be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43

Analysis

max time kernel
153s
max time network
42s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
24-11-2022 00:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43.exe
Size

388KB
MD5

5675376d08c87c70f8b557280c8aae0e
SHA1

ff769308f1d70bb31274e33b7e80cd3a0f2d528a
SHA256

be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43
SHA512

46b7ce14b28521adf8053813e95c2a7c34e29996fe0e69e1f4547426195fc8d4c8d6075181c293c3156a6a1ec2b41febd49a00807f06d8fff5b94548b3bd2078
SSDEEP

6144:UMbELf/MJ8cWdi5pV/JNWOVhMSvk/Ziuv:edOpNX1hjvt

Score

10^/10

evasion persistence

Malware Config

Signatures

Modifies visibility of file extensions in Explorer 2 TTPs 12 IoCs

evasion

Hidden Files and Directories

T1158

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	WinAlert.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	WinSysApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	Commgr.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	WinSysApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	WinSysApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	WinAlert.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	Commgr.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	WinSysApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	WinSysApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	WinSysApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	WinSysApp.exe

Modifies visiblity of hidden/system files in Explorer 2 TTPs 12 IoCs

evasion

Hidden Files and Directories

T1158

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0"	Commgr.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0"	WinSysApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0"	WinSysApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0"	WinSysApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0"	WinSysApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0"	be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0"	WinAlert.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0"	WinAlert.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0"	Commgr.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0"	WinSysApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0"	WinSysApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0"	WinSysApp.exe

Executes dropped EXE 11 IoCs

pid	Process
1092	WinAlert.exe
1100	Commgr.exe
1640	WinAlert.exe
864	WinSysApp.exe
1744	WinSysApp.exe
676	WinSysApp.exe
1984	Commgr.exe
472	WinSysApp.exe
1532	WinSysApp.exe
284	WinSysApp.exe
436	WinSysApp.exe

Loads dropped DLL 15 IoCs

pid	Process
1720	be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43.exe
1720	be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43.exe
1720	be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43.exe
1720	be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43.exe
1720	be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43.exe
1720	be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43.exe
1720	be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43.exe
1720	be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43.exe
1640	WinAlert.exe
1100	Commgr.exe
1720	be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43.exe
1720	be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43.exe
1720	be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43.exe
1100	Commgr.exe
1640	WinAlert.exe

Adds Run key to start application 2 TTPs 48 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Run\Windows Alerter = "C:\\Program Files\\Windows Alerter\\WinAlert.exe"	WinSysApp.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Run\Windows Alerter = "C:\\Program Files\\Windows Alerter\\WinAlert.exe"	WinSysApp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Windows Alerter = "C:\\Program Files\\Windows Alerter\\WinAlert.exe"	be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Windows Common Files Manager = "C:\\Program Files\\Windows Common Files\\Commgr.exe"	Commgr.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Run\Windows Alerter = "C:\\Program Files\\Windows Alerter\\WinAlert.exe"	WinSysApp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\WindowMessenger = "C:\\RECYCLER\\X-1-5-21-1960408961-725345543-839522115-1003\\WinSysApp.exe"	WinSysApp.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowMessenger = "C:\\RECYCLER\\X-1-5-21-1960408961-725345543-839522115-1003\\WinSysApp.exe"	be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowMessenger = "C:\\RECYCLER\\X-1-5-21-1960408961-725345543-839522115-1003\\WinSysApp.exe"	WinAlert.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Run\Windows Common Files Manager = "C:\\Program Files\\Windows Common Files\\Commgr.exe"	WinAlert.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Run\Windows Common Files Manager = "C:\\Program Files\\Windows Common Files\\Commgr.exe"	WinSysApp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Windows Alerter = "C:\\Program Files\\Windows Alerter\\WinAlert.exe"	Commgr.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Run\Windows Alerter = "C:\\Program Files\\Windows Alerter\\WinAlert.exe"	WinSysApp.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Run\Windows Common Files Manager = "C:\\Program Files\\Windows Common Files\\Commgr.exe"	WinSysApp.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowMessenger = "C:\\RECYCLER\\X-1-5-21-1960408961-725345543-839522115-1003\\WinSysApp.exe"	WinSysApp.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Run\Windows Alerter = "C:\\Program Files\\Windows Alerter\\WinAlert.exe"	WinAlert.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Run\Windows Common Files Manager = "C:\\Program Files\\Windows Common Files\\Commgr.exe"	WinAlert.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Run\Windows Alerter = "C:\\Program Files\\Windows Alerter\\WinAlert.exe"	Commgr.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowMessenger = "C:\\RECYCLER\\X-1-5-21-1960408961-725345543-839522115-1003\\WinSysApp.exe"	WinSysApp.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Run\Windows Alerter = "C:\\Program Files\\Windows Alerter\\WinAlert.exe"	Commgr.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowMessenger = "C:\\RECYCLER\\X-1-5-21-1960408961-725345543-839522115-1003\\WinSysApp.exe"	WinSysApp.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Run\Windows Alerter = "C:\\Program Files\\Windows Alerter\\WinAlert.exe"	WinSysApp.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Run\Windows Common Files Manager = "C:\\Program Files\\Windows Common Files\\Commgr.exe"	WinSysApp.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Run\Windows Common Files Manager = "C:\\Program Files\\Windows Common Files\\Commgr.exe"	WinSysApp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\WindowMessenger = "C:\\RECYCLER\\X-1-5-21-1960408961-725345543-839522115-1003\\WinSysApp.exe"	Commgr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Windows Common Files Manager = "C:\\Program Files\\Windows Common Files\\Commgr.exe"	WinAlert.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowMessenger = "C:\\RECYCLER\\X-1-5-21-1960408961-725345543-839522115-1003\\WinSysApp.exe"	WinSysApp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Windows Alerter = "C:\\Program Files\\Windows Alerter\\WinAlert.exe"	WinSysApp.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowMessenger = "C:\\RECYCLER\\X-1-5-21-1960408961-725345543-839522115-1003\\WinSysApp.exe"	Commgr.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Run\Windows Common Files Manager = "C:\\Program Files\\Windows Common Files\\Commgr.exe"	WinSysApp.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Run\Windows Common Files Manager = "C:\\Program Files\\Windows Common Files\\Commgr.exe"	Commgr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Windows Alerter = "C:\\Program Files\\Windows Alerter\\WinAlert.exe"	WinAlert.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Run\Windows Common Files Manager = "C:\\Program Files\\Windows Common Files\\Commgr.exe"	WinSysApp.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Run\Windows Alerter = "C:\\Program Files\\Windows Alerter\\WinAlert.exe"	be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowMessenger = "C:\\RECYCLER\\X-1-5-21-1960408961-725345543-839522115-1003\\WinSysApp.exe"	WinSysApp.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowMessenger = "C:\\RECYCLER\\X-1-5-21-1960408961-725345543-839522115-1003\\WinSysApp.exe"	WinSysApp.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Run\Windows Common Files Manager = "C:\\Program Files\\Windows Common Files\\Commgr.exe"	WinSysApp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Windows Common Files Manager = "C:\\Program Files\\Windows Common Files\\Commgr.exe"	be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Windows Common Files Manager = "C:\\Program Files\\Windows Common Files\\Commgr.exe"	WinSysApp.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowMessenger = "C:\\RECYCLER\\X-1-5-21-1960408961-725345543-839522115-1003\\WinSysApp.exe"	WinSysApp.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Run\Windows Alerter = "C:\\Program Files\\Windows Alerter\\WinAlert.exe"	WinAlert.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowMessenger = "C:\\RECYCLER\\X-1-5-21-1960408961-725345543-839522115-1003\\WinSysApp.exe"	Commgr.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Run\Windows Alerter = "C:\\Program Files\\Windows Alerter\\WinAlert.exe"	WinSysApp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\WindowMessenger = "C:\\RECYCLER\\X-1-5-21-1960408961-725345543-839522115-1003\\WinSysApp.exe"	WinAlert.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Run\Windows Common Files Manager = "C:\\Program Files\\Windows Common Files\\Commgr.exe"	Commgr.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Run\Windows Common Files Manager = "C:\\Program Files\\Windows Common Files\\Commgr.exe"	be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\WindowMessenger = "C:\\RECYCLER\\X-1-5-21-1960408961-725345543-839522115-1003\\WinSysApp.exe"	be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowMessenger = "C:\\RECYCLER\\X-1-5-21-1960408961-725345543-839522115-1003\\WinSysApp.exe"	WinAlert.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Run\Windows Alerter = "C:\\Program Files\\Windows Alerter\\WinAlert.exe"	WinSysApp.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 49 IoCs

pid	Process
1720	be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43.exe
1720	be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43.exe
1720	be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43.exe
1720	be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43.exe
1720	be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43.exe
1720	be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43.exe
1720	be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43.exe
1720	be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43.exe
1720	be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43.exe
1720	be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43.exe
1720	be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43.exe
1720	be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43.exe
1720	be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43.exe
1720	be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43.exe
1720	be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43.exe
1720	be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43.exe
1720	be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43.exe
1720	be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43.exe
1720	be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43.exe
1720	be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43.exe
1720	be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43.exe
1720	be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43.exe
1720	be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43.exe
1720	be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43.exe
1720	be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43.exe
1720	be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43.exe
1720	be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43.exe
1720	be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43.exe
1720	be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43.exe
1720	be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43.exe
1720	be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43.exe
1720	be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43.exe
1720	be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43.exe
1720	be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43.exe
1720	be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43.exe
1720	be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43.exe
1720	be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43.exe
1720	be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43.exe
1720	be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43.exe
1720	be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43.exe
1720	be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43.exe
1720	be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43.exe
1720	be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43.exe
1720	be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43.exe
1720	be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43.exe
1720	be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43.exe
1720	be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43.exe
1720	be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43.exe
1720	be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeDebugPrivilege	1720	be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43.exe
Token: SeDebugPrivilege	1100	Commgr.exe
Token: SeDebugPrivilege	1640	WinAlert.exe
Token: SeDebugPrivilege	864	WinSysApp.exe

Suspicious use of WriteProcessMemory 44 IoCs

description	pid	Process	procid_target
PID 1720 wrote to memory of 1092	1720	be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43.exe	27
PID 1720 wrote to memory of 1092	1720	be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43.exe	27
PID 1720 wrote to memory of 1092	1720	be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43.exe	27
PID 1720 wrote to memory of 1092	1720	be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43.exe	27
PID 1720 wrote to memory of 1100	1720	be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43.exe	28
PID 1720 wrote to memory of 1100	1720	be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43.exe	28
PID 1720 wrote to memory of 1100	1720	be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43.exe	28
PID 1720 wrote to memory of 1100	1720	be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43.exe	28
PID 1720 wrote to memory of 864	1720	be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43.exe	29
PID 1720 wrote to memory of 864	1720	be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43.exe	29
PID 1720 wrote to memory of 864	1720	be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43.exe	29
PID 1720 wrote to memory of 864	1720	be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43.exe	29
PID 1720 wrote to memory of 1640	1720	be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43.exe	30
PID 1720 wrote to memory of 1640	1720	be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43.exe	30
PID 1720 wrote to memory of 1640	1720	be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43.exe	30
PID 1720 wrote to memory of 1640	1720	be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43.exe	30
PID 1640 wrote to memory of 1744	1640	WinAlert.exe	31
PID 1640 wrote to memory of 1744	1640	WinAlert.exe	31
PID 1640 wrote to memory of 1744	1640	WinAlert.exe	31
PID 1640 wrote to memory of 1744	1640	WinAlert.exe	31
PID 1100 wrote to memory of 676	1100	Commgr.exe	32
PID 1100 wrote to memory of 676	1100	Commgr.exe	32
PID 1100 wrote to memory of 676	1100	Commgr.exe	32
PID 1100 wrote to memory of 676	1100	Commgr.exe	32
PID 1720 wrote to memory of 1984	1720	be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43.exe	33
PID 1720 wrote to memory of 1984	1720	be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43.exe	33
PID 1720 wrote to memory of 1984	1720	be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43.exe	33
PID 1720 wrote to memory of 1984	1720	be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43.exe	33
PID 1720 wrote to memory of 472	1720	be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43.exe	34
PID 1720 wrote to memory of 472	1720	be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43.exe	34
PID 1720 wrote to memory of 472	1720	be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43.exe	34
PID 1720 wrote to memory of 472	1720	be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43.exe	34
PID 1720 wrote to memory of 1532	1720	be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43.exe	35
PID 1720 wrote to memory of 1532	1720	be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43.exe	35
PID 1720 wrote to memory of 1532	1720	be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43.exe	35
PID 1720 wrote to memory of 1532	1720	be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43.exe	35
PID 1100 wrote to memory of 284	1100	Commgr.exe	36
PID 1100 wrote to memory of 284	1100	Commgr.exe	36
PID 1100 wrote to memory of 284	1100	Commgr.exe	36
PID 1100 wrote to memory of 284	1100	Commgr.exe	36
PID 1640 wrote to memory of 436	1640	WinAlert.exe	37
PID 1640 wrote to memory of 436	1640	WinAlert.exe	37
PID 1640 wrote to memory of 436	1640	WinAlert.exe	37
PID 1640 wrote to memory of 436	1640	WinAlert.exe	37

C:\Users\Admin\AppData\Local\Temp\be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43.exe
"C:\Users\Admin\AppData\Local\Temp\be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43.exe"
1⤵
- Modifies visibility of file extensions in Explorer
- Modifies visiblity of hidden/system files in Explorer
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1720
- C:\Program Files\Windows Alerter\WinAlert.exe
  "C:\Program Files\Windows Alerter\WinAlert.exe"
  2⤵
  - Modifies visibility of file extensions in Explorer
  - Modifies visiblity of hidden/system files in Explorer
  - Executes dropped EXE
  - Adds Run key to start application
  PID:1092
- C:\Program Files\Windows Common Files\Commgr.exe
  "C:\Program Files\Windows Common Files\Commgr.exe"
  2⤵
  - Modifies visibility of file extensions in Explorer
  - Modifies visiblity of hidden/system files in Explorer
  - Executes dropped EXE
  - Loads dropped DLL
  - Adds Run key to start application
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:1100
- - C:\RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003\WinSysApp.exe
    "C:\RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003\WinSysApp.exe"
    3⤵
    - Modifies visibility of file extensions in Explorer
    - Modifies visiblity of hidden/system files in Explorer
    - Executes dropped EXE
    - Adds Run key to start application
    PID:676
- - C:\RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003\WinSysApp.exe
    "C:\RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003\WinSysApp.exe"
    3⤵
    - Modifies visibility of file extensions in Explorer
    - Modifies visiblity of hidden/system files in Explorer
    - Executes dropped EXE
    - Adds Run key to start application
    PID:284
- C:\RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003\WinSysApp.exe
  "C:\RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003\WinSysApp.exe"
  2⤵
  - Modifies visibility of file extensions in Explorer
  - Modifies visiblity of hidden/system files in Explorer
  - Executes dropped EXE
  - Adds Run key to start application
  - Suspicious use of AdjustPrivilegeToken
  PID:864
- C:\Program Files\Windows Alerter\WinAlert.exe
  "C:\Program Files\Windows Alerter\WinAlert.exe"
  2⤵
  - Modifies visibility of file extensions in Explorer
  - Modifies visiblity of hidden/system files in Explorer
  - Executes dropped EXE
  - Loads dropped DLL
  - Adds Run key to start application
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:1640
- - C:\RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003\WinSysApp.exe
    "C:\RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003\WinSysApp.exe"
    3⤵
    - Modifies visibility of file extensions in Explorer
    - Modifies visiblity of hidden/system files in Explorer
    - Executes dropped EXE
    - Adds Run key to start application
    PID:1744
- - C:\RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003\WinSysApp.exe
    "C:\RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003\WinSysApp.exe"
    3⤵
    - Modifies visibility of file extensions in Explorer
    - Modifies visiblity of hidden/system files in Explorer
    - Executes dropped EXE
    - Adds Run key to start application
    PID:436
- C:\Program Files\Windows Common Files\Commgr.exe
  "C:\Program Files\Windows Common Files\Commgr.exe"
  2⤵
  - Modifies visibility of file extensions in Explorer
  - Modifies visiblity of hidden/system files in Explorer
  - Executes dropped EXE
  - Adds Run key to start application
  PID:1984
- C:\RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003\WinSysApp.exe
  "C:\RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003\WinSysApp.exe"
  2⤵
  - Modifies visibility of file extensions in Explorer
  - Modifies visiblity of hidden/system files in Explorer
  - Executes dropped EXE
  - Adds Run key to start application
  PID:472
- C:\RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003\WinSysApp.exe
  "C:\RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003\WinSysApp.exe"
  2⤵
  - Modifies visibility of file extensions in Explorer
  - Modifies visiblity of hidden/system files in Explorer
  - Executes dropped EXE
  - Adds Run key to start application
  PID:1532

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

T1158

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Hidden Files and Directories

T1158

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Alerter\WinAlert.exe

Filesize
388KB

MD5
5675376d08c87c70f8b557280c8aae0e

SHA1
ff769308f1d70bb31274e33b7e80cd3a0f2d528a

SHA256
be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43

SHA512
46b7ce14b28521adf8053813e95c2a7c34e29996fe0e69e1f4547426195fc8d4c8d6075181c293c3156a6a1ec2b41febd49a00807f06d8fff5b94548b3bd2078

Download Submit
C:\Program Files\Windows Alerter\WinAlert.exe

Filesize
388KB

MD5
5675376d08c87c70f8b557280c8aae0e

SHA1
ff769308f1d70bb31274e33b7e80cd3a0f2d528a

SHA256
be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43

SHA512
46b7ce14b28521adf8053813e95c2a7c34e29996fe0e69e1f4547426195fc8d4c8d6075181c293c3156a6a1ec2b41febd49a00807f06d8fff5b94548b3bd2078

Download Submit
C:\Program Files\Windows Alerter\WinAlert.exe

Filesize
388KB

MD5
5675376d08c87c70f8b557280c8aae0e

SHA1
ff769308f1d70bb31274e33b7e80cd3a0f2d528a

SHA256
be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43

SHA512
46b7ce14b28521adf8053813e95c2a7c34e29996fe0e69e1f4547426195fc8d4c8d6075181c293c3156a6a1ec2b41febd49a00807f06d8fff5b94548b3bd2078

Download Submit
C:\Program Files\Windows Common Files\Commgr.exe

Filesize
388KB

MD5
5675376d08c87c70f8b557280c8aae0e

SHA1
ff769308f1d70bb31274e33b7e80cd3a0f2d528a

SHA256
be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43

SHA512
46b7ce14b28521adf8053813e95c2a7c34e29996fe0e69e1f4547426195fc8d4c8d6075181c293c3156a6a1ec2b41febd49a00807f06d8fff5b94548b3bd2078

Download Submit
C:\Program Files\Windows Common Files\Commgr.exe

Filesize
388KB

MD5
5675376d08c87c70f8b557280c8aae0e

SHA1
ff769308f1d70bb31274e33b7e80cd3a0f2d528a

SHA256
be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43

SHA512
46b7ce14b28521adf8053813e95c2a7c34e29996fe0e69e1f4547426195fc8d4c8d6075181c293c3156a6a1ec2b41febd49a00807f06d8fff5b94548b3bd2078

Download Submit
C:\Program Files\Windows Common Files\Commgr.exe

Filesize
388KB

MD5
5675376d08c87c70f8b557280c8aae0e

SHA1
ff769308f1d70bb31274e33b7e80cd3a0f2d528a

SHA256
be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43

SHA512
46b7ce14b28521adf8053813e95c2a7c34e29996fe0e69e1f4547426195fc8d4c8d6075181c293c3156a6a1ec2b41febd49a00807f06d8fff5b94548b3bd2078

Download Submit
C:\RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003\WinSysApp.exe

Filesize
388KB

MD5
5675376d08c87c70f8b557280c8aae0e

SHA1
ff769308f1d70bb31274e33b7e80cd3a0f2d528a

SHA256
be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43

SHA512
46b7ce14b28521adf8053813e95c2a7c34e29996fe0e69e1f4547426195fc8d4c8d6075181c293c3156a6a1ec2b41febd49a00807f06d8fff5b94548b3bd2078

Download Submit
C:\RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003\WinSysApp.exe

Filesize
388KB

MD5
5675376d08c87c70f8b557280c8aae0e

SHA1
ff769308f1d70bb31274e33b7e80cd3a0f2d528a

SHA256
be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43

SHA512
46b7ce14b28521adf8053813e95c2a7c34e29996fe0e69e1f4547426195fc8d4c8d6075181c293c3156a6a1ec2b41febd49a00807f06d8fff5b94548b3bd2078

Download Submit
C:\RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003\WinSysApp.exe

Filesize
388KB

MD5
5675376d08c87c70f8b557280c8aae0e

SHA1
ff769308f1d70bb31274e33b7e80cd3a0f2d528a

SHA256
be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43

SHA512
46b7ce14b28521adf8053813e95c2a7c34e29996fe0e69e1f4547426195fc8d4c8d6075181c293c3156a6a1ec2b41febd49a00807f06d8fff5b94548b3bd2078

Download Submit
C:\RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003\WinSysApp.exe

Filesize
388KB

MD5
5675376d08c87c70f8b557280c8aae0e

SHA1
ff769308f1d70bb31274e33b7e80cd3a0f2d528a

SHA256
be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43

SHA512
46b7ce14b28521adf8053813e95c2a7c34e29996fe0e69e1f4547426195fc8d4c8d6075181c293c3156a6a1ec2b41febd49a00807f06d8fff5b94548b3bd2078

Download Submit
C:\RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003\WinSysApp.exe

Filesize
388KB

MD5
5675376d08c87c70f8b557280c8aae0e

SHA1
ff769308f1d70bb31274e33b7e80cd3a0f2d528a

SHA256
be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43

SHA512
46b7ce14b28521adf8053813e95c2a7c34e29996fe0e69e1f4547426195fc8d4c8d6075181c293c3156a6a1ec2b41febd49a00807f06d8fff5b94548b3bd2078

Download Submit
C:\RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003\WinSysApp.exe

Filesize
388KB

MD5
5675376d08c87c70f8b557280c8aae0e

SHA1
ff769308f1d70bb31274e33b7e80cd3a0f2d528a

SHA256
be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43

SHA512
46b7ce14b28521adf8053813e95c2a7c34e29996fe0e69e1f4547426195fc8d4c8d6075181c293c3156a6a1ec2b41febd49a00807f06d8fff5b94548b3bd2078

Download Submit
C:\RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003\WinSysApp.exe

Filesize
388KB

MD5
5675376d08c87c70f8b557280c8aae0e

SHA1
ff769308f1d70bb31274e33b7e80cd3a0f2d528a

SHA256
be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43

SHA512
46b7ce14b28521adf8053813e95c2a7c34e29996fe0e69e1f4547426195fc8d4c8d6075181c293c3156a6a1ec2b41febd49a00807f06d8fff5b94548b3bd2078

Download Submit
C:\RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003\WinSysApp.exe

Filesize
388KB

MD5
5675376d08c87c70f8b557280c8aae0e

SHA1
ff769308f1d70bb31274e33b7e80cd3a0f2d528a

SHA256
be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43

SHA512
46b7ce14b28521adf8053813e95c2a7c34e29996fe0e69e1f4547426195fc8d4c8d6075181c293c3156a6a1ec2b41febd49a00807f06d8fff5b94548b3bd2078

Download Submit
C:\RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003\bnf0342

Filesize
3KB

MD5
50cbe5b5f14391026f02235118b126f8

SHA1
11af82b3875fd696539e4f8ad1069215d70b9e05

SHA256
5c27839b7091868567bfa5ee2d5a8eb5aa61bd4ec37dbe93fe46edbf2d8e8d7b

SHA512
70cd61d093e8bb55e3e46d4010a4d13c89f9bb59666bbf193cc5b8e73d99cb3c5d9fb01a2cef7c7dad459d8611443a717a9c9547ca48e32f70a28762cd3e01b7

Download Submit
C:\RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003\bnf0342

Filesize
7KB

MD5
5eb6cc9abddc5e682c6b27a6a1be08c4

SHA1
0b7382b14a60353d992a7839758044443efa2397

SHA256
71d7e5bd8e7d10e1e3a17dd75242268c08013acbd8f6535862da3a367b900f0e

SHA512
6f816eb12cdf82b17bb8bd1861f68dfa555452fb4be9911b94539e011387a61a99b7135bb14fe2261051802aca3c2fe45759504da5a3ceefc1f5b0828014dc10

Download Submit
C:\RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003\bnf0342

Filesize
6KB

MD5
a4ccd1439a68f7dc97e995efc79970c5

SHA1
0682a8a9812124b53ccadaa7349a36c9e4d43dc2

SHA256
eb289d666918f93205a2b4a509814104661fc91b0845be4c83f7fb39025f4650

SHA512
95213e885e36cebbd5762cc0f02bc3e51217cbfd50c2fff347c3b908b4827baa4f3e6f936ea349068e8d35e4d22f7c044764da73a99db7e3237c3cc44dc95e84

Download Submit
\Program Files\Windows Alerter\WinAlert.exe

Filesize
388KB

MD5
5675376d08c87c70f8b557280c8aae0e

SHA1
ff769308f1d70bb31274e33b7e80cd3a0f2d528a

SHA256
be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43

SHA512
46b7ce14b28521adf8053813e95c2a7c34e29996fe0e69e1f4547426195fc8d4c8d6075181c293c3156a6a1ec2b41febd49a00807f06d8fff5b94548b3bd2078

Download Submit
\Program Files\Windows Alerter\WinAlert.exe

Filesize
388KB

MD5
5675376d08c87c70f8b557280c8aae0e

SHA1
ff769308f1d70bb31274e33b7e80cd3a0f2d528a

SHA256
be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43

SHA512
46b7ce14b28521adf8053813e95c2a7c34e29996fe0e69e1f4547426195fc8d4c8d6075181c293c3156a6a1ec2b41febd49a00807f06d8fff5b94548b3bd2078

Download Submit
\Program Files\Windows Alerter\WinAlert.exe

Filesize
388KB

MD5
5675376d08c87c70f8b557280c8aae0e

SHA1
ff769308f1d70bb31274e33b7e80cd3a0f2d528a

SHA256
be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43

SHA512
46b7ce14b28521adf8053813e95c2a7c34e29996fe0e69e1f4547426195fc8d4c8d6075181c293c3156a6a1ec2b41febd49a00807f06d8fff5b94548b3bd2078

Download Submit
\Program Files\Windows Alerter\WinAlert.exe

Filesize
388KB

MD5
5675376d08c87c70f8b557280c8aae0e

SHA1
ff769308f1d70bb31274e33b7e80cd3a0f2d528a

SHA256
be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43

SHA512
46b7ce14b28521adf8053813e95c2a7c34e29996fe0e69e1f4547426195fc8d4c8d6075181c293c3156a6a1ec2b41febd49a00807f06d8fff5b94548b3bd2078

Download Submit
\Program Files\Windows Common Files\Commgr.exe

Filesize
388KB

MD5
5675376d08c87c70f8b557280c8aae0e

SHA1
ff769308f1d70bb31274e33b7e80cd3a0f2d528a

SHA256
be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43

SHA512
46b7ce14b28521adf8053813e95c2a7c34e29996fe0e69e1f4547426195fc8d4c8d6075181c293c3156a6a1ec2b41febd49a00807f06d8fff5b94548b3bd2078

Download Submit
\Program Files\Windows Common Files\Commgr.exe

Filesize
388KB

MD5
5675376d08c87c70f8b557280c8aae0e

SHA1
ff769308f1d70bb31274e33b7e80cd3a0f2d528a

SHA256
be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43

SHA512
46b7ce14b28521adf8053813e95c2a7c34e29996fe0e69e1f4547426195fc8d4c8d6075181c293c3156a6a1ec2b41febd49a00807f06d8fff5b94548b3bd2078

Download Submit
\Program Files\Windows Common Files\Commgr.exe

Filesize
388KB

MD5
5675376d08c87c70f8b557280c8aae0e

SHA1
ff769308f1d70bb31274e33b7e80cd3a0f2d528a

SHA256
be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43

SHA512
46b7ce14b28521adf8053813e95c2a7c34e29996fe0e69e1f4547426195fc8d4c8d6075181c293c3156a6a1ec2b41febd49a00807f06d8fff5b94548b3bd2078

Download Submit
\RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003\WinSysApp.exe

Filesize
388KB

MD5
5675376d08c87c70f8b557280c8aae0e

SHA1
ff769308f1d70bb31274e33b7e80cd3a0f2d528a

SHA256
be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43

SHA512
46b7ce14b28521adf8053813e95c2a7c34e29996fe0e69e1f4547426195fc8d4c8d6075181c293c3156a6a1ec2b41febd49a00807f06d8fff5b94548b3bd2078

Download Submit
\RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003\WinSysApp.exe

Filesize
388KB

MD5
5675376d08c87c70f8b557280c8aae0e

SHA1
ff769308f1d70bb31274e33b7e80cd3a0f2d528a

SHA256
be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43

SHA512
46b7ce14b28521adf8053813e95c2a7c34e29996fe0e69e1f4547426195fc8d4c8d6075181c293c3156a6a1ec2b41febd49a00807f06d8fff5b94548b3bd2078

Download Submit
\RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003\WinSysApp.exe

Filesize
388KB

MD5
5675376d08c87c70f8b557280c8aae0e

SHA1
ff769308f1d70bb31274e33b7e80cd3a0f2d528a

SHA256
be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43

SHA512
46b7ce14b28521adf8053813e95c2a7c34e29996fe0e69e1f4547426195fc8d4c8d6075181c293c3156a6a1ec2b41febd49a00807f06d8fff5b94548b3bd2078

Download Submit
\RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003\WinSysApp.exe

Filesize
388KB

MD5
5675376d08c87c70f8b557280c8aae0e

SHA1
ff769308f1d70bb31274e33b7e80cd3a0f2d528a

SHA256
be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43

SHA512
46b7ce14b28521adf8053813e95c2a7c34e29996fe0e69e1f4547426195fc8d4c8d6075181c293c3156a6a1ec2b41febd49a00807f06d8fff5b94548b3bd2078

Download Submit
\RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003\WinSysApp.exe

Filesize
388KB

MD5
5675376d08c87c70f8b557280c8aae0e

SHA1
ff769308f1d70bb31274e33b7e80cd3a0f2d528a

SHA256
be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43

SHA512
46b7ce14b28521adf8053813e95c2a7c34e29996fe0e69e1f4547426195fc8d4c8d6075181c293c3156a6a1ec2b41febd49a00807f06d8fff5b94548b3bd2078

Download Submit
\RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003\WinSysApp.exe

Filesize
388KB

MD5
5675376d08c87c70f8b557280c8aae0e

SHA1
ff769308f1d70bb31274e33b7e80cd3a0f2d528a

SHA256
be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43

SHA512
46b7ce14b28521adf8053813e95c2a7c34e29996fe0e69e1f4547426195fc8d4c8d6075181c293c3156a6a1ec2b41febd49a00807f06d8fff5b94548b3bd2078

Download Submit
\RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003\WinSysApp.exe

Filesize
388KB

MD5
5675376d08c87c70f8b557280c8aae0e

SHA1
ff769308f1d70bb31274e33b7e80cd3a0f2d528a

SHA256
be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43

SHA512
46b7ce14b28521adf8053813e95c2a7c34e29996fe0e69e1f4547426195fc8d4c8d6075181c293c3156a6a1ec2b41febd49a00807f06d8fff5b94548b3bd2078

Download Submit
\RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003\WinSysApp.exe

Filesize
388KB

MD5
5675376d08c87c70f8b557280c8aae0e

SHA1
ff769308f1d70bb31274e33b7e80cd3a0f2d528a

SHA256
be5893773804f9097891372136300b701fe87b13218dc1042d919c6357e0fe43

SHA512
46b7ce14b28521adf8053813e95c2a7c34e29996fe0e69e1f4547426195fc8d4c8d6075181c293c3156a6a1ec2b41febd49a00807f06d8fff5b94548b3bd2078

Download Submit
memory/284-123-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/284-111-0x0000000000000000-mapping.dmp

Download
memory/436-124-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/436-116-0x0000000000000000-mapping.dmp

Download
memory/472-101-0x0000000000000000-mapping.dmp

Download
memory/472-121-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/676-119-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/676-91-0x0000000000000000-mapping.dmp

Download
memory/864-67-0x0000000000000000-mapping.dmp

Download
memory/864-95-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/1092-88-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/1092-62-0x0000000000000000-mapping.dmp

Download
memory/1100-64-0x0000000000000000-mapping.dmp

Download
memory/1100-89-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/1532-107-0x0000000000000000-mapping.dmp

Download
memory/1532-122-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/1640-69-0x0000000000000000-mapping.dmp

Download
memory/1640-92-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/1720-87-0x0000000008110000-0x000000000815A000-memory.dmp

Filesize
296KB

Download
memory/1720-55-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/1720-86-0x00000000080C0000-0x000000000810A000-memory.dmp

Filesize
296KB

Download
memory/1720-54-0x0000000075BD1000-0x0000000075BD3000-memory.dmp

Filesize
8KB

Download
memory/1720-125-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/1744-97-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/1744-83-0x0000000000000000-mapping.dmp

Download
memory/1984-120-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/1984-99-0x0000000000000000-mapping.dmp

Download