7d257921ba2b526a630df631e130d8554348d824af0a33ccc41544ce46dd907a

Analysis

max time kernel
150s
max time network
154s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
27/11/2022, 22:19

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

7d257921ba2b526a630df631e130d8554348d824af0a33ccc41544ce46dd907a.exe
Size

703KB
MD5

633aea60647f1902f98bb3307c00505d
SHA1

feb1c588e3a0a16ce080d8cd585503230cfd0a72
SHA256

7d257921ba2b526a630df631e130d8554348d824af0a33ccc41544ce46dd907a
SHA512

cbf1a8f910827e50bc8e04def7ba1c87663275f5c34c8e61eca35562f9385a3d3c196205953f2cfcf48d9f705889313aa614d9bc582fc5a7c7eb8ff8c251cf2c
SSDEEP

12288:ktiHRBsuZhJoaGjHtRP21YZyKd6Z5i6z53G36+j7MusHVBIvR:ktiHR9orbe19O6dI3MusEvR

Score

8^/10

discovery persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1640	liteon.exe

Loads dropped DLL 5 IoCs

pid	Process
1396	7d257921ba2b526a630df631e130d8554348d824af0a33ccc41544ce46dd907a.exe
1396	7d257921ba2b526a630df631e130d8554348d824af0a33ccc41544ce46dd907a.exe
1396	7d257921ba2b526a630df631e130d8554348d824af0a33ccc41544ce46dd907a.exe
1640	liteon.exe
1640	liteon.exe

Adds Run key to start application 2 TTPs 64 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	regedit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ISPSERVICE = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gsf9A3\\liteon.exe"	regedit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ISPSERVICE = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gsf9A3\\liteon.exe"	regedit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ISPSERVICE = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gsf9A3\\liteon.exe"	regedit.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	regedit.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	regedit.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	regedit.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	regedit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ISPSERVICE = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gsf9A3\\liteon.exe"	regedit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ISPSERVICE = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gsf9A3\\liteon.exe"	regedit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ISPSERVICE = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gsf9A3\\liteon.exe"	regedit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ISPSERVICE = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gsf9A3\\liteon.exe"	regedit.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	regedit.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	regedit.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	regedit.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	regedit.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	regedit.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	regedit.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	regedit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ISPSERVICE = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gsf9A3\\liteon.exe"	regedit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ISPSERVICE = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gsf9A3\\liteon.exe"	regedit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ISPSERVICE = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gsf9A3\\liteon.exe"	regedit.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	regedit.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	regedit.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	regedit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ISPSERVICE = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gsf9A3\\liteon.exe"	regedit.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	regedit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ISPSERVICE = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gsf9A3\\liteon.exe"	regedit.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	regedit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ISPSERVICE = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gsf9A3\\liteon.exe"	regedit.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	regedit.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	regedit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ISPSERVICE = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gsf9A3\\liteon.exe"	regedit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ISPSERVICE = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gsf9A3\\liteon.exe"	regedit.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	regedit.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	regedit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ISPSERVICE = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gsf9A3\\liteon.exe"	regedit.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	regedit.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	regedit.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	regedit.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	regedit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ISPSERVICE = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gsf9A3\\liteon.exe"	regedit.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	regedit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ISPSERVICE = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gsf9A3\\liteon.exe"	regedit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ISPSERVICE = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gsf9A3\\liteon.exe"	regedit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ISPSERVICE = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gsf9A3\\liteon.exe"	regedit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ISPSERVICE = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gsf9A3\\liteon.exe"	regedit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ISPSERVICE = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gsf9A3\\liteon.exe"	regedit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ISPSERVICE = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gsf9A3\\liteon.exe"	regedit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ISPSERVICE = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gsf9A3\\liteon.exe"	regedit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ISPSERVICE = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gsf9A3\\liteon.exe"	regedit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ISPSERVICE = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gsf9A3\\liteon.exe"	regedit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ISPSERVICE = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gsf9A3\\liteon.exe"	regedit.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	regedit.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	regedit.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	regedit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ISPSERVICE = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gsf9A3\\liteon.exe"	regedit.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	regedit.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	regedit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ISPSERVICE = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gsf9A3\\liteon.exe"	regedit.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	regedit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ISPSERVICE = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gsf9A3\\liteon.exe"	regedit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ISPSERVICE = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gsf9A3\\liteon.exe"	regedit.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	regedit.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies registry class 40 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\irc\ = "URL:IRC Protocol"	liteon.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\irc\Shell\open\ddeexec\Application\ = "hex"	liteon.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\irc	liteon.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\irc\Shell	liteon.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.chat\ = "ChatFile"	liteon.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile\ = "Chat File"	liteon.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile\Shell\open\ddeexec	liteon.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile\Shell\open\ddeexec\Application	liteon.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\irc\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\gsf9A3\\liteon.exe\""	liteon.exe
Key created	\REGISTRY\MACHINE\Software\Classes\irc\Shell\open\command	liteon.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\irc\Shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\gsf9A3\\liteon.exe\" -noconnect"	liteon.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.cha	liteon.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.cha\ = "ChatFile"	liteon.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile\Shell\open\command	liteon.exe
Key created	\REGISTRY\MACHINE\Software\Classes\irc\DefaultIcon	liteon.exe
Key created	\REGISTRY\MACHINE\Software\Classes\irc\Shell\open\ddeexec\ifexec	liteon.exe
Key created	\REGISTRY\MACHINE\Software\Classes\irc\Shell\open\ddeexec	liteon.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile\Shell\open\ddeexec\Application\ = "hex"	liteon.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile\Shell\open\ddeexec\Topic	liteon.exe
Key created	\REGISTRY\MACHINE\Software\Classes\irc	liteon.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\irc\URL Protocol	liteon.exe
Key created	\REGISTRY\MACHINE\Software\Classes\irc\Shell\open\ddeexec\Topic	liteon.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\irc\Shell\open\ddeexec\Topic\ = "Connect"	liteon.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.chat	liteon.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile	liteon.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\gsf9A3\\liteon.exe\""	liteon.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile\Shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\gsf9A3\\liteon.exe\" -noconnect"	liteon.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile\Shell\open\ddeexec\Topic\ = "Connect"	liteon.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\irc\Shell\open	liteon.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile\Shell	liteon.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile\Shell\open\ddeexec\ = "%1"	liteon.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile\Shell\open\ddeexec\ifexec	liteon.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\irc\Shell\open\ddeexec\ = "%1"	liteon.exe
Key created	\REGISTRY\MACHINE\Software\Classes\irc\Shell\open\ddeexec\Application	liteon.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile\DefaultIcon	liteon.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile\Shell\open	liteon.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile\Shell\open\ddeexec\ifexec\ = "%1"	liteon.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\irc\EditFlags = 02000000	liteon.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\irc\Shell\open\command	liteon.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\irc\Shell\open\ddeexec\ifexec\ = "%1"	liteon.exe

Runs .reg file with regedit 48 IoCs

pid	Process
472	regedit.exe
1652	regedit.exe
1312	regedit.exe
1644	regedit.exe
932	regedit.exe
1112	regedit.exe
1596	regedit.exe
1592	regedit.exe
796	regedit.exe
1932	regedit.exe
1508	regedit.exe
860	regedit.exe
2044	regedit.exe
1288	regedit.exe
1112	regedit.exe
1364	regedit.exe
1208	regedit.exe
1512	regedit.exe
1840	regedit.exe
1244	regedit.exe
1620	regedit.exe
868	regedit.exe
1892	regedit.exe
1488	regedit.exe
956	regedit.exe
2032	regedit.exe
1928	regedit.exe
1624	regedit.exe
1324	regedit.exe
1740	regedit.exe
984	regedit.exe
1164	regedit.exe
872	regedit.exe
1916	regedit.exe
1932	regedit.exe
1508	regedit.exe
900	regedit.exe
1484	regedit.exe
1780	regedit.exe
608	regedit.exe
1980	regedit.exe
1740	regedit.exe
2044	regedit.exe
676	regedit.exe
1648	regedit.exe
1356	regedit.exe
1904	regedit.exe
1772	regedit.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1640	liteon.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1640	liteon.exe
1640	liteon.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1396 wrote to memory of 1640	1396	7d257921ba2b526a630df631e130d8554348d824af0a33ccc41544ce46dd907a.exe	27
PID 1396 wrote to memory of 1640	1396	7d257921ba2b526a630df631e130d8554348d824af0a33ccc41544ce46dd907a.exe	27
PID 1396 wrote to memory of 1640	1396	7d257921ba2b526a630df631e130d8554348d824af0a33ccc41544ce46dd907a.exe	27
PID 1396 wrote to memory of 1640	1396	7d257921ba2b526a630df631e130d8554348d824af0a33ccc41544ce46dd907a.exe	27
PID 1640 wrote to memory of 1780	1640	liteon.exe	28
PID 1640 wrote to memory of 1780	1640	liteon.exe	28
PID 1640 wrote to memory of 1780	1640	liteon.exe	28
PID 1640 wrote to memory of 1780	1640	liteon.exe	28
PID 1640 wrote to memory of 868	1640	liteon.exe	29
PID 1640 wrote to memory of 868	1640	liteon.exe	29
PID 1640 wrote to memory of 868	1640	liteon.exe	29
PID 1640 wrote to memory of 868	1640	liteon.exe	29
PID 1640 wrote to memory of 1324	1640	liteon.exe	30
PID 1640 wrote to memory of 1324	1640	liteon.exe	30
PID 1640 wrote to memory of 1324	1640	liteon.exe	30
PID 1640 wrote to memory of 1324	1640	liteon.exe	30
PID 1640 wrote to memory of 1892	1640	liteon.exe	31
PID 1640 wrote to memory of 1892	1640	liteon.exe	31
PID 1640 wrote to memory of 1892	1640	liteon.exe	31
PID 1640 wrote to memory of 1892	1640	liteon.exe	31
PID 1640 wrote to memory of 1772	1640	liteon.exe	32
PID 1640 wrote to memory of 1772	1640	liteon.exe	32
PID 1640 wrote to memory of 1772	1640	liteon.exe	32
PID 1640 wrote to memory of 1772	1640	liteon.exe	32
PID 1640 wrote to memory of 860	1640	liteon.exe	33
PID 1640 wrote to memory of 860	1640	liteon.exe	33
PID 1640 wrote to memory of 860	1640	liteon.exe	33
PID 1640 wrote to memory of 860	1640	liteon.exe	33
PID 1640 wrote to memory of 872	1640	liteon.exe	34
PID 1640 wrote to memory of 872	1640	liteon.exe	34
PID 1640 wrote to memory of 872	1640	liteon.exe	34
PID 1640 wrote to memory of 872	1640	liteon.exe	34
PID 1640 wrote to memory of 1644	1640	liteon.exe	35
PID 1640 wrote to memory of 1644	1640	liteon.exe	35
PID 1640 wrote to memory of 1644	1640	liteon.exe	35
PID 1640 wrote to memory of 1644	1640	liteon.exe	35
PID 1640 wrote to memory of 1916	1640	liteon.exe	36
PID 1640 wrote to memory of 1916	1640	liteon.exe	36
PID 1640 wrote to memory of 1916	1640	liteon.exe	36
PID 1640 wrote to memory of 1916	1640	liteon.exe	36
PID 1640 wrote to memory of 472	1640	liteon.exe	37
PID 1640 wrote to memory of 472	1640	liteon.exe	37
PID 1640 wrote to memory of 472	1640	liteon.exe	37
PID 1640 wrote to memory of 472	1640	liteon.exe	37
PID 1640 wrote to memory of 1364	1640	liteon.exe	38
PID 1640 wrote to memory of 1364	1640	liteon.exe	38
PID 1640 wrote to memory of 1364	1640	liteon.exe	38
PID 1640 wrote to memory of 1364	1640	liteon.exe	38
PID 1640 wrote to memory of 1932	1640	liteon.exe	39
PID 1640 wrote to memory of 1932	1640	liteon.exe	39
PID 1640 wrote to memory of 1932	1640	liteon.exe	39
PID 1640 wrote to memory of 1932	1640	liteon.exe	39
PID 1640 wrote to memory of 1740	1640	liteon.exe	40
PID 1640 wrote to memory of 1740	1640	liteon.exe	40
PID 1640 wrote to memory of 1740	1640	liteon.exe	40
PID 1640 wrote to memory of 1740	1640	liteon.exe	40
PID 1640 wrote to memory of 1508	1640	liteon.exe	41
PID 1640 wrote to memory of 1508	1640	liteon.exe	41
PID 1640 wrote to memory of 1508	1640	liteon.exe	41
PID 1640 wrote to memory of 1508	1640	liteon.exe	41
PID 1640 wrote to memory of 932	1640	liteon.exe	42
PID 1640 wrote to memory of 932	1640	liteon.exe	42
PID 1640 wrote to memory of 932	1640	liteon.exe	42
PID 1640 wrote to memory of 932	1640	liteon.exe	42

C:\Users\Admin\AppData\Local\Temp\7d257921ba2b526a630df631e130d8554348d824af0a33ccc41544ce46dd907a.exe
"C:\Users\Admin\AppData\Local\Temp\7d257921ba2b526a630df631e130d8554348d824af0a33ccc41544ce46dd907a.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1396
- C:\Users\Admin\AppData\Local\Temp\gsf9A3\liteon.exe
  C:\Users\Admin\AppData\Local\Temp\gsf9A3\liteon.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1640
- - C:\Windows\SysWOW64\regedit.exe
    "C:\Windows\System32\regedit.exe" /s 772.reg
    3⤵
    - Adds Run key to start application
    - Runs .reg file with regedit
    PID:1780
- - C:\Windows\SysWOW64\regedit.exe
    "C:\Windows\System32\regedit.exe" /s 380.reg
    3⤵
    - Adds Run key to start application
    - Runs .reg file with regedit
    PID:868
- - C:\Windows\SysWOW64\regedit.exe
    "C:\Windows\System32\regedit.exe" /s 630.reg
    3⤵
    - Adds Run key to start application
    - Runs .reg file with regedit
    PID:1324
- - C:\Windows\SysWOW64\regedit.exe
    "C:\Windows\System32\regedit.exe" /s 732.reg
    3⤵
    - Runs .reg file with regedit
    PID:1892
- - C:\Windows\SysWOW64\regedit.exe
    "C:\Windows\System32\regedit.exe" /s 426.reg
    3⤵
    - Adds Run key to start application
    - Runs .reg file with regedit
    PID:1772
- - C:\Windows\SysWOW64\regedit.exe
    "C:\Windows\System32\regedit.exe" /s 753.reg
    3⤵
    - Adds Run key to start application
    - Runs .reg file with regedit
    PID:860
- - C:\Windows\SysWOW64\regedit.exe
    "C:\Windows\System32\regedit.exe" /s 357.reg
    3⤵
    - Adds Run key to start application
    - Runs .reg file with regedit
    PID:872
- - C:\Windows\SysWOW64\regedit.exe
    "C:\Windows\System32\regedit.exe" /s 515.reg
    3⤵
    - Adds Run key to start application
    - Runs .reg file with regedit
    PID:1644
- - C:\Windows\SysWOW64\regedit.exe
    "C:\Windows\System32\regedit.exe" /s 141.reg
    3⤵
    - Adds Run key to start application
    - Runs .reg file with regedit
    PID:1916
- - C:\Windows\SysWOW64\regedit.exe
    "C:\Windows\System32\regedit.exe" /s 340.reg
    3⤵
    - Adds Run key to start application
    - Runs .reg file with regedit
    PID:472
- - C:\Windows\SysWOW64\regedit.exe
    "C:\Windows\System32\regedit.exe" /s 103.reg
    3⤵
    - Adds Run key to start application
    - Runs .reg file with regedit
    PID:1364
- - C:\Windows\SysWOW64\regedit.exe
    "C:\Windows\System32\regedit.exe" /s 869.reg
    3⤵
    - Adds Run key to start application
    - Runs .reg file with regedit
    PID:1932
- - C:\Windows\SysWOW64\regedit.exe
    "C:\Windows\System32\regedit.exe" /s 204.reg
    3⤵
    - Adds Run key to start application
    - Runs .reg file with regedit
    PID:1740
- - C:\Windows\SysWOW64\regedit.exe
    "C:\Windows\System32\regedit.exe" /s 933.reg
    3⤵
    - Runs .reg file with regedit
    PID:1508
- - C:\Windows\SysWOW64\regedit.exe
    "C:\Windows\System32\regedit.exe" /s 311.reg
    3⤵
    - Adds Run key to start application
    - Runs .reg file with regedit
    PID:932
- - C:\Windows\SysWOW64\regedit.exe
    "C:\Windows\System32\regedit.exe" /s 943.reg
    3⤵
    - Adds Run key to start application
    - Runs .reg file with regedit
    PID:1112
- - C:\Windows\SysWOW64\regedit.exe
    "C:\Windows\System32\regedit.exe" /s 624.reg
    3⤵
    - Adds Run key to start application
    - Runs .reg file with regedit
    PID:2044
- - C:\Windows\SysWOW64\regedit.exe
    "C:\Windows\System32\regedit.exe" /s 489.reg
    3⤵
    - Adds Run key to start application
    - Runs .reg file with regedit
    PID:1208
- - C:\Windows\SysWOW64\regedit.exe
    "C:\Windows\System32\regedit.exe" /s 214.reg
    3⤵
    - Adds Run key to start application
    - Runs .reg file with regedit
    PID:900
- - C:\Windows\SysWOW64\regedit.exe
    "C:\Windows\System32\regedit.exe" /s 417.reg
    3⤵
    - Adds Run key to start application
    - Runs .reg file with regedit
    PID:1488
- - C:\Windows\SysWOW64\regedit.exe
    "C:\Windows\System32\regedit.exe" /s 370.reg
    3⤵
    - Adds Run key to start application
    - Runs .reg file with regedit
    PID:676
- - C:\Windows\SysWOW64\regedit.exe
    "C:\Windows\System32\regedit.exe" /s 989.reg
    3⤵
    - Adds Run key to start application
    - Runs .reg file with regedit
    PID:1596
- - C:\Windows\SysWOW64\regedit.exe
    "C:\Windows\System32\regedit.exe" /s 353.reg
    3⤵
    - Adds Run key to start application
    - Runs .reg file with regedit
    PID:956
- - C:\Windows\SysWOW64\regedit.exe
    "C:\Windows\System32\regedit.exe" /s 758.reg
    3⤵
    - Runs .reg file with regedit
    PID:1648
- - C:\Windows\SysWOW64\regedit.exe
    "C:\Windows\System32\regedit.exe" /s 447.reg
    3⤵
    - Adds Run key to start application
    - Runs .reg file with regedit
    PID:1512
- - C:\Windows\SysWOW64\regedit.exe
    "C:\Windows\System32\regedit.exe" /s 273.reg
    3⤵
    - Adds Run key to start application
    - Runs .reg file with regedit
    PID:984
- - C:\Windows\SysWOW64\regedit.exe
    "C:\Windows\System32\regedit.exe" /s 886.reg
    3⤵
    - Adds Run key to start application
    - Runs .reg file with regedit
    PID:1840
- - C:\Windows\SysWOW64\regedit.exe
    "C:\Windows\System32\regedit.exe" /s 772.reg
    3⤵
    - Adds Run key to start application
    - Runs .reg file with regedit
    PID:608
- - C:\Windows\SysWOW64\regedit.exe
    "C:\Windows\System32\regedit.exe" /s 966.reg
    3⤵
    - Adds Run key to start application
    - Runs .reg file with regedit
    PID:1356
- - C:\Windows\SysWOW64\regedit.exe
    "C:\Windows\System32\regedit.exe" /s 158.reg
    3⤵
    - Adds Run key to start application
    - Runs .reg file with regedit
    PID:1592
- - C:\Windows\SysWOW64\regedit.exe
    "C:\Windows\System32\regedit.exe" /s 729.reg
    3⤵
    - Adds Run key to start application
    - Runs .reg file with regedit
    PID:1980
- - C:\Windows\SysWOW64\regedit.exe
    "C:\Windows\System32\regedit.exe" /s 729.reg
    3⤵
    - Runs .reg file with regedit
    PID:2032
- - C:\Windows\SysWOW64\regedit.exe
    "C:\Windows\System32\regedit.exe" /s 876.reg
    3⤵
    - Adds Run key to start application
    - Runs .reg file with regedit
    PID:1928
- - C:\Windows\SysWOW64\regedit.exe
    "C:\Windows\System32\regedit.exe" /s 252.reg
    3⤵
    - Adds Run key to start application
    - Runs .reg file with regedit
    PID:1904
- - C:\Windows\SysWOW64\regedit.exe
    "C:\Windows\System32\regedit.exe" /s 759.reg
    3⤵
    - Adds Run key to start application
    - Runs .reg file with regedit
    PID:796
- - C:\Windows\SysWOW64\regedit.exe
    "C:\Windows\System32\regedit.exe" /s 581.reg
    3⤵
    - Adds Run key to start application
    - Runs .reg file with regedit
    PID:1932
- - C:\Windows\SysWOW64\regedit.exe
    "C:\Windows\System32\regedit.exe" /s 864.reg
    3⤵
    - Adds Run key to start application
    - Runs .reg file with regedit
    PID:1740
- - C:\Windows\SysWOW64\regedit.exe
    "C:\Windows\System32\regedit.exe" /s 702.reg
    3⤵
    - Adds Run key to start application
    - Runs .reg file with regedit
    PID:1508
- - C:\Windows\SysWOW64\regedit.exe
    "C:\Windows\System32\regedit.exe" /s 429.reg
    3⤵
    - Adds Run key to start application
    - Runs .reg file with regedit
    PID:1244
- - C:\Windows\SysWOW64\regedit.exe
    "C:\Windows\System32\regedit.exe" /s 364.reg
    3⤵
    - Adds Run key to start application
    - Runs .reg file with regedit
    PID:1112
- - C:\Windows\SysWOW64\regedit.exe
    "C:\Windows\System32\regedit.exe" /s 216.reg
    3⤵
    - Adds Run key to start application
    - Runs .reg file with regedit
    PID:2044
- - C:\Windows\SysWOW64\regedit.exe
    "C:\Windows\System32\regedit.exe" /s 156.reg
    3⤵
    - Adds Run key to start application
    - Runs .reg file with regedit
    PID:1288
- - C:\Windows\SysWOW64\regedit.exe
    "C:\Windows\System32\regedit.exe" /s 919.reg
    3⤵
    - Adds Run key to start application
    - Runs .reg file with regedit
    PID:1164
- - C:\Windows\SysWOW64\regedit.exe
    "C:\Windows\System32\regedit.exe" /s 651.reg
    3⤵
    - Adds Run key to start application
    - Runs .reg file with regedit
    PID:1652
- - C:\Windows\SysWOW64\regedit.exe
    "C:\Windows\System32\regedit.exe" /s 107.reg
    3⤵
    - Adds Run key to start application
    - Runs .reg file with regedit
    PID:1484
- - C:\Windows\SysWOW64\regedit.exe
    "C:\Windows\System32\regedit.exe" /s 759.reg
    3⤵
    - Adds Run key to start application
    - Runs .reg file with regedit
    PID:1620
- - C:\Windows\SysWOW64\regedit.exe
    "C:\Windows\System32\regedit.exe" /s 556.reg
    3⤵
    - Adds Run key to start application
    - Runs .reg file with regedit
    PID:1624
- - C:\Windows\SysWOW64\regedit.exe
    "C:\Windows\System32\regedit.exe" /s 634.reg
    3⤵
    - Adds Run key to start application
    - Runs .reg file with regedit
    PID:1312

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\gsf9A3\103.reg

Filesize
153B

MD5
35161f807c62c77f88525901661c191a

SHA1
b6961bd44a57519dfdcb9a0d5ca6828538354599

SHA256
406f49e937654dee6b92d6f59b1e382193d4c3fc243122309222e577037b2f4f

SHA512
660c52ac9880caeac121e13f4b057986f07e380ad5d5c0e6e4a1ac2eeaa9af965d64f3604f3e367d95643ad9b5213a1a9e1e970dd54bebffba95eae30084b83a

Download Submit
C:\Users\Admin\AppData\Local\Temp\gsf9A3\141.reg

Filesize
153B

MD5
35161f807c62c77f88525901661c191a

SHA1
b6961bd44a57519dfdcb9a0d5ca6828538354599

SHA256
406f49e937654dee6b92d6f59b1e382193d4c3fc243122309222e577037b2f4f

SHA512
660c52ac9880caeac121e13f4b057986f07e380ad5d5c0e6e4a1ac2eeaa9af965d64f3604f3e367d95643ad9b5213a1a9e1e970dd54bebffba95eae30084b83a

Download Submit
C:\Users\Admin\AppData\Local\Temp\gsf9A3\156.reg

Filesize
153B

MD5
35161f807c62c77f88525901661c191a

SHA1
b6961bd44a57519dfdcb9a0d5ca6828538354599

SHA256
406f49e937654dee6b92d6f59b1e382193d4c3fc243122309222e577037b2f4f

SHA512
660c52ac9880caeac121e13f4b057986f07e380ad5d5c0e6e4a1ac2eeaa9af965d64f3604f3e367d95643ad9b5213a1a9e1e970dd54bebffba95eae30084b83a

Download Submit
C:\Users\Admin\AppData\Local\Temp\gsf9A3\158.reg

Filesize
153B

MD5
35161f807c62c77f88525901661c191a

SHA1
b6961bd44a57519dfdcb9a0d5ca6828538354599

SHA256
406f49e937654dee6b92d6f59b1e382193d4c3fc243122309222e577037b2f4f

SHA512
660c52ac9880caeac121e13f4b057986f07e380ad5d5c0e6e4a1ac2eeaa9af965d64f3604f3e367d95643ad9b5213a1a9e1e970dd54bebffba95eae30084b83a

Download Submit
C:\Users\Admin\AppData\Local\Temp\gsf9A3\204.reg

Filesize
153B

MD5
35161f807c62c77f88525901661c191a

SHA1
b6961bd44a57519dfdcb9a0d5ca6828538354599

SHA256
406f49e937654dee6b92d6f59b1e382193d4c3fc243122309222e577037b2f4f

SHA512
660c52ac9880caeac121e13f4b057986f07e380ad5d5c0e6e4a1ac2eeaa9af965d64f3604f3e367d95643ad9b5213a1a9e1e970dd54bebffba95eae30084b83a

Download Submit
C:\Users\Admin\AppData\Local\Temp\gsf9A3\214.reg

Filesize
153B

MD5
35161f807c62c77f88525901661c191a

SHA1
b6961bd44a57519dfdcb9a0d5ca6828538354599

SHA256
406f49e937654dee6b92d6f59b1e382193d4c3fc243122309222e577037b2f4f

SHA512
660c52ac9880caeac121e13f4b057986f07e380ad5d5c0e6e4a1ac2eeaa9af965d64f3604f3e367d95643ad9b5213a1a9e1e970dd54bebffba95eae30084b83a

Download Submit
C:\Users\Admin\AppData\Local\Temp\gsf9A3\216.reg

Filesize
153B

MD5
35161f807c62c77f88525901661c191a

SHA1
b6961bd44a57519dfdcb9a0d5ca6828538354599

SHA256
406f49e937654dee6b92d6f59b1e382193d4c3fc243122309222e577037b2f4f

SHA512
660c52ac9880caeac121e13f4b057986f07e380ad5d5c0e6e4a1ac2eeaa9af965d64f3604f3e367d95643ad9b5213a1a9e1e970dd54bebffba95eae30084b83a

Download Submit
C:\Users\Admin\AppData\Local\Temp\gsf9A3\252.reg

Filesize
153B

MD5
35161f807c62c77f88525901661c191a

SHA1
b6961bd44a57519dfdcb9a0d5ca6828538354599

SHA256
406f49e937654dee6b92d6f59b1e382193d4c3fc243122309222e577037b2f4f

SHA512
660c52ac9880caeac121e13f4b057986f07e380ad5d5c0e6e4a1ac2eeaa9af965d64f3604f3e367d95643ad9b5213a1a9e1e970dd54bebffba95eae30084b83a

Download Submit
C:\Users\Admin\AppData\Local\Temp\gsf9A3\273.reg

Filesize
153B

MD5
35161f807c62c77f88525901661c191a

SHA1
b6961bd44a57519dfdcb9a0d5ca6828538354599

SHA256
406f49e937654dee6b92d6f59b1e382193d4c3fc243122309222e577037b2f4f

SHA512
660c52ac9880caeac121e13f4b057986f07e380ad5d5c0e6e4a1ac2eeaa9af965d64f3604f3e367d95643ad9b5213a1a9e1e970dd54bebffba95eae30084b83a

Download Submit
C:\Users\Admin\AppData\Local\Temp\gsf9A3\311.reg

Filesize
153B

MD5
35161f807c62c77f88525901661c191a

SHA1
b6961bd44a57519dfdcb9a0d5ca6828538354599

SHA256
406f49e937654dee6b92d6f59b1e382193d4c3fc243122309222e577037b2f4f

SHA512
660c52ac9880caeac121e13f4b057986f07e380ad5d5c0e6e4a1ac2eeaa9af965d64f3604f3e367d95643ad9b5213a1a9e1e970dd54bebffba95eae30084b83a

Download Submit
C:\Users\Admin\AppData\Local\Temp\gsf9A3\340.reg

Filesize
153B

MD5
35161f807c62c77f88525901661c191a

SHA1
b6961bd44a57519dfdcb9a0d5ca6828538354599

SHA256
406f49e937654dee6b92d6f59b1e382193d4c3fc243122309222e577037b2f4f

SHA512
660c52ac9880caeac121e13f4b057986f07e380ad5d5c0e6e4a1ac2eeaa9af965d64f3604f3e367d95643ad9b5213a1a9e1e970dd54bebffba95eae30084b83a

Download Submit
C:\Users\Admin\AppData\Local\Temp\gsf9A3\353.reg

Filesize
153B

MD5
35161f807c62c77f88525901661c191a

SHA1
b6961bd44a57519dfdcb9a0d5ca6828538354599

SHA256
406f49e937654dee6b92d6f59b1e382193d4c3fc243122309222e577037b2f4f

SHA512
660c52ac9880caeac121e13f4b057986f07e380ad5d5c0e6e4a1ac2eeaa9af965d64f3604f3e367d95643ad9b5213a1a9e1e970dd54bebffba95eae30084b83a

Download Submit
C:\Users\Admin\AppData\Local\Temp\gsf9A3\357.reg

Filesize
153B

MD5
35161f807c62c77f88525901661c191a

SHA1
b6961bd44a57519dfdcb9a0d5ca6828538354599

SHA256
406f49e937654dee6b92d6f59b1e382193d4c3fc243122309222e577037b2f4f

SHA512
660c52ac9880caeac121e13f4b057986f07e380ad5d5c0e6e4a1ac2eeaa9af965d64f3604f3e367d95643ad9b5213a1a9e1e970dd54bebffba95eae30084b83a

Download Submit
C:\Users\Admin\AppData\Local\Temp\gsf9A3\364.reg

Filesize
153B

MD5
35161f807c62c77f88525901661c191a

SHA1
b6961bd44a57519dfdcb9a0d5ca6828538354599

SHA256
406f49e937654dee6b92d6f59b1e382193d4c3fc243122309222e577037b2f4f

SHA512
660c52ac9880caeac121e13f4b057986f07e380ad5d5c0e6e4a1ac2eeaa9af965d64f3604f3e367d95643ad9b5213a1a9e1e970dd54bebffba95eae30084b83a

Download Submit
C:\Users\Admin\AppData\Local\Temp\gsf9A3\370.reg

Filesize
153B

MD5
35161f807c62c77f88525901661c191a

SHA1
b6961bd44a57519dfdcb9a0d5ca6828538354599

SHA256
406f49e937654dee6b92d6f59b1e382193d4c3fc243122309222e577037b2f4f

SHA512
660c52ac9880caeac121e13f4b057986f07e380ad5d5c0e6e4a1ac2eeaa9af965d64f3604f3e367d95643ad9b5213a1a9e1e970dd54bebffba95eae30084b83a

Download Submit
C:\Users\Admin\AppData\Local\Temp\gsf9A3\380.reg

Filesize
153B

MD5
35161f807c62c77f88525901661c191a

SHA1
b6961bd44a57519dfdcb9a0d5ca6828538354599

SHA256
406f49e937654dee6b92d6f59b1e382193d4c3fc243122309222e577037b2f4f

SHA512
660c52ac9880caeac121e13f4b057986f07e380ad5d5c0e6e4a1ac2eeaa9af965d64f3604f3e367d95643ad9b5213a1a9e1e970dd54bebffba95eae30084b83a

Download Submit
C:\Users\Admin\AppData\Local\Temp\gsf9A3\417.reg

Filesize
153B

MD5
35161f807c62c77f88525901661c191a

SHA1
b6961bd44a57519dfdcb9a0d5ca6828538354599

SHA256
406f49e937654dee6b92d6f59b1e382193d4c3fc243122309222e577037b2f4f

SHA512
660c52ac9880caeac121e13f4b057986f07e380ad5d5c0e6e4a1ac2eeaa9af965d64f3604f3e367d95643ad9b5213a1a9e1e970dd54bebffba95eae30084b83a

Download Submit
C:\Users\Admin\AppData\Local\Temp\gsf9A3\426.reg

Filesize
153B

MD5
35161f807c62c77f88525901661c191a

SHA1
b6961bd44a57519dfdcb9a0d5ca6828538354599

SHA256
406f49e937654dee6b92d6f59b1e382193d4c3fc243122309222e577037b2f4f

SHA512
660c52ac9880caeac121e13f4b057986f07e380ad5d5c0e6e4a1ac2eeaa9af965d64f3604f3e367d95643ad9b5213a1a9e1e970dd54bebffba95eae30084b83a

Download Submit
C:\Users\Admin\AppData\Local\Temp\gsf9A3\429.reg

Filesize
153B

MD5
35161f807c62c77f88525901661c191a

SHA1
b6961bd44a57519dfdcb9a0d5ca6828538354599

SHA256
406f49e937654dee6b92d6f59b1e382193d4c3fc243122309222e577037b2f4f

SHA512
660c52ac9880caeac121e13f4b057986f07e380ad5d5c0e6e4a1ac2eeaa9af965d64f3604f3e367d95643ad9b5213a1a9e1e970dd54bebffba95eae30084b83a

Download Submit
C:\Users\Admin\AppData\Local\Temp\gsf9A3\447.reg

Filesize
153B

MD5
35161f807c62c77f88525901661c191a

SHA1
b6961bd44a57519dfdcb9a0d5ca6828538354599

SHA256
406f49e937654dee6b92d6f59b1e382193d4c3fc243122309222e577037b2f4f

SHA512
660c52ac9880caeac121e13f4b057986f07e380ad5d5c0e6e4a1ac2eeaa9af965d64f3604f3e367d95643ad9b5213a1a9e1e970dd54bebffba95eae30084b83a

Download Submit
C:\Users\Admin\AppData\Local\Temp\gsf9A3\489.reg

Filesize
153B

MD5
35161f807c62c77f88525901661c191a

SHA1
b6961bd44a57519dfdcb9a0d5ca6828538354599

SHA256
406f49e937654dee6b92d6f59b1e382193d4c3fc243122309222e577037b2f4f

SHA512
660c52ac9880caeac121e13f4b057986f07e380ad5d5c0e6e4a1ac2eeaa9af965d64f3604f3e367d95643ad9b5213a1a9e1e970dd54bebffba95eae30084b83a

Download Submit
C:\Users\Admin\AppData\Local\Temp\gsf9A3\515.reg

Filesize
153B

MD5
35161f807c62c77f88525901661c191a

SHA1
b6961bd44a57519dfdcb9a0d5ca6828538354599

SHA256
406f49e937654dee6b92d6f59b1e382193d4c3fc243122309222e577037b2f4f

SHA512
660c52ac9880caeac121e13f4b057986f07e380ad5d5c0e6e4a1ac2eeaa9af965d64f3604f3e367d95643ad9b5213a1a9e1e970dd54bebffba95eae30084b83a

Download Submit
C:\Users\Admin\AppData\Local\Temp\gsf9A3\581.reg

Filesize
153B

MD5
35161f807c62c77f88525901661c191a

SHA1
b6961bd44a57519dfdcb9a0d5ca6828538354599

SHA256
406f49e937654dee6b92d6f59b1e382193d4c3fc243122309222e577037b2f4f

SHA512
660c52ac9880caeac121e13f4b057986f07e380ad5d5c0e6e4a1ac2eeaa9af965d64f3604f3e367d95643ad9b5213a1a9e1e970dd54bebffba95eae30084b83a

Download Submit
C:\Users\Admin\AppData\Local\Temp\gsf9A3\624.reg

Filesize
153B

MD5
35161f807c62c77f88525901661c191a

SHA1
b6961bd44a57519dfdcb9a0d5ca6828538354599

SHA256
406f49e937654dee6b92d6f59b1e382193d4c3fc243122309222e577037b2f4f

SHA512
660c52ac9880caeac121e13f4b057986f07e380ad5d5c0e6e4a1ac2eeaa9af965d64f3604f3e367d95643ad9b5213a1a9e1e970dd54bebffba95eae30084b83a

Download Submit
C:\Users\Admin\AppData\Local\Temp\gsf9A3\630.reg

Filesize
153B

MD5
35161f807c62c77f88525901661c191a

SHA1
b6961bd44a57519dfdcb9a0d5ca6828538354599

SHA256
406f49e937654dee6b92d6f59b1e382193d4c3fc243122309222e577037b2f4f

SHA512
660c52ac9880caeac121e13f4b057986f07e380ad5d5c0e6e4a1ac2eeaa9af965d64f3604f3e367d95643ad9b5213a1a9e1e970dd54bebffba95eae30084b83a

Download Submit
C:\Users\Admin\AppData\Local\Temp\gsf9A3\651.reg

Filesize
153B

MD5
35161f807c62c77f88525901661c191a

SHA1
b6961bd44a57519dfdcb9a0d5ca6828538354599

SHA256
406f49e937654dee6b92d6f59b1e382193d4c3fc243122309222e577037b2f4f

SHA512
660c52ac9880caeac121e13f4b057986f07e380ad5d5c0e6e4a1ac2eeaa9af965d64f3604f3e367d95643ad9b5213a1a9e1e970dd54bebffba95eae30084b83a

Download Submit
C:\Users\Admin\AppData\Local\Temp\gsf9A3\702.reg

Filesize
153B

MD5
35161f807c62c77f88525901661c191a

SHA1
b6961bd44a57519dfdcb9a0d5ca6828538354599

SHA256
406f49e937654dee6b92d6f59b1e382193d4c3fc243122309222e577037b2f4f

SHA512
660c52ac9880caeac121e13f4b057986f07e380ad5d5c0e6e4a1ac2eeaa9af965d64f3604f3e367d95643ad9b5213a1a9e1e970dd54bebffba95eae30084b83a

Download Submit
C:\Users\Admin\AppData\Local\Temp\gsf9A3\729.reg

Filesize
153B

MD5
35161f807c62c77f88525901661c191a

SHA1
b6961bd44a57519dfdcb9a0d5ca6828538354599

SHA256
406f49e937654dee6b92d6f59b1e382193d4c3fc243122309222e577037b2f4f

SHA512
660c52ac9880caeac121e13f4b057986f07e380ad5d5c0e6e4a1ac2eeaa9af965d64f3604f3e367d95643ad9b5213a1a9e1e970dd54bebffba95eae30084b83a

Download Submit
C:\Users\Admin\AppData\Local\Temp\gsf9A3\729.reg

Filesize
306B

MD5
2335c1d3d8db01bfae5b86927eedd4fb

SHA1
40b090dd0901115d849129c4cb322cdacc7acb96

SHA256
89101cf46c6e7a04cf9582cca4e50976b014608ad140ddca2a7945160daf8610

SHA512
4098e19f30e72bf6a6807850fbfa100f2bd7d8ead5afc8061e2112886aa623d978379069c22aaa2cbc566b04084d403d798740f5da7a6bfa9c38defd286dda89

Download Submit
C:\Users\Admin\AppData\Local\Temp\gsf9A3\732.reg

Filesize
153B

MD5
35161f807c62c77f88525901661c191a

SHA1
b6961bd44a57519dfdcb9a0d5ca6828538354599

SHA256
406f49e937654dee6b92d6f59b1e382193d4c3fc243122309222e577037b2f4f

SHA512
660c52ac9880caeac121e13f4b057986f07e380ad5d5c0e6e4a1ac2eeaa9af965d64f3604f3e367d95643ad9b5213a1a9e1e970dd54bebffba95eae30084b83a

Download Submit
C:\Users\Admin\AppData\Local\Temp\gsf9A3\753.reg

Filesize
153B

MD5
35161f807c62c77f88525901661c191a

SHA1
b6961bd44a57519dfdcb9a0d5ca6828538354599

SHA256
406f49e937654dee6b92d6f59b1e382193d4c3fc243122309222e577037b2f4f

SHA512
660c52ac9880caeac121e13f4b057986f07e380ad5d5c0e6e4a1ac2eeaa9af965d64f3604f3e367d95643ad9b5213a1a9e1e970dd54bebffba95eae30084b83a

Download Submit
C:\Users\Admin\AppData\Local\Temp\gsf9A3\758.reg

Filesize
153B

MD5
35161f807c62c77f88525901661c191a

SHA1
b6961bd44a57519dfdcb9a0d5ca6828538354599

SHA256
406f49e937654dee6b92d6f59b1e382193d4c3fc243122309222e577037b2f4f

SHA512
660c52ac9880caeac121e13f4b057986f07e380ad5d5c0e6e4a1ac2eeaa9af965d64f3604f3e367d95643ad9b5213a1a9e1e970dd54bebffba95eae30084b83a

Download Submit
C:\Users\Admin\AppData\Local\Temp\gsf9A3\759.reg

Filesize
153B

MD5
35161f807c62c77f88525901661c191a

SHA1
b6961bd44a57519dfdcb9a0d5ca6828538354599

SHA256
406f49e937654dee6b92d6f59b1e382193d4c3fc243122309222e577037b2f4f

SHA512
660c52ac9880caeac121e13f4b057986f07e380ad5d5c0e6e4a1ac2eeaa9af965d64f3604f3e367d95643ad9b5213a1a9e1e970dd54bebffba95eae30084b83a

Download Submit
C:\Users\Admin\AppData\Local\Temp\gsf9A3\772.reg

Filesize
153B

MD5
35161f807c62c77f88525901661c191a

SHA1
b6961bd44a57519dfdcb9a0d5ca6828538354599

SHA256
406f49e937654dee6b92d6f59b1e382193d4c3fc243122309222e577037b2f4f

SHA512
660c52ac9880caeac121e13f4b057986f07e380ad5d5c0e6e4a1ac2eeaa9af965d64f3604f3e367d95643ad9b5213a1a9e1e970dd54bebffba95eae30084b83a

Download Submit
C:\Users\Admin\AppData\Local\Temp\gsf9A3\772.reg

Filesize
153B

MD5
35161f807c62c77f88525901661c191a

SHA1
b6961bd44a57519dfdcb9a0d5ca6828538354599

SHA256
406f49e937654dee6b92d6f59b1e382193d4c3fc243122309222e577037b2f4f

SHA512
660c52ac9880caeac121e13f4b057986f07e380ad5d5c0e6e4a1ac2eeaa9af965d64f3604f3e367d95643ad9b5213a1a9e1e970dd54bebffba95eae30084b83a

Download Submit
C:\Users\Admin\AppData\Local\Temp\gsf9A3\864.reg

Filesize
153B

MD5
35161f807c62c77f88525901661c191a

SHA1
b6961bd44a57519dfdcb9a0d5ca6828538354599

SHA256
406f49e937654dee6b92d6f59b1e382193d4c3fc243122309222e577037b2f4f

SHA512
660c52ac9880caeac121e13f4b057986f07e380ad5d5c0e6e4a1ac2eeaa9af965d64f3604f3e367d95643ad9b5213a1a9e1e970dd54bebffba95eae30084b83a

Download Submit
C:\Users\Admin\AppData\Local\Temp\gsf9A3\869.reg

Filesize
153B

MD5
35161f807c62c77f88525901661c191a

SHA1
b6961bd44a57519dfdcb9a0d5ca6828538354599

SHA256
406f49e937654dee6b92d6f59b1e382193d4c3fc243122309222e577037b2f4f

SHA512
660c52ac9880caeac121e13f4b057986f07e380ad5d5c0e6e4a1ac2eeaa9af965d64f3604f3e367d95643ad9b5213a1a9e1e970dd54bebffba95eae30084b83a

Download Submit
C:\Users\Admin\AppData\Local\Temp\gsf9A3\876.reg

Filesize
153B

MD5
35161f807c62c77f88525901661c191a

SHA1
b6961bd44a57519dfdcb9a0d5ca6828538354599

SHA256
406f49e937654dee6b92d6f59b1e382193d4c3fc243122309222e577037b2f4f

SHA512
660c52ac9880caeac121e13f4b057986f07e380ad5d5c0e6e4a1ac2eeaa9af965d64f3604f3e367d95643ad9b5213a1a9e1e970dd54bebffba95eae30084b83a

Download Submit
C:\Users\Admin\AppData\Local\Temp\gsf9A3\886.reg

Filesize
153B

MD5
35161f807c62c77f88525901661c191a

SHA1
b6961bd44a57519dfdcb9a0d5ca6828538354599

SHA256
406f49e937654dee6b92d6f59b1e382193d4c3fc243122309222e577037b2f4f

SHA512
660c52ac9880caeac121e13f4b057986f07e380ad5d5c0e6e4a1ac2eeaa9af965d64f3604f3e367d95643ad9b5213a1a9e1e970dd54bebffba95eae30084b83a

Download Submit
C:\Users\Admin\AppData\Local\Temp\gsf9A3\919.reg

Filesize
153B

MD5
35161f807c62c77f88525901661c191a

SHA1
b6961bd44a57519dfdcb9a0d5ca6828538354599

SHA256
406f49e937654dee6b92d6f59b1e382193d4c3fc243122309222e577037b2f4f

SHA512
660c52ac9880caeac121e13f4b057986f07e380ad5d5c0e6e4a1ac2eeaa9af965d64f3604f3e367d95643ad9b5213a1a9e1e970dd54bebffba95eae30084b83a

Download Submit
C:\Users\Admin\AppData\Local\Temp\gsf9A3\933.reg

Filesize
153B

MD5
35161f807c62c77f88525901661c191a

SHA1
b6961bd44a57519dfdcb9a0d5ca6828538354599

SHA256
406f49e937654dee6b92d6f59b1e382193d4c3fc243122309222e577037b2f4f

SHA512
660c52ac9880caeac121e13f4b057986f07e380ad5d5c0e6e4a1ac2eeaa9af965d64f3604f3e367d95643ad9b5213a1a9e1e970dd54bebffba95eae30084b83a

Download Submit
C:\Users\Admin\AppData\Local\Temp\gsf9A3\943.reg

Filesize
153B

MD5
35161f807c62c77f88525901661c191a

SHA1
b6961bd44a57519dfdcb9a0d5ca6828538354599

SHA256
406f49e937654dee6b92d6f59b1e382193d4c3fc243122309222e577037b2f4f

SHA512
660c52ac9880caeac121e13f4b057986f07e380ad5d5c0e6e4a1ac2eeaa9af965d64f3604f3e367d95643ad9b5213a1a9e1e970dd54bebffba95eae30084b83a

Download Submit
C:\Users\Admin\AppData\Local\Temp\gsf9A3\966.reg

Filesize
153B

MD5
35161f807c62c77f88525901661c191a

SHA1
b6961bd44a57519dfdcb9a0d5ca6828538354599

SHA256
406f49e937654dee6b92d6f59b1e382193d4c3fc243122309222e577037b2f4f

SHA512
660c52ac9880caeac121e13f4b057986f07e380ad5d5c0e6e4a1ac2eeaa9af965d64f3604f3e367d95643ad9b5213a1a9e1e970dd54bebffba95eae30084b83a

Download Submit
C:\Users\Admin\AppData\Local\Temp\gsf9A3\989.reg

Filesize
153B

MD5
35161f807c62c77f88525901661c191a

SHA1
b6961bd44a57519dfdcb9a0d5ca6828538354599

SHA256
406f49e937654dee6b92d6f59b1e382193d4c3fc243122309222e577037b2f4f

SHA512
660c52ac9880caeac121e13f4b057986f07e380ad5d5c0e6e4a1ac2eeaa9af965d64f3604f3e367d95643ad9b5213a1a9e1e970dd54bebffba95eae30084b83a

Download Submit
C:\Users\Admin\AppData\Local\Temp\gsf9A3\liteon.exe

Filesize
1.7MB

MD5
8ec1dc41329c12c454595fbfd39f88c2

SHA1
81aaa39802905c8b3ee132c978ddb3cc3f3db1b5

SHA256
8d5b02d29deaf800edf09adc815823f736569041a71d78217acf72444eae9264

SHA512
56d8f00dfadc9fbdca948d88e9b2fd6e8f8f19fb0c730ca1001b11f5c86e74ece0c8fbf4dc15fda644145a17412a53d8bf09458d621721210eb5b179ebc5ac99

Download Submit
C:\Users\Admin\AppData\Local\Temp\gsf9A3\liteon.exe

Filesize
1.7MB

MD5
8ec1dc41329c12c454595fbfd39f88c2

SHA1
81aaa39802905c8b3ee132c978ddb3cc3f3db1b5

SHA256
8d5b02d29deaf800edf09adc815823f736569041a71d78217acf72444eae9264

SHA512
56d8f00dfadc9fbdca948d88e9b2fd6e8f8f19fb0c730ca1001b11f5c86e74ece0c8fbf4dc15fda644145a17412a53d8bf09458d621721210eb5b179ebc5ac99

Download Submit
C:\Users\Admin\AppData\Local\Temp\gsf9A3\m4x[1]

Filesize
17KB

MD5
b0c00d9d69c51a87d488c451a98c8efb

SHA1
1fd4233b61136acec1df2dc76b372b3742885f6c

SHA256
80b12effc3ef53c6fbacbb53ed2fdd1508fac8b836ba1b34203641a4d5454a48

SHA512
2f7375d25f7deb04bc2c70890f61916b4edf2a8afd6ad0fdcc71232dd03b21630178294bf298fe531a5dc7664b0cbe4d3be3cfadf930d570f5870ffba7b26e8b

Download Submit
C:\Users\Admin\AppData\Local\Temp\gsf9A3\m4x[2]

Filesize
7KB

MD5
1116c11d6186d7f534c0f9df7f877aed

SHA1
fce93ef41d46ac411476afa36d13e02c1f22acce

SHA256
f702e81d85e458bd3533fbb4f406b7766730c14a8dbdaa1708f80358988beac6

SHA512
32cf8506674b064be4084f411ee331bd8b3470b8e8a176cea7f0de5055d4d2427f6c12483cba20e07168db84ddb1d3237343e0afe56589415d50dad393de71c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\gsf9A3\m4x[3]

Filesize
1KB

MD5
4bbf3cf4b9878143d3140000bc623866

SHA1
84ff6a945bd887c0aa4dd0d13ba618eb95c97d7f

SHA256
087fd3bcd5656d1e682c5bf79a6879a8d93b8bea4d6769e4a1ec81bce4173528

SHA512
6aca45691f7e34fe8f1123455a60385ea32290af0ee2377c9b153a4133b8164c8a2d7efb3d5d47ced57adddb9c473a5113e35e2761921852893d0a2730bb5289

Download Submit
C:\Users\Admin\AppData\Local\Temp\gsf9A3\m4x[4]

Filesize
3KB

MD5
cfcd22525d903c1e2500b47b436be6d1

SHA1
8eea0ebbb34be995aacb6f889a99375ba70200d7

SHA256
e745ca63742b95d705d3a4b204b9b51a43988fb76a210780c4d2ff89f25b5986

SHA512
bee508e554208e79c77710991ea9236a68f5ac3a2e1148ee52b7b50de82f4959bbde3c7cf1cc8152972bb9c65c28a54ee6ac68bc7bfcc87acfbad384f76f3499

Download Submit
C:\Users\Admin\AppData\Local\Temp\gsf9A3\m4x[5]

Filesize
1KB

MD5
ddafb3dfa23b35a9c5726da3b389e4be

SHA1
384acf1498b7494f7a318e9e54df615103f03b91

SHA256
f8d623d87658a737039228f97a3e2aa3b2718a386dab5c9965ca7e037eb05d38

SHA512
f110e21dbaa427b90e7045dfe06146153c3365332cf2185a6c215a52a0933d0a05112e8f780b6483d56752df036d37f148c6f578d303433dd3fd46ca9a0410a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\gsf9A3\m4x[6]

Filesize
2KB

MD5
ba809308ed3c77a9a0fb19a9b20766b7

SHA1
a0047901e67e636810bdecf3d8b2f566696180f2

SHA256
ad843b5da64db145044a8e52a771c5ed9ede6d157bf24566d32cab8eb5f9a375

SHA512
a0eb14f090ca5f0686c8cd1528341b22c2a739caf8e0052011f6a5e2a22ad3be6645e0d3afed0c9182efd07c565311a2c9e4c08a3f9843b17848d6b018be0e38

Download Submit
C:\Users\Admin\AppData\Local\Temp\gsf9A3\m4x[7]

Filesize
1KB

MD5
fb9e00befb067e32c029bbf08c39c89b

SHA1
22b8562b773be889a959dba317225e5a973fe223

SHA256
1520fa7b475517fc3114f4102f90f44a90c1162ea0ed524db583700814c3b4fe

SHA512
5f15074f937f5cd92178ac317654609cfba47d0d56176a33ebfb86cba13f706935d2409e38c7011027c0bda89c577e6574ebfaae337b2b04735e17b0f63ca5eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\gsf9A3\m4x[c]

Filesize
730B

MD5
860103ef2d72e88a505d80311e32b75b

SHA1
2d8fce81014bd9a8007dba61a37d066c209a499c

SHA256
46edec67641f6cd1a1c2a3ef564898cad962c1917b5cedf364f0dc083488f1cb

SHA512
58f660b33b05332780334730669ab7429930e3920d43369b8f5a108c3835c06a0be89b7c6c97fd92ebb0f0b364c6ebd8cf616c2245ec82483ca59dc45e22f861

Download Submit
C:\Users\Admin\AppData\Local\Temp\gsf9A3\m4x[o]

Filesize
228B

MD5
69013be7da708d3c1577da1137fcd826

SHA1
ac214cf92e324ab7fd956cc891a1a6e7c14c1b62

SHA256
53093e81c86715249203ab50006e2d06a3fdab0bcd19ea888f8e12b92a244af2

SHA512
a495e85a27810363ba1b3157efa6c7259b369e7e20aae77f324a755a3e014a384ba3416223c33532c6232e7002670034b35806c582de7b2eff6cc69aec7f340b

Download Submit
C:\Users\Admin\AppData\Local\Temp\gsf9A3\m4x[x]

Filesize
11KB

MD5
24607edbf45b1106bec6fe27ce95086d

SHA1
dd5f71e541c47d14335d73e25099d9030b1f06ec

SHA256
36ed389f258812df146190ed03796581ebeeadc00abf878c44566b9ed3ff83c6

SHA512
443c4f710dda6bf41aa565299c0390cac7d7ba7128e3eeb69848204345c7d92f08cdc95666350ef054477740dca0374537c42a51bd4f74de7222b67363bcfe0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\gsf9A3\mirc.ini

Filesize
3KB

MD5
5d3fa401e325341b59e5a97936025e20

SHA1
d2ccebbd059b1f5569fa9d78de8e4186cc6a6085

SHA256
0d3e5c5ef377db83b08771a22b4ff6bfed83a36587cbff1f4ae6501a9a25e776

SHA512
5cc2e37e3e4ec90c0685bd9980e661d08215af7c8469ac12a2250f5733e681b59fae186a548d3d982fc0b64adb9f25398fddc59e8caa2fc8b479c5ca47c76217

Download Submit
C:\Users\Admin\AppData\Local\Temp\gsf9A3\remote.ini

Filesize
81B

MD5
4982e0dcde67cb9ba488a04cbbbf176d

SHA1
57e749b485865c53a222e921e5bdc1eee0bd0b13

SHA256
17696e81d99fb93a33a1d1917557b7950f67816dc5568ae3b334c33361619562

SHA512
a33def970e9d8fecf51b17c8992de2086a808740bd216d23b7e0d012eecc3f1f8ac41121d92f22bf35d7f58aa4c24e1c5774f6a639f9db04f0f3f608f232ab44

Download Submit
C:\Users\Admin\AppData\Local\Temp\gsf9A3\systemac.dll

Filesize
28KB

MD5
2db18780ea5d7ff0d3cf0de32b844164

SHA1
d277db0b9f9374ce19eaba4aa82d4ae8dc5d3b11

SHA256
a5531baa8f74e3e6c46321c9c0add4b1de118887b16b91d29ca875a5b7bbabc2

SHA512
e0bedeb7497a104bc62162bfcb01b242685e550f5e3913b0eea8c715b25615de5c52dc0521fed84dc3ceb41dbb5b23d53af44654c91b66ee6e19a0d2d27e0a50

Download Submit
\Users\Admin\AppData\Local\Temp\GS906.tmp

Filesize
44KB

MD5
7d46ea623eba5073b7e3a2834fe58cc9

SHA1
29ad585cdf812c92a7f07ab2e124a0d2721fe727

SHA256
4ebf13835a117a2551d80352ca532f6596e6f2729e41b3de7015db558429dea5

SHA512
a1e5724d035debf31b1b1be45e3dc8432428b7893d2bfc8611571abbf3bcd9f08cb36f585671a8a2baa6bcf7f4b4fe39ba60417631897b4e4154561b396947ca

Download Submit
\Users\Admin\AppData\Local\Temp\gsf9A3\liteon.exe

Filesize
1.7MB

MD5
8ec1dc41329c12c454595fbfd39f88c2

SHA1
81aaa39802905c8b3ee132c978ddb3cc3f3db1b5

SHA256
8d5b02d29deaf800edf09adc815823f736569041a71d78217acf72444eae9264

SHA512
56d8f00dfadc9fbdca948d88e9b2fd6e8f8f19fb0c730ca1001b11f5c86e74ece0c8fbf4dc15fda644145a17412a53d8bf09458d621721210eb5b179ebc5ac99

Download Submit
\Users\Admin\AppData\Local\Temp\gsf9A3\liteon.exe

Filesize
1.7MB

MD5
8ec1dc41329c12c454595fbfd39f88c2

SHA1
81aaa39802905c8b3ee132c978ddb3cc3f3db1b5

SHA256
8d5b02d29deaf800edf09adc815823f736569041a71d78217acf72444eae9264

SHA512
56d8f00dfadc9fbdca948d88e9b2fd6e8f8f19fb0c730ca1001b11f5c86e74ece0c8fbf4dc15fda644145a17412a53d8bf09458d621721210eb5b179ebc5ac99

Download Submit
\Users\Admin\AppData\Local\Temp\gsf9A3\liteon.exe

Filesize
1.7MB

MD5
8ec1dc41329c12c454595fbfd39f88c2

SHA1
81aaa39802905c8b3ee132c978ddb3cc3f3db1b5

SHA256
8d5b02d29deaf800edf09adc815823f736569041a71d78217acf72444eae9264

SHA512
56d8f00dfadc9fbdca948d88e9b2fd6e8f8f19fb0c730ca1001b11f5c86e74ece0c8fbf4dc15fda644145a17412a53d8bf09458d621721210eb5b179ebc5ac99

Download Submit
\Users\Admin\AppData\Local\Temp\gsf9A3\systemac.dll

Filesize
28KB

MD5
2db18780ea5d7ff0d3cf0de32b844164

SHA1
d277db0b9f9374ce19eaba4aa82d4ae8dc5d3b11

SHA256
a5531baa8f74e3e6c46321c9c0add4b1de118887b16b91d29ca875a5b7bbabc2

SHA512
e0bedeb7497a104bc62162bfcb01b242685e550f5e3913b0eea8c715b25615de5c52dc0521fed84dc3ceb41dbb5b23d53af44654c91b66ee6e19a0d2d27e0a50

Download Submit
memory/1396-55-0x00000000760E1000-0x00000000760E3000-memory.dmp

Filesize
8KB

Download