ramnit | 15adbbda2f7abe16316a71e30c0255ccfd5934c77af60c207d0f8b3b7c5bb75a

Analysis

max time kernel
93s
max time network
114s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
25-01-2025 07:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

15adbbda2f7abe16316a71e30c0255ccfd5934c77af60c207d0f8b3b7c5bb75aN.exe
Size

2.6MB
MD5

353f757107e5b92d22ef1b87834df280
SHA1

406d398bc44f75478bd45e0663f1bb68dba07f88
SHA256

15adbbda2f7abe16316a71e30c0255ccfd5934c77af60c207d0f8b3b7c5bb75a
SHA512

aa6baeb8c043515ac45fee500896d3b164d223d42d5380f56bbcb70dd433b8af2435ca4179308dbf1eb938e9532d859d668318e6405f59546e58afcc72bff61d
SSDEEP

49152:rHtTpgvCjYsiRWsRl62wKewS85hpYL/EbmZMAK4wbOlL+8NkurSwHaA58v0NtKsQ:rNTp1YsipRAU5TrbAwaygkuWwHaSvhQ

Score

10^/10

ramnit banker discovery spyware stealer trojan upx worm

Malware Config

Signatures

Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
trojan spyware stealer worm banker ramnit
Ramnit family
ramnit

Executes dropped EXE 2 IoCs

pid	Process
2324	15adbbda2f7abe16316a71e30c0255ccfd5934c77af60c207d0f8b3b7c5bb75aNSrv.exe
2136	DesktopLayer.exe

Loads dropped DLL 20 IoCs

pid	Process
4152	15adbbda2f7abe16316a71e30c0255ccfd5934c77af60c207d0f8b3b7c5bb75aN.exe
4152	15adbbda2f7abe16316a71e30c0255ccfd5934c77af60c207d0f8b3b7c5bb75aN.exe
4152	15adbbda2f7abe16316a71e30c0255ccfd5934c77af60c207d0f8b3b7c5bb75aN.exe
4152	15adbbda2f7abe16316a71e30c0255ccfd5934c77af60c207d0f8b3b7c5bb75aN.exe
4152	15adbbda2f7abe16316a71e30c0255ccfd5934c77af60c207d0f8b3b7c5bb75aN.exe
4152	15adbbda2f7abe16316a71e30c0255ccfd5934c77af60c207d0f8b3b7c5bb75aN.exe
4152	15adbbda2f7abe16316a71e30c0255ccfd5934c77af60c207d0f8b3b7c5bb75aN.exe
4152	15adbbda2f7abe16316a71e30c0255ccfd5934c77af60c207d0f8b3b7c5bb75aN.exe
4152	15adbbda2f7abe16316a71e30c0255ccfd5934c77af60c207d0f8b3b7c5bb75aN.exe
4152	15adbbda2f7abe16316a71e30c0255ccfd5934c77af60c207d0f8b3b7c5bb75aN.exe
4152	15adbbda2f7abe16316a71e30c0255ccfd5934c77af60c207d0f8b3b7c5bb75aN.exe
4152	15adbbda2f7abe16316a71e30c0255ccfd5934c77af60c207d0f8b3b7c5bb75aN.exe
4152	15adbbda2f7abe16316a71e30c0255ccfd5934c77af60c207d0f8b3b7c5bb75aN.exe
4152	15adbbda2f7abe16316a71e30c0255ccfd5934c77af60c207d0f8b3b7c5bb75aN.exe
4152	15adbbda2f7abe16316a71e30c0255ccfd5934c77af60c207d0f8b3b7c5bb75aN.exe
4152	15adbbda2f7abe16316a71e30c0255ccfd5934c77af60c207d0f8b3b7c5bb75aN.exe
4152	15adbbda2f7abe16316a71e30c0255ccfd5934c77af60c207d0f8b3b7c5bb75aN.exe
4152	15adbbda2f7abe16316a71e30c0255ccfd5934c77af60c207d0f8b3b7c5bb75aN.exe
4152	15adbbda2f7abe16316a71e30c0255ccfd5934c77af60c207d0f8b3b7c5bb75aN.exe
4152	15adbbda2f7abe16316a71e30c0255ccfd5934c77af60c207d0f8b3b7c5bb75aN.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2324-5-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral2/files/0x000a000000023c5b-3.dat	upx
behavioral2/memory/2324-68-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral2/memory/2136-98-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral2/memory/2136-90-0x0000000000400000-0x000000000042E000-memory.dmp	upx

Drops file in Program Files directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Microsoft\DesktopLayer.exe	15adbbda2f7abe16316a71e30c0255ccfd5934c77af60c207d0f8b3b7c5bb75aNSrv.exe
File opened for modification	C:\Program Files (x86)\Microsoft\pxAA3A.tmp	15adbbda2f7abe16316a71e30c0255ccfd5934c77af60c207d0f8b3b7c5bb75aNSrv.exe
File created	C:\Program Files (x86)\Microsoft\DesktopLayer.exe	15adbbda2f7abe16316a71e30c0255ccfd5934c77af60c207d0f8b3b7c5bb75aNSrv.exe

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	15adbbda2f7abe16316a71e30c0255ccfd5934c77af60c207d0f8b3b7c5bb75aNSrv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DesktopLayer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	15adbbda2f7abe16316a71e30c0255ccfd5934c77af60c207d0f8b3b7c5bb75aN.exe

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\""	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1558029849"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1552405139"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31158009"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "444554465"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{88066D52-DAEC-11EF-AF2A-7E3D785E6C2E} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31158009"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2136	DesktopLayer.exe
2136	DesktopLayer.exe
2136	DesktopLayer.exe
2136	DesktopLayer.exe
2136	DesktopLayer.exe
2136	DesktopLayer.exe
2136	DesktopLayer.exe
2136	DesktopLayer.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3432	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
3432	iexplore.exe
3432	iexplore.exe
4676	IEXPLORE.EXE
4676	IEXPLORE.EXE
4676	IEXPLORE.EXE
4676	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 4152 wrote to memory of 2324	4152	15adbbda2f7abe16316a71e30c0255ccfd5934c77af60c207d0f8b3b7c5bb75aN.exe	86
PID 4152 wrote to memory of 2324	4152	15adbbda2f7abe16316a71e30c0255ccfd5934c77af60c207d0f8b3b7c5bb75aN.exe	86
PID 4152 wrote to memory of 2324	4152	15adbbda2f7abe16316a71e30c0255ccfd5934c77af60c207d0f8b3b7c5bb75aN.exe	86
PID 2324 wrote to memory of 2136	2324	15adbbda2f7abe16316a71e30c0255ccfd5934c77af60c207d0f8b3b7c5bb75aNSrv.exe	87
PID 2324 wrote to memory of 2136	2324	15adbbda2f7abe16316a71e30c0255ccfd5934c77af60c207d0f8b3b7c5bb75aNSrv.exe	87
PID 2324 wrote to memory of 2136	2324	15adbbda2f7abe16316a71e30c0255ccfd5934c77af60c207d0f8b3b7c5bb75aNSrv.exe	87
PID 2136 wrote to memory of 3432	2136	DesktopLayer.exe	88
PID 2136 wrote to memory of 3432	2136	DesktopLayer.exe	88
PID 3432 wrote to memory of 4676	3432	iexplore.exe	89
PID 3432 wrote to memory of 4676	3432	iexplore.exe	89
PID 3432 wrote to memory of 4676	3432	iexplore.exe	89

C:\Users\Admin\AppData\Local\Temp\15adbbda2f7abe16316a71e30c0255ccfd5934c77af60c207d0f8b3b7c5bb75aN.exe
"C:\Users\Admin\AppData\Local\Temp\15adbbda2f7abe16316a71e30c0255ccfd5934c77af60c207d0f8b3b7c5bb75aN.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4152
- C:\Users\Admin\AppData\Local\Temp\15adbbda2f7abe16316a71e30c0255ccfd5934c77af60c207d0f8b3b7c5bb75aNSrv.exe
  C:\Users\Admin\AppData\Local\Temp\15adbbda2f7abe16316a71e30c0255ccfd5934c77af60c207d0f8b3b7c5bb75aNSrv.exe
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2324
- - C:\Program Files (x86)\Microsoft\DesktopLayer.exe
    "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2136
  - - C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      4⤵
      Modifies Internet Explorer settings
      Suspicious use of FindShellTrayWindow
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3432
    - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3432 CREDAT:17410 /prefetch:2
        5⤵
        System Location Discovery: System Language Discovery
        Modifies Internet Explorer settings
        Suspicious use of SetWindowsHookEx
        
        PID:4676

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
471B

MD5
ce36378334f2edb4e728e0632afebb70

SHA1
89d54efcb8c7bbe532e5ad91b38468279d3f5c93

SHA256
6be47a3ecfbf81a123c297ee65d70177b4010bfbe728b94b4337453683b9a6e1

SHA512
3e09cc9ece1907c072f02f768ec749ceef3b8913f394bb075b1948d0409b7910670b91da7d35160c211d0bf8df05e83409a1ad7493ea53864c41f37305f75aa2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
404B

MD5
1f021f056da6354c5e9a72ee79571666

SHA1
8a291077b4ea49466820a918883e74d3615584b6

SHA256
d77365e7322fc333cde78da2bcb4238a38691d8beaccaa2e7129d9c105519dad

SHA512
00de8a216923e9e9673f41f7ecb077dec6f277d8e66f675deb921a3c7e9aebc1d67ec1181be6980fab61b672892e5bc81015904e53f0b1204d9a27531af94b0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\DQ67RYHS\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\15adbbda2f7abe16316a71e30c0255ccfd5934c77af60c207d0f8b3b7c5bb75aNSrv.exe

Filesize
55KB

MD5
ff5e1f27193ce51eec318714ef038bef

SHA1
b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

SHA256
fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

SHA512
c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

Download Submit
C:\Users\Admin\AppData\Local\Temp\pdk-Admin\0a319eb1d56bb802d29db7b0882b0d4b\perl58.dll

Filesize
796KB

MD5
0a319eb1d56bb802d29db7b0882b0d4b

SHA1
538b7d475d5a068b98afc6a98bef349d72b16d0f

SHA256
37c38a5e0d85cb10ff6f68829bc848b27f312e7d95d4c8edcc0fb85366477b7f

SHA512
e6b0f96b58da2e80ca729cb84489b1716e231ddeef66939c1762afc6b5d3914bfd6727041fc170e2f9964edb0b53bd3b4a8ef2fbb81289984898bd703b617ad8

Download Submit
C:\Users\Admin\AppData\Local\Temp\pdk-Admin\13ddf9b2dce1fd240486bf7f9f8cb21e\API.dll

Filesize
32KB

MD5
13ddf9b2dce1fd240486bf7f9f8cb21e

SHA1
6c870fe5075963d7e43197ec154bf00523d0fa5a

SHA256
dff275458c470e66ad5c6e76def73dda394a1a3624f794da78f07c6257b876c2

SHA512
e003c752456679793fb658dbe57b23016bec6f9fdf80a4c7174e03c842133889aa9da16558c24606c885a213477e6bdbc8d32acecdb7a7925bdc10340f882425

Download Submit
C:\Users\Admin\AppData\Local\Temp\pdk-Admin\14d6b35664bf47c1984722da0acaa7bb\Unicode.dll

Filesize
24KB

MD5
14d6b35664bf47c1984722da0acaa7bb

SHA1
59eb0f4cba1514d44148588e485398667bb5f775

SHA256
b370379b86f6dce6873fb170a6385fcac87f3fda0aa8f9caeecaaa4bc330f84d

SHA512
9583759c2e7604662ff9444094fc332219d53ebd9aab205dbd66fd11203adfd71d4007676f2841a7a7f7a5835766d5bef4a90825cc772147d500580cb5d2b462

Download Submit
C:\Users\Admin\AppData\Local\Temp\pdk-Admin\1996b48458b3fe66c7ff11cb53f23c43\Encode.dll

Filesize
36KB

MD5
1996b48458b3fe66c7ff11cb53f23c43

SHA1
035d8b86c68e80537ade315ebac842643472cb0e

SHA256
9014060197b24a96bfa08cae7780b948bd4df1c73a1197de3a11f2ddaa2eaca9

SHA512
b6afdd010ef8a5709bd79c43519088688a56cb5838875f26039abb583b6f67db8fafaf1f0b2a1589e00a101c981b48b5438ce821686bbfc0e4f7ec37b5e1f181

Download Submit
C:\Users\Admin\AppData\Local\Temp\pdk-Admin\1ea70e44b6d1df8254c514cde11a5f3b\Cwd.dll

Filesize
20KB

MD5
1ea70e44b6d1df8254c514cde11a5f3b

SHA1
d387b307c569112074980f6140e2aee57c223655

SHA256
c4b1bc9a677e960db4b5182c5917adbdcae14e177f5734b2ea77d2e7726995f3

SHA512
04ddfabbd07b0e33f9134c8d6e419f9d3e0f1546df10d70a2c77ae48799e6ae5ffdc6df78a8c1e43f02bd12d615d2916bf0809c21e5ab3a6bdb4542faaf439fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\pdk-Admin\5457f9191e7a7dbd7ae41defd02457e6\encoding.dll

Filesize
28KB

MD5
5457f9191e7a7dbd7ae41defd02457e6

SHA1
141f08e8d14f4e21a15f5808bc55b37168e84571

SHA256
970c5dcbefa446f8f35b58470e1cb5984ae987de409390a6b6c1b40a85e3b588

SHA512
03ef6c85a1503af4fe8371fcd98aafa99328545adb1280c6cde33296ddf538b20dd37bdfb2fa6b81681c168e170171effe5143bb0e57c51a4c483dd9d87a5bea

Download Submit
C:\Users\Admin\AppData\Local\Temp\pdk-Admin\611242ee7a1c406283edfb1ce2f9dcf1\Tk.dll

Filesize
584KB

MD5
611242ee7a1c406283edfb1ce2f9dcf1

SHA1
762444790231dc08b6dabb474ed5f0dc782d65a8

SHA256
f790ef2dac6b4cd4d706c4b86dff137de24560077cb060f1da0b64d3278cabf0

SHA512
fe96cbeec3fe6ff40632d7c080285cbde2c3d5398ef32bf0a44d0bf80c2aad4365a674970ce81a0be5c62dfaa489f6d891d196028ab165ed885c430da6b5f197

Download Submit
C:\Users\Admin\AppData\Local\Temp\pdk-Admin\75f29543113df21eb90d1aefa0207222\Socket.dll

Filesize
32KB

MD5
75f29543113df21eb90d1aefa0207222

SHA1
48a224022b8a9c0a35e703adf26f87929395e6ee

SHA256
6a36a40cd624891dfea7131b62c5ee6fcb4cf5d3ba4022cc47a58486dd17b111

SHA512
39689701e0c051020285c76335c6164b57541a3c35d15048ce4606496fca3f237925a29489992181f61dc05beddb6f78114a759efcfebdd970aa94ed0a2c0e87

Download Submit
C:\Users\Admin\AppData\Local\Temp\pdk-Admin\84f764ccae4d5d7b117c169a67858331\Entry.dll

Filesize
40KB

MD5
84f764ccae4d5d7b117c169a67858331

SHA1
be7d2889ca6648a6e91132d3a824e9a5ebcc2781

SHA256
e7a7da5efd0334c2c591e35147b35df3dcae26d9a30a0a7d5deca559f6ba941d

SHA512
e1a9d53a899312ad1b4e6c4841364ba7bb07f7d3644088912147f41fa2e65730bd17c992f1b84ac2c917e3acd3df1612b9341138e8f48cbd189e582f1ba1e16a

Download Submit
C:\Users\Admin\AppData\Local\Temp\pdk-Admin\9e63828c53d7cd2b1bf30ffbce951400\CN.dll

Filesize
712KB

MD5
9e63828c53d7cd2b1bf30ffbce951400

SHA1
5984f6aad00b4cb52c58be7e9a3d63c653b9a10f

SHA256
b7ada205047d833c3d5e4fe8ee34de18260c5ab05b34fd0e16dc154a4769520b

SHA512
d53de2f37473db8538da3db37d3de19742a59171ce6bcd4b3f90ffd6f37d534c090cb6dbf620b3e01619ef58ef8dd835fa812cb9e94b84b1f007d14df21eb6f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\pdk-Admin\b12199ec1810c8921c6f3e4fde40ff2b\Event.dll

Filesize
48KB

MD5
b12199ec1810c8921c6f3e4fde40ff2b

SHA1
530a1ccd39de785771c30aa175ab94a3f085c21a

SHA256
4f4bba152d16c05824ff1ebe4d8b2b52365ac745b45ef2b7ded13fbf1bf4a8c7

SHA512
af244a32e39686f8876400963c33a0a297c797fd80b3b3a535de6abdd9584b5cc3fdd7b2934e636392bc8fd5d9fe81e4b9bc25b642b4f58646e341de72f19a6c

Download Submit
memory/2136-95-0x0000000000490000-0x0000000000491000-memory.dmp

Filesize
4KB

Download
memory/2136-98-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2136-90-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2324-68-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2324-5-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2324-19-0x00000000005A0000-0x00000000005AF000-memory.dmp

Filesize
60KB

Download
memory/4152-0-0x0000000000400000-0x00000000006A0000-memory.dmp

Filesize
2.6MB

Download
memory/4152-196-0x0000000000400000-0x00000000006A0000-memory.dmp

Filesize
2.6MB

Download
memory/4152-143-0x0000000000400000-0x00000000006A0000-memory.dmp

Filesize
2.6MB

Download
memory/4152-112-0x0000000000CB0000-0x0000000000CBA000-memory.dmp

Filesize
40KB

Download
memory/4152-94-0x0000000003240000-0x00000000032D3000-memory.dmp

Filesize
588KB

Download