Analysis

  • max time kernel
    148s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/11/2024, 22:03

General

  • Target

    dia-setup-0.97.2-2-unsigned (1).exe

  • Size

    18.7MB

  • MD5

    6a2472af5b3df9506e5ec3d822edaf3c

  • SHA1

    bf774bf6902e390d2a4ade45dde41f905c60ceeb

  • SHA256

    8257389d6264742d414404beaaaac869336c91f9f9af1e31ee081aa6e7857f3c

  • SHA512

    e7004bf677d25ebef2dc95de9d571b901e4ee678edf0b5ed65217f554e3a844099db112584a4128b89bace21a517c4958a6aa4ffb73be8fca0e66c5466e1309b

  • SSDEEP

    393216:P+xc0G6JizMOOmWw+gyT0JPnKXHjdVABdO008NdOS:Qc2iJ/+JTcfqt8NV

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 64 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies registry class 60 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\dia-setup-0.97.2-2-unsigned (1).exe
    "C:\Users\Admin\AppData\Local\Temp\dia-setup-0.97.2-2-unsigned (1).exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:2704
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /c "C:\Program Files (x86)\Dia\bin\gdk-pixbuf-query-loaders.bat"
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:5096
      • C:\Program Files (x86)\Dia\bin\gdk-pixbuf-query-loaders.exe
        .\gdk-pixbuf-query-loaders.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        PID:1124

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Dia\bin\gdk-pixbuf-query-loaders.bat

    Filesize

    68B

    MD5

    79f54de0035d4e7431f3ca60a907f0a1

    SHA1

    bc273d1ea3227a445b86458cc335a72e3221ac85

    SHA256

    9f040e3e3241fc600cbe21bd72eaec40a455a99f02d8829a801683037907e3cc

    SHA512

    5c03fcd4c6a65dbdfd707776450946051e2fe3b3df99b4d033515751b2e2062253bb4c208d07c1bfaf70c733c874dcc5c1e1517acb0a0a42f370c1d0608e193d

  • C:\Program Files (x86)\Dia\bin\gdk-pixbuf-query-loaders.exe

    Filesize

    33KB

    MD5

    5792bf1e8e2ebc1f00bbd6cbd19dad06

    SHA1

    f679aa2befee24305fc1fae7b42bfce7b81c6ad8

    SHA256

    58d880f065930a7a90ffb3a2cd964ab3b02c9a858fe5da880e152a2e1e9bc956

    SHA512

    bed5097a2adae3d3772203825ff62dfe2dd57dfc854837647fd61b83153420ebe44d45b7fdb9a24820ebeae5ba0c499012f0ae064ee5b54ed73e5a7d41431c3a

  • C:\Program Files (x86)\Dia\bin\intl.dll

    Filesize

    148KB

    MD5

    eb2d4c4d4a527bc88a69a16cc99afcf5

    SHA1

    b326ec4919e1ec9595c064b24853b1e6b71530a3

    SHA256

    682d4277092472cac940558f9e679b44a6394159e49c9bbda299e33bfc6fdc92

    SHA512

    009f31cd68a87a40aef4be07af805ab50fac03f4c621144b170d9d3313b1b6a73415f6dd878b048f85afc1b662659a88e4cc89e9a8c76f631f6f1b79d57fd0b0

  • C:\Program Files (x86)\Dia\bin\libgdk_pixbuf-2.0-0.dll

    Filesize

    278KB

    MD5

    e4c64b0e7e4c6606f3973a16c0c1ee84

    SHA1

    0e369ad075b58c09e7c17796797993d67d5a12de

    SHA256

    c8ff2373d4c261fcd6525a826dbc736d347ae10168490a7a7fc837e76329afc1

    SHA512

    4fecda9d9f7f3b6316026d8cd507fae32556c40bed27d1fa8c3e7ba4a247ed9a41ad8dd2ee817a1e76afa3788f2484db8227f53148db2f54f7ba53284bb35377

  • C:\Program Files (x86)\Dia\bin\libgio-2.0-0.dll

    Filesize

    1.2MB

    MD5

    ea1263fb4c2230284f3e30c446bfea6b

    SHA1

    8118780cf010f3bc1eb2323cb6c2bef4a548ef65

    SHA256

    433d3c2f00fda700fc6353e1af600937a42407b6f2467aa41bd825e96a79c464

    SHA512

    48784c89389440c1cacea3d7b70e5a0663474fadf634209cc1c3a8065a2b8aa2884d0ca224e784b693501db436a171b4e0660a051371fe66d1e5cb00a8e296ef

  • C:\Program Files (x86)\Dia\bin\libglib-2.0-0.dll

    Filesize

    1.2MB

    MD5

    18e88b04da123bf05b07ff60a4e96654

    SHA1

    f46cd8411e579da9f31749809a5707fecb28b7db

    SHA256

    c0f35b0e5f9b25f36bf9ef885a8135e7dcdb77d425f8ac88124d90cf2bf32fde

    SHA512

    735158b60194205c6262dae0689599babdc2bd0e10d0d6a71c1e1c56695caf432b207e439b5f84a3995c2d8aef3ab26706cf796848c0af0ddd340d388a76f1d4

  • C:\Program Files (x86)\Dia\bin\libgmodule-2.0-0.dll

    Filesize

    36KB

    MD5

    b0b2396fc6413016a45a5e8ca2ea8152

    SHA1

    d9d2311d1619c1f51b406fee1a17529d3de21124

    SHA256

    1e2332ed84bb447fe814e9201effe88e682fd9b2da89e2b1a27aef1c786b6589

    SHA512

    496c8d905a481c3bcacee2a54e0a27cb8605a62d36668dbb61dbb4e23fecb83efe92c4cbb16df0b7276f8938cb66879dddff03c4fca50ca5dd504814982041c8

  • C:\Program Files (x86)\Dia\bin\libgobject-2.0-0.dll

    Filesize

    333KB

    MD5

    356d697647a480562c4e2e921b13f8ed

    SHA1

    1218243c9b4e8e6fabcc5f2eac1adb78002b01c2

    SHA256

    75b4e8a0757f7db26ef195f3c5e2da5770d95c3af081c2cdae0ec15b460aa9ea

    SHA512

    4ef4ad1648f508cb3ad5ab446196d351219a28083df096353a343b81a6d699691bb8a77158a6085d00d4c9eae408a0193dac7e3b806156d62bb6ee552dc8095a

  • C:\Program Files (x86)\Dia\bin\libgthread-2.0-0.dll

    Filesize

    43KB

    MD5

    7ad6f303082b382bff7bafbab246c61f

    SHA1

    8d94c4d4b0633a80e28504a3c694dd2bae252854

    SHA256

    ee2e8485fdbfb2c5626099ccafcdc41ac60414dffd5c6c3befaf786634baf5c3

    SHA512

    eee840f217ff65b22efd16e78fb898990116efdfb6ee1cbf9d9fb64b9f3209f18860f6477c1df60352fb242671d973dcac043134748f823d210fc393ed4e2598

  • C:\Program Files (x86)\Dia\bin\libpng14-14.dll

    Filesize

    179KB

    MD5

    ec778df2faa455daf5d2c5e20f5198e2

    SHA1

    44adb4d80e7728dc35617ed3801b528b720698c4

    SHA256

    8005a9aacc2b47a064d5e1d18d7ca5d1b28cc19b49dec0a888ede1cc970d4395

    SHA512

    cb0c484ba1237fd49ecdaabd865d2034bed200b37913cbe891ad3b6a27ae4ad6dbdb8d3db7ad46fbd68e5ca0d4cb4af9d7f528309ad356477abcc230b357b502

  • C:\Program Files (x86)\Dia\bin\libtiff3.dll

    Filesize

    368KB

    MD5

    cfd09d054747280ed660ef7d79d0d443

    SHA1

    a27dd167551e19ac15adb035608a3ed6a94c15de

    SHA256

    373a9d90cc37a365e0e22c3efe35f14924f33ff6d778ddccb1603093468abf25

    SHA512

    b477f033784ceb084a2a383af784937a28b823e550d53e6bc90516f33e3521aeb54416796f6188c72e7a407ebd61673bd09956c50bd5eda8056065099d6417aa

  • C:\Program Files (x86)\Dia\bin\libxml2.dll

    Filesize

    964KB

    MD5

    7ee993251d55a2eab74340d27ff82260

    SHA1

    15975f2aaf1dab31a7b22af068b531d806bf337e

    SHA256

    20e6d1109016042147a058f5ec45f0bcd58c290a89380e4d9ec467e98f0d99ca

    SHA512

    b9c1bf31272dda582ec05d4bd7dd4575962d4c7ac13867785104866cd42b481320368fd9a7a36ae2ebea38edc726e48ceeaa3d33bd70020fbff9afa64d561f05

  • C:\Program Files (x86)\Dia\bin\zlib1.dll

    Filesize

    98KB

    MD5

    d90dad5eea33a178bac56fff2847d4c2

    SHA1

    cbbce727fd8447487c7fc68051b24df17d043649

    SHA256

    104162a59e7784e1fe2ec0b7db8836e1eb905abfd1602a05d86debe930b40cbf

    SHA512

    8dbe57e32554d049a0779c40645dfbad2eaa1eeaf746898cd44f8686265f1fd4f84d6f857ba40644294d817d5c5eab6ba6271df55c56047fd16c10b8478184eb

  • C:\Program Files (x86)\Dia\lib\gdk-pixbuf-2.0\2.10.0\loaders\libpixbufloader-ani.dll

    Filesize

    30KB

    MD5

    ad674e2d99f06c4f81491b287d454400

    SHA1

    538b92c8850deb9c1a348f713671221daef58b47

    SHA256

    a0b7226efb9dfce34a7c90f0e91c8b31555c9bbd58c19ac8c761598233fd462e

    SHA512

    ddd902d5f5a57e6cde20f18645f4f8a81ca81ea7a3f76b51a98303b2415bdddbe37a5cb6cf21becff71d2f359a5de0804336b130be45b7b32ede0b7057737e88

  • C:\Program Files (x86)\Dia\lib\gdk-pixbuf-2.0\2.10.0\loaders\libpixbufloader-bmp.dll

    Filesize

    27KB

    MD5

    a6b653293267cc2a2c7137f6b1e82d85

    SHA1

    a86d19b1385fdd822dda8081fcfb511cc96b7871

    SHA256

    2240e5ca17355e2ccb3915f6ed905af4346e9a0cb5174f840faec1b5aa5ffa87

    SHA512

    85039b9f79eab0343067620dfe1a7581476e55a8a78ba9db656bbfc4f28d9bb69832180fcee44ff4918059dcf21db460386c2d2f131a29ecb1157a265e641f55

  • C:\Program Files (x86)\Dia\lib\gdk-pixbuf-2.0\2.10.0\loaders\libpixbufloader-gif.dll

    Filesize

    41KB

    MD5

    a762b54e2fedd949efc9f0e73326ed97

    SHA1

    379d03aab3558b49c53de54eff46b41c4334cba5

    SHA256

    28d2dc3fe8a66f1937ce722766c8f5416d8b282bb3f53affeaa2b05fbdfd6c27

    SHA512

    78d865d762ed560670acaac9f7cbb760865335b3cad7fcbb9db23784cd3fc57051ec27c658f266d90257b166529bfea1deb7d8507c38a8c3cbfbf2792a9964df

  • C:\Program Files (x86)\Dia\lib\gdk-pixbuf-2.0\2.10.0\loaders\libpixbufloader-icns.dll

    Filesize

    22KB

    MD5

    0fa7b2f79527f58b40c6e6a773d8ad97

    SHA1

    8c4d24b466e86736bc325b5d096f6588060b85a3

    SHA256

    220e32d68f36fc09e73c8e0302541967ecd15976c62f472481a1fc24892f96d1

    SHA512

    d49f4870c59bb419c7033f50314a8b46f9e08d6fb6b72a63910fd8e5695b6233ea2a132940907d66bc5a98ebc14248d08be35d167139fedf72e902013a9dce07

  • C:\Program Files (x86)\Dia\lib\gdk-pixbuf-2.0\2.10.0\loaders\libpixbufloader-ico.dll

    Filesize

    28KB

    MD5

    b53255ccd3a0174b6f14fbdfe1b3b3c4

    SHA1

    5bf6460a14c61e89eb37361ba93f227074f5e4e0

    SHA256

    18e97911fbc619d31a95e58a2511a4b14d75c58cf0a22757e0f44f18f1b9248e

    SHA512

    29deb6d6ff70042b0a2a1d7552b037390c194a38d115d9bf4b1f8f7979ba393ab88c62fd47214d68646a749028173943082671a81b92ecafe1285c479d62982a

  • C:\Program Files (x86)\Dia\locale\ja\LC_MESSAGES\dia.mo

    Filesize

    158KB

    MD5

    2fb460a8a948fc6478ebf4e9e2c24163

    SHA1

    cbe7bbd206039820bc459b0d211264f328a37207

    SHA256

    1116fa099fd52a30099b01cce44cd24747eb565722815b003cb2cb3910b943c0

    SHA512

    5c132bc07ffe0c6954f29ca5c9447a96b35a20addb8ed7f1aa4cbcaf077ed9105a58758b49a21cf339175669f526767afd38ba7db6bf7f17d7f189a003cf0b43

  • C:\Program Files (x86)\Dia\shapes\Electric\lamp.png

    Filesize

    202B

    MD5

    a236ce7bcce07956cb91b9fd735db8e3

    SHA1

    559c86d1ae243c0a6778bf68a23b786ad693713b

    SHA256

    c1349cda9b4c30345ea0b1afa2b45f9be0467b0a9e253c6d1cc57613d1a32bbe

    SHA512

    7e3c48d81f6f99b8d7e12e7e63ea21fe1751a0ff2db34da159fe93244724983df0c3adc79136a67efe779f9975b9c163ba59ebf4366b6999956f81689a177b2e

  • C:\Program Files (x86)\Dia\shapes\Pneumatic\cnx.png

    Filesize

    183B

    MD5

    a46b4391b54836f4eb77d13a3dc1b6fd

    SHA1

    7287b898fcf189eccb3657eb80e66f3cc496b501

    SHA256

    e25947afe63d6c7297934995d5d19315e7dea452804e4dd20f1c0f803693851d

    SHA512

    ae54933dc85794ad25fc4934586a6e563fb3b1175955c0c0fdf01b870ce01b122599651f299fd01074dba628f09dd82b1c1b70964c576a9f6a10179abe399cdb

  • C:\Program Files (x86)\Dia\share\locale\da\LC_MESSAGES\glib20.mo

    Filesize

    76KB

    MD5

    27563cfa1d0d54d358bd621b4b2d71dd

    SHA1

    f8a704a0bed7407634d8d9347b5e7edfbf081460

    SHA256

    c67bff3405528f2daaf7ec10dfc4d95766326b44c39ca0b22d6d6666e9e1b103

    SHA512

    cb2097cf0b4935c406789c349d52bc17c885042d43ee3f084e70933ea531c2f885d817284569cd64f920c6f44e62fad2f040692022968e4585d57ed7f6410960

  • C:\Program Files (x86)\Dia\share\locale\el\LC_MESSAGES\gtk20-properties.mo

    Filesize

    220KB

    MD5

    8cd537c1d83b8ab58d6f421b56833e6d

    SHA1

    f22df4559e1c6d5793db6cb7bcd4ac9459b3de63

    SHA256

    fef8013bc9494a22c7d06dfd9975308f1ea2e62054eaa14cd0e568c42bc2b309

    SHA512

    3a8ad64739952a21f86a88ced51fe8ff598e2e9a7bada3f7ccc223a6a7580a82b588e76456ea2d36af73f264d6c87ef715e6aca085415f14ec60488bbb49b4dc

  • C:\Program Files (x86)\Dia\share\locale\eu\LC_MESSAGES\gtk20-properties.mo

    Filesize

    161KB

    MD5

    ce88da280f2cbb87b977839ece9f0a38

    SHA1

    5788bf9043d9308992da1b296ba2ab43b435766b

    SHA256

    b66a2dfc04193aa54e79bd6f981ba895f35d851e66eacca8fffede391712f1bd

    SHA512

    656449807e5093ef79834013d2e292e3ade64869b72a09949bedc73765c6951e2f32a33d06349cf9124f252d4a852ac16ca51ed4f4d382acd272ef99e134200a

  • C:\Program Files (x86)\Dia\share\locale\gl\LC_MESSAGES\gtk20.mo

    Filesize

    56KB

    MD5

    b76be150f5aa94ac070dbf03460dfa79

    SHA1

    56aa41644c1a11a55163e5d00c461ac304823f65

    SHA256

    68505c7dc0a89584b12a9e15b17e0bd370b30868f5184d18e10f4d0713c51481

    SHA512

    67f2343e3687793a404ff875c07a4e469940bcf01881a6e566dbd2e0f9c0f3945a5112af90dcdb1422a24b396570ce67c37cee8ee58f2796366f6878a40bcfb7

  • C:\Program Files (x86)\Dia\share\locale\lt\LC_MESSAGES\gtk20.mo

    Filesize

    76KB

    MD5

    037b1adba1507f1374252c07430e4443

    SHA1

    922090038a62bdcf1a3db6a2f24e133cac4e4e54

    SHA256

    96993b3288f70c8ed703be11966dd7df8d5a9ee7c026fd4aa26864ed08745535

    SHA512

    378dc7f3cd0781c91a7bf7d9d6a5b671c6a7fa68fe136a85849dd65e0e5b344a9d155a8f54e5d2102a01dcf9a84dc56db90b7ed6341ba86e6a763b4bf2b28235

  • C:\Program Files (x86)\Dia\share\locale\nb\LC_MESSAGES\gtk20.mo

    Filesize

    54KB

    MD5

    3ba1afac076d1d58bb8ff84073f12402

    SHA1

    80d3f69b223d0f5176536ff176017dc7f37e4e85

    SHA256

    449c92afed408e52591423b383be83829ab99442b2f59d29720852164656035c

    SHA512

    fbf6e1f9460c6413fe0df67df2abb750aa29f60509c2be2023008be914185062fc9cfa481c4e6c5e4aec0e2b05b828a43f828ab8b6852bce6153cab64482b3f0

  • C:\Program Files (x86)\Dia\share\locale\or\LC_MESSAGES\gtk20-properties.mo

    Filesize

    244KB

    MD5

    308d7044ce7d73f8a1535991811ad560

    SHA1

    36fc07a4c2e3ca75990973ae82f26efd5c4fa9b6

    SHA256

    42908285d6687d151d7a81dafb18596edf3e6d14eb2cdb21c4bda83a1a234270

    SHA512

    bd779a6edd580a4b53aa739d4c8382388455e0d07d11eb813a0c9c05c4c417fe0c24201d61f734b1df19b25cb6b4469d5a89be29590ab1b446b362c3b47bc978

  • C:\Program Files (x86)\Dia\share\locale\sr@ije\LC_MESSAGES\gtk20-properties.mo

    Filesize

    112KB

    MD5

    ee2b2af69c61dd1729f1dccd771e65d1

    SHA1

    86b236b60ac7781d55a1bc4f1af43505e6b23d0f

    SHA256

    a9a2c2e7ff0371f8873eb6ddf5c4b7e3dadca980855373a134978988faa00561

    SHA512

    55ba28dccf7ecd8be5f7144d5d3ef5120455346bd39b7056af007c2bf44da6a88ef5100d4af4893a0774ae815fae4a50e8ef63482946e3f94334faceb5c69fd4

  • C:\Users\Admin\AppData\Local\Temp\nsz7754.tmp\InstallOptions.dll

    Filesize

    14KB

    MD5

    325b008aec81e5aaa57096f05d4212b5

    SHA1

    27a2d89747a20305b6518438eff5b9f57f7df5c3

    SHA256

    c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b

    SHA512

    18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf

  • C:\Users\Admin\AppData\Local\Temp\nsz7754.tmp\LangDLL.dll

    Filesize

    5KB

    MD5

    9384f4007c492d4fa040924f31c00166

    SHA1

    aba37faef30d7c445584c688a0b5638f5db31c7b

    SHA256

    60a964095af1be79f6a99b22212fefe2d16f5a0afd7e707d14394e4143e3f4f5

    SHA512

    68f158887e24302673227adffc688fd3edabf097d7f5410f983e06c6b9c7344ca1d8a45c7fa05553adcc5987993df3a298763477168d4842e554c4eb93b9aaaf

  • C:\Users\Admin\AppData\Local\Temp\nsz7754.tmp\UserInfo.dll

    Filesize

    4KB

    MD5

    7579ade7ae1747a31960a228ce02e666

    SHA1

    8ec8571a296737e819dcf86353a43fcf8ec63351

    SHA256

    564c80dec62d76c53497c40094db360ff8a36e0dc1bda8383d0f9583138997f5

    SHA512

    a88bc56e938374c333b0e33cb72951635b5d5a98b9cb2d6785073cbcad23bf4c0f9f69d3b7e87b46c76eb03ced9bb786844ce87656a9e3df4ca24acf43d7a05b

  • C:\Users\Admin\AppData\Local\Temp\nsz7754.tmp\ioSpecial.ini

    Filesize

    618B

    MD5

    decafd20f184dc35922fca9acc6574e2

    SHA1

    03caafbe55de91e329a5fd596147e90df5ef818c

    SHA256

    256f928ebed0ec9bf80e6720c7315a788b836db0ca5badfc2323eed58dac8b25

    SHA512

    222e653dce54585ca4c79861c39cd721977af9873ddf4d2954d27319e139282fd81dbfae84b55af018259bdbd0496021487e6567654c4a3ec60f98284158a461

  • C:\Users\Admin\AppData\Local\Temp\nsz7754.tmp\ioSpecial.ini

    Filesize

    775B

    MD5

    ccc7336f3c63b09d4a1e0804b5b52cb2

    SHA1

    b1a74973a687146cb81f041b1941c8d11cc32fb8

    SHA256

    57d5c3e22d9dd531b787963f6b2fe55dd7801c5bf358154d83d9385b1c1a2db4

    SHA512

    ef196c7c8fd3a5c1338a78eb1f0a79ac96bfa5aa59bfd9d7b4725cb6f0b68821b43cfe505f53ae1e16c71dd58f5c2888ac2de0624e5188277f11b7e7dd0841c7

  • C:\Users\Admin\AppData\Local\Temp\nsz7754.tmp\ioSpecial.ini

    Filesize

    810B

    MD5

    82334bfdc1dd009682eeca586bb7a59c

    SHA1

    0503336ef1f205fef385924c77893e7a990af5a5

    SHA256

    84997eb2bb479c7897cf2fed208a8f75cbb5359ad49e9667f0f0451a9897472b

    SHA512

    48ca5b8680c5b7d8a1ae565bf38114af74334c64a92e6dd98f068021375a4947342d3a98630ef0e108a8b41c2676b32f5a860e49c03d360d45727857700166ac

  • C:\Users\Admin\AppData\Local\Temp\nsz7754.tmp\ioSpecial.ini

    Filesize

    688B

    MD5

    2fcb5aed6058c147d1ffa6530e0f6426

    SHA1

    d6e7093e4150cca1587e95637f16e4de12326cda

    SHA256

    ef03bef0fb1a6dd278705a2dcf5bee2302c796082438bd586cf4b304530a56f6

    SHA512

    9f6bc17a63e8d9f81313bb2fc28e9b9865a554c94b69f2314fd51f408386f0e1a7ca382a38f82c633f64334f0e70c820a170f63085f6703ad92bdda25a6f72cd

  • C:\Users\Admin\AppData\Local\Temp\nsz7754.tmp\nsExec.dll

    Filesize

    6KB

    MD5

    acc2b699edfea5bf5aae45aba3a41e96

    SHA1

    d2accf4d494e43ceb2cff69abe4dd17147d29cc2

    SHA256

    168a974eaa3f588d759db3f47c1a9fdc3494ba1fa1a73a84e5e3b2a4d58abd7e

    SHA512

    e29ea10ada98c71a18273b04f44f385b120d4e8473e441ce5748cfa44a23648814f2656f429b85440157988c88de776c6ac008dc38bf09cbb746c230a46c69fe

  • memory/1124-2495-0x00000000027E0000-0x00000000028B9000-memory.dmp

    Filesize

    868KB

  • memory/1124-2474-0x00000000027E0000-0x0000000002814000-memory.dmp

    Filesize

    208KB

  • memory/1124-2501-0x000000006A300000-0x000000006A323000-memory.dmp

    Filesize

    140KB

  • memory/1124-2500-0x00000000685C0000-0x00000000686C6000-memory.dmp

    Filesize

    1.0MB

  • memory/1124-2496-0x00000000028C0000-0x00000000029D1000-memory.dmp

    Filesize

    1.1MB

  • memory/1124-2499-0x000000006DD00000-0x000000006DD0D000-memory.dmp

    Filesize

    52KB

  • memory/1124-2494-0x00000000027E0000-0x0000000002804000-memory.dmp

    Filesize

    144KB

  • memory/1124-2498-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB