Overview

overview

9

Static

static

3

breakaway_...00.exe

windows7-x64

9

breakaway_...00.exe

windows10-2004-x64

7

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/UAC.dll

windows7-x64

3

$PLUGINSDIR/UAC.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

BaDeskband.dll

windows7-x64

3

BaDeskband.dll

windows10-2004-x64

3

BaDeskband2_32.dll

windows7-x64

3

BaDeskband2_32.dll

windows10-2004-x64

3

BaDeskband2_64.dll

windows7-x64

7

BaDeskband2_64.dll

windows10-2004-x64

7

breakaway.exe

windows7-x64

9

breakaway.exe

windows10-2004-x64

9

endpoint_volume.dll

windows7-x64

3

endpoint_volume.dll

windows10-2004-x64

3

uninstall_...ay.exe

windows7-x64

9

uninstall_...ay.exe

windows10-2004-x64

9

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/UAC.dll

windows7-x64

3

$PLUGINSDIR/UAC.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    119s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    19/11/2024, 11:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    breakaway_setup_1.44.00.exe

  • Size

    4.4MB

  • MD5

    11925cf38de9313e87a3980a53ac0be6

  • SHA1

    a9d2e27a4b789fbef8b23e740753b6eb85e65516

  • SHA256

    8efb44d31cb52a7087fd2b76b8650cab8a39616106189fa732f44ea676c6035a

  • SHA512

    67bee82ab48cb75d49679060180225ce1c18530a942089b4e9d531849bc087b08bab2a13c9bd1eae758543f82bb1bcadb16981e35b34c6f817a389d1147abab6

  • SSDEEP

    98304:GB1HdkWyGx7qLQx+MAVkuntmGfBgLvr8uN6mjlUtA13WkRdfewG1ha4H:GBrkWUo+MAVkunlEvxllR1bRpGhH

Score
9/10
bootkitdiscoveryevasionpersistenceprivilege_escalationtrojan

Malware Config

Signatures

  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
    evasion
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    persistenceprivilege_escalation
  • Executes dropped EXE 1 IoCs
  • Identifies Wine through registry keys 2 TTPs 1 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion
  • Loads dropped DLL 9 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Drops file in Program Files directory 5 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Modifies registry class 17 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\breakaway_setup_1.44.00.exe
    "C:\Users\Admin\AppData\Local\Temp\breakaway_setup_1.44.00.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1076
    • C:\Windows\SysWOW64\regsvr32.exe
      "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Breakaway\badeskband2_64.dll"
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2756
      • C:\Windows\system32\regsvr32.exe
        /s "C:\Program Files (x86)\Breakaway\badeskband2_64.dll"
        3⤵
        • Loads dropped DLL
        • Modifies registry class
        PID:2808
  • C:\Program Files (x86)\Breakaway\breakaway.exe
    "C:\Program Files (x86)\Breakaway\breakaway.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Executes dropped EXE
    • Identifies Wine through registry keys
    • Loads dropped DLL
    • Checks whether UAC is enabled
    • Writes to the Master Boot Record (MBR)
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    PID:2660
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://www.claessonedwards.com/download/
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2852
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2852 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2940

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Event Triggered Execution

1
T1546

Component Object Model Hijacking

1
T1546.015

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Event Triggered Execution

1
T1546

Component Object Model Hijacking

1
T1546.015

Defense Evasion

Modify Registry

2
T1112

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Virtualization/Sandbox Evasion

2
T1497

Credential Access

Discovery

Query Registry

4
T1012

System Information Discovery

3
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Virtualization/Sandbox Evasion

2
T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Breakaway\endpoint_volume.dll
    Filesize

    107KB

    MD5

    6e4cdc51778d23fdf00fc7e924044721

    SHA1

    6337874b23f06596c0aec2e7ae229f524bb37f9a

    SHA256

    3ff0389a6153ec10077404435ecaa9bd9b77c4e2eccb60b44eb2a4a4b173d8fa

    SHA512

    84e26df4f7f8305fd99823af31b7e464cc19d86ed8f712a1461f6cd7cf4d9c1400cca6626707073795f8f70d5cc5cc1b8b4c11b30bc0e020a5f93accecc92a1f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ee9f21184658a0591508ae75dc0658fe

    SHA1

    508b53153ce16d5fa0709a9b8abf9595dbd4579e

    SHA256

    4e2bf6cf29257ce1ee3d8e2ea8462f3dcd6141738b4d26175f73f6c436fd08ce

    SHA512

    4181b80a10fc2aae0ee76edac728d39636c3d21e735597380d0d6525f38ca9ad0e5fa5f505a7f2b1c89f7be8d37285786a31234023c054476a6f71cd7ae77622

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    eda5066c4772c06523240584431787b5

    SHA1

    6003e1b4f284afe2a4b18ea7f07f6de6df4a0b06

    SHA256

    dad4c79a147025c96fd8f174d07e0d76c9cdb092eae5cf8d77e03bf16fc53f20

    SHA512

    fad1e4a16839b48bd155ef8d2fbbd7b0adcce9b713772a3eb5d90882de7b6a5dfa9e8d04a2bdeee646f99ae6c74cfb6a1306988c7abb563ff3440b69fd5262ea

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a53150b812592d2138551f92f1177333

    SHA1

    5b3e5173aaa0d837478a86d86bc2edc49faf539f

    SHA256

    410623fe7db5d7aee3c7c589aa1c90d1185712cccf8e9a3b2562248405bba493

    SHA512

    a8bb6e2b8ae7f2a0654c8c9252149415c9e4bdc4ff7db5a5a9afddc2ec34ccee3040ea26e8ed29e0dc9a44c2680646d77b9a2ae90c79ea9d79c39d14c1e7edb9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e4c65e49a2b334adedaa89c077cad000

    SHA1

    1489c8abe318a0643cf0859315cc139bfcf7227c

    SHA256

    6769486b0b27576d31da2fb3f73a7ec16500974b0c5e21328da1d9c62ba16a77

    SHA512

    118d03e1cd4852a97357c0f478db620528411052494ab56dc3fe60b393041705a0041ffb686cea1b3fa62e12a0e35ccad1950509f1227b45cd318ac4d07c1a17

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    49ca765ad94df53100b4c322f870413a

    SHA1

    6efa0afd34267f817b027955e20cc0e3ee816f28

    SHA256

    94f782907c0d4f344b0d26b55b99b04151ccc358565dd7409adb80492e17a55f

    SHA512

    da01f1cdadaa93d05059b635dee9a58d8ad6212717b8d172b1887f17da258217e74926775aa52bfbc954b7a76295cf20c0159ff5d258be237bf3e2239ef43869

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d206a8f74626d664bd1cb2b6d524ff10

    SHA1

    a8c2f17d0aa8ee40b06db5b8fff8fc74c1200f94

    SHA256

    d2759e733a15440b50395ad93454f06eed2bcb9b7647163287934502e0c8087d

    SHA512

    414055dbe42f5c8796329ea799e31b4e96cc5c4b24735cac82da27e8b927be482888083f972498099d6203e6291dcf5734760cf5c66628eb15bed63c2746c9b7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2fdcc9804d13bf20f582b16989fafd7a

    SHA1

    f3edf2fb228d1f47cc90c0820eeb0305608d323d

    SHA256

    695fe765925dae30e5af21c1569752914a89f64867ae628076aea69ab9be2973

    SHA512

    2254c200cefce57207d3f437d89da93e87f078f2967e20dc66f5164f4234ecafbd5ed018403e90b83109ee027a0442b02cd56fc39e4fac8970a27fe610e5620c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c3e237058fd5c2a645e80648feeca2e9

    SHA1

    d1d4dc0791f7bf4899f0e4a9be7eb37933f4ad41

    SHA256

    7d34e0ea21d7f7833875f241437487f9f2d4fb01a930a063b2b75fc38a2035bf

    SHA512

    955e44feb294800f51db8b5c575e0dce61d498e019daf850ee46799b1ee4bad6aef56eb86eccf27a37774564095e8b22230696850ca1d7dae690b6d201f123ce

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b28026b8e8a1988beb94bf2945d6d99b

    SHA1

    6a8f48e01d3593cb96f26d457d750916fc16f234

    SHA256

    24c71edbda4fd15e22d8efd43ccbd88a816337606330af6e264b831c6e873b5b

    SHA512

    e30e2de73bc738f37534ddfd010bd3f8a87a633ba8ad85b97b6893cd46f36d2118fa41405548237f122542571b179ec050d6544248b5f380d406c3398bf7aaf8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2185ca180f9c274b61b1bd65b3a93a02

    SHA1

    9c8c63f49a28ee08eece8561ca46f8bbe30bbea7

    SHA256

    84691bf45c6a8aba3ad529b29f2fe1593caa0f23d5456360e28ffaf875e2438e

    SHA512

    938c37e599ce239617c9adf1fa903ab5f3fd2c520ed950e5e6dd8403150b6857cc1356c8ab027dbf69cb7076fa65751066415aade2bb2d7a3b2649f86d2656c7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    00df81d1a2193f167a02307808d01030

    SHA1

    ef7201a054a4a7374e10871e6bdaef76fb072b3f

    SHA256

    d76c774c5278878b1cad1b95467302749ea377f31666a23e1e6543936c8eb942

    SHA512

    7db505e7a2c6ccb519a057203367c7c4b6bcb3f3056186c2659363b1732174bc60e420910acbb4a63982e98f2e62f7a63a7dedfc57fb2715b4f1cbe532c9d35d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    01b783e652b0eda26f451caba1b0a491

    SHA1

    b51cbe6d44bbd5375808d00b64db796f407c8d42

    SHA256

    4bf4483b6c27467a709d207543a593f13e42ec1d5c8daf6d181cabda00d45510

    SHA512

    153d734b346b319a6dc51e141278476267c7794542888b6df631ef9f6b8fce07f692624181aee6fd52958e6fe9295e6421f848c8706bb3b03ab6a5abdce984e9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    766bb335c31bdd5581d74e02ae55bd35

    SHA1

    d5f14c0acb85dce600e9180a4c2eadf136e8a537

    SHA256

    d8fef777a9f2ef8a720393f70593495ce8fe8ed1d98d887f64c81c3e4956783c

    SHA512

    08c475e8de90f5a9dc6bc980cd8648b0b4475873dcfd32e335d5c2201351a2ae40e285541e389e5bf029523aaad3c649eb2b3fba916de1e0947b8c4c34c6f5f4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    144d21b9914c6b6a1d902509e773842b

    SHA1

    2c411492b809af06537717e32b40ae167edd5b52

    SHA256

    c0720af4a0d60a6200cb6f25a7de07f1a64b2974cdf3df9f168be8299f3c37a2

    SHA512

    e7b97f68cebdea05079edc3923268073b18255deb155b2123932b3b91d981d185745c07c4853447b5dafd6eb99d9db2784e528974cbac939e1c4b2ba5019ed9d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5e2351a0412e723db2f3533129cca350

    SHA1

    658906a28ff54c205d4d934e2bb4717dd6753a91

    SHA256

    c3d33157cedfa64324f77bd9a7bc402d237631189b3c59d79891a927fce9ff5d

    SHA512

    b1a00e460da6c97c44c863009cf294d5f981fd92010720c55a5c8055da0550478b56fb5e8d22d1e893500da21a990c2fa38f5d54458cb88d75134f0e8ff1ba85

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    635752202d2f779a57ffe6c84668aa1c

    SHA1

    3dbd882d1440e1843227c9e7b13bd9ff48cca527

    SHA256

    0402881b93985ce0a68a0df557af666387d40dbdcc0c33bcce0e79ff451d4f43

    SHA512

    1ca138ca3f8b6b1ae2f0d390fe276c30d619f520eba10b2d0b430fe256ec2b942500f6f8adfc0a683096b3a88a2e8fa066b637551c528f868e0cbea7581d76b2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e1733ab6db5360085a2a8025f3df3845

    SHA1

    adb21b40668f5833af601c9a2e887ccdf15d070b

    SHA256

    efd0a76f1204fe311f8b458766e4c66d3e1120d4a7af157672e9c89b31698ece

    SHA512

    11c22d5b3733147386092979117a64716871874ecbc5e80284cfa774be4855ce26669041d3575bbe3b94e23f080a086a9a4cc4d8a9e9f331f9e0d2d0c3d5fcf5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c7a395f079cd427dfee3ece3df40e49f

    SHA1

    fc8da2eb248b5329772fa63eb049dab9604c3479

    SHA256

    2022b0251e18e3bc09c81ff55842de351835270785d6e20b10852da060322c04

    SHA512

    2d6b3c8a570899fe581a9c48053f77b8e8888da0e789b717086cbb7d7a5d8727257101842a6378bc5d397b0f7110417f3ce2a10bf8ee85cea25c5798787a068f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0ba718f43b4f983f0f3c959d17b8353c

    SHA1

    11ff41e6d604a309369e25d53a91d184725f10dc

    SHA256

    cc4f51998111378f6baacfe7bd114a8987e41516e618ee3c8a4f7b8d8de9b41e

    SHA512

    1799d6b1b8e29b03e824ad23cf4abb16f513baa171a767f99bfca7ed54586fd1220aec894fa901ec23bed07b1c57c577b4bca20ec30d705646a23a3ab5cd6788

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab1AE3.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar1B63.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nst91A6.tmp\modern-wizard.bmp
    Filesize

    51KB

    MD5

    307075f9904572d515813fdfc88c10eb

    SHA1

    0b88ce4b791bc1cf80dce6d7e0601233d9046de1

    SHA256

    4da390a13cabfbd3f94537a021a4b21f69f089d44d4e496af6d6090a046cc52c

    SHA512

    7de16df50e66d22b169c9300ebf6cf70a0a4cd0b4a8bc82ea70111b55d89c7eb9e7e46191c4b918db7cf0574b3218e99d286b55c14ef0e6e455b5d7ff0a7c28d

    Download Submit

  • \Program Files (x86)\Breakaway\BaDeskband2_64.dll
    Filesize

    27KB

    MD5

    05a8856111f44dc232911ebf06963037

    SHA1

    32bc0ae743c6b05beae7a58bdf2c8abe2d91cba8

    SHA256

    e9bd6f43cc6779b328887d250cf3f67b56375d633f53fd38b549b11156074549

    SHA512

    4c3d01c355ccaba32aced45a8bc3ee115a7875bafd2a8fd03cccebf637c7438c5ecce25b1500252532a0512b9fdfe94ec5c3ab98cf4995d1063d281347365e42

    Download Submit

  • \Program Files (x86)\Breakaway\breakaway.exe
    Filesize

    5.9MB

    MD5

    1b90da8b29716405565d08d8fdd116a9

    SHA1

    e211b215f4d2dd03a8047241bb2fd689baca5c61

    SHA256

    1a8ed7a0e13fb993a71d03574b3a54ecc8488c626baa4783de541373bf4e0fae

    SHA512

    374284ba521de59cf3ca7bd9aba4bd08f395a8465e56c97d323e712e8dfed0090dac339a85ccf1c93eadec52e69de919626c67d33eff1d6c2e6de285e8dd82ab

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nst91A6.tmp\System.dll
    Filesize

    11KB

    MD5

    c17103ae9072a06da581dec998343fc1

    SHA1

    b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    SHA256

    dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    SHA512

    d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nst91A6.tmp\UAC.dll
    Filesize

    14KB

    MD5

    b7d7324f2128531c9777d837516b65a6

    SHA1

    e15e44fc7c907329e1cd3985e8666b4332f4fa48

    SHA256

    530dc2b26366fc86072487438317a5723a10ff8b38522f9e813df19146a31033

    SHA512

    829fc241cd377de094faf80bb38828c3d877170ca4a3fd85810bc911d2ce38941f8067ef681c21d8bbc04be8a99a3d32b3aec51ae7b32d3a89e5a9d9597ed8d5

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nst91A6.tmp\nsDialogs.dll
    Filesize

    9KB

    MD5

    c10e04dd4ad4277d5adc951bb331c777

    SHA1

    b1e30808198a3ae6d6d1cca62df8893dc2a7ad43

    SHA256

    e31ad6c6e82e603378cb6b80e67d0e0dcd9cf384e1199ac5a65cb4935680021a

    SHA512

    853a5564bf751d40484ea482444c6958457cb4a17fb973cf870f03f201b8b2643be41bccde00f6b2026dc0c3d113e6481b0dc4c7b0f3ae7966d38c92c6b5862e

    Download Submit

  • memory/1076-33-0x00000000028F0000-0x0000000002900000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2660-52-0x0000000000400000-0x0000000000E2E000-memory.dmp

    Filesize

    10.2MB

    Download

  • memory/2660-58-0x0000000000400000-0x0000000000E2E000-memory.dmp

    Filesize

    10.2MB

    Download