39c3866b393047086438a91c76b0763144c54e28f7d9ed2d98210402185d5fc4

Analysis

max time kernel
40s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30-12-2023 06:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

118f4d2961f859309786305a8922e703.exe
Size

150KB
MD5

118f4d2961f859309786305a8922e703
SHA1

13e51e4599fbce83827b03edd3a5c673dd8ef035
SHA256

39c3866b393047086438a91c76b0763144c54e28f7d9ed2d98210402185d5fc4
SHA512

30eb612011d329c884224667d54add7c8cef7e928079fe7bafcc2200c5de275946ab2d901068bdcd7e5a94ad405159efcbfea8cf92137553055f7c5ccce40497
SSDEEP

3072:+IaWa+TaCjfrxmwEqm//1xUwQCEPXqCB7dWYs/xNv:paqaCjDVEb3pQCEniYs/xt

Score

8^/10

persistence

Malware Config

Signatures

Sets DLL path for service in the registry 2 TTPs 13 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Ias\Parameters\ServiceDll = "C:\\Windows\\system32\\Ias.dll"	118f4d2961f859309786305a8922e703.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Ntmssvc\Parameters\ServiceDll = "C:\\Windows\\system32\\Ntmssvc.dll"	118f4d2961f859309786305a8922e703.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\LogonHours\Parameters\ServiceDll = "C:\\Windows\\system32\\LogonHours.dll"	118f4d2961f859309786305a8922e703.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\PCAudit\Parameters\ServiceDll = "C:\\Windows\\system32\\PCAudit.dll"	118f4d2961f859309786305a8922e703.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\FastUserSwitchingCompatibility\Parameters\ServiceDll = "C:\\Windows\\system32\\FastUserSwitchingCompatibility.dll"	118f4d2961f859309786305a8922e703.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SRService\Parameters\ServiceDll = "C:\\Windows\\system32\\SRService.dll"	118f4d2961f859309786305a8922e703.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Wmi\Parameters\ServiceDll = "C:\\Windows\\system32\\Wmi.dll"	118f4d2961f859309786305a8922e703.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Irmon\Parameters\ServiceDll = "C:\\Windows\\system32\\Irmon.dll"	118f4d2961f859309786305a8922e703.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WmdmPmSp\Parameters\ServiceDll = "C:\\Windows\\system32\\WmdmPmSp.dll"	118f4d2961f859309786305a8922e703.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\NWCWorkstation\Parameters\ServiceDll = "C:\\Windows\\system32\\NWCWorkstation.dll"	118f4d2961f859309786305a8922e703.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Nwsapagent\Parameters\ServiceDll = "C:\\Windows\\system32\\Nwsapagent.dll"	118f4d2961f859309786305a8922e703.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\helpsvc\Parameters\ServiceDll = "C:\\Windows\\system32\\helpsvc.dll"	118f4d2961f859309786305a8922e703.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Nla\Parameters\ServiceDll = "C:\\Windows\\system32\\Nla.dll"	118f4d2961f859309786305a8922e703.exe

Loads dropped DLL 39 IoCs

pid	Process
3396	svchost.exe
3396	svchost.exe
3396	svchost.exe
1972	svchost.exe
1972	svchost.exe
1972	svchost.exe
1972	svchost.exe
1972	svchost.exe
1972	svchost.exe
4612	svchost.exe
4612	svchost.exe
4612	svchost.exe
1272	svchost.exe
1272	svchost.exe
1272	svchost.exe
1272	svchost.exe
1272	svchost.exe
1272	svchost.exe
1344	svchost.exe
1344	svchost.exe
1344	svchost.exe
2692	svchost.exe
2692	svchost.exe
2692	svchost.exe
2160	svchost.exe
2160	svchost.exe
2160	svchost.exe
4704	svchost.exe
4704	svchost.exe
4704	svchost.exe
4268	svchost.exe
4268	svchost.exe
4268	svchost.exe
3036	svchost.exe
3036	svchost.exe
3036	svchost.exe
3036	svchost.exe
3036	svchost.exe
3036	svchost.exe

Drops file in System32 directory 13 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\Nla.dll	118f4d2961f859309786305a8922e703.exe
File opened for modification	C:\Windows\SysWOW64\Nwsapagent.dll	118f4d2961f859309786305a8922e703.exe
File opened for modification	C:\Windows\SysWOW64\LogonHours.dll	118f4d2961f859309786305a8922e703.exe
File opened for modification	C:\Windows\SysWOW64\NWCWorkstation.dll	118f4d2961f859309786305a8922e703.exe
File opened for modification	C:\Windows\SysWOW64\SRService.dll	118f4d2961f859309786305a8922e703.exe
File opened for modification	C:\Windows\SysWOW64\Wmi.dll	118f4d2961f859309786305a8922e703.exe
File opened for modification	C:\Windows\SysWOW64\WmdmPmSp.dll	118f4d2961f859309786305a8922e703.exe
File opened for modification	C:\Windows\SysWOW64\Ias.dll	118f4d2961f859309786305a8922e703.exe
File opened for modification	C:\Windows\SysWOW64\Irmon.dll	118f4d2961f859309786305a8922e703.exe
File opened for modification	C:\Windows\SysWOW64\PCAudit.dll	118f4d2961f859309786305a8922e703.exe
File opened for modification	C:\Windows\SysWOW64\FastUserSwitchingCompatibility.dll	118f4d2961f859309786305a8922e703.exe
File opened for modification	C:\Windows\SysWOW64\Ntmssvc.dll	118f4d2961f859309786305a8922e703.exe
File opened for modification	C:\Windows\SysWOW64\helpsvc.dll	118f4d2961f859309786305a8922e703.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3076	118f4d2961f859309786305a8922e703.exe
3076	118f4d2961f859309786305a8922e703.exe

C:\Users\Admin\AppData\Local\Temp\118f4d2961f859309786305a8922e703.exe
"C:\Users\Admin\AppData\Local\Temp\118f4d2961f859309786305a8922e703.exe"
1⤵
- Sets DLL path for service in the registry
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
PID:3076

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs -s FastUserSwitchingCompatibility
1⤵
- Loads dropped DLL
PID:3396

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs -s Irmon
1⤵
- Loads dropped DLL
PID:1972

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs -s Nla
1⤵
- Loads dropped DLL
PID:4612

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs -s Ntmssvc
1⤵
- Loads dropped DLL
PID:1272

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs -s NWCWorkstation
1⤵
- Loads dropped DLL
PID:1344

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs -s Nwsapagent
1⤵
- Loads dropped DLL
PID:2692

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs -s SRService
1⤵
PID:2160

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs -s WmdmPmSp
1⤵
- Loads dropped DLL
PID:4704

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs -s LogonHours
1⤵
- Loads dropped DLL
PID:4268

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs -s PCAudit
1⤵
- Loads dropped DLL
PID:3036

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs -s helpsvc
1⤵
- Loads dropped DLL
PID:2160

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs -s uploadmgr
1⤵
PID:2380

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\LogonHours.dll

Filesize
6KB

MD5
a927245a8a444ba777dba04c9ff9b492

SHA1
5ad6d6ee9a2fc995f246b3f2c9560ba05b1e245a

SHA256
0da5652942377971a3dc0fe6da07da24f9f2ea35b5c2879ead2dab0d0d3a9cc6

SHA512
4a683efb0dfbfca630f6bebd181a59908019c5d60486d6f03714af1cda1d7207131918ba5f925650aa63ed6fe93bde6c527d10fbdceb6ba57774a80281e6ba18

Download Submit
C:\Windows\SysWOW64\LogonHours.dll

Filesize
37KB

MD5
d3ed97f2741118a080534639e0f20ee6

SHA1
9dbef6494f68c80ac5869905a1ddfce14a0657ec

SHA256
e328eca054b0c6f15670e3433eb4305dc743d86a08436c49138451b921b4e279

SHA512
37234a688282528155125e9aee0f2dd0b9afb12dc09f47542413a92197cb1df8a5c29d7d5399a1b8456fbb0c267ada9c946dcaabb8d51ee6e759c1e1301df05d

Download Submit
C:\Windows\SysWOW64\LogonHours.dll

Filesize
16KB

MD5
8bef296e84f76572603b568a42a40cd6

SHA1
44d23f3938386aa45517768b15316b968e31e52c

SHA256
99d1e6ec5ce7be51266e42e4e4f812484ce68640bb78eb2306bb9ff9305136d9

SHA512
4768debdc8782c50c45d9fb339116df35171f86f65b86506c9142c61c452f280448a58a58a3b878fbf527b8a5c059e10f3107a3a75f7fc0b35da3e10130fe366

Download Submit
C:\Windows\SysWOW64\NWCWorkstation.dll

Filesize
20KB

MD5
164a810509b8ee6ec636cdceecb90afb

SHA1
b2a3f6d619d623f8e76ef08501b00b2b39c39023

SHA256
c772d779ce981d5ce6bcccc063926db4fe38f330900ff4f1874883a14ea6fca6

SHA512
62c27e079b54ea7b047ee5a9df1d5997e87d85f8ffd362bbf572b9e1937cb3d00b7b2d3304c01a09684c041fb28323c6826654d13616c7854cca9eb5229facf5

Download Submit
C:\Windows\SysWOW64\NWCWorkstation.dll

Filesize
24KB

MD5
3dff107379fe7e0128e9c5875ae289c5

SHA1
e4bc461cd85a18c6be767e5b9b9cdc14a08814f4

SHA256
6826383f917f9a246d184ace7f418463d63dcc68211fb79f3d150a6aa9fc918c

SHA512
f61c526dfa18a9ce6bbb436b40cff0a63f3be84a504249f62df759bd5d4422b375ae1f20218d655051aa9f6484fb86c0e545aa1a636b75b8780d71103fc8c082

Download Submit
C:\Windows\SysWOW64\NWCWorkstation.dll

Filesize
1KB

MD5
c183199f1fd1024a2fe01d80eb8f3be8

SHA1
b6a8ca85c5ffbccd5653832ae1a77fd79c7ef1b5

SHA256
8343cc26f26ed0ed71a2fcb53004fd4ebe1c10cacae3ebaf4692998d77ff1338

SHA512
85fce69612c0ab24692acbe2d6144d1057ce3c8654d0dc883dea618e54e9c841856269c7ca25e13b1fcfb026b358e51d4658ed8aa3fdf2e84a9ed1181ad2c707

Download Submit
C:\Windows\SysWOW64\Nwsapagent.dll

Filesize
9KB

MD5
f64127eeacacaed423421ce3c71b3edc

SHA1
4a336958d3577e99411fda23456ac262c9c30c8d

SHA256
faf9b1a1774b989d37fa6a5660f1dbd906b2031d0904632a02d96e6243868a3a

SHA512
786d3b4b2267ddd1c97224bd53ebec5b9f6a7634fbb649f4033d733368e69d5df20e748c4ed066c72e88d714f7b68049c600f44cd0105a63a957d07acfe8b4a9

Download Submit
C:\Windows\SysWOW64\Nwsapagent.dll

Filesize
23KB

MD5
7f8ad31755f51d8a42cece2e3fcbe652

SHA1
5afcaeadd310b1f3ad5fa35905ec39b1a9cc03a9

SHA256
a4985d2367f97b4084c867186d87c9bb434b5bec2a18dadac881ab29de602946

SHA512
4d13e57e6d1b5901ebd33787b81a890d4870b11e18aa642c6539da92b81f5c9199368c726b90a10a12d38d09df12317774e8d7fee875ca0f04714299f7654a80

Download Submit
C:\Windows\SysWOW64\Nwsapagent.dll

Filesize
24KB

MD5
2c24892ab76601dc98b904b35e009167

SHA1
d85b619747fe6688d5d4470f3eecc1f55132b629

SHA256
6be652c6cf4eaebed118c3073108d9a1aa931abe4adb38e5e885d0055aa9de3b

SHA512
0100954289de8a669af24ebc09d12e7b90a538aada300cd047c6bafda674d03d780e0826af37316956bdffd233482986e84befccc1385c1d7dc94abbbf72ea94

Download Submit
C:\Windows\SysWOW64\PCAudit.dll

Filesize
71KB

MD5
38c6c8cc028d7bdedb2006d6230467ed

SHA1
af5329c18d75ff9642ca896022de08591843c208

SHA256
4ad4744ecd8756154276e121a57aa3e3598087d2a1bb967b52d609b320029cbf

SHA512
9fd299205a6e78d8476ced139edb4a06cd78b93efe1b0f0afc5683ccb95a6c6954909dde1d7b0e5848b9a269a8445ecb4d9189477aa57a770f94f9e5169f3f08

Download Submit
C:\Windows\SysWOW64\PCAudit.dll

Filesize
38KB

MD5
917ab396a2e24e92922cb9c2da4276ee

SHA1
e8444cb1a00287fa060a4a26a369664fb97ed7cd

SHA256
73e1c291e58ddfcac2714b21f9ccec1dfa7b36a1bf1b9417d93dfd04e356e065

SHA512
37a0d1af820f9ad140b5b3b490efd327f3ab4b488a4d4115670fe961fa64e14dbb647315e779afca4449c707f3a02a174b9cc93b7c59fd583e93b3cfbc32f5d5

Download Submit
C:\Windows\SysWOW64\PCAudit.dll

Filesize
29KB

MD5
7a9b1aeb2dd67e2da41e646bca6ae5cc

SHA1
1acd5511051142a846b1245ac4cb4bf66dd38d0e

SHA256
190dc2a6ba6bec8fff1cca1598e0e03f5d7992d7ca127246af6a5ee6c06d3922

SHA512
b8c516e0c64a4d4cdbfe8aa30cf8ce3dd8c2190389b112a9946dee7dc1cad5d0b03fb472ec32b84357df262f4a89ba2ff29c9759d4201c0a0c1d18568414a040

Download Submit
C:\Windows\SysWOW64\PCAudit.dll

Filesize
23KB

MD5
478cf08275dfa95f83da24e5e3dd522c

SHA1
a945f3a02eec2a27a89e3704f39e1c2873c492ca

SHA256
2adf7c999511bdad2ea0807166939b0a5cf938db844a1b60c01bbcb1ce9a59a2

SHA512
fad28fad701f0b54d11c458e1286cbde6329162f0223b17914c879982b6f0b0b0fa09c76305b2353582a3f14650ce6d9926e35d41e995d70fb06b8ddd6c70b7a

Download Submit
C:\Windows\SysWOW64\PCAudit.dll

Filesize
9KB

MD5
1b6ac9920b029171a7b19584a8300d2b

SHA1
5f050d543ef3d38f0e0eb043d924482cf19fd472

SHA256
753922bf0a96ca455e4e32b2a6a0c7d07f0d3d9f7c619cd395fa2d14a28f0266

SHA512
4c584c3ccf2a0d648f60e5f59d948c29baaa526051d71af4f7c2e2fe218abbcf8cbb4ce6d3131001074ea2ea259bf92552acd7b60b048eb791adba64a12573fe

Download Submit
C:\Windows\SysWOW64\SRService.dll

Filesize
9KB

MD5
5ba566b7e3bfb566134efd894228ddb4

SHA1
c6bf159763ca0ae70a04da9353a18230895e3fe5

SHA256
1763faf4ab615992b5c386cbc5d83f5ccb59878b4da6a25d8e7125b9e4c56aed

SHA512
b0cf6c5b738074c2effd38d4eb9c070feb0d2cdd4b6d38c7c8c916be0ea474f15d68ff3b04c0858336d1de26882710ef385b82ecc3e8e2c6cf8f3a49b0d1b920

Download Submit
C:\Windows\SysWOW64\WmdmPmSp.dll

Filesize
26KB

MD5
1206e4963303e8bee838e27dd477bfa6

SHA1
2dc20adb0065c8e6724a6705a877afcfabcc6d3b

SHA256
8774ccf131e183f23c5cc87be188448f5352786ca68a7473e7059716f734faaa

SHA512
54942afb2873c7e8aa389025c43af7574384e93f958f840c84f2502a2dcd043deb795bb010b3451a5b18b11cc3904e1321b9b5d003e81c8b226b42a029cbbb50

Download Submit
C:\Windows\SysWOW64\helpsvc.dll

Filesize
40KB

MD5
609c6ac6848da38ff0b785339a9d9be1

SHA1
e8af561935850dea11b1055ca3b4252abdc7c446

SHA256
16ab07db224b00d84bedd73edd622cf7e917d654893bb422198e0c84028ccf79

SHA512
acbeae56f187da67bea159fcd98610d6ccaa4955fc73263572026baf077cab8d3f30283816568929ef5e893ed90f61e178da77cfb9365611b777ddf9aa9d13b9

Download Submit
C:\Windows\SysWOW64\helpsvc.dll

Filesize
71KB

MD5
f1033d334829a554b20c9372a794c624

SHA1
41bc1bf3d464f47a928c095c538cc238c1b8ffb3

SHA256
4c4e95a6d266def99de79453451bc297c977f327be96eefcc05405a35491e227

SHA512
271beb4a5d9baac5001432bcac7c6733cc34e967f9234f43aa2b8a4786c1530388a0b34acec695986ebb0fab1dad75e5948c57209d66832e8e5ccc15e895d441

Download Submit
C:\Windows\SysWOW64\uploadmgr.dll

Filesize
32KB

MD5
637be4f92c4b027562211ebb87abe2bc

SHA1
f9dfb655a0d97d9737211fd367eea3f198e79e46

SHA256
cb267249509d946fced35a10e8222e5c806ac1a32d3e4f17d0c31a183668b47c

SHA512
a624d0ccb335878df81b6e1f631d5988a1a032662ec977c71a13dc6442d5e312cc3127b57be1ce5cb68a8adf31fd5087a3504a77e276b29ef633cee591c656ed

Download Submit
C:\Windows\SysWOW64\uploadmgr.dll

Filesize
41KB

MD5
faf381aa37d9da9544ec0d45048db96f

SHA1
c42dcd7aa6f15fc3222563cf5df3dfc224998ef2

SHA256
a4739efb5eb23d1eaf9893eb25f067deb11786c6a2e154bceb008f3d07a1952c

SHA512
a806a1772c3cbd691d5fe2acd95d02640af7a5bb7fa8d3cf7c5161f4a717d512bc40a9e87d64676a77aca29f4086d3f96e240d84a5a0d5fe8e4783694cb22b63

Download Submit
C:\Windows\SysWOW64\uploadmgr.dll

Filesize
9KB

MD5
9c772a85310a10469e7ab4a715b4a22e

SHA1
d9fb6c2492ea88d7dae4c157177af0798b0104ee

SHA256
353cc50897d41fec60a917f9fa9cc6905ff42c74d1132f6adbfc3103a80c460e

SHA512
1b9d01e011810a681611c760c42d12638c720eac27977a3e75400670d715901abfd30a1dbf5a845ca6ccb58ba54a4c77fbb5c6a203340a3f2bbe285a01055114

Download Submit
\??\c:\windows\SysWOW64\fastuserswitchingcompatibility.dll

Filesize
150KB

MD5
3ddce9c690f9278efa9fc1c0af6d604e

SHA1
fa0d2367fa3f986d336d9e23320865dd6f99522a

SHA256
fb3f2d4a5a5cea538352dbd0174659b0e7d7ad8e9302c937c4b8bc72121e6896

SHA512
6d2ce3a89521bc10c8619ca38a95c28bf1295d329551248e92251834c09f1803d6d0e38328ce4f22be5532b6004053ac7e878a4cf3bdcb12fadfcfa9d6b6abc7

Download Submit
\??\c:\windows\SysWOW64\helpsvc.dll

Filesize
21KB

MD5
e7af01221c6ed418be8ec2391ae81142

SHA1
1b1fac3daf5d3ac9f54b14b129cdeb80dadbe415

SHA256
88bb7162cc66b095f622c9eb18b717f4a63154db2c0cde0fec06de196dd2d5a6

SHA512
8c8c5455679d56f335e60b6785be7f28faaaeee5e7e93107eae1946bf8504909d5827fb66cb45aa7cc6e184843c08aaeab07dbfb97ad0bec571c39c72bd5a139

Download Submit
\??\c:\windows\SysWOW64\logonhours.dll

Filesize
71KB

MD5
f4320fdcccfa21d75e3892ce66a2174a

SHA1
7a64cf2a85c238e1594b72259cee614b4d6019e8

SHA256
3b410036bf81bbf39d3896285ac1e759defa8191c59177e77118102b324022aa

SHA512
3f7846f8cc1c5b58a650e98f04499c6afae32e823f58353194272c0844d1403f80c15c2141b17770eb01ef7e8fb88705aaaae4de06f02b891d83489238b1da36

Download Submit
\??\c:\windows\SysWOW64\nwcworkstation.dll

Filesize
6KB

MD5
7ce15869d13eaee2fe76ef0b8cb5431d

SHA1
4569c90ac6ec044ed75c55488056c0454c40a1a7

SHA256
5330b7be8b947852fe744a76d3dbf7bbcd3c25ccfec509cf723ac6d685507728

SHA512
813172ae79a24975ee2b55f65f26d04f7d61ace8e4e58e92d7da6b3b88cabeda6c570559d97e5a7704da5b88ba20e2ddb16ce702b7436274d31356141095614f

Download Submit
\??\c:\windows\SysWOW64\nwsapagent.dll

Filesize
19KB

MD5
fb166992cdb8eb3f899a2d3d27e9ca38

SHA1
aa1b63b529fc9c2a396ee0f7a8f3c9ecdcd6fe14

SHA256
4d655d8b9dcfca8985db37f64bb30c308cc3c2fe9c26080bb7657aae9d42d990

SHA512
d74e13683624d018f07684c423eeb9b15c474cd86b364cb60100b0c412e0025e9afd7a5e300edc9d3281f8e01143819418e1efe120a9857148b8e7411832d920

Download Submit
\??\c:\windows\SysWOW64\pcaudit.dll

Filesize
10KB

MD5
25fefc6f54ae0132dc05226678657f13

SHA1
bf1a340375085c689a586f7dbc351056b059ff43

SHA256
c800913528c117035bd374e72f60ce126a520af71baa43ab3031e4b0df4f1b91

SHA512
124a34afa932b119c797f2febda9171de95be503abf7204d3f840aa175da74b822d8d0bc3b2a919a14eab7972a3e758e26020ea794562c6ad792312764d36db2

Download Submit
\??\c:\windows\SysWOW64\srservice.dll

Filesize
5KB

MD5
45894e92505a0a3b555e1736337ebae2

SHA1
9d446a88d1f9ebb6bdc692199d79a1b530d258cc

SHA256
19ac0d09687a5a9fd616dcbf217f4e163823bf341ebc2d7284cd29703ed0119b

SHA512
aced84ba8d248bd26118720b18092561fc1b8698e61a7be5d99f7275f0c679381fddd4bc443d5641eb5c1769419806df8018a4fa21955688b880d3fdb1a80c09

Download Submit
\??\c:\windows\SysWOW64\uploadmgr.dll

Filesize
64KB

MD5
916fa63683437d48b46c573ee61e0d2a

SHA1
59871ec28623c3f9cca95cc8789e9f47d3c34d62

SHA256
092b884609d2347e17474d019778905e52c5a5b20a774745960909b14ef283c7

SHA512
746ed7f6f3944d285f94e6923b958814282072fd2ba2aa75e2c299dbccb3a89f8011adc4722178666dd6cfd1cda3ef9f5dd4d4c7f692f5d740341ae75a7f6d9c

Download Submit
memory/1272-55-0x0000000000FB0000-0x0000000000FD5000-memory.dmp

Filesize
148KB

Download
memory/1272-35-0x0000000000FB0000-0x0000000000FD5000-memory.dmp

Filesize
148KB

Download
memory/1272-34-0x0000000000FB0000-0x0000000000FD5000-memory.dmp

Filesize
148KB

Download
memory/1972-19-0x0000000000F60000-0x0000000000F85000-memory.dmp

Filesize
148KB

Download
memory/1972-18-0x0000000000F60000-0x0000000000F85000-memory.dmp

Filesize
148KB

Download
memory/1972-15-0x0000000000F60000-0x0000000000F85000-memory.dmp

Filesize
148KB

Download
memory/1972-41-0x0000000000F60000-0x0000000000F85000-memory.dmp

Filesize
148KB

Download
memory/2692-49-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/2692-74-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/2692-48-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/2692-47-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/3076-31-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/3076-0-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/3396-8-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/3396-5-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download