cc8aadd479d95364429457b2911f166f48c396bee21e5a77316101674b0ad8f1

Analysis

max time kernel
406s
max time network
409s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
19-01-2023 17:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SystemUtilities.exe
Size

7.8MB
MD5

133af41cfec522b7f583fcf77be37b1a
SHA1

50fde70e193eeea8d15c13dfc62cdcb4cbc2bcd0
SHA256

cc8aadd479d95364429457b2911f166f48c396bee21e5a77316101674b0ad8f1
SHA512

714baab2cbc51069b1c3cd47531727916ab9405174021ae2dbe2eabebe96e6abc77fef8b4f4ceccac61eff70487f10e87208294f58f683964dee5830d504b64d
SSDEEP

196608:JCXg6nbZkgUb74kWg/KrviA3YuC1HmkNCTcOPVftbnc:SgmZkr73SvQ7gkYT7Pttrc

Score

8^/10

discovery

Malware Config

Signatures

Executes dropped EXE 3 IoCs

Processes:

SystemUtilities.tmpSystemUtilities.exesHelper.exe

pid process

1900 SystemUtilities.tmp
1800 SystemUtilities.exe
2008 sHelper.exe
Loads dropped DLL 6 IoCs

Processes:

SystemUtilities.exeSystemUtilities.tmpSystemUtilities.exe

pid process

1988 SystemUtilities.exe
1900 SystemUtilities.tmp
1900 SystemUtilities.tmp
1800 SystemUtilities.exe
1800 SystemUtilities.exe
1800 SystemUtilities.exe
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

pid	process
1900	SystemUtilities.tmp
1800	SystemUtilities.exe
2008	sHelper.exe

pid	process
1988	SystemUtilities.exe
1900	SystemUtilities.tmp
1900	SystemUtilities.tmp
1800	SystemUtilities.exe
1800	SystemUtilities.exe
1800	SystemUtilities.exe

Drops file in Program Files directory 64 IoCs

Processes:

SystemUtilities.tmp

description	ioc	process
File created	C:\Program Files (x86)\Pegasun\SystemUtilities\is-QKFGP.tmp	SystemUtilities.tmp
File created	C:\Program Files (x86)\Pegasun\SystemUtilities\bin\lang\is-COVL6.tmp	SystemUtilities.tmp
File created	C:\Program Files (x86)\Pegasun\SystemUtilities\bin\lang\flags\is-6PI9R.tmp	SystemUtilities.tmp
File opened for modification	C:\Program Files (x86)\Pegasun\SystemUtilities\bin\PegasunHelper.dll	SystemUtilities.tmp
File created	C:\Program Files (x86)\Pegasun\SystemUtilities\bin\is-E06CQ.tmp	SystemUtilities.tmp
File created	C:\Program Files (x86)\Pegasun\SystemUtilities\bin\lang\is-3CN9I.tmp	SystemUtilities.tmp
File created	C:\Program Files (x86)\Pegasun\SystemUtilities\bin\lang\de\is-2H05V.tmp	SystemUtilities.tmp
File created	C:\Program Files (x86)\Pegasun\SystemUtilities\bin\is-FGP3H.tmp	SystemUtilities.tmp
File created	C:\Program Files (x86)\Pegasun\SystemUtilities\bin\is-0ATN9.tmp	SystemUtilities.tmp
File created	C:\Program Files (x86)\Pegasun\SystemUtilities\bin\lang\fr\is-E5G8A.tmp	SystemUtilities.tmp
File created	C:\Program Files (x86)\Pegasun\SystemUtilities\bin\lang\pl\is-5JQVO.tmp	SystemUtilities.tmp
File opened for modification	C:\Program Files (x86)\Pegasun\SystemUtilities\unins000.dat	SystemUtilities.tmp
File opened for modification	C:\Program Files (x86)\Pegasun\SystemUtilities\bin\Defragmentor.exe	SystemUtilities.tmp
File opened for modification	C:\Program Files (x86)\Pegasun\SystemUtilities\bin\lang\de\PCCleaner.resources.dll	SystemUtilities.tmp
File opened for modification	C:\Program Files (x86)\Pegasun\SystemUtilities\bin\lang\fr\SystemUtilities.resources.dll	SystemUtilities.tmp
File created	C:\Program Files (x86)\Pegasun\SystemUtilities\bin\is-9QMEI.tmp	SystemUtilities.tmp
File created	C:\Program Files (x86)\Pegasun\SystemUtilities\bin\lang\is-S820Q.tmp	SystemUtilities.tmp
File opened for modification	C:\Program Files (x86)\Pegasun\SystemUtilities\bin\PegasunCD.exe	SystemUtilities.tmp
File created	C:\Program Files (x86)\Pegasun\SystemUtilities\bin\lang\ja\is-1RMCP.tmp	SystemUtilities.tmp
File created	C:\Program Files (x86)\Pegasun\SystemUtilities\bin\lang\de\is-P8KDB.tmp	SystemUtilities.tmp
File created	C:\Program Files (x86)\Pegasun\SystemUtilities\bin\is-OC6VQ.tmp	SystemUtilities.tmp
File created	C:\Program Files (x86)\Pegasun\SystemUtilities\bin\lang\is-U140M.tmp	SystemUtilities.tmp
File created	C:\Program Files (x86)\Pegasun\SystemUtilities\bin\lang\is-KM0QE.tmp	SystemUtilities.tmp
File created	C:\Program Files (x86)\Pegasun\SystemUtilities\bin\lang\flags\is-TAVN6.tmp	SystemUtilities.tmp
File created	C:\Program Files (x86)\Pegasun\SystemUtilities\bin\lang\pl\is-JIIMU.tmp	SystemUtilities.tmp
File created	C:\Program Files (x86)\Pegasun\SystemUtilities\bin\is-T43IJ.tmp	SystemUtilities.tmp
File opened for modification	C:\Program Files (x86)\Pegasun\SystemUtilities\bin\lang\pt\PCCleaner.resources.dll	SystemUtilities.tmp
File created	C:\Program Files (x86)\Pegasun\SystemUtilities\is-8QO1K.tmp	SystemUtilities.tmp
File created	C:\Program Files (x86)\Pegasun\SystemUtilities\bin\is-SD1J1.tmp	SystemUtilities.tmp
File created	C:\Program Files (x86)\Pegasun\SystemUtilities\bin\lang\it\is-UMFBB.tmp	SystemUtilities.tmp
File created	C:\Program Files (x86)\Pegasun\SystemUtilities\bin\lang\it\is-IJLQV.tmp	SystemUtilities.tmp
File opened for modification	C:\Program Files (x86)\Pegasun\SystemUtilities\bin\lang\pl\PCCleaner.resources.dll	SystemUtilities.tmp
File opened for modification	C:\Program Files (x86)\Pegasun\SystemUtilities\bin\ScheduleManager.exe	SystemUtilities.tmp
File created	C:\Program Files (x86)\Pegasun\SystemUtilities\unins000.dat	SystemUtilities.tmp
File created	C:\Program Files (x86)\Pegasun\SystemUtilities\bin\is-HMDPN.tmp	SystemUtilities.tmp
File created	C:\Program Files (x86)\Pegasun\SystemUtilities\bin\lang\flags\is-MLP3M.tmp	SystemUtilities.tmp
File created	C:\Program Files (x86)\Pegasun\SystemUtilities\bin\lang\fr\is-V8TO9.tmp	SystemUtilities.tmp
File opened for modification	C:\Program Files (x86)\Pegasun\SystemUtilities\bin\lang\pl\SystemUtilities.resources.dll	SystemUtilities.tmp
File opened for modification	C:\Program Files (x86)\Pegasun\SystemUtilities\bin\TuneUP.exe	SystemUtilities.tmp
File created	C:\Program Files (x86)\Pegasun\SystemUtilities\bin\is-CROQR.tmp	SystemUtilities.tmp
File created	C:\Program Files (x86)\Pegasun\SystemUtilities\bin\is-NEAEQ.tmp	SystemUtilities.tmp
File created	C:\Program Files (x86)\Pegasun\SystemUtilities\bin\Themes\BackgroundImages\is-DKJUV.tmp	SystemUtilities.tmp
File opened for modification	C:\Program Files (x86)\Pegasun\SystemUtilities\bin\SSU-Settings.exe	SystemUtilities.tmp
File created	C:\Program Files (x86)\Pegasun\SystemUtilities\bin\is-QQ7QU.tmp	SystemUtilities.tmp
File created	C:\Program Files (x86)\Pegasun\SystemUtilities\bin\lang\is-A38CC.tmp	SystemUtilities.tmp
File opened for modification	C:\Program Files (x86)\Pegasun\SystemUtilities\bin\lang\it\SystemUtilities.resources.dll	SystemUtilities.tmp
File opened for modification	C:\Program Files (x86)\Pegasun\SystemUtilities\bin\lang\es\SystemUtilities.resources.dll	SystemUtilities.tmp
File created	C:\Program Files (x86)\Pegasun\SystemUtilities\bin\is-JPGLJ.tmp	SystemUtilities.tmp
File created	C:\Program Files (x86)\Pegasun\SystemUtilities\bin\lang\is-OSO36.tmp	SystemUtilities.tmp
File created	C:\Program Files (x86)\Pegasun\SystemUtilities\bin\lang\flags\is-S1LA9.tmp	SystemUtilities.tmp
File created	C:\Program Files (x86)\Pegasun\SystemUtilities\bin\lang\flags\is-S8UED.tmp	SystemUtilities.tmp
File opened for modification	C:\Program Files (x86)\Pegasun\SystemUtilities\bin\lang\ja\SystemUtilities.resources.dll	SystemUtilities.tmp
File opened for modification	C:\Program Files (x86)\Pegasun\SystemUtilities\bin\lang\ko\PCCleaner.resources.dll	SystemUtilities.tmp
File created	C:\Program Files (x86)\Pegasun\SystemUtilities\is-JH8L2.tmp	SystemUtilities.tmp
File created	C:\Program Files (x86)\Pegasun\SystemUtilities\bin\lang\is-B7KAQ.tmp	SystemUtilities.tmp
File created	C:\Program Files (x86)\Pegasun\SystemUtilities\bin\lang\es\is-O6CHT.tmp	SystemUtilities.tmp
File created	C:\Program Files (x86)\Pegasun\SystemUtilities\bin\lang\pt\is-0A4K4.tmp	SystemUtilities.tmp
File opened for modification	C:\Program Files (x86)\Pegasun\SystemUtilities\bin\RegistryCleaner.exe	SystemUtilities.tmp
File created	C:\Program Files (x86)\Pegasun\SystemUtilities\bin\is-G1DJE.tmp	SystemUtilities.tmp
File created	C:\Program Files (x86)\Pegasun\SystemUtilities\bin\is-AOK46.tmp	SystemUtilities.tmp
File created	C:\Program Files (x86)\Pegasun\SystemUtilities\bin\lang\flags\is-I6NER.tmp	SystemUtilities.tmp
File created	C:\Program Files (x86)\Pegasun\SystemUtilities\bin\lang\tr\is-0A4MT.tmp	SystemUtilities.tmp
File opened for modification	C:\Program Files (x86)\Pegasun\SystemUtilities\bin\ServiceManager.exe	SystemUtilities.tmp
File opened for modification	C:\Program Files (x86)\Pegasun\SystemUtilities\bin\lang\de\SystemUtilities.resources.dll	SystemUtilities.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

SystemUtilities.tmp

pid process

1900 SystemUtilities.tmp
1900 SystemUtilities.tmp
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

SystemUtilities.exe

pid process

1800 SystemUtilities.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

sHelper.exe

description pid process

Token: SeDebugPrivilege 2008 sHelper.exe
Suspicious use of FindShellTrayWindow 2 IoCs

Processes:

SystemUtilities.tmpSystemUtilities.exe

pid process

1900 SystemUtilities.tmp
1800 SystemUtilities.exe
Suspicious use of SendNotifyMessage 1 IoCs

Processes:

SystemUtilities.exe

pid process

1800 SystemUtilities.exe

pid	process
1900	SystemUtilities.tmp
1900	SystemUtilities.tmp

pid	process
1800	SystemUtilities.exe

description	pid	process
Token: SeDebugPrivilege	2008	sHelper.exe

pid	process
1900	SystemUtilities.tmp
1800	SystemUtilities.exe

pid	process
1800	SystemUtilities.exe

Suspicious use of WriteProcessMemory 15 IoCs

Processes:

SystemUtilities.exeSystemUtilities.tmpSystemUtilities.exe

description	pid	process	target process
PID 1988 wrote to memory of 1900	1988	SystemUtilities.exe	SystemUtilities.tmp
PID 1988 wrote to memory of 1900	1988	SystemUtilities.exe	SystemUtilities.tmp
PID 1988 wrote to memory of 1900	1988	SystemUtilities.exe	SystemUtilities.tmp
PID 1988 wrote to memory of 1900	1988	SystemUtilities.exe	SystemUtilities.tmp
PID 1988 wrote to memory of 1900	1988	SystemUtilities.exe	SystemUtilities.tmp
PID 1988 wrote to memory of 1900	1988	SystemUtilities.exe	SystemUtilities.tmp
PID 1988 wrote to memory of 1900	1988	SystemUtilities.exe	SystemUtilities.tmp
PID 1900 wrote to memory of 1800	1900	SystemUtilities.tmp	SystemUtilities.exe
PID 1900 wrote to memory of 1800	1900	SystemUtilities.tmp	SystemUtilities.exe
PID 1900 wrote to memory of 1800	1900	SystemUtilities.tmp	SystemUtilities.exe
PID 1900 wrote to memory of 1800	1900	SystemUtilities.tmp	SystemUtilities.exe
PID 1800 wrote to memory of 2008	1800	SystemUtilities.exe	sHelper.exe
PID 1800 wrote to memory of 2008	1800	SystemUtilities.exe	sHelper.exe
PID 1800 wrote to memory of 2008	1800	SystemUtilities.exe	sHelper.exe
PID 1800 wrote to memory of 2008	1800	SystemUtilities.exe	sHelper.exe

C:\Users\Admin\AppData\Local\Temp\SystemUtilities.exe
"C:\Users\Admin\AppData\Local\Temp\SystemUtilities.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1988

C:\Users\Admin\AppData\Local\Temp\is-4IISC.tmp\SystemUtilities.tmp
"C:\Users\Admin\AppData\Local\Temp\is-4IISC.tmp\SystemUtilities.tmp" /SL5="$6012A,7279327,811008,C:\Users\Admin\AppData\Local\Temp\SystemUtilities.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1900

C:\Program Files (x86)\Pegasun\SystemUtilities\SystemUtilities.exe
"C:\Program Files (x86)\Pegasun\SystemUtilities\SystemUtilities.exe"
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1800

C:\Program Files (x86)\Pegasun\SystemUtilities\bin\sHelper.exe
"bin/sHelper.exe" -update -check
4⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:2008

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Pegasun\SystemUtilities\SystemUtilities.exe
Filesize
961KB

MD5
0d821417868bea9b82fb8f32f61b785b

SHA1
d42316045e8dfbe19905aa8b3ca6e870307108a8

SHA256
a24a3c0e5495e52ac86caafbb78c0736ecd260e61e8f108cf16208f03084c9af

SHA512
9e2c3e878a2d7b929f40ff1600ee20bd8937278c7b85e792b506307308b081a6a97b350f414f9daf6f1550dbd2a045f0bc580022c1529925008c939e2fea3796

Download Submit
C:\Program Files (x86)\Pegasun\SystemUtilities\SystemUtilities.exe
Filesize
961KB

MD5
0d821417868bea9b82fb8f32f61b785b

SHA1
d42316045e8dfbe19905aa8b3ca6e870307108a8

SHA256
a24a3c0e5495e52ac86caafbb78c0736ecd260e61e8f108cf16208f03084c9af

SHA512
9e2c3e878a2d7b929f40ff1600ee20bd8937278c7b85e792b506307308b081a6a97b350f414f9daf6f1550dbd2a045f0bc580022c1529925008c939e2fea3796

Download Submit
C:\Program Files (x86)\Pegasun\SystemUtilities\SystemUtilities.exe.config
Filesize
332B

MD5
e61a71a9a53bb67492cbcfe554a7dd5a

SHA1
1731658bcb9cbfb6b5d61bed8cf6191154ec71f3

SHA256
f5b283c1d922ea650bca7e733d241a7fcadfb12e2cf9a2d33a0a0b2f40e14c0f

SHA512
a6528ece1328002c0bbe794411ae2ebc17659b77fd34bcc5faf14e25ecebe1deed04c83623721b61d25c9f18f1d16742e3b167fa2a3a20b47748d65681f4b8d5

Download Submit
C:\Program Files (x86)\Pegasun\SystemUtilities\bin\BackupManager.exe
Filesize
1.0MB

MD5
614f7db446d9f9136e79eca22f7af2f3

SHA1
afcc37281bb6aa811e147c72ce0e186131bdcbfe

SHA256
8098201433c0925a01bbb678a21cb51fd90dc794d96ed97a880337e71e4f18ab

SHA512
c3dd68275abc74859fd9a4e8f0a9de6ee7090d7661e040aab99016a7e1d6fa4174912f58cee11600dd884ff07b07df78762d8ffdf9817600ab32872814b76cdc

Download Submit
C:\Program Files (x86)\Pegasun\SystemUtilities\bin\PCCleaner.exe
Filesize
716KB

MD5
9c952342548e3390a94298ce1bf9016e

SHA1
4f09f927677d26f2e29cf64dfc60ebf97e4019cf

SHA256
c20dbe14b36ab49d4e44609bda6a3ef687e1ede0fdd5c36fbd9bf7d892e2e3fb

SHA512
4388ff1b56edbd3b94d6154a83fa020f0680938da807beb3510b81edd3a733793697b95cddfb42a3faca87cda55285d6a680358aa2255d39650f9cdbae847e61

Download Submit
C:\Program Files (x86)\Pegasun\SystemUtilities\bin\PegasunHelper.dll
Filesize
102KB

MD5
180215aa45b45000ef645322e960d9cc

SHA1
6ed5e3a0fd2784eb85e76c81450930503f699d30

SHA256
8f02d7ca06d1a3a1e13e90fdc2c5fa405eba9b384e7aec1617b71a3aeabaa215

SHA512
b35ce208cc00a35589fe2771c4dfa2feaf205c461c25469d9fa0233b9e9407406bf4886068ba13e949026475cb06f9e0c78ca2436aa75f3a8115b6d63f48d4e3

Download Submit
C:\Program Files (x86)\Pegasun\SystemUtilities\bin\PrivacyGuardian.exe
Filesize
250KB

MD5
ef27d1136ab31b8c9a865511f731cfb2

SHA1
88bf2884b2e758b83c33a3ae6ae5a0caee4d81f7

SHA256
2f5a607f4fa9cd9e548b5ba8598ddf42fbae0b9031b3d9d1af63ee33af50416e

SHA512
6e94303fd52f28418c24bf0c2dc7133a178069dceb52bc14adb5f897bef5988567b942ab9822c76f29c7efaf78ce441607e298e851951c9a97e916bfe6d50a11

Download Submit
C:\Program Files (x86)\Pegasun\SystemUtilities\bin\ServiceManager.exe
Filesize
488KB

MD5
2e5aeb9e78fa89d8542751f3fbd6b4ea

SHA1
b810e61b96393fbd3e332f18d9a4717a22af4d72

SHA256
ce3976f010c8981d9e016c8c9ad92fb2973ef290befbc4233f124ba5debbc6de

SHA512
a9ac65bc2b8e3c1a96aa073d0f5ea6371f4dd2dd33ea5dea1c932ae59811f9d95c054777a4b8a41dca03da95b084d81e94652eb43c19acda1c7e5d7b8a771d1b

Download Submit
C:\Program Files (x86)\Pegasun\SystemUtilities\bin\StartupManager.exe
Filesize
596KB

MD5
ed2a656dfd2c4a29d708082a4fb67a05

SHA1
2fad348c549668e930c9f60389bed774fd172d0e

SHA256
d349a8dd399a8940ba2a3ef1237e4779a61dbd74e6adfb444566f26f1977ee03

SHA512
96e921506e45dd39bf9e8d10c6fb9d56437671e6ef03c7a9c011f49d5f90bada713c8ee9a50f1c60445122561fd8bfcaddbbb9f08be591a13ce32bc2c3d5b506

Download Submit
C:\Program Files (x86)\Pegasun\SystemUtilities\bin\TuneUP.exe
Filesize
158KB

MD5
05e70c660c36924d93a68e794078b416

SHA1
20231dd5654ed962a40146a8dfeaa1c8e3ad9407

SHA256
a7e91b0372ca4e28773311fcfbee440aaa405f6f784036d712e739cefc575a53

SHA512
ad59f4911651a4119c860e1ec9020cdaea108362883e932c60726b5a89bad72dc85c8b17872f45e108d6e4f420cc64ae8c7994c941d6a3ff8fa17860872a7376

Download Submit
C:\Program Files (x86)\Pegasun\SystemUtilities\bin\sHelper.exe
Filesize
771KB

MD5
6d8aa359827a62c7aeafc114392680f5

SHA1
c7579e39f54b0d050eed389504dbc672f70af809

SHA256
3dac51c135d48579822474e0b8e297177a0bb5876028be03ee6ca8661320a609

SHA512
c61a8d5e9a4b4ed55ba774acaea32fee3a3583d3dd4d2b98f0f56a8cd8370be75299f76d7c9a74778bada7d87a9ef7bd9945753b28dd094738c566889c99669a

Download Submit
C:\Program Files (x86)\Pegasun\SystemUtilities\bin\sHelper.exe
Filesize
771KB

MD5
6d8aa359827a62c7aeafc114392680f5

SHA1
c7579e39f54b0d050eed389504dbc672f70af809

SHA256
3dac51c135d48579822474e0b8e297177a0bb5876028be03ee6ca8661320a609

SHA512
c61a8d5e9a4b4ed55ba774acaea32fee3a3583d3dd4d2b98f0f56a8cd8370be75299f76d7c9a74778bada7d87a9ef7bd9945753b28dd094738c566889c99669a

Download Submit
C:\Program Files (x86)\Pegasun\SystemUtilities\bin\sHelper.exe.config
Filesize
214B

MD5
4194fa999171a240c821cc4a7b765439

SHA1
d88eb7d47ac4ef13b1468baed9a74ff7bf912523

SHA256
4665799ac4d842fa2b2ab354144d6ebcc7529f429d972048d778a06a05d29583

SHA512
60785ed9a2fb2bdfec4e13ccbece50e7e81c408727084317b60a1be88ae2b2d6a3b0008da82f507a7a2bdac1a22584759c3fbacaf0bc602fd53f19a7043bb8b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-4IISC.tmp\SystemUtilities.tmp
Filesize
3.0MB

MD5
09607ade6083062f0efa283023d306fd

SHA1
0fbca0d80403d6d8c8f71e9ee0c55e7dc0a0c3d7

SHA256
8cea37f87c4d0089ec0d829c944ba93598af3a3eb9430dd076b33abd99f0b6ac

SHA512
d4b8ba680db352652902ef5d9e7feaf11e8036e1b2e9bc16b7132d889b190eed2ee386bd228927dd201f4ac6569f83c918f23217e643b6d816ec2851236ece49

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-4IISC.tmp\SystemUtilities.tmp
Filesize
3.0MB

MD5
09607ade6083062f0efa283023d306fd

SHA1
0fbca0d80403d6d8c8f71e9ee0c55e7dc0a0c3d7

SHA256
8cea37f87c4d0089ec0d829c944ba93598af3a3eb9430dd076b33abd99f0b6ac

SHA512
d4b8ba680db352652902ef5d9e7feaf11e8036e1b2e9bc16b7132d889b190eed2ee386bd228927dd201f4ac6569f83c918f23217e643b6d816ec2851236ece49

Download Submit
C:\Users\Admin\AppData\Roaming\Pegasun\SystemUtilities\Update-Data.ini
Filesize
242B

MD5
b82cee1bd03f016171aeb57bdd1518c9

SHA1
708f63927ba475dbc57e64e1ba11336f6f0e367f

SHA256
8782c75a19f7e26e50a4d86d81c68590273479967945803bd68b20460d937bcb

SHA512
079f6d625d7f9e1c5cc9dc424cd79a15149a52abc46f33be67452594bd90fd1e49c7c508b13adfce79194b4d0c61d808db820f655605c957cc06879edae66046

Download Submit
\Program Files (x86)\Pegasun\SystemUtilities\SystemUtilities.exe
Filesize
961KB

MD5
0d821417868bea9b82fb8f32f61b785b

SHA1
d42316045e8dfbe19905aa8b3ca6e870307108a8

SHA256
a24a3c0e5495e52ac86caafbb78c0736ecd260e61e8f108cf16208f03084c9af

SHA512
9e2c3e878a2d7b929f40ff1600ee20bd8937278c7b85e792b506307308b081a6a97b350f414f9daf6f1550dbd2a045f0bc580022c1529925008c939e2fea3796

Download Submit
\Program Files (x86)\Pegasun\SystemUtilities\SystemUtilities.exe
Filesize
961KB

MD5
0d821417868bea9b82fb8f32f61b785b

SHA1
d42316045e8dfbe19905aa8b3ca6e870307108a8

SHA256
a24a3c0e5495e52ac86caafbb78c0736ecd260e61e8f108cf16208f03084c9af

SHA512
9e2c3e878a2d7b929f40ff1600ee20bd8937278c7b85e792b506307308b081a6a97b350f414f9daf6f1550dbd2a045f0bc580022c1529925008c939e2fea3796

Download Submit
\Program Files (x86)\Pegasun\SystemUtilities\bin\PegasunHelper.dll
Filesize
102KB

MD5
180215aa45b45000ef645322e960d9cc

SHA1
6ed5e3a0fd2784eb85e76c81450930503f699d30

SHA256
8f02d7ca06d1a3a1e13e90fdc2c5fa405eba9b384e7aec1617b71a3aeabaa215

SHA512
b35ce208cc00a35589fe2771c4dfa2feaf205c461c25469d9fa0233b9e9407406bf4886068ba13e949026475cb06f9e0c78ca2436aa75f3a8115b6d63f48d4e3

Download Submit
\Program Files (x86)\Pegasun\SystemUtilities\bin\PegasunHelper.dll
Filesize
102KB

MD5
180215aa45b45000ef645322e960d9cc

SHA1
6ed5e3a0fd2784eb85e76c81450930503f699d30

SHA256
8f02d7ca06d1a3a1e13e90fdc2c5fa405eba9b384e7aec1617b71a3aeabaa215

SHA512
b35ce208cc00a35589fe2771c4dfa2feaf205c461c25469d9fa0233b9e9407406bf4886068ba13e949026475cb06f9e0c78ca2436aa75f3a8115b6d63f48d4e3

Download Submit
\Program Files (x86)\Pegasun\SystemUtilities\bin\sHelper.exe
Filesize
771KB

MD5
6d8aa359827a62c7aeafc114392680f5

SHA1
c7579e39f54b0d050eed389504dbc672f70af809

SHA256
3dac51c135d48579822474e0b8e297177a0bb5876028be03ee6ca8661320a609

SHA512
c61a8d5e9a4b4ed55ba774acaea32fee3a3583d3dd4d2b98f0f56a8cd8370be75299f76d7c9a74778bada7d87a9ef7bd9945753b28dd094738c566889c99669a

Download Submit
\Users\Admin\AppData\Local\Temp\is-4IISC.tmp\SystemUtilities.tmp
Filesize
3.0MB

MD5
09607ade6083062f0efa283023d306fd

SHA1
0fbca0d80403d6d8c8f71e9ee0c55e7dc0a0c3d7

SHA256
8cea37f87c4d0089ec0d829c944ba93598af3a3eb9430dd076b33abd99f0b6ac

SHA512
d4b8ba680db352652902ef5d9e7feaf11e8036e1b2e9bc16b7132d889b190eed2ee386bd228927dd201f4ac6569f83c918f23217e643b6d816ec2851236ece49

Download Submit
memory/1800-79-0x00000000052E0000-0x000000000538A000-memory.dmp

Filesize
680KB

Download
memory/1800-78-0x00000000011C5000-0x00000000011D6000-memory.dmp

Filesize
68KB

Download
memory/1800-76-0x0000000000970000-0x000000000098E000-memory.dmp

Filesize
120KB

Download
memory/1800-109-0x00000000011C5000-0x00000000011D6000-memory.dmp

Filesize
68KB

Download
memory/1800-67-0x0000000000000000-mapping.dmp

Download
memory/1800-71-0x0000000001280000-0x0000000001374000-memory.dmp

Filesize
976KB

Download
memory/1900-63-0x0000000074571000-0x0000000074573000-memory.dmp

Filesize
8KB

Download
memory/1900-59-0x0000000000000000-mapping.dmp

Download
memory/1988-58-0x0000000000400000-0x00000000004D3000-memory.dmp

Filesize
844KB

Download
memory/1988-54-0x0000000075A91000-0x0000000075A93000-memory.dmp

Filesize
8KB

Download
memory/1988-55-0x0000000000400000-0x00000000004D3000-memory.dmp

Filesize
844KB

Download
memory/1988-72-0x0000000000400000-0x00000000004D3000-memory.dmp

Filesize
844KB

Download
memory/1988-62-0x0000000000400000-0x00000000004D3000-memory.dmp

Filesize
844KB

Download
memory/2008-89-0x000000001C320000-0x000000001C414000-memory.dmp

Filesize
976KB

Download
memory/2008-92-0x000000001C320000-0x000000001C428000-memory.dmp

Filesize
1.0MB

Download
memory/2008-95-0x000000001AAB0000-0x000000001AB66000-memory.dmp

Filesize
728KB

Download
memory/2008-94-0x000000001B1B7000-0x000000001B1D6000-memory.dmp

Filesize
124KB

Download
memory/2008-96-0x000000001AAB0000-0x000000001AB66000-memory.dmp

Filesize
728KB

Download
memory/2008-98-0x000000001A930000-0x000000001A972000-memory.dmp

Filesize
264KB

Download
memory/2008-91-0x000000001C320000-0x000000001C428000-memory.dmp

Filesize
1.0MB

Download
memory/2008-99-0x000000001A930000-0x000000001A972000-memory.dmp

Filesize
264KB

Download
memory/2008-101-0x000000001AAB0000-0x000000001AB2E000-memory.dmp

Filesize
504KB

Download
memory/2008-88-0x00000000020B0000-0x000000000212C000-memory.dmp

Filesize
496KB

Download
memory/2008-102-0x000000001AAB0000-0x000000001AB2E000-memory.dmp

Filesize
504KB

Download
memory/2008-104-0x000000001AF70000-0x000000001B008000-memory.dmp

Filesize
608KB

Download
memory/2008-87-0x000007FEFBB21000-0x000007FEFBB23000-memory.dmp

Filesize
8KB

Download
memory/2008-105-0x000000001AF70000-0x000000001B008000-memory.dmp

Filesize
608KB

Download
memory/2008-86-0x0000000000260000-0x000000000027E000-memory.dmp

Filesize
120KB

Download
memory/2008-107-0x000000001AAB0000-0x000000001AADA000-memory.dmp

Filesize
168KB

Download
memory/2008-108-0x000000001B1B7000-0x000000001B1D6000-memory.dmp

Filesize
124KB

Download
memory/2008-85-0x0000000000BE0000-0x0000000000CA4000-memory.dmp

Filesize
784KB

Download
memory/2008-81-0x0000000000000000-mapping.dmp

Download