db001c6ac85b2cdcd252f65a4a5091f0f6445eb337fbbe915bedd6522eb9474b

Analysis

max time kernel
119s
max time network
152s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
12/01/2024, 16:36

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

db001c6ac85b2cdcd252f65a4a5091f0f6445eb337fbbe915bedd6522eb9474b.exe
Size

13.3MB
MD5

b26efe28fd1efa9d4e974153b5cf3f60
SHA1

87345a67bb992763e0bc255c4373c1bcca665374
SHA256

db001c6ac85b2cdcd252f65a4a5091f0f6445eb337fbbe915bedd6522eb9474b
SHA512

7a22e567d2362a2413536a6ba66ef791fea6fae16485bd687288ee04ec463bca8d1589ea10b0a3b5a30096ddef32ea5dc3568e38ee47c8c9bb5376bd040b5d9b
SSDEEP

393216:3wq0PXKqtfkTSVhmJmUM2dFDElb4THANPHt:3wLOeV0Jm+/Kb4THANPN

Score

7^/10

discovery evasion trojan

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
604	NPE_technician.exe
2640	64.exe

Loads dropped DLL 12 IoCs

pid	Process
2932	db001c6ac85b2cdcd252f65a4a5091f0f6445eb337fbbe915bedd6522eb9474b.exe
2932	db001c6ac85b2cdcd252f65a4a5091f0f6445eb337fbbe915bedd6522eb9474b.exe
2932	db001c6ac85b2cdcd252f65a4a5091f0f6445eb337fbbe915bedd6522eb9474b.exe
2932	db001c6ac85b2cdcd252f65a4a5091f0f6445eb337fbbe915bedd6522eb9474b.exe
604	NPE_technician.exe
604	NPE_technician.exe
604	NPE_technician.exe
2596	cmd.exe
1244	Process not Found
1244	Process not Found
1244	Process not Found
1244	Process not Found

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	db001c6ac85b2cdcd252f65a4a5091f0f6445eb337fbbe915bedd6522eb9474b.exe

Drops file in Program Files directory 39 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\NIUBISoft\NIUBI Partition Editor Technician Edition\pro.api	NPE_technician.exe
File opened for modification	C:\Program Files\NIUBISoft\NIUBI Partition Editor Technician Edition\serv.api	NPE_technician.exe
File created	C:\Program Files\NIUBISoft\NIUBI Partition Editor Technician Edition\languages\DEU.lng	NPE_technician.exe
File created	C:\Program Files\NIUBISoft\NIUBI Partition Editor Technician Edition\languages\HUN.lng	NPE_technician.exe
File created	C:\Program Files\NIUBISoft\NIUBI Partition Editor Technician Edition\languages\SVE.lng	NPE_technician.exe
File created	C:\Program Files\NIUBISoft\NIUBI Partition Editor Technician Edition\uninst.exe	NPE_technician.exe
File created	C:\Program Files\NIUBISoft\NIUBI Partition Editor Technician Edition\tech.api	NPE_technician.exe
File created	C:\Program Files\NIUBISoft\NIUBI Partition Editor Technician Edition\languages\ARJ.lng	NPE_technician.exe
File created	C:\Program Files\NIUBISoft\NIUBI Partition Editor Technician Edition\languages\ENG.lng	NPE_technician.exe
File created	C:\Program Files\NIUBISoft\NIUBI Partition Editor Technician Edition\languages\BGR.lng	NPE_technician.exe
File created	C:\Program Files\NIUBISoft\NIUBI Partition Editor Technician Edition\languages\ESP.lng	NPE_technician.exe
File created	C:\Program Files\NIUBISoft\NIUBI Partition Editor Technician Edition\languages\TRK.lng	NPE_technician.exe
File created	C:\Program Files\NIUBISoft\NIUBI Partition Editor Technician Edition\languages\ROM.lng	NPE_technician.exe
File created	C:\Program Files\NIUBISoft\NIUBI Partition Editor Technician Edition\nbpe.lkeys	64.exe
File opened for modification	C:\Program Files\NIUBISoft\NIUBI Partition Editor Technician Edition\nbpe.lkeys	64.exe
File created	C:\Program Files\NIUBISoft\NIUBI Partition Editor Technician Edition\dm.api	NPE_technician.exe
File created	C:\Program Files\NIUBISoft\NIUBI Partition Editor Technician Edition\npe.exe	NPE_technician.exe
File created	C:\Program Files\NIUBISoft\NIUBI Partition Editor Technician Edition\languages\FIN.lng	NPE_technician.exe
File created	C:\Program Files\NIUBISoft\NIUBI Partition Editor Technician Edition\languages\HEB.lng	NPE_technician.exe
File created	C:\Program Files\NIUBISoft\NIUBI Partition Editor Technician Edition\languages\NLD.lng	NPE_technician.exe
File created	C:\Program Files\NIUBISoft\NIUBI Partition Editor Technician Edition\__tmp_rar_sfx_access_check_259413344	64.exe
File opened for modification	C:\Program Files\NIUBISoft\NIUBI Partition Editor Technician Edition\Website.url	NPE_technician.exe
File created	C:\Program Files\NIUBISoft\NIUBI Partition Editor Technician Edition\core2.dll	NPE_technician.exe
File created	C:\Program Files\NIUBISoft\NIUBI Partition Editor Technician Edition\languages\HRV.lng	NPE_technician.exe
File created	C:\Program Files\NIUBISoft\NIUBI Partition Editor Technician Edition\languages\NOR.lng	NPE_technician.exe
File created	C:\Program Files\NIUBISoft\NIUBI Partition Editor Technician Edition\languages\ITA.lng	NPE_technician.exe
File created	C:\Program Files\NIUBISoft\NIUBI Partition Editor Technician Edition\languages\JPN.lng	NPE_technician.exe
File created	C:\Program Files\NIUBISoft\NIUBI Partition Editor Technician Edition\languages\PTG.lng	NPE_technician.exe
File created	C:\Program Files\NIUBISoft\NIUBI Partition Editor Technician Edition\languages\RUS.lng	NPE_technician.exe
File created	C:\Program Files\NIUBISoft\NIUBI Partition Editor Technician Edition\core.dll	NPE_technician.exe
File created	C:\Program Files\NIUBISoft\NIUBI Partition Editor Technician Edition\languages\CHS.lng	NPE_technician.exe
File created	C:\Program Files\NIUBISoft\NIUBI Partition Editor Technician Edition\languages\CSY.lng	NPE_technician.exe
File created	C:\Program Files\NIUBISoft\NIUBI Partition Editor Technician Edition\languages\KOR.lng	NPE_technician.exe
File created	C:\Program Files\NIUBISoft\NIUBI Partition Editor Technician Edition\languages\PLK.lng	NPE_technician.exe
File created	C:\Program Files\NIUBISoft\NIUBI Partition Editor Technician Edition\languages\SLV.lng	NPE_technician.exe
File created	C:\Program Files\NIUBISoft\NIUBI Partition Editor Technician Edition\languages\UKR.lng	NPE_technician.exe
File created	C:\Program Files\NIUBISoft\NIUBI Partition Editor Technician Edition\languages\CHT.lng	NPE_technician.exe
File created	C:\Program Files\NIUBISoft\NIUBI Partition Editor Technician Edition\languages\ELL.lng	NPE_technician.exe
File created	C:\Program Files\NIUBISoft\NIUBI Partition Editor Technician Edition\languages\FRA.lng	NPE_technician.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

NSIS installer 14 IoCs

installer

resource	yara_rule
behavioral1/files/0x001000000001230d-13.dat	nsis_installer_1
behavioral1/files/0x001000000001230d-13.dat	nsis_installer_2
behavioral1/files/0x001000000001230d-15.dat	nsis_installer_1
behavioral1/files/0x001000000001230d-15.dat	nsis_installer_2
behavioral1/files/0x001000000001230d-22.dat	nsis_installer_1
behavioral1/files/0x001000000001230d-22.dat	nsis_installer_2
behavioral1/files/0x001000000001230d-24.dat	nsis_installer_1
behavioral1/files/0x001000000001230d-24.dat	nsis_installer_2
behavioral1/files/0x001000000001230d-20.dat	nsis_installer_1
behavioral1/files/0x001000000001230d-20.dat	nsis_installer_2
behavioral1/files/0x001000000001230d-25.dat	nsis_installer_1
behavioral1/files/0x001000000001230d-25.dat	nsis_installer_2
behavioral1/files/0x001000000001230d-17.dat	nsis_installer_1
behavioral1/files/0x001000000001230d-17.dat	nsis_installer_2

Modifies Internet Explorer settings 1 TTPs 43 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\DOMStorage\cybermania.ws\NumberOfSubdomains = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f047eba97545da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002213d23592f6d648a137f9bf65c22cfa00000000020000000000106600000001000020000000be869dbb2f1827f363f6d11053ca501bccb4cc37f0c60110a7e618ad75cfee27000000000e80000000020000200000003020949c3b289e65b083be5e3ced42baa705db4747246f68036dbf3542b1866990000000c0c2bb21d7f5ab1c01e3ecd0a15a23fc1416f3b1339dbba1853d56f910d7fbfcee2c724e062fc8277234c9c14f0833e0cdc528a39d60fe4b435d398ff60344593cb970b097830bfa6cc4e4c296d51fbec722965d984d30d31ae54d8a6fdf3cb9ae99a6f9135c68a6e158f7a9e377cbf0438623be68bd397532b4b0dcc8c6f5ec4a6671ca4dafe23baebc676fd894d5fe40000000b506a5962952bb7abdb86aa1c5f4c4c6eed8a3557fa9cbc0201f55428ddee106d903d2796fa86d340abc1d2d0c91512bfa7e347e7b71ab5e555fcaf8ba51ebb5	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D2400471-B168-11EE-B2BF-5E688C03EF37} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002213d23592f6d648a137f9bf65c22cfa00000000020000000000106600000001000020000000fd0ef18b162e213b0163a9487d0facda1e4a005db28bde66ddd7ed675e176ec1000000000e80000000020000200000000a0616885d02b6cc24e40bbe7fed97d4c0336b90702994ab42ead45da7e86c0720000000cbdd254100af8acd018c5f9fd098c40a2da88bba0fd9b04faad8de2630ac3c9140000000598cf1151a64e1e3d1158b48122068931063caaae5387b198215af5c572ead4fa3f868c2ade5d79ec07dc983ab15db09351beb5110fecf3a7a8d57ddf16e4467	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\DOMStorage\cybermania.ws	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "411239297"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe

NTFS ADS 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Local\Temp\RarSFX0\CyberMania.URL:favicon	IEXPLORE.EXE
File created	C:\Users\Admin\AppData\Local\Temp\www6DAD.tmp\:favicon:$DATA	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2252	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2252	iexplore.exe
2252	iexplore.exe
652	IEXPLORE.EXE
652	IEXPLORE.EXE
652	IEXPLORE.EXE
652	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 2932 wrote to memory of 604	2932	db001c6ac85b2cdcd252f65a4a5091f0f6445eb337fbbe915bedd6522eb9474b.exe	28
PID 2932 wrote to memory of 604	2932	db001c6ac85b2cdcd252f65a4a5091f0f6445eb337fbbe915bedd6522eb9474b.exe	28
PID 2932 wrote to memory of 604	2932	db001c6ac85b2cdcd252f65a4a5091f0f6445eb337fbbe915bedd6522eb9474b.exe	28
PID 2932 wrote to memory of 604	2932	db001c6ac85b2cdcd252f65a4a5091f0f6445eb337fbbe915bedd6522eb9474b.exe	28
PID 2932 wrote to memory of 2596	2932	db001c6ac85b2cdcd252f65a4a5091f0f6445eb337fbbe915bedd6522eb9474b.exe	30
PID 2932 wrote to memory of 2596	2932	db001c6ac85b2cdcd252f65a4a5091f0f6445eb337fbbe915bedd6522eb9474b.exe	30
PID 2932 wrote to memory of 2596	2932	db001c6ac85b2cdcd252f65a4a5091f0f6445eb337fbbe915bedd6522eb9474b.exe	30
PID 2932 wrote to memory of 2596	2932	db001c6ac85b2cdcd252f65a4a5091f0f6445eb337fbbe915bedd6522eb9474b.exe	30
PID 2596 wrote to memory of 2640	2596	cmd.exe	31
PID 2596 wrote to memory of 2640	2596	cmd.exe	31
PID 2596 wrote to memory of 2640	2596	cmd.exe	31
PID 2596 wrote to memory of 2640	2596	cmd.exe	31
PID 2252 wrote to memory of 652	2252	iexplore.exe	35
PID 2252 wrote to memory of 652	2252	iexplore.exe	35
PID 2252 wrote to memory of 652	2252	iexplore.exe	35
PID 2252 wrote to memory of 652	2252	iexplore.exe	35

C:\Users\Admin\AppData\Local\Temp\db001c6ac85b2cdcd252f65a4a5091f0f6445eb337fbbe915bedd6522eb9474b.exe
"C:\Users\Admin\AppData\Local\Temp\db001c6ac85b2cdcd252f65a4a5091f0f6445eb337fbbe915bedd6522eb9474b.exe"
1⤵
- Loads dropped DLL
- Checks whether UAC is enabled
- Suspicious use of WriteProcessMemory
PID:2932
- C:\Users\Admin\AppData\Local\Temp\RarSFX0\NPE_technician.exe
  "C:\Users\Admin\AppData\Local\Temp\RarSFX0\NPE_technician.exe" /S
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  PID:604
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\RarSFX0\32or64.cmd" "
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2596
- - C:\Users\Admin\AppData\Local\Temp\RarSFX0\64.exe
    64.exe
    3⤵
    - Executes dropped EXE
    - Drops file in Program Files directory
    PID:2640

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2252
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2252 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - NTFS ADS
  - Suspicious use of SetWindowsHookEx
  PID:652

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\NIUBISoft\NIUBI Partition Editor Technician Edition\npe.exe

Filesize
1.1MB

MD5
6f26134f5789809e31366b20188bdd14

SHA1
9bfbe78a33a47967bd25331bfe390948c4a26625

SHA256
729e25217d58a8a6a069f67d414a2c1ec2a65a92c3237d5d3e09f757fce2af1e

SHA512
fedd016b06995aca33e9dc66be3ef3897bc0b5b1febe2b7623d62458354b7a845c59524e712adb79b32910a7a4f562fbf471146cc4965a9f59759006d012cbad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
724B

MD5
ac89a852c2aaa3d389b2d2dd312ad367

SHA1
8f421dd6493c61dbda6b839e2debb7b50a20c930

SHA256
0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45

SHA512
c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_9E9C5BD522DEAFF0AF9BF0B0877DDF33

Filesize
472B

MD5
6568f7571a355e97cf89f51768193c92

SHA1
c312c34afaca3e37a4abe0e4edfeda626acd7dfe

SHA256
605fefc56ad427fdc96946f450d10b712ef24e141ce60bb96b29a5b83834beb7

SHA512
12b31c7ca700027a2201095b959121d5e9064d13f45c90a6a9865f55c19bcdd8568584f2f8e937b6450275395af17fad9fd0122aecac35df9a98841ca53306ec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
d2f76eb699bae4a1541983eb5666a593

SHA1
8e56abf0e4ed14132caca874ea3f39560865d1c5

SHA256
20763356efdc9c65b2324cb9c8a29b2a62ee6871e2f6f152d5fd9cd4658c1163

SHA512
0065e075c29a4b8a94f25352580456fcca5e1965df1817997e95cc8b92f905aa6d870c0645f41114a6bb0518ff624d0e2e3aef0589400746f594e6bedc956a4c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c62218a049ac36d9497addb2901a7d3f

SHA1
557b6b80c95448ffbe2a1c715f0b0a2f70f7846e

SHA256
219c768e0c7b20a594f528d6f0e6324187baa5aa33775a1c49619a2e55d7c2ac

SHA512
0c01e1eb1e3e33978f37d6eb1cddeea96a65c246cd73c7054751e253e634167ec19fa7bade211291b1cfb564a7d1af72acb80a99f3429cae5e68ccc498ab7ec1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
761c95c5ebcfa351e9e453157a603307

SHA1
771d5d153a73ff832c48c81fd75d6e14e3b446b5

SHA256
aebf9b5ec49b2187ccc2809d7b8593bf760301be5781558005c97231c231df48

SHA512
240c9ce6992cd128305af899091f49477eb16cf22550d0fa4ee265ed8c6cb6205ecd7fed4cde31a731d6e03f06f0bdb65428bbce65ed7484c7d07364fcaa2676

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3bf9c18cbffbb1cc84335142d32cfe89

SHA1
dc197a24b8214b94b379c954ab302fe90ce32cc9

SHA256
7a1f648aed2522c2a20d8cafd1d5d3217b6fbbe0df1f87babf3b37c05c5a3e2b

SHA512
bffff4bbfc95dd70ff772ab3a658530414ab3cb8ab5f563bb4a5093c1138e386767d3bf32a0b1fc54fc41f399f4252a5a04c53c2f533391254b4acdd48ba2ebd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9d8001cf159c90be0ef988497a1e8552

SHA1
7cddf009d7233c6fd2c61eed6343f392f3c82f1f

SHA256
70c21ff82c557093be0e89faeb03fee996a288aefaa9a5b7a2f889c1d91044db

SHA512
c560ffccb3ce71ba86bc0813c9f53a04a8dfe15088bda577840d01ea5b6181e97962a4b56e7a29e6562075d140f10afe262be63931dc45ebb804b7c1fc894745

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6ebd7ca58974f8afa4b495606425fcea

SHA1
33bb16257ba7b3144902b15315b82ed5ee249fc0

SHA256
379fa99419b5c83b269ed0f1e46f0a59ba1f0a55900fdef7a1456b3e769020bf

SHA512
55f2404bca4cea0814dfec66b3de4887a804e2647946ea6bc8d12506ba36a02897643631f512cf1f7cd56a16d2cd06159c15dc013ccd7767743cbd127dcac927

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4eff5d797b5a3b240c8d9441bd23605a

SHA1
09be909e9601a1701faba67216f40e39c68e73aa

SHA256
15c8d93e35f8638fd6de7f845862ed491a73e045cec2c657d24efe12d46d54ce

SHA512
82d8a65cb829f34d89490bda43ca8c5ceb90ebd8d3f09df522b408bead4b8decfa86d6336edde0ab94ff6900d33e72ef179d0fe44cbf2d6e530dc25590dca50e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
514e0b71d61f0f98b260444fc1c35e6c

SHA1
09178506646f88020cddad93a76487590dfcb0b2

SHA256
fe4dccd65100a2e1ee53cf36cfe1c857bbadab49b1a777fb3f18e996270e47d3

SHA512
57eb55d7994a75f18a2a9858c12f273c4577422e571d30484e8c366e3716660089a646c4e434e9e95bb39892fc721cbd58abf96746aea3987c471babaa462d06

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
15911d6a3ca89c5e4b0e1765a4710f5c

SHA1
56a62d9aa6847808d104132b6acd290336156cac

SHA256
7c9a8200ff4b12f9853becccbad79c73b63354d4b46de2e574e0f81c47061bc6

SHA512
dbf6328948971be3975d803ad8b54d51bcdd7e0bee33c9fd871c77fb4944b3778c3ff2d1df59ed2dae110428e487184aae2db2124e9950b4bfaf280cae0bb9c8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cd35aa93fdaa914498c568f67271ee94

SHA1
cebdedf3a7fc2b56aa8b0fe8066d07404cc4d417

SHA256
fc6e1e7b8b7df835bebb4bcfbf41a2c82367a043e8411829216566bb246741f1

SHA512
8ea570277f2d386c1e3e7ef3fa68f9501a20043b0ea668f5391832ff485833c44290a366915553f28bc4bab7af0ad71591497255a2d1a9a6148f57f8b1ff093d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b201098ce44df0c5026a41bd239482d8

SHA1
aa0801ea199807b519f56f90317ea72a477ced31

SHA256
59a3c647dd69c133bc9369de1472d591a95c44d0f0d96102f08c37676a810e30

SHA512
ce9a46c1f24ecbf84c40af31ab39e986dda40ff5582d6abaf8bcff48c96546a47258d1ab05e0bc23669bdd2fbd08f7945c9c7f02a4682d7ef13dcc657c51fead

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
157e0496c126a6a72933cb1287e5ff3f

SHA1
676bf6119d124a1379ff7a7fc070a6b6d4f1539d

SHA256
7d815e0fbb69026585f3e5438830b0f6daae818cc543bae986a09b75cf8e1541

SHA512
a05d2923d76e452b64340b54772021352779b604f75e535e8821c210bbfc34b01f96f5abee92d8364ad8295c6720d6696c2e0547c5078e60c9924f4889c08c8f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d250227d5d07f2f7521bcbadbf9cfe84

SHA1
bd883c8474e0796fd3a78d650d4b2a1dc1951ec9

SHA256
e8603beeef9ffae126ddd1fbd4bc3deebe4b33307ded68df7425801da227eb5b

SHA512
7995fe1468a097ff441a2ab1f8050698214bd0aff2a43298e0e88ef0b992a64909f420a1756f4270a0b3678f1405629757bd14780332db907c21fb79830b4acf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
83cfd2668f380aa3db14d34f00df6a82

SHA1
b7218b272fec5403a220b6f835ec98ff9d2ce145

SHA256
c78d440278a4d1a5d12ecbef916aa0ff4036ca5f5d13b5243539968a6a48131d

SHA512
5616db4f3f36484418884ca333abe6d4f2c605184a0b24c5a72981808eec856971a04be110f61468236de09d8b3cd9458591b6c877b400b633035ae2ffde68c4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1ac6f5cd842f793441b2d431b7eceae6

SHA1
caad4e762fe21bfb3d2ace168638fe01823b3aba

SHA256
15c27c58641759295385afdfdc37f22f83efd23af1b35f1059862748c43b9869

SHA512
07c0490810c57d62df11e807705a44cf0169f7bd4af52816f6ad254534acfdb24879e0e2197ea21f8fdec6522d97ad49ef8df0f57a3710068aa80306dceb01c7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
9551791fbfe8e9255c1778ef4def4575

SHA1
31d8d418a797783380de156df256a93ac7356722

SHA256
1dbf3692cd050e8fd2cd55f4abdef071495e556c18cfc0def9fdd52ad6eaa458

SHA512
6118b5d0e1273708c1e9498caf95efb8c09d51c14d8df5893bbe7089eb4727ee9a8d2ca0ab2d9de5485d72f3ea07d7493c6de4d22635ed696d74320961126059

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
13477846933f5ff1680e1d27544b30a1

SHA1
58d0d50d1ca5769269e787c6fc427ff144164cf6

SHA256
c87bdb730ef0aa3cd346c52871851535ceec7eacc65508213c2536bbf4e1a6ad

SHA512
0982bfe1e5ee9a006f59bc9cbb908821fe4c296a0ccb91917a6a40276ac18b9602c97c1f063a6e17d6359e1d9df36c18c5c4ba355658307bd87ab4b278877cf7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_9E9C5BD522DEAFF0AF9BF0B0877DDF33

Filesize
406B

MD5
a890e9ea64d264107fd16ebfff9b4ab2

SHA1
c7982a8696770fa81d5147b7592da31c6b15fc73

SHA256
6ba67d046eb8f3193d3bf781297f578deb973c649cf784a4b4d43abd7fa4711c

SHA512
9ca29e000ae3d2a2f31efb69f65adb7ab5be9f3f1ce6a0e760727d339bdd5a2e47fc11b3dde6c5a05efdcff09153098db01614ee9298a6aab8f20f78d6739342

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_9E9C5BD522DEAFF0AF9BF0B0877DDF33

Filesize
406B

MD5
3d309a5b3a8c4a3dd1d466038ccdf118

SHA1
4d73875bbc58496384435b33033882ca1a1448a0

SHA256
01d91ce576eaf271259a69ab26c7e0aa15203c2c1f20f49af0b0720e4088dc01

SHA512
649f1a378d693f1f4e75968b1f2ac0dcd63053866ef8fb8a404c6ca9129e99c1e78664e9bba8d09924605e3471113ea776e65cca74d9624c48c9b6a07c32d441

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
6b2919f0c4cb6c3c1110297b9e31eef3

SHA1
65cad328d53de9ebb4ce8d98b98b375b5e465eea

SHA256
725b8907a7d3649968f3f327a2dfab28a6da29a100d3f2b18854dc81b9746f14

SHA512
eca92224b246716c286795de4fbb3eeeea551cbd389a17565ff5fd8f7efcd3caf168dd0f31b86094162ef4c9235f68dc38797bc1c2a8972fd870edf7fa551505

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\t83hqs9\imagestore.dat

Filesize
46KB

MD5
4f0e7497718dbceccef927c0e11b016c

SHA1
bbe3903bddaced358a90458db47acef5639b5698

SHA256
f394e31dcdabbec06723fbe5e3633c3b6f991da51d9f57a7d3c3193abb64e8af

SHA512
6a1a95361f48317f84c8a7b07a2ef78f593a7cfb08285855ba879d1a97fba2aba3850cad2a6777a56fd312b67aeda61f306a7650f9d2a453d220a0b47589ffda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6WEH2YLI\CM-150x150[1].png

Filesize
46KB

MD5
31db7220cba8c01f89b5bcf0f3dc34de

SHA1
bf1a95415b419f94908982822ae421d4a2a9b7f2

SHA256
c052478b6204bc11443987e036d70d51e0f22186b7bd6c9616b794ccbcd44dd0

SHA512
771725dd0fa07ca6e26df2cbe155f5c39fb803ae47b9ae3b1d0cf24778c78578e1f31ac687291946a905890239fada09d58b38c80526de86d02133c230948adc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YT4IJQ91\f[1].txt

Filesize
115KB

MD5
96f73102b9c3d6599d8a5244cb8a4ca2

SHA1
481609ff5e50120eb051e467b1fa273c009bcccc

SHA256
f7677c2c612cdfb7263d3b9bc7e48d6ee962e97d7a60348346a1077edc56be25

SHA512
007900ca571e3b7b635e474fa7429cbc932e48063d330cff5c2f96ef5f15039a27153257f2e8dae86936b3d024445a432578039a3769760725b8b3aca33b62ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab61A2.tmp

Filesize
45KB

MD5
dc38d629e51926a750b443772d7c8c65

SHA1
2868765523e76b2e6706f18ecb665f4631a00d00

SHA256
21a98ea45d4ca76fc03cd769b01345da379395b41295e1506644149d0a378883

SHA512
beb8198332e8771a0475a925a4b31a8a80df9a04dc889442d1a4e024b1b66709acc3e347d50af1868d5d0c351d489cd454fc2523f752ea9dec56b9a9d6048ef4

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\32or64.cmd

Filesize
170B

MD5
9d15c7c545ea5000158bca430fa2eb51

SHA1
d1a2dfb3933dba8bab39d130b40f70d3377a06c2

SHA256
acf4ed062291ad62836e71692c887a8a04bc6af20863d1481afd00db48632754

SHA512
4a5b3399bb3b4f46eecad6425748312503893b6b4d301d9a5d4e2332a87b5df143d65ee7b8c7c246e7bebb06847c57e46bc7255c1a440cc44fa64a21e0546489

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\CyberMania.url

Filesize
4KB

MD5
f89e823b83f9edc863ae9e35ea0a5949

SHA1
12db7e3d70e47bd97df335c74cd7323dc48a778d

SHA256
7fba1e8849a88298272be247c2b22ef4a50ac1bc4c83a4c02848bc131e622088

SHA512
d3e297af4eeeb3b8201381fddc426c33ab543db80c0da2ef7ee000ad773cf6895d7221ec17b95806377ea74488f8db7354e23d13c43d87599f6b02631e379d35

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\NPE_technician.exe

Filesize
1024KB

MD5
7b24be3c80b3f9b9f3dca4d8866749a8

SHA1
8529635ea09664d78e999c1a4500e6c6533975e4

SHA256
202706410fd4365f1cc8bf8a2b6dbfb4f253756564a7769eaf7099d9278c49de

SHA512
05dcd7945be9caed815a2c2205ad115edd75ca0488f453a7c74222f089048de0c911b4a0145806b524509ee65ef76cac6f3f14bf0e0f960e7139edb5868d560a

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\NPE_technician.exe

Filesize
91KB

MD5
68d124edf9b2ffc4e49ca09af59ebbbf

SHA1
09281a77dfd9e7c4545004892320cf5a878fb788

SHA256
9edaba69b5d470a0495684bd7fc6af2c5f4dcf86ed21c403ae65b41f93cb91b0

SHA512
162d43a3eb64c9e9d65bf050db9b92e4caf8ce12326f7e6254c6cf3fdd0e19c8852e42e1b4dedfeb0484ddf972c15161a404eeb24ee271da3f8a822b4e9aed71

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\NPE_technician.exe

Filesize
369KB

MD5
71be9a94b4ba9626630c0e5d781696c2

SHA1
fe73882ec3ff544c8193d0f1cb441506596721d4

SHA256
3efc88075f3182f47fb52d692cd1cdbc30a8b75fcda5bb92b33262ac26603df7

SHA512
2810ab01ee4352ad4d6f03a4626791942acbbbb0e4e4a8ba54bd8aadbd793ed4b4db6947dd915c901a3c320d7d709c439f1e9a9cafb4628c08916de33748e3d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar6212.tmp

Filesize
45KB

MD5
cae17bc9c5d74e0e1142b20a7889efdb

SHA1
cfea5f7d29a7dad0a1a25daf18a0cd4cb79cac86

SHA256
4d74c7d252b593f92d04a5538ff5688a4ec720ab664ac723512fbcfa3f5ab691

SHA512
42ba66aa767f8a15ce38f9e72990fe41e4fb2d7266e4334be0bcb7db7ac7eb38e7f3b424bb4fc5583197257e9fefc11ab19285f0881a054f338463fefb483dfd

Download Submit
\Program Files\NIUBISoft\NIUBI Partition Editor Technician Edition\npe.exe

Filesize
1001KB

MD5
331367521fdf5d377dbafb592f937848

SHA1
d10b1de80fd8dfd0d4a9d659dc0561f664fe53b0

SHA256
d667e5ac7cfbeda850182589e68910eac1159f83f03c9845ff3c502b2cbf56cd

SHA512
8f74ce7eb5402160166e50c3c8fc311f5108e654bd598d5ab1586da399f2452308bed17b894b8e236ddba74cac151f3893cfb05be83334968f32c6e845a3bfe1

Download Submit
\Program Files\NIUBISoft\NIUBI Partition Editor Technician Edition\npe.exe

Filesize
1.4MB

MD5
da142bd09e5f2187921e24087c4b144e

SHA1
8bb34f689829fdd46ecb2c8375abd069607474a5

SHA256
dd4807c0b2b8ee68d4d7f279e3371363bc108ce5c4599d0c70ba1c097a5e37aa

SHA512
c0b760c63a49251883f5afd3077e175add5ce82c2693007b39d0c9f7d2ab4ce6fef695645f615eb380eba964fd5ba1487500e9d2340500a6ee00c6fe7f9d7811

Download Submit
\Program Files\NIUBISoft\NIUBI Partition Editor Technician Edition\npe.exe

Filesize
981KB

MD5
27bd9952b30ff67af365c56f38df6835

SHA1
ed69b7bdbb8524c88b9a44def785cc5fe7c0a7f0

SHA256
dab34e507c323a6584086ae11f639c522bb688477d6b01a50ecd87cd49a83133

SHA512
84c56c457dfa6ea92c7a79892b5992dedfc6b08f2ce645b2486d78367fe8fd1699edb6716b7f6da4ab875714bed7f26fdfd152072acc22172a136c40831595ec

Download Submit
\Program Files\NIUBISoft\NIUBI Partition Editor Technician Edition\npe.exe

Filesize
1.9MB

MD5
8ac733fe9f65bbc2eea0c72d791aacec

SHA1
7d4d0c6fc55bd0cb4670cdd68f23201b6a3ccdad

SHA256
fb8143cda9ce03cb2e2e10454e6bda546aa8a5ad85b6926b239e545e638b27ed

SHA512
364453c3a0ef34c9be25c671421e8ed33bec3b7eb200f2af92883e09ee0d09ceaa9dd520ad43d70ee6f3c39ffc7e77a9fc9dee3b676663e9c721b001a9419afb

Download Submit
\Program Files\NIUBISoft\NIUBI Partition Editor Technician Edition\npe.exe

Filesize
1.5MB

MD5
02391775202e4c84eba38b48051fc083

SHA1
28dae1c8b795a68f32c691d2cc7392028f80f234

SHA256
385e6e0b5350282c5cf37208d4d098828a797d837de16bfefa127fa19924b3bc

SHA512
9667bcb65017439061a2361146f0fdfac690452d01f0ea8091e2c4e4fa8f824479ea39153fea1dc7d0553b5e4a9af64ff63bc1afabf4d64e1e3cb2694c4abeb9

Download Submit
\Program Files\NIUBISoft\NIUBI Partition Editor Technician Edition\npe.exe

Filesize
1024KB

MD5
ecd347aa8f6ab90718665007b9166eee

SHA1
ea675efd79bc25974849a8b7ab49023e2905c752

SHA256
bf92a1101c4412d3b5f9fea3aaa405c034535c150d2dfaf7a6ce7bb8c0a54f11

SHA512
e1f6e05c5294c2a9c3f7c455511eea29fdf1898ac3b287d6ddddcf94c3fb012e554257b9367c53ea7cbe947b6eb60acf3d007fa7e1e22414c7c3c911916537e7

Download Submit
\Users\Admin\AppData\Local\Temp\RarSFX0\64.exe

Filesize
458KB

MD5
0c70cb8f824072c6c6af931e5e86ef18

SHA1
7efed30abab31de7755b6cc2a6590af836d53e59

SHA256
f34705ea58f1f3d986773b76d6d77fb2d1cdcf1c99b1cb444d7e0ac28e6d2636

SHA512
bbede783e286d2e21713d835cae9d2d488a784e0d2154901676efd6fd843089b27450cbbc60b7b57b7f71281ed2a703ffa6f516550fb0d9a4314dde25440d4f8

Download Submit
\Users\Admin\AppData\Local\Temp\RarSFX0\NPE_technician.exe

Filesize
1.6MB

MD5
b0edae2e1bbd010dae07509e3049f68d

SHA1
69b2a3360be1804174c35ff35751c1c20386f29c

SHA256
f857ea19d42a6babdcf4f7ccd6a1c2ca3b7f2283dddf38d19c7756cd673f7b53

SHA512
e3618a9436229dc868ef398349aa4672a20a92cee3b0b7049a9a7798e3c8f982ee1d178e0eb54272309798bb6dead9eeaca7d24cfdad49ed2ad91a50c53b1bdf

Download Submit
\Users\Admin\AppData\Local\Temp\RarSFX0\NPE_technician.exe

Filesize
2.3MB

MD5
eebc159c5d9c7ba1e51f7b06d0ef9a3a

SHA1
dd349329c8c645eec15a1a3d56ad795a5ada46e9

SHA256
b56b9637ab816018a4027b74616556bb0740755d72ad60913a8ae8ccd50b07fb

SHA512
5583f6ca6864dbb1f769a4abef96858735b9c4a9933d3341d380f91ddea27be5f5b2425bb3d763d0a333055a85d6c79d705539ba39903ded8918b99e26369003

Download Submit
\Users\Admin\AppData\Local\Temp\RarSFX0\NPE_technician.exe

Filesize
93KB

MD5
e7b3920269af7de2a6be50231613f4a8

SHA1
18f9693ca0d639509a7b2cecb05b8311ef28f37b

SHA256
1a12544a10919bee49a15c448b439dbcb8e8d1fc8616c6b445d9671fd0b6f1b7

SHA512
40ec1a9663576c5491cdf8d935cbddc7ea480987bc6d91406a2c75dbb2ac2bc1aa335ebe8e0498414e7adaddde12300dc29f8f437565313f96592e267daf9645

Download Submit
\Users\Admin\AppData\Local\Temp\RarSFX0\NPE_technician.exe

Filesize
85KB

MD5
e5e27827104f8a2fb60e5144edb60eb6

SHA1
ef217454f76c9454ec58903c127736964c192eef

SHA256
763a1738714e777a4c9662f245f2c4d70e65ca4216e5126df961b39a0ebb89ce

SHA512
15fd6950e7c316d949ac43b1ca70e9f6d04c0fcfd0512c94d3c8f631f97cff5b233de7b6e8ec6a8e348feef27a29f3e96dab28900141b69f2567ec5600a607fb

Download Submit
\Users\Admin\AppData\Local\Temp\nst457B.tmp\System.dll

Filesize
11KB

MD5
fbe295e5a1acfbd0a6271898f885fe6a

SHA1
d6d205922e61635472efb13c2bb92c9ac6cb96da

SHA256
a1390a78533c47e55cc364e97af431117126d04a7faed49390210ea3e89dd0e1

SHA512
2cb596971e504eaf1ce8e3f09719ebfb3f6234cea5ca7b0d33ec7500832ff4b97ec2bbe15a1fbf7e6a5b02c59db824092b9562cd8991f4d027feab6fd3177b06

Download Submit
memory/2932-109-0x00000000031E0000-0x00000000031E2000-memory.dmp

Filesize
8KB

Download