fef511b82c03e2688fdd65cbcc5db0913e56a758cb807a68ebbee40ce9247cd6

Analysis

max time kernel
144s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
08/03/2023, 22:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fef511b82c03e2688fdd65cbcc5db0913e56a758cb807a68ebbee40ce9247cd6.exe
Size

1.3MB
MD5

c87e6052317241f9570af67c735f1ca5
SHA1

cfab47f14ffbe675f37a23b0b68592d99f71d277
SHA256

fef511b82c03e2688fdd65cbcc5db0913e56a758cb807a68ebbee40ce9247cd6
SHA512

314fcb39162f8522fa23cfd266619f999821bcc53472b1d4b849daec50fb9162b830a95ae6516560e038ed4c8eb4914330bc5c95488bc140ce15e07114312f0f
SSDEEP

24576:WogxC6bgpTVdx9nI7XN7u0qJ8e3Xqd5nKSlhBqMY1wpZdvF/1XfGKE53PI9Bd9:mbATN9Iu0qJ8e3uj61891C6n9

Score

7^/10

bootkit discovery persistence

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Control Panel\International\Geo\Nation	fef511b82c03e2688fdd65cbcc5db0913e56a758cb807a68ebbee40ce9247cd6.exe

Executes dropped EXE 3 IoCs

pid	Process
4288	mxks_wmrd.exe
928	mxks_wmrd.exe
1096	mxks_wmrd.exe

Loads dropped DLL 11 IoCs

pid	Process
624	fef511b82c03e2688fdd65cbcc5db0913e56a758cb807a68ebbee40ce9247cd6.exe
624	fef511b82c03e2688fdd65cbcc5db0913e56a758cb807a68ebbee40ce9247cd6.exe
624	fef511b82c03e2688fdd65cbcc5db0913e56a758cb807a68ebbee40ce9247cd6.exe
624	fef511b82c03e2688fdd65cbcc5db0913e56a758cb807a68ebbee40ce9247cd6.exe
624	fef511b82c03e2688fdd65cbcc5db0913e56a758cb807a68ebbee40ce9247cd6.exe
624	fef511b82c03e2688fdd65cbcc5db0913e56a758cb807a68ebbee40ce9247cd6.exe
624	fef511b82c03e2688fdd65cbcc5db0913e56a758cb807a68ebbee40ce9247cd6.exe
928	mxks_wmrd.exe
624	fef511b82c03e2688fdd65cbcc5db0913e56a758cb807a68ebbee40ce9247cd6.exe
624	fef511b82c03e2688fdd65cbcc5db0913e56a758cb807a68ebbee40ce9247cd6.exe
1096	mxks_wmrd.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Writes to the Master Boot Record (MBR) 1 TTPs 2 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1067

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	mxks_wmrd.exe
File opened for modification	\??\PhysicalDrive0	mxks_wmrd.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 52 IoCs

pid	Process
624	fef511b82c03e2688fdd65cbcc5db0913e56a758cb807a68ebbee40ce9247cd6.exe
624	fef511b82c03e2688fdd65cbcc5db0913e56a758cb807a68ebbee40ce9247cd6.exe
624	fef511b82c03e2688fdd65cbcc5db0913e56a758cb807a68ebbee40ce9247cd6.exe
624	fef511b82c03e2688fdd65cbcc5db0913e56a758cb807a68ebbee40ce9247cd6.exe
624	fef511b82c03e2688fdd65cbcc5db0913e56a758cb807a68ebbee40ce9247cd6.exe
624	fef511b82c03e2688fdd65cbcc5db0913e56a758cb807a68ebbee40ce9247cd6.exe
928	mxks_wmrd.exe
928	mxks_wmrd.exe
928	mxks_wmrd.exe
928	mxks_wmrd.exe
928	mxks_wmrd.exe
928	mxks_wmrd.exe
928	mxks_wmrd.exe
928	mxks_wmrd.exe
928	mxks_wmrd.exe
928	mxks_wmrd.exe
928	mxks_wmrd.exe
928	mxks_wmrd.exe
928	mxks_wmrd.exe
928	mxks_wmrd.exe
928	mxks_wmrd.exe
928	mxks_wmrd.exe
928	mxks_wmrd.exe
928	mxks_wmrd.exe
928	mxks_wmrd.exe
928	mxks_wmrd.exe
928	mxks_wmrd.exe
928	mxks_wmrd.exe
624	fef511b82c03e2688fdd65cbcc5db0913e56a758cb807a68ebbee40ce9247cd6.exe
624	fef511b82c03e2688fdd65cbcc5db0913e56a758cb807a68ebbee40ce9247cd6.exe
1096	mxks_wmrd.exe
1096	mxks_wmrd.exe
1096	mxks_wmrd.exe
1096	mxks_wmrd.exe
1096	mxks_wmrd.exe
1096	mxks_wmrd.exe
1096	mxks_wmrd.exe
1096	mxks_wmrd.exe
1096	mxks_wmrd.exe
1096	mxks_wmrd.exe
1096	mxks_wmrd.exe
1096	mxks_wmrd.exe
1096	mxks_wmrd.exe
1096	mxks_wmrd.exe
1096	mxks_wmrd.exe
1096	mxks_wmrd.exe
1096	mxks_wmrd.exe
1096	mxks_wmrd.exe
1096	mxks_wmrd.exe
1096	mxks_wmrd.exe
1096	mxks_wmrd.exe
1096	mxks_wmrd.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1096	mxks_wmrd.exe
1096	mxks_wmrd.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 624 wrote to memory of 4288	624	fef511b82c03e2688fdd65cbcc5db0913e56a758cb807a68ebbee40ce9247cd6.exe	86
PID 624 wrote to memory of 4288	624	fef511b82c03e2688fdd65cbcc5db0913e56a758cb807a68ebbee40ce9247cd6.exe	86
PID 624 wrote to memory of 4288	624	fef511b82c03e2688fdd65cbcc5db0913e56a758cb807a68ebbee40ce9247cd6.exe	86
PID 624 wrote to memory of 928	624	fef511b82c03e2688fdd65cbcc5db0913e56a758cb807a68ebbee40ce9247cd6.exe	87
PID 624 wrote to memory of 928	624	fef511b82c03e2688fdd65cbcc5db0913e56a758cb807a68ebbee40ce9247cd6.exe	87
PID 624 wrote to memory of 928	624	fef511b82c03e2688fdd65cbcc5db0913e56a758cb807a68ebbee40ce9247cd6.exe	87
PID 624 wrote to memory of 1096	624	fef511b82c03e2688fdd65cbcc5db0913e56a758cb807a68ebbee40ce9247cd6.exe	90
PID 624 wrote to memory of 1096	624	fef511b82c03e2688fdd65cbcc5db0913e56a758cb807a68ebbee40ce9247cd6.exe	90
PID 624 wrote to memory of 1096	624	fef511b82c03e2688fdd65cbcc5db0913e56a758cb807a68ebbee40ce9247cd6.exe	90

C:\Users\Admin\AppData\Local\Temp\fef511b82c03e2688fdd65cbcc5db0913e56a758cb807a68ebbee40ce9247cd6.exe
"C:\Users\Admin\AppData\Local\Temp\fef511b82c03e2688fdd65cbcc5db0913e56a758cb807a68ebbee40ce9247cd6.exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:624
- C:\Users\Admin\AppData\Roaming\mt_avtp\mxks_wmrd.exe
  "C:\Users\Admin\AppData\Roaming\mt_avtp\mxks_wmrd.exe" SW_SHOWNORMAL
  2⤵
  - Executes dropped EXE
  PID:4288
- C:\Users\Admin\AppData\Roaming\mt_avtp\mxks_wmrd.exe
  "C:\Users\Admin\AppData\Roaming\mt_avtp\mxks_wmrd.exe" /setupsucc
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Writes to the Master Boot Record (MBR)
  - Suspicious behavior: EnumeratesProcesses
  PID:928
- C:\Users\Admin\AppData\Roaming\mt_avtp\mxks_wmrd.exe
  "C:\Users\Admin\AppData\Roaming\mt_avtp\mxks_wmrd.exe" /autorun /setuprun
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Writes to the Master Boot Record (MBR)
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:1096

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

T1067

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4HAJQ22Y\istat.controller[2].php

Filesize
38B

MD5
5fdd7a825934f3cc817c734bf1a9e7e7

SHA1
486c2b816ecf773d23667877e2ebffb6f0d61760

SHA256
f89a08f38ea6ab3c317882d6b56f724593d92f24c356a9c6689286cb60d8baf4

SHA512
ca6ac90f375b9b815b1b003e6c7dfbe0edacb217c91104de615992a5656db6b74604e3eea4bb4256945c14b27b132335e51807c2b74b6b17aecb2bb58ebc4c0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4HAJQ22Y\sq.login[1].js

Filesize
37KB

MD5
351e929415829450b5bd8dcd8cd65caa

SHA1
f2f70ac0df0b3729af859ce5b82084ca44155c60

SHA256
97b87223c9ed38ca5acc2da4834ea29255a7bec8430603fcdb1f3656a2365003

SHA512
f32e6ff1b7b4c4e96840c1ffedc717c6b4deeb9a117982937ae9afa3385cb5a9c19094ac0c21441244b367cf244a936692f18ddad3cb5cb03fcea8973b3a8f8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5AN3FZ97\game1[1].js

Filesize
49KB

MD5
2bc779315ac48a71ab94b013d30bee6f

SHA1
0506df9380211bfad74df5c6bcfed256aa459e8a

SHA256
6b44c4e89c2434e0a934bd58190a2b039f671c34332d2886f7b11b0de4ba4dca

SHA512
b8e6316d515f8b2ed58932fe897868af0fca79d9b85b5ed8c9d9c0389e68bbbe527bdf30e4712986c9a1e680e1a5a6bd39632b303980e53746cf18907983296e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5AN3FZ97\sq.core[1].js

Filesize
100KB

MD5
f583e8b1f035f0d7f4ff01bc155d261b

SHA1
fc5589d91b064fe95706b7a16e841ea847f5e8fc

SHA256
ea4580a816ad527e6cd5dc30ab5c69e2882f5790143b133d61d12b4a726fa27d

SHA512
b561ed2d1a87b66b64299d569b080e27cf343aa4da5495fd62f5b615b97e87edb2d9ff779f712f1c1a5e356ce6a4b814a24d95df27573f2a549b34e35a430a8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\LZ0AI98S\game1[1].css

Filesize
15KB

MD5
8dbeef3e19b20ad02654e9b9c219eb02

SHA1
aadfca52eb75a9a14f05ceda9dba7a8302daad54

SHA256
beba18691b3d14a7dee814a4b8ce2373911314e857ab1c1ac7d823b4e1c3e686

SHA512
a6b2ff2e2e0e5a2bf0076d580554b2c713987f3412020183c4bb0a153608f672c418f3ba8b864c4bd27f5d5728190a59fbba1328b11fff79024055f2c9ac65b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\LZ0AI98S\sq.statis[1].js

Filesize
6KB

MD5
4cbb9b6d17984b8e56d6e2ada30b29b9

SHA1
f894c6641b9df2de5b7b9cafc5704e72859ed370

SHA256
746b3b3ab8a597e6d6b753ebd409f496c19422bfa75d6b3cf42f4b74e8dc6c91

SHA512
eb9fbfdcdf72dcb0195002b55c92b0861aeb095ed27fc976e4f4dc10812a5b36e07490df0f31fca80ecf34d58e8d04ceebbe7caa6f5617dbe6db66d94135c57f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\S64KWKX9\sq.clientclass[1].js

Filesize
35KB

MD5
2b10582845f34608f152ab406e7a6ec1

SHA1
b9489042b4b1a9feacf25bea67ab710fcf5ee9c6

SHA256
a2229040244b059c14adebd9c6995245e901d4811739c43b0835b551b40811d4

SHA512
bf477177f24251743c8705c1aa4be1a1f6302843a562aaf750c1c291b07cbf2fbf2c6b4cd0453df515246b192b6fecb918cfa9ccf46191c3f27e4f0085f43f19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\S64KWKX9\sq.tab[1].js

Filesize
1KB

MD5
6307cfff3a79c1debdfbb74e362d2bd9

SHA1
2f16c517cd6ec52c2a6a978ebbff8861412c006e

SHA256
bf8cf01a18233cf567e7638e3115c7145ac0b09698a2ec85980e23826366d784

SHA512
224d3bb8bbeb34d03b077d31133a98080dcda90bb2963d981fbd49a0cc156c2c6e668927403c8c4e54d012fca0011093259a082cdbc0e36ad5de23339c61bfaf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd771B.tmp\FindProcDLL.dll

Filesize
3KB

MD5
8614c450637267afacad1645e23ba24a

SHA1
e7b7b09b5bbc13e910aa36316d9cc5fc5d4dcdc2

SHA256
0fa04f06a6de18d316832086891e9c23ae606d7784d5d5676385839b21ca2758

SHA512
af46cd679097584ff9a1d894a729b6397f4b3af17dff3e6f07bef257bc7e48ffa341d82daf298616cd5df1450fc5ab7435cacb70f27302b6db193f01a9f8391b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd771B.tmp\FindProcDLL.dll

Filesize
3KB

MD5
8614c450637267afacad1645e23ba24a

SHA1
e7b7b09b5bbc13e910aa36316d9cc5fc5d4dcdc2

SHA256
0fa04f06a6de18d316832086891e9c23ae606d7784d5d5676385839b21ca2758

SHA512
af46cd679097584ff9a1d894a729b6397f4b3af17dff3e6f07bef257bc7e48ffa341d82daf298616cd5df1450fc5ab7435cacb70f27302b6db193f01a9f8391b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd771B.tmp\FindProcDLL.dll

Filesize
3KB

MD5
8614c450637267afacad1645e23ba24a

SHA1
e7b7b09b5bbc13e910aa36316d9cc5fc5d4dcdc2

SHA256
0fa04f06a6de18d316832086891e9c23ae606d7784d5d5676385839b21ca2758

SHA512
af46cd679097584ff9a1d894a729b6397f4b3af17dff3e6f07bef257bc7e48ffa341d82daf298616cd5df1450fc5ab7435cacb70f27302b6db193f01a9f8391b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd771B.tmp\FindProcDLL.dll

Filesize
3KB

MD5
8614c450637267afacad1645e23ba24a

SHA1
e7b7b09b5bbc13e910aa36316d9cc5fc5d4dcdc2

SHA256
0fa04f06a6de18d316832086891e9c23ae606d7784d5d5676385839b21ca2758

SHA512
af46cd679097584ff9a1d894a729b6397f4b3af17dff3e6f07bef257bc7e48ffa341d82daf298616cd5df1450fc5ab7435cacb70f27302b6db193f01a9f8391b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd771B.tmp\FindProcDLL.dll

Filesize
3KB

MD5
8614c450637267afacad1645e23ba24a

SHA1
e7b7b09b5bbc13e910aa36316d9cc5fc5d4dcdc2

SHA256
0fa04f06a6de18d316832086891e9c23ae606d7784d5d5676385839b21ca2758

SHA512
af46cd679097584ff9a1d894a729b6397f4b3af17dff3e6f07bef257bc7e48ffa341d82daf298616cd5df1450fc5ab7435cacb70f27302b6db193f01a9f8391b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd771B.tmp\FindProcDLL.dll

Filesize
3KB

MD5
8614c450637267afacad1645e23ba24a

SHA1
e7b7b09b5bbc13e910aa36316d9cc5fc5d4dcdc2

SHA256
0fa04f06a6de18d316832086891e9c23ae606d7784d5d5676385839b21ca2758

SHA512
af46cd679097584ff9a1d894a729b6397f4b3af17dff3e6f07bef257bc7e48ffa341d82daf298616cd5df1450fc5ab7435cacb70f27302b6db193f01a9f8391b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd771B.tmp\FindProcDLL.dll

Filesize
3KB

MD5
8614c450637267afacad1645e23ba24a

SHA1
e7b7b09b5bbc13e910aa36316d9cc5fc5d4dcdc2

SHA256
0fa04f06a6de18d316832086891e9c23ae606d7784d5d5676385839b21ca2758

SHA512
af46cd679097584ff9a1d894a729b6397f4b3af17dff3e6f07bef257bc7e48ffa341d82daf298616cd5df1450fc5ab7435cacb70f27302b6db193f01a9f8391b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd771B.tmp\KillProcDLL.dll

Filesize
4KB

MD5
99f345cf51b6c3c317d20a81acb11012

SHA1
b3d0355f527c536ea14a8ff51741c8739d66f727

SHA256
c2689ba1f66066afce85ca6457ecd36370be0fe351c58422e45efd0948655c93

SHA512
937aa75be84a74f2be3b54dc80fac02c17dad1915d924ef82ab354d2a49bc773ee6d801203c52686113783a7c7ea0e8ed8e673ba696d6d3212f7006e291ed2ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd771B.tmp\KillProcDLL.dll

Filesize
4KB

MD5
99f345cf51b6c3c317d20a81acb11012

SHA1
b3d0355f527c536ea14a8ff51741c8739d66f727

SHA256
c2689ba1f66066afce85ca6457ecd36370be0fe351c58422e45efd0948655c93

SHA512
937aa75be84a74f2be3b54dc80fac02c17dad1915d924ef82ab354d2a49bc773ee6d801203c52686113783a7c7ea0e8ed8e673ba696d6d3212f7006e291ed2ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd771B.tmp\KillProcDLL.dll

Filesize
4KB

MD5
99f345cf51b6c3c317d20a81acb11012

SHA1
b3d0355f527c536ea14a8ff51741c8739d66f727

SHA256
c2689ba1f66066afce85ca6457ecd36370be0fe351c58422e45efd0948655c93

SHA512
937aa75be84a74f2be3b54dc80fac02c17dad1915d924ef82ab354d2a49bc773ee6d801203c52686113783a7c7ea0e8ed8e673ba696d6d3212f7006e291ed2ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd771B.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd771B.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
C:\Users\Admin\AppData\Roaming\mt_avtp\config.dll

Filesize
1.2MB

MD5
7c88b1b990628d4ad50f91f404ac3f86

SHA1
f6eced5ba6031c853d240d4d30c436e9566ff9b9

SHA256
8e82e0bc539c5d825e6d982c5446b0de5f258e03c337f6769f7883951f399502

SHA512
7a092b08391e2f9694062e12595ad13319bd2f338fca8966905540ff916c0354ecb1c1421ebb626cf33b10d8f23472e91a3e2964bcd24f1d67025967afabfa74

Download Submit
C:\Users\Admin\AppData\Roaming\mt_avtp\config.dll

Filesize
1.2MB

MD5
7c88b1b990628d4ad50f91f404ac3f86

SHA1
f6eced5ba6031c853d240d4d30c436e9566ff9b9

SHA256
8e82e0bc539c5d825e6d982c5446b0de5f258e03c337f6769f7883951f399502

SHA512
7a092b08391e2f9694062e12595ad13319bd2f338fca8966905540ff916c0354ecb1c1421ebb626cf33b10d8f23472e91a3e2964bcd24f1d67025967afabfa74

Download Submit
C:\Users\Admin\AppData\Roaming\mt_avtp\config.dll

Filesize
1.2MB

MD5
7c88b1b990628d4ad50f91f404ac3f86

SHA1
f6eced5ba6031c853d240d4d30c436e9566ff9b9

SHA256
8e82e0bc539c5d825e6d982c5446b0de5f258e03c337f6769f7883951f399502

SHA512
7a092b08391e2f9694062e12595ad13319bd2f338fca8966905540ff916c0354ecb1c1421ebb626cf33b10d8f23472e91a3e2964bcd24f1d67025967afabfa74

Download Submit
C:\Users\Admin\AppData\Roaming\mt_avtp\config.ini

Filesize
367B

MD5
a3be92b781183f7efcb905ed6c09c62d

SHA1
e2a9b1aba0b50a1885aefefc0478bd152538d825

SHA256
95629508fb15f908c96e93b8c847f195d4d05477182916df77b900c8934e4d5f

SHA512
37b8687bec275789117f65afea92ef19661dca5d12d2db8dd5da08b62e99367244ea6b8f0056401224cabd3b88826dc4f5d26736fabb00031ea053772b503061

Download Submit
C:\Users\Admin\AppData\Roaming\mt_avtp\config.ini

Filesize
367B

MD5
a3be92b781183f7efcb905ed6c09c62d

SHA1
e2a9b1aba0b50a1885aefefc0478bd152538d825

SHA256
95629508fb15f908c96e93b8c847f195d4d05477182916df77b900c8934e4d5f

SHA512
37b8687bec275789117f65afea92ef19661dca5d12d2db8dd5da08b62e99367244ea6b8f0056401224cabd3b88826dc4f5d26736fabb00031ea053772b503061

Download Submit
C:\Users\Admin\AppData\Roaming\mt_avtp\config.ini

Filesize
418B

MD5
e6466e24cc8b2dbec50f47849169bbf2

SHA1
183d132b496fb463f6eb6cc1ac7d938c49ce30f8

SHA256
c7e9b417faae0f294b682b42a0df324ce81efc09be10de7bc42c807b66ba5440

SHA512
1164a28a452a8980347122611a46f893c3d9f6ffce6a800f6dfeb614013727dc87a3bd2edb965712065fc0751f68ebb9456197f4b879ab81ff6ef01258e4c0e0

Download Submit
C:\Users\Admin\AppData\Roaming\mt_avtp\mxks_wmrd.exe

Filesize
31KB

MD5
3cc2d22ae3db6945bff8eea6fe019878

SHA1
a2fbdf4d7abe423fdee7b01a52941a44d0962559

SHA256
5e6f5ce60c83fee67978d6167a3b98ea21f24c56f776cc5b60941a8bcb82d086

SHA512
a70db582647407cdbc6478908fc4cbcd68d7b4632a2010735dcc43003538d826c0c535c107a3b48593a3e4c18ad4d4e2b48d35565f4b4224d5becca15648ae73

Download Submit
C:\Users\Admin\AppData\Roaming\mt_avtp\mxks_wmrd.exe

Filesize
31KB

MD5
3cc2d22ae3db6945bff8eea6fe019878

SHA1
a2fbdf4d7abe423fdee7b01a52941a44d0962559

SHA256
5e6f5ce60c83fee67978d6167a3b98ea21f24c56f776cc5b60941a8bcb82d086

SHA512
a70db582647407cdbc6478908fc4cbcd68d7b4632a2010735dcc43003538d826c0c535c107a3b48593a3e4c18ad4d4e2b48d35565f4b4224d5becca15648ae73

Download Submit
C:\Users\Admin\AppData\Roaming\mt_avtp\mxks_wmrd.exe

Filesize
31KB

MD5
3cc2d22ae3db6945bff8eea6fe019878

SHA1
a2fbdf4d7abe423fdee7b01a52941a44d0962559

SHA256
5e6f5ce60c83fee67978d6167a3b98ea21f24c56f776cc5b60941a8bcb82d086

SHA512
a70db582647407cdbc6478908fc4cbcd68d7b4632a2010735dcc43003538d826c0c535c107a3b48593a3e4c18ad4d4e2b48d35565f4b4224d5becca15648ae73

Download Submit
C:\Users\Admin\AppData\Roaming\mt_avtp\mxks_wmrd.exe

Filesize
31KB

MD5
3cc2d22ae3db6945bff8eea6fe019878

SHA1
a2fbdf4d7abe423fdee7b01a52941a44d0962559

SHA256
5e6f5ce60c83fee67978d6167a3b98ea21f24c56f776cc5b60941a8bcb82d086

SHA512
a70db582647407cdbc6478908fc4cbcd68d7b4632a2010735dcc43003538d826c0c535c107a3b48593a3e4c18ad4d4e2b48d35565f4b4224d5becca15648ae73

Download Submit
C:\Users\Admin\AppData\Roaming\mt_avtp\mxks_wmrd.exe

Filesize
31KB

MD5
3cc2d22ae3db6945bff8eea6fe019878

SHA1
a2fbdf4d7abe423fdee7b01a52941a44d0962559

SHA256
5e6f5ce60c83fee67978d6167a3b98ea21f24c56f776cc5b60941a8bcb82d086

SHA512
a70db582647407cdbc6478908fc4cbcd68d7b4632a2010735dcc43003538d826c0c535c107a3b48593a3e4c18ad4d4e2b48d35565f4b4224d5becca15648ae73

Download Submit
memory/624-201-0x0000000004EB0000-0x0000000004EB3000-memory.dmp

Filesize
12KB

Download
memory/624-203-0x0000000004920000-0x0000000004923000-memory.dmp

Filesize
12KB

Download
memory/624-202-0x0000000004EB0000-0x0000000004EB3000-memory.dmp

Filesize
12KB

Download
memory/624-171-0x0000000004810000-0x0000000004813000-memory.dmp

Filesize
12KB

Download
memory/1096-223-0x0000000002650000-0x0000000002651000-memory.dmp

Filesize
4KB

Download