kinsing | 300fe6224578b1254a43444f7e1783dd608a6c065d4e6089e7560e719fc787b2

Analysis

max time kernel
134s
max time network
162s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25-01-2024 17:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Setup_s34.exe
Size

81KB
MD5

790d506cbf467ed499fcb03d311e405e
SHA1

2d4c2a6f8b11498f736b8432cf016c98fbd45a1b
SHA256

236f71b0e60e1025c1bfb7ee85b7c156a81428427eeb04d215ed265e2a3d01a5
SHA512

210e080c7cfccf7e3511bbc9128e25a2e87200cb2deb5cf4924d7f47fcd2bf9c6a83a819d1a23116126fee323978aabc1db5d4a10d324b9643627f601d0a8d42
SSDEEP

1536:sm0D+h7JiBvgGeRT9ZSdNoRJP5gk8WmSAybU7JfjOagXdLLWPBVJCK2PKKkYM5M0:oD+JYBIzT9ZwNoRJPB8uAd7AafnhVX51

Score

10^/10

kinsing adware bootkit discovery loader persistence stealer upx

Malware Config

Signatures

Kinsing
Kinsing is a loader written in Golang.
loader kinsing

ACProtect 1.3x - 1.4x DLL software 2 IoCs

Detects file using ACProtect software.

Processes:

resource	yara_rule
behavioral4/files/0x0002000000022775-3.dat	acprotect
behavioral4/files/0x000a000000023031-17.dat	acprotect

Loads dropped DLL 8 IoCs

Processes:

Setup_s34.exerundll32.exerundll32.exerundll32.exerundll32.exe

pid	Process
648	Setup_s34.exe
648	Setup_s34.exe
648	Setup_s34.exe
4124	rundll32.exe
2552	rundll32.exe
648	Setup_s34.exe
3320	rundll32.exe
4888	rundll32.exe

UPX packed file 8 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral4/files/0x0002000000022775-3.dat	upx
behavioral4/memory/648-5-0x0000000010000000-0x0000000010011000-memory.dmp	upx
behavioral4/files/0x000a000000023031-17.dat	upx
behavioral4/memory/2552-25-0x0000000010000000-0x0000000010011000-memory.dmp	upx
behavioral4/memory/648-23-0x0000000010000000-0x000000001001C000-memory.dmp	upx
behavioral4/memory/4124-27-0x0000000010000000-0x0000000010011000-memory.dmp	upx
behavioral4/memory/3320-37-0x0000000010000000-0x000000001001C000-memory.dmp	upx
behavioral4/memory/4888-40-0x0000000010000000-0x000000001001C000-memory.dmp	upx

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Installs/modifies Browser Helper Object 2 TTPs 4 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

Processes:

Setup_s34.exe

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6A512BF7-EC78-4e8d-9841-6C02E8FA9838}	Setup_s34.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6A512BF7-EC78-4e8d-9841-6C02E8FA9838}\	Setup_s34.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6671A431-5C3D-463d-A7CF-5587F9B7E191}	Setup_s34.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6671A431-5C3D-463d-A7CF-5587F9B7E191}\ = "MMSAssist"	Setup_s34.exe

Writes to the Master Boot Record (MBR) 1 TTPs 2 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

Processes:

rundll32.exerundll32.exe

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	rundll32.exe
File opened for modification	\??\PhysicalDrive0	rundll32.exe

Drops file in System32 directory 2 IoCs

Processes:

Setup_s34.exe

description	ioc	Process
File created	C:\Windows\SysWOW64\std.ini	Setup_s34.exe
File created	C:\Windows\SysWOW64\stdup.dll	Setup_s34.exe

Drops file in Program Files directory 2 IoCs

Processes:

Setup_s34.exe

description	ioc	Process
File created	C:\Program Files (x86)\MMSAssist\MMSAssist.dll	Setup_s34.exe
File created	C:\Program Files (x86)\MMSAssist\mms.ini	Setup_s34.exe

Modifies Internet Explorer settings 1 TTPs 7 IoCs

adware spyware

Modify Registry

T1112

Processes:

Setup_s34.exe

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{6671A433-5C3D-463d-A7CF-5587F9B7E191}\CLSID = "{1FBA04EE-3024-11d2-8F1F-0000F87ABD16}"	Setup_s34.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{6671A433-5C3D-463d-A7CF-5587F9B7E191}\ClsidExtension = "{6671A432-5C3D-463d-A7CF-5587F9B7E191}"	Setup_s34.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{6671A433-5C3D-463d-A7CF-5587F9B7E191}\MenuText = "MMSAssist¹¤¾ßÌõÉèÖÃ"	Setup_s34.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{6671A433-5C3D-463d-A7CF-5587F9B7E191}\MenuStatusBar = "´ò¿ªMMSAssist¹¤¾ßÌõÉèÖÃ½çÃæ"	Setup_s34.exe
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Software\Microsoft\Internet Explorer\MenuExt\ >> ²ÊÐÅ·¢ËÍ <<	Setup_s34.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\MenuExt\ >> ²ÊÐÅ·¢ËÍ <<\ = "res://C:\\Program Files (x86)\\MMSAssist\\MMSAssist.dll/mms.htm"	Setup_s34.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{6671A433-5C3D-463d-A7CF-5587F9B7E191}	Setup_s34.exe

Modifies registry class 64 IoCs

Processes:

Setup_s34.exe

description	ioc	Process
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6671A432-5C3D-463d-A7CF-5587F9B7E191}\ProgID	Setup_s34.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6A512BF7-EC78-4E8D-9841-6C02E8FA9838}\ = "std software"	Setup_s34.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6A512BF7-EC78-4E8D-9841-6C02E8FA9838}\InprocServer32\ThreadingModel = "Apartment"	Setup_s34.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB45CE36-C280-4525-BCF9-1BD01D3E4B57}\ProxyStubClsid32	Setup_s34.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{74289A79-E652-4A57-A6B9-EE64AD532A8D}\ProxyStubClsid32	Setup_s34.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{74289A7A-E652-4A57-A6B9-EE64AD532A8D}\TypeLib	Setup_s34.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MMSBho.MMSAssistMenu\CurVer\ = "MMSBho.MMSAssist.1"	Setup_s34.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6671A431-5C3D-463d-A7CF-5587F9B7E191}\ = "MMSAssist"	Setup_s34.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{22F87D75-7DD1-4545-94B3-CA80C0F462C6}\1.0\HELPDIR\ = "C:\\Windows\\System32"	Setup_s34.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB45CE36-C280-4525-BCF9-1BD01D3E4B57}\ProxyStubClsid32	Setup_s34.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{74289A79-E652-4A57-A6B9-EE64AD532A8D}\ = "IMMSAssist"	Setup_s34.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{74289A79-E652-4A57-A6B9-EE64AD532A8D}\TypeLib	Setup_s34.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MMSBho.MMSAssist	Setup_s34.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6671A431-5C3D-463d-A7CF-5587F9B7E191}\VersionIndependentProgID\ = "MMSBho.MMSAssist"	Setup_s34.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6671A431-5C3D-463d-A7CF-5587F9B7E191}\TypeLib	Setup_s34.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{22F87D75-7DD1-4545-94B3-CA80C0F462C6}\1.0\0\win32	Setup_s34.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB45CE36-C280-4525-BCF9-1BD01D3E4B57}\TypeLib	Setup_s34.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MMSBho.MMSAssist\CLSID	Setup_s34.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6671A432-5C3D-463d-A7CF-5587F9B7E191}\TypeLib\ = "{077525AC-C681-4139-8C3E-B582BDD375C7}"	Setup_s34.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6A512BF7-EC78-4E8D-9841-6C02E8FA9838}	Setup_s34.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6671A431-5C3D-463D-A7CF-5587F9B7E191}\ = "MMSAssist"	Setup_s34.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{077525AC-C681-4139-8C3E-B582BDD375C7}\1.0	Setup_s34.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{74289A7A-E652-4A57-A6B9-EE64AD532A8D}\ProxyStubClsid32	Setup_s34.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MMSBho.MMSAssist\CurVer\ = "MMSBho.MMSAssist.1"	Setup_s34.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6671A431-5C3D-463d-A7CF-5587F9B7E191}\ProgID	Setup_s34.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB45CE36-C280-4525-BCF9-1BD01D3E4B57}\TypeLib\ = "{22F87D75-7DD1-4545-94B3-CA80C0F462C6}"	Setup_s34.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6671A431-5C3D-463D-A7CF-5587F9B7E191}\InprocServer32\ThreadingModel = "Apartment"	Setup_s34.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MMSBho.MMSAssist.1	Setup_s34.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MMSBho.MMSAssistMenu	Setup_s34.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6671A431-5C3D-463d-A7CF-5587F9B7E191}\VersionIndependentProgID	Setup_s34.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB45CE36-C280-4525-BCF9-1BD01D3E4B57}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	Setup_s34.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{74289A7A-E652-4A57-A6B9-EE64AD532A8D}\TypeLib\Version = "1.0"	Setup_s34.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MMSBho.MMSAssist\ = "MMSAssist BHO"	Setup_s34.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6671A431-5C3D-463d-A7CF-5587F9B7E191}\InprocServer32\ = "C:\\PROGRA~2\\MMSASS~1\\MMSASS~1.DLL"	Setup_s34.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6671A432-5C3D-463d-A7CF-5587F9B7E191}\ProgID	Setup_s34.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6A512BF7-EC78-4E8D-9841-6C02E8FA9838}\InprocServer32\ = "C:\\Windows\\SysWow64\\stdup.dll"	Setup_s34.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MMSBho.MMSAssistMenu.1	Setup_s34.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6671A432-5C3D-463d-A7CF-5587F9B7E191}\Programmable	Setup_s34.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6671A431-5C3D-463d-A7CF-5587F9B7E191}\TypeLib	Setup_s34.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{74289A7A-E652-4A57-A6B9-EE64AD532A8D}\TypeLib\ = "{077525AC-C681-4139-8C3E-B582BDD375C7}"	Setup_s34.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{74289A7A-E652-4A57-A6B9-EE64AD532A8D}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	Setup_s34.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MMSBho.MMSAssist.1\ = "MMSAssist BHO"	Setup_s34.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6671A432-5C3D-463d-A7CF-5587F9B7E191}\ = "MMSAssistMenu"	Setup_s34.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{077525AC-C681-4139-8C3E-B582BDD375C7}\1.0\HELPDIR	Setup_s34.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{74289A79-E652-4A57-A6B9-EE64AD532A8D}\ProxyStubClsid32	Setup_s34.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{74289A7A-E652-4A57-A6B9-EE64AD532A8D}	Setup_s34.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{077525AC-C681-4139-8C3E-B582BDD375C7}\1.0\0	Setup_s34.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{077525AC-C681-4139-8C3E-B582BDD375C7}\1.0\0\win32	Setup_s34.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{74289A7A-E652-4A57-A6B9-EE64AD532A8D}\TypeLib\Version = "1.0"	Setup_s34.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6671A432-5C3D-463d-A7CF-5587F9B7E191}\InprocServer32	Setup_s34.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{22F87D75-7DD1-4545-94B3-CA80C0F462C6}\1.0\ = "Ad 1.0 Type Library"	Setup_s34.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{22F87D75-7DD1-4545-94B3-CA80C0F462C6}\1.0\0	Setup_s34.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB45CE36-C280-4525-BCF9-1BD01D3E4B57}	Setup_s34.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{74289A79-E652-4A57-A6B9-EE64AD532A8D}	Setup_s34.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MMSBho.MMSAssist\CurVer	Setup_s34.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{22F87D75-7DD1-4545-94B3-CA80C0F462C6}\1.0\FLAGS	Setup_s34.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{077525AC-C681-4139-8C3E-B582BDD375C7}\1.0\FLAGS	Setup_s34.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{077525AC-C681-4139-8C3E-B582BDD375C7}\1.0\HELPDIR\ = "C:\\PROGRA~2\\MMSASS~1"	Setup_s34.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{74289A79-E652-4A57-A6B9-EE64AD532A8D}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	Setup_s34.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6671A431-5C3D-463d-A7CF-5587F9B7E191}\ = "MMSAssist BHO"	Setup_s34.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6671A431-5C3D-463d-A7CF-5587F9B7E191}\Programmable	Setup_s34.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB45CE36-C280-4525-BCF9-1BD01D3E4B57}\ = "IAxObj"	Setup_s34.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6671A431-5C3D-463d-A7CF-5587F9B7E191}\ProgID\ = "MMSBho.MMSAssist.1"	Setup_s34.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6671A432-5C3D-463d-A7CF-5587F9B7E191}\VersionIndependentProgID\ = "MMSBho.MMSAssistMenu"	Setup_s34.exe

Suspicious use of WriteProcessMemory 12 IoCs

Processes:

Setup_s34.exe

description	pid	Process	procid_target
PID 648 wrote to memory of 4124	648	Setup_s34.exe	89
PID 648 wrote to memory of 4124	648	Setup_s34.exe	89
PID 648 wrote to memory of 4124	648	Setup_s34.exe	89
PID 648 wrote to memory of 2552	648	Setup_s34.exe	90
PID 648 wrote to memory of 2552	648	Setup_s34.exe	90
PID 648 wrote to memory of 2552	648	Setup_s34.exe	90
PID 648 wrote to memory of 3320	648	Setup_s34.exe	91
PID 648 wrote to memory of 3320	648	Setup_s34.exe	91
PID 648 wrote to memory of 3320	648	Setup_s34.exe	91
PID 648 wrote to memory of 4888	648	Setup_s34.exe	92
PID 648 wrote to memory of 4888	648	Setup_s34.exe	92
PID 648 wrote to memory of 4888	648	Setup_s34.exe	92

C:\Users\Admin\AppData\Local\Temp\Setup_s34.exe
"C:\Users\Admin\AppData\Local\Temp\Setup_s34.exe"
1⤵
- Loads dropped DLL
- Installs/modifies Browser Helper Object
- Drops file in System32 directory
- Drops file in Program Files directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:648
- C:\Windows\SysWOW64\rundll32.exe
  "C:\Windows\System32\stdup.dll",EasyFunc
  2⤵
  - Loads dropped DLL
  - Writes to the Master Boot Record (MBR)
  PID:4124
- C:\Windows\SysWOW64\rundll32.exe
  "C:\Windows\System32\stdup.dll",EasyFunc
  2⤵
  - Loads dropped DLL
  PID:2552
- C:\Windows\SysWOW64\rundll32.exe
  "C:\PROGRA~2\MMSASS~1\MMSASS~1.DLL",EasyFunc
  2⤵
  - Loads dropped DLL
  - Writes to the Master Boot Record (MBR)
  PID:3320
- C:\Windows\SysWOW64\rundll32.exe
  "C:\PROGRA~2\MMSASS~1\MMSASS~1.DLL",EasyFunc
  2⤵
  - Loads dropped DLL
  PID:4888

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

T1176

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Query Registry

T1012

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~2\MMSASS~1\mms.ini

Filesize
109B

MD5
85646ca34db24a171445eaaa6763a7c0

SHA1
3a5f16a1ee1d6a908cdd757225bd035fda248ee5

SHA256
ff697b42946e70f299930752132dfbe8126929fb81bebe410460afe4631922c6

SHA512
bd8e05973bfa5cb31aaa2130a7a53548a35d50e5cd7b304e89e41c55fb774e0afbb8394d8b19866a06dc2cca292d92729ab3660eb253830d487f30637f511f40

Download Submit
C:\Program Files (x86)\MMSAssist\MMSAssist.dll

Filesize
35KB

MD5
058ebd4e17690cef3297184c47d61420

SHA1
f68f8f86377e48446ad236feb758aa9c90480e3f

SHA256
2d5a83b130f656a03233960c913f5eb289977cd56feb43d935ed33c6ea808cc4

SHA512
8eb2399de7fdc56576c75a85ae97e147d8a59c7f1a2adfd401983e924a78e6ca35bbe69e13435edb9dd474915d7523d8ad70219906b92dda1dbc09570f6c36b1

Download Submit
C:\Windows\SysWOW64\std.ini

Filesize
268B

MD5
2ad243d85e31161e9fdcdaa3bd9b50d4

SHA1
7fd4a39c9b14729534240a11a7a5030c1b1101f7

SHA256
113ace4fd712004e1dbf2d5c0b351f945ad81178a7c07b5748b102bda8c02533

SHA512
f2bb0bd4d495461e450e487b11d143c1c91251fd5f0763e2005dcf5f2e6baa86142a4d9a8c89d63f6e9dce9ecc56624a1b2c1c2185b4ea6718273c02d67593b1

Download Submit
C:\Windows\SysWOW64\stdup.dll

Filesize
22KB

MD5
dd7f9470045b4b6338fe4973f3eb8aa8

SHA1
446787465be7c52456b56061f7c31b24df730528

SHA256
a76dd4978df85edae624992e4eb95366b74e161965059d33553763f4489dd15b

SHA512
6bbfed3126866aa3d1cc21240df1d191b0b12f225822211cd2cf083ec04a90ac1dc27f2dd1998db89f15c87807666f340bb7124611b548c8aa9fd436ca5640ce

Download Submit
memory/648-5-0x0000000010000000-0x0000000010011000-memory.dmp

Filesize
68KB

Download
memory/648-16-0x0000000010000000-0x0000000010011000-memory.dmp

Filesize
68KB

Download
memory/648-23-0x0000000010000000-0x000000001001C000-memory.dmp

Filesize
112KB

Download
memory/648-36-0x0000000010000000-0x000000001001C000-memory.dmp

Filesize
112KB

Download
memory/2552-25-0x0000000010000000-0x0000000010011000-memory.dmp

Filesize
68KB

Download
memory/3320-37-0x0000000010000000-0x000000001001C000-memory.dmp

Filesize
112KB

Download
memory/4124-27-0x0000000010000000-0x0000000010011000-memory.dmp

Filesize
68KB

Download
memory/4888-40-0x0000000010000000-0x000000001001C000-memory.dmp

Filesize
112KB

Download