f3699f008eb2f1f9241c446ba11513e1be191

SHA512
247e983ef57d06dd4fd8f3ba781a3896fefc0ff929af73b43771d898efa2ba91d1e3b78f267c5d2d00ee9e6d38de6e06af1fb0dd0802644e129978cd08096063

Download Submit
C:\Windows\SysWOW64\LogonHours.dll

Filesize
75KB

MD5
13ba405f702fe457bfecf39fdfa627a0

SHA1
4e762c05ca67cc5ef0f1827a6460453e6cd143bd

SHA256
9288775907c70d9d49f0bb3cc29f3699f008eb2f1f9241c446ba11513e1be191

SHA512
247e983ef57d06dd4fd8f3ba781a3896fefc0ff929af73b43771d898efa2ba91d1e3b78f267c5d2d00ee9e6d38de6e06af1fb0dd0802644e129978cd08096063

Download Submit
C:\Windows\SysWOW64\NWCWorkstation.dll

Filesize
75KB

MD5
13ba405f702fe457bfecf39fdfa627a0

SHA1
4e762c05ca67cc5ef0f1827a6460453e6cd143bd

SHA256
9288775907c70d9d49f0bb3cc29f3699f008eb2f1f9241c446ba11513e1be191

SHA512
247e983ef57d06dd4fd8f3ba781a3896fefc0ff929af73b43771d898efa2ba91d1e3b78f267c5d2d00ee9e6d38de6e06af1fb0dd0802644e129978cd08096063

Download Submit
C:\Windows\SysWOW64\NWCWorkstation.dll

Filesize
75KB

MD5
13ba405f702fe457bfecf39fdfa627a0

SHA1
4e762c05ca67cc5ef0f1827a6460453e6cd143bd

SHA256
9288775907c70d9d49f0bb3cc29f3699f008eb2f1f9241c446ba11513e1be191

SHA512
247e983ef57d06dd4fd8f3ba781a3896fefc0ff929af73b43771d898efa2ba91d1e3b78f267c5d2d00ee9e6d38de6e06af1fb0dd0802644e129978cd08096063

Download Submit
C:\Windows\SysWOW64\NWCWorkstation.dll

Filesize
75KB

MD5
13ba405f702fe457bfecf39fdfa627a0

SHA1
4e762c05ca67cc5ef0f1827a6460453e6cd143bd

SHA256
9288775907c70d9d49f0bb3cc29f3699f008eb2f1f9241c446ba11513e1be191

SHA512
247e983ef57d06dd4fd8f3ba781a3896fefc0ff929af73b43771d898efa2ba91d1e3b78f267c5d2d00ee9e6d38de6e06af1fb0dd0802644e129978cd08096063

Download Submit
C:\Windows\SysWOW64\Nla.dll

Filesize
75KB

MD5
13ba405f702fe457bfecf39fdfa627a0

SHA1
4e762c05ca67cc5ef0f1827a6460453e6cd143bd

SHA256
9288775907c70d9d49f0bb3cc29f3699f008eb2f1f9241c446ba11513e1be191

SHA512
247e983ef57d06dd4fd8f3ba781a3896fefc0ff929af73b43771d898efa2ba91d1e3b78f267c5d2d00ee9e6d38de6e06af1fb0dd0802644e129978cd08096063

Download Submit
C:\Windows\SysWOW64\Nla.dll

Filesize
75KB

MD5
13ba405f702fe457bfecf39fdfa627a0

SHA1
4e762c05ca67cc5ef0f1827a6460453e6cd143bd

SHA256
9288775907c70d9d49f0bb3cc29f3699f008eb2f1f9241c446ba11513e1be191

SHA512
247e983ef57d06dd4fd8f3ba781a3896fefc0ff929af73b43771d898efa2ba91d1e3b78f267c5d2d00ee9e6d38de6e06af1fb0dd0802644e129978cd08096063

Download Submit
C:\Windows\SysWOW64\Nla.dll

Filesize
75KB

MD5
13ba405f702fe457bfecf39fdfa627a0

SHA1
4e762c05ca67cc5ef0f1827a6460453e6cd143bd

SHA256
9288775907c70d9d49f0bb3cc29f3699f008eb2f1f9241c446ba11513e1be191

SHA512
247e983ef57d06dd4fd8f3ba781a3896fefc0ff929af73b43771d898efa2ba91d1e3b78f267c5d2d00ee9e6d38de6e06af1fb0dd0802644e129978cd08096063

Download Submit
C:\Windows\SysWOW64\Ntmssvc.dll

Filesize
75KB

MD5
13ba405f702fe457bfecf39fdfa627a0

SHA1
4e762c05ca67cc5ef0f1827a6460453e6cd143bd

SHA256
9288775907c70d9d49f0bb3cc29f3699f008eb2f1f9241c446ba11513e1be191

SHA512
247e983ef57d06dd4fd8f3ba781a3896fefc0ff929af73b43771d898efa2ba91d1e3b78f267c5d2d00ee9e6d38de6e06af1fb0dd0802644e129978cd08096063

Download Submit
C:\Windows\SysWOW64\Ntmssvc.dll

Filesize
75KB

MD5
13ba405f702fe457bfecf39fdfa627a0

SHA1
4e762c05ca67cc5ef0f1827a6460453e6cd143bd

SHA256
9288775907c70d9d49f0bb3cc29f3699f008eb2f1f9241c446ba11513e1be191

SHA512
247e983ef57d06dd4fd8f3ba781a3896fefc0ff929af73b43771d898efa2ba91d1e3b78f267c5d2d00ee9e6d38de6e06af1fb0dd0802644e129978cd08096063

Download Submit
C:\Windows\SysWOW64\Ntmssvc.dll

Filesize
75KB

MD5
13ba405f702fe457bfecf39fdfa627a0

SHA1
4e762c05ca67cc5ef0f1827a6460453e6cd143bd

SHA256
9288775907c70d9d49f0bb3cc29f3699f008eb2f1f9241c446ba11513e1be191

SHA512
247e983ef57d06dd4fd8f3ba781a3896fefc0ff929af73b43771d898efa2ba91d1e3b78f267c5d2d00ee9e6d38de6e06af1fb0dd0802644e129978cd08096063

Download Submit
C:\Windows\SysWOW64\Nwsapagent.dll

Filesize
75KB

MD5
13ba405f702fe457bfecf39fdfa627a0

SHA1
4e762c05ca67cc5ef0f1827a6460453e6cd143bd

SHA256
9288775907c70d9d49f0bb3cc29f3699f008eb2f1f9241c446ba11513e1be191

SHA512
247e983ef57d06dd4fd8f3ba781a3896fefc0ff929af73b43771d898efa2ba91d1e3b78f267c5d2d00ee9e6d38de6e06af1fb0dd0802644e129978cd08096063

Download Submit
C:\Windows\SysWOW64\Nwsapagent.dll

Filesize
75KB

MD5
13ba405f702fe457bfecf39fdfa627a0

SHA1
4e762c05ca67cc5ef0f1827a6460453e6cd143bd

SHA256
9288775907c70d9d49f0bb3cc29f3699f008eb2f1f9241c446ba11513e1be191

SHA512
247e983ef57d06dd4fd8f3ba781a3896fefc0ff929af73b43771d898efa2ba91d1e3b78f267c5d2d00ee9e6d38de6e06af1fb0dd0802644e129978cd08096063

Download Submit
C:\Windows\SysWOW64\Nwsapagent.dll

Filesize
75KB

MD5
13ba405f702fe457bfecf39fdfa627a0

SHA1
4e762c05ca67cc5ef0f1827a6460453e6cd143bd

SHA256
9288775907c70d9d49f0bb3cc29f3699f008eb2f1f9241c446ba11513e1be191

SHA512
247e983ef57d06dd4fd8f3ba781a3896fefc0ff929af73b43771d898efa2ba91d1e3b78f267c5d2d00ee9e6d38de6e06af1fb0dd0802644e129978cd08096063

Download Submit
C:\Windows\SysWOW64\PCAudit.dll

Filesize
75KB

MD5
13ba405f702fe457bfecf39fdfa627a0

SHA1
4e762c05ca67cc5ef0f1827a6460453e6cd143bd

SHA256
9288775907c70d9d49f0bb3cc29f3699f008eb2f1f9241c446ba11513e1be191

SHA512
247e983ef57d06dd4fd8f3ba781a3896fefc0ff929af73b43771d898efa2ba91d1e3b78f267c5d2d00ee9e6d38de6e06af1fb0dd0802644e129978cd08096063

Download Submit
C:\Windows\SysWOW64\PCAudit.dll

Filesize
75KB

MD5
13ba405f702fe457bfecf39fdfa627a0

SHA1
4e762c05ca67cc5ef0f1827a6460453e6cd143bd

SHA256
9288775907c70d9d49f0bb3cc29f3699f008eb2f1f9241c446ba11513e1be191

SHA512
247e983ef57d06dd4fd8f3ba781a3896fefc0ff929af73b43771d898efa2ba91d1e3b78f267c5d2d00ee9e6d38de6e06af1fb0dd0802644e129978cd08096063

Download Submit
C:\Windows\SysWOW64\PCAudit.dll

Filesize
75KB

MD5
13ba405f702fe457bfecf39fdfa627a0

SHA1
4e762c05ca67cc5ef0f1827a6460453e6cd143bd

SHA256
9288775907c70d9d49f0bb3cc29f3699f008eb2f1f9241c446ba11513e1be191

SHA512
247e983ef57d06dd4fd8f3ba781a3896fefc0ff929af73b43771d898efa2ba91d1e3b78f267c5d2d00ee9e6d38de6e06af1fb0dd0802644e129978cd08096063

Download Submit
C:\Windows\SysWOW64\SRService.dll

Filesize
75KB

MD5
13ba405f702fe457bfecf39fdfa627a0

SHA1
4e762c05ca67cc5ef0f1827a6460453e6cd143bd

SHA256
9288775907c70d9d49f0bb3cc29f3699f008eb2f1f9241c446ba11513e1be191

SHA512
247e983ef57d06dd4fd8f3ba781a3896fefc0ff929af73b43771d898efa2ba91d1e3b78f267c5d2d00ee9e6d38de6e06af1fb0dd0802644e129978cd08096063

Download Submit
C:\Windows\SysWOW64\SRService.dll

Filesize
75KB

MD5
13ba405f702fe457bfecf39fdfa627a0

SHA1
4e762c05ca67cc5ef0f1827a6460453e6cd143bd

SHA256
9288775907c70d9d49f0bb3cc29f3699f008eb2f1f9241c446ba11513e1be191

SHA512
247e983ef57d06dd4fd8f3ba781a3896fefc0ff929af73b43771d898efa2ba91d1e3b78f267c5d2d00ee9e6d38de6e06af1fb0dd0802644e129978cd08096063

Download Submit
C:\Windows\SysWOW64\SRService.dll

Filesize
75KB

MD5
13ba405f702fe457bfecf39fdfa627a0

SHA1
4e762c05ca67cc5ef0f1827a6460453e6cd143bd

SHA256
9288775907c70d9d49f0bb3cc29f3699f008eb2f1f9241c446ba11513e1be191

SHA512
247e983ef57d06dd4fd8f3ba781a3896fefc0ff929af73b43771d898efa2ba91d1e3b78f267c5d2d00ee9e6d38de6e06af1fb0dd0802644e129978cd08096063

Download Submit
C:\Windows\SysWOW64\WmdmPmSp.dll

Filesize
75KB

MD5
13ba405f702fe457bfecf39fdfa627a0

SHA1
4e762c05ca67cc5ef0f1827a6460453e6cd143bd

SHA256
9288775907c70d9d49f0bb3cc29f3699f008eb2f1f9241c446ba11513e1be191

SHA512
247e983ef57d06dd4fd8f3ba781a3896fefc0ff929af73b43771d898efa2ba91d1e3b78f267c5d2d00ee9e6d38de6e06af1fb0dd0802644e129978cd08096063

Download Submit
C:\Windows\SysWOW64\WmdmPmSp.dll

Filesize
75KB

MD5
13ba405f702fe457bfecf39fdfa627a0

SHA1
4e762c05ca67cc5ef0f1827a6460453e6cd143bd

SHA256
9288775907c70d9d49f0bb3cc29f3699f008eb2f1f9241c446ba11513e1be191

SHA512
247e983ef57d06dd4fd8f3ba781a3896fefc0ff929af73b43771d898efa2ba91d1e3b78f267c5d2d00ee9e6d38de6e06af1fb0dd0802644e129978cd08096063

Download Submit
C:\Windows\SysWOW64\WmdmPmSp.dll

Filesize
75KB

MD5
13ba405f702fe457bfecf39fdfa627a0

SHA1
4e762c05ca67cc5ef0f1827a6460453e6cd143bd

SHA256
9288775907c70d9d49f0bb3cc29f3699f008eb2f1f9241c446ba11513e1be191

SHA512
247e983ef57d06dd4fd8f3ba781a3896fefc0ff929af73b43771d898efa2ba91d1e3b78f267c5d2d00ee9e6d38de6e06af1fb0dd0802644e129978cd08096063

Download Submit
C:\Windows\SysWOW64\helpsvc.dll

Filesize
75KB

MD5
13ba405f702fe457bfecf39fdfa627a0

SHA1
4e762c05ca67cc5ef0f1827a6460453e6cd143bd

SHA256
9288775907c70d9d49f0bb3cc29f3699f008eb2f1f9241c446ba11513e1be191

SHA512
247e983ef57d06dd4fd8f3ba781a3896fefc0ff929af73b43771d898efa2ba91d1e3b78f267c5d2d00ee9e6d38de6e06af1fb0dd0802644e129978cd08096063

Download Submit
C:\Windows\SysWOW64\helpsvc.dll

Filesize
75KB

MD5
13ba405f702fe457bfecf39fdfa627a0

SHA1
4e762c05ca67cc5ef0f1827a6460453e6cd143bd

SHA256
9288775907c70d9d49f0bb3cc29f3699f008eb2f1f9241c446ba11513e1be191

SHA512
247e983ef57d06dd4fd8f3ba781a3896fefc0ff929af73b43771d898efa2ba91d1e3b78f267c5d2d00ee9e6d38de6e06af1fb0dd0802644e129978cd08096063

Download Submit
C:\Windows\SysWOW64\helpsvc.dll

Filesize
75KB

MD5
13ba405f702fe457bfecf39fdfa627a0

SHA1
4e762c05ca67cc5ef0f1827a6460453e6cd143bd

SHA256
9288775907c70d9d49f0bb3cc29f3699f008eb2f1f9241c446ba11513e1be191

SHA512
247e983ef57d06dd4fd8f3ba781a3896fefc0ff929af73b43771d898efa2ba91d1e3b78f267c5d2d00ee9e6d38de6e06af1fb0dd0802644e129978cd08096063

Download Submit
C:\Windows\SysWOW64\uploadmgr.dll

Filesize
75KB

MD5
13ba405f702fe457bfecf39fdfa627a0

SHA1
4e762c05ca67cc5ef0f1827a6460453e6cd143bd

SHA256
9288775907c70d9d49f0bb3cc29f3699f008eb2f1f9241c446ba11513e1be191

SHA512
247e983ef57d06dd4fd8f3ba781a3896fefc0ff929af73b43771d898efa2ba91d1e3b78f267c5d2d00ee9e6d38de6e06af1fb0dd0802644e129978cd08096063

Download Submit
C:\Windows\SysWOW64\uploadmgr.dll

Filesize
75KB

MD5
13ba405f702fe457bfecf39fdfa627a0

SHA1
4e762c05ca67cc5ef0f1827a6460453e6cd143bd

SHA256
9288775907c70d9d49f0bb3cc29f3699f008eb2f1f9241c446ba11513e1be191

SHA512
247e983ef57d06dd4fd8f3ba781a3896fefc0ff929af73b43771d898efa2ba91d1e3b78f267c5d2d00ee9e6d38de6e06af1fb0dd0802644e129978cd08096063

Download Submit
C:\Windows\SysWOW64\uploadmgr.dll

Filesize
75KB

MD5
13ba405f702fe457bfecf39fdfa627a0

SHA1
4e762c05ca67cc5ef0f1827a6460453e6cd143bd

SHA256
9288775907c70d9d49f0bb3cc29f3699f008eb2f1f9241c446ba11513e1be191

SHA512
247e983ef57d06dd4fd8f3ba781a3896fefc0ff929af73b43771d898efa2ba91d1e3b78f267c5d2d00ee9e6d38de6e06af1fb0dd0802644e129978cd08096063

Download Submit
\??\c:\windows\SysWOW64\fastuserswitchingcompatibility.dll

Filesize
75KB

MD5
13ba405f702fe457bfecf39fdfa627a0

SHA1
4e762c05ca67cc5ef0f1827a6460453e6cd143bd

SHA256
9288775907c70d9d49f0bb3cc29f3699f008eb2f1f9241c446ba11513e1be191

SHA512
247e983ef57d06dd4fd8f3ba781a3896fefc0ff929af73b43771d898efa2ba91d1e3b78f267c5d2d00ee9e6d38de6e06af1fb0dd0802644e129978cd08096063

Download Submit
\??\c:\windows\SysWOW64\helpsvc.dll

Filesize
75KB

MD5
13ba405f702fe457bfecf39fdfa627a0

SHA1
4e762c05ca67cc5ef0f1827a6460453e6cd143bd

SHA256
9288775907c70d9d49f0bb3cc29f3699f008eb2f1f9241c446ba11513e1be191

SHA512
247e983ef57d06dd4fd8f3ba781a3896fefc0ff929af73b43771d898efa2ba91d1e3b78f267c5d2d00ee9e6d38de6e06af1fb0dd0802644e129978cd08096063

Download Submit
\??\c:\windows\SysWOW64\irmon.dll

Filesize
75KB

MD5
13ba405f702fe457bfecf39fdfa627a0

SHA1
4e762c05ca67cc5ef0f1827a6460453e6cd143bd

SHA256
9288775907c70d9d49f0bb3cc29f3699f008eb2f1f9241c446ba11513e1be191

SHA512
247e983ef57d06dd4fd8f3ba781a3896fefc0ff929af73b43771d898efa2ba91d1e3b78f267c5d2d00ee9e6d38de6e06af1fb0dd0802644e129978cd08096063

Download Submit
\??\c:\windows\SysWOW64\logonhours.dll

Filesize
75KB

MD5
13ba405f702fe457bfecf39fdfa627a0

SHA1
4e762c05ca67cc5ef0f1827a6460453e6cd143bd

SHA256
9288775907c70d9d49f0bb3cc29f3699f008eb2f1f9241c446ba11513e1be191

SHA512
247e983ef57d06dd4fd8f3ba781a3896fefc0ff929af73b43771d898efa2ba91d1e3b78f267c5d2d00ee9e6d38de6e06af1fb0dd0802644e129978cd08096063

Download Submit
\??\c:\windows\SysWOW64\nla.dll

Filesize
75KB

MD5
13ba405f702fe457bfecf39fdfa627a0

SHA1
4e762c05ca67cc5ef0f1827a6460453e6cd143bd

SHA256
9288775907c70d9d49f0bb3cc29f3699f008eb2f1f9241c446ba11513e1be191

SHA512
247e983ef57d06dd4fd8f3ba781a3896fefc0ff929af73b43771d898efa2ba91d1e3b78f267c5d2d00ee9e6d38de6e06af1fb0dd0802644e129978cd08096063

Download Submit
\??\c:\windows\SysWOW64\ntmssvc.dll

Filesize
75KB

MD5
13ba405f702fe457bfecf39fdfa627a0

SHA1
4e762c05ca67cc5ef0f1827a6460453e6cd143bd

SHA256
9288775907c70d9d49f0bb3cc29f3699f008eb2f1f9241c446ba11513e1be191

SHA512
247e983ef57d06dd4fd8f3ba781a3896fefc0ff929af73b43771d898efa2ba91d1e3b78f267c5d2d00ee9e6d38de6e06af1fb0dd0802644e129978cd08096063

Download Submit
\??\c:\windows\SysWOW64\nwcworkstation.dll

Filesize
75KB

MD5
13ba405f702fe457bfecf39fdfa627a0

SHA1
4e762c05ca67cc5ef0f1827a6460453e6cd143bd

SHA256
9288775907c70d9d49f0bb3cc29f3699f008eb2f1f9241c446ba11513e1be191

SHA512
247e983ef57d06dd4fd8f3ba781a3896fefc0ff929af73b43771d898efa2ba91d1e3b78f267c5d2d00ee9e6d38de6e06af1fb0dd0802644e129978cd08096063

Download Submit
\??\c:\windows\SysWOW64\nwsapagent.dll

Filesize
75KB

MD5
13ba405f702fe457bfecf39fdfa627a0

SHA1
4e762c05ca67cc5ef0f1827a6460453e6cd143bd

SHA256
9288775907c70d9d49f0bb3cc29f3699f008eb2f1f9241c446ba11513e1be191

SHA512
247e983ef57d06dd4fd8f3ba781a3896fefc0ff929af73b43771d898efa2ba91d1e3b78f267c5d2d00ee9e6d38de6e06af1fb0dd0802644e129978cd08096063

Download Submit
\??\c:\windows\SysWOW64\pcaudit.dll

Filesize
75KB

MD5
13ba405f702fe457bfecf39fdfa627a0

SHA1
4e762c05ca67cc5ef0f1827a6460453e6cd143bd

SHA256
9288775907c70d9d49f0bb3cc29f3699f008eb2f1f9241c446ba11513e1be191

SHA512
247e983ef57d06dd4fd8f3ba781a3896fefc0ff929af73b43771d898efa2ba91d1e3b78f267c5d2d00ee9e6d38de6e06af1fb0dd0802644e129978cd08096063

Download Submit
\??\c:\windows\SysWOW64\srservice.dll

Filesize
75KB

MD5
13ba405f702fe457bfecf39fdfa627a0

SHA1
4e762c05ca67cc5ef0f1827a6460453e6cd143bd

SHA256
9288775907c70d9d49f0bb3cc29f3699f008eb2f1f9241c446ba11513e1be191

SHA512
247e983ef57d06dd4fd8f3ba781a3896fefc0ff929af73b43771d898efa2ba91d1e3b78f267c5d2d00ee9e6d38de6e06af1fb0dd0802644e129978cd08096063

Download Submit
\??\c:\windows\SysWOW64\uploadmgr.dll

Filesize
75KB

MD5
13ba405f702fe457bfecf39fdfa627a0

SHA1
4e762c05ca67cc5ef0f1827a6460453e6cd143bd

SHA256
9288775907c70d9d49f0bb3cc29f3699f008eb2f1f9241c446ba11513e1be191

SHA512
247e983ef57d06dd4fd8f3ba781a3896fefc0ff929af73b43771d898efa2ba91d1e3b78f267c5d2d00ee9e6d38de6e06af1fb0dd0802644e129978cd08096063

Download Submit
\??\c:\windows\SysWOW64\wmdmpmsp.dll

Filesize
75KB

MD5
13ba405f702fe457bfecf39fdfa627a0

SHA1
4e762c05ca67cc5ef0f1827a6460453e6cd143bd

SHA256
9288775907c70d9d49f0bb3cc29f3699f008eb2f1f9241c446ba11513e1be191

SHA512
247e983ef57d06dd4fd8f3ba781a3896fefc0ff929af73b43771d898efa2ba91d1e3b78f267c5d2d00ee9e6d38de6e06af1fb0dd0802644e129978cd08096063

Download Submit
memory/1448-181-0x0000000074EE0000-0x0000000074EFF000-memory.dmp

Filesize
124KB

Download
memory/1516-141-0x0000000075190000-0x00000000751AF000-memory.dmp

Filesize
124KB

Download
memory/2220-144-0x0000000074F50000-0x0000000074F6F000-memory.dmp

Filesize
124KB

Download
memory/2428-177-0x0000000074660000-0x000000007467F000-memory.dmp

Filesize
124KB

Download
memory/2428-175-0x0000000074630000-0x000000007464F000-memory.dmp

Filesize
124KB

Download
memory/2568-137-0x0000000075540000-0x000000007555F000-memory.dmp

Filesize
124KB

Download
memory/3068-140-0x00000000027E0000-0x00000000067E0000-memory.dmp

Filesize
64.0MB

Download
memory/3068-132-0x0000000000790000-0x00000000007AF000-memory.dmp

Filesize
124KB

Download
memory/3068-133-0x0000000000790000-0x00000000007AF000-memory.dmp

Filesize
124KB

Download
memory/3068-134-0x00000000027E0000-0x00000000067E0000-memory.dmp

Filesize
64.0MB

Download
memory/3068-193-0x0000000000790000-0x00000000007AF000-memory.dmp

Filesize
124KB

Download
memory/3316-164-0x0000000074D70000-0x0000000074D8F000-memory.dmp

Filesize
124KB

Download
memory/3428-190-0x00000000746C0000-0x00000000746DF000-memory.dmp

Filesize
124KB

Download
memory/4056-148-0x0000000074F30000-0x0000000074F4F000-memory.dmp

Filesize
124KB

Download