Overview

overview

10

Static

static

1

cisco-secu...k9.exe

windows7-x64

10

cisco-secu...k9.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    93s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29-01-2025 21:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cisco-secure-client-win-5.0.05040-core-vpn-predeploy-k9.exe

  • Size

    21.4MB

  • MD5

    c50fd06f02edb960eccb1fa95574a2a8

  • SHA1

    a152464e017a557a2514e4a928be0aaecdd3ac23

  • SHA256

    78e1e350aa5525669f85e6972150b679d489a3787b6522f278ab40ea978dd65d

  • SHA512

    9d148fb958afa03e1eb2b40cd9ed6e2a929d439811d0d7191f0da1a1263e58a1c787d2dcc43acb9f97e374e3eee2632a91d6c1fa1797e14e1639833ff024498b

  • SSDEEP

    393216:qaPjW5fGPD4ZMpbLV6olaLYBFb+R3Oaa57/WsSej93Wafvp0Ye5wiiuJp7r+Z+sw:VYZMyL0F6R+5Cxej93r3Ppip7vI+sP3Y

Score
10/10
netsupportdiscoverypersistencerat

Malware Config

Signatures

  • NetSupport

    NetSupport is a remote access tool sold as a legitimate system administration software.

    ratnetsupport
  • Netsupport family
    netsupport
  • Drops file in Drivers directory 3 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 9 IoCs
  • Loads dropped DLL 64 IoCs
  • Modifies file permissions 1 TTPs 1 IoCs
    discovery
  • Adds Run key to start application 2 TTPs 3 IoCs
    persistence
  • Blocklisted process makes network request 1 IoCs
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 4 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 26 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 14 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 4 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 9 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 17 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of WriteProcessMemory 49 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cisco-secure-client-win-5.0.05040-core-vpn-predeploy-k9.exe
    "C:\Users\Admin\AppData\Local\Temp\cisco-secure-client-win-5.0.05040-core-vpn-predeploy-k9.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:4624
    • C:\Users\Admin\AppData\Local\Temp\is-H1ROD.tmp\cisco-secure-client-win-5.0.05040-core-vpn-predeploy-k9.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-H1ROD.tmp\cisco-secure-client-win-5.0.05040-core-vpn-predeploy-k9.tmp" /SL5="$C01DA,21409018,1056768,C:\Users\Admin\AppData\Local\Temp\cisco-secure-client-win-5.0.05040-core-vpn-predeploy-k9.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:4816
      • C:\ProgramData\CiscoMedia\client32.exe
        "C:\ProgramData\CiscoMedia\client32.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        PID:4492
      • C:\Windows\SysWOW64\icacls.exe
        "icacls" "C:\ProgramData\CiscoMedia" /grant *S-1-1-0:(F) /grant Users:(F) /grant Everyone:(F) /T /C
        3⤵
        • Modifies file permissions
        • System Location Discovery: System Language Discovery
        PID:32
      • C:\Windows\SysWOW64\msiexec.exe
        "C:\Windows\system32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\is-PLHJL.tmp\cisco-secure-client-win-5.0.05040-core-vpn-predeploy-k9.msi" /qn
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of AdjustPrivilegeToken
        PID:2580
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Adds Run key to start application
    • Blocklisted process makes network request
    • Enumerates connected drives
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2544
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 0ED3D6DD321AE670D938DB3427DDCACB
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:2380
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding EB500DDB06A4467C5344549EF95833B6 E Global\MSI0000
      2⤵
      • Loads dropped DLL
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      PID:1512
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1512 -s 844
        3⤵
        • Program crash
        PID:3492
    • C:\Program Files (x86)\Cisco\Cisco Secure Client\InstallHelper.exe
      "C:\Program Files (x86)\Cisco\Cisco Secure Client\InstallHelper.exe" -copyFiles "C:\Users\Admin\AppData\Local\Temp\is-PLHJL.tmp\Profiles\\" "C:\ProgramData\Cisco\Cisco Secure Client\\" "AnyConnectLocalPolicy.xml"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      PID:2980
    • C:\Program Files (x86)\Cisco\Cisco Secure Client\InstallHelper.exe
      "C:\Program Files (x86)\Cisco\Cisco Secure Client\InstallHelper.exe" -copyFiles "C:\Users\Admin\AppData\Local\Temp\is-PLHJL.tmp\Profiles\vpn\\" "C:\ProgramData\Cisco\Cisco Secure Client\VPN\\Profile\\" "*.xml"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      PID:2384
    • C:\Program Files (x86)\Cisco\Cisco Secure Client\InstallHelper.exe
      "C:\Program Files (x86)\Cisco\Cisco Secure Client\InstallHelper.exe" -copyFiles "C:\Users\Admin\AppData\Local\Temp\is-PLHJL.tmp\Profiles\feedback\\" "C:\ProgramData\Cisco\Cisco Secure Client\CustomerExperienceFeedback\\" "CustomerExperience_Feedback.xml"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      PID:2948
    • C:\Program Files (x86)\Cisco\Cisco Secure Client\InstallHelper.exe
      "C:\Program Files (x86)\Cisco\Cisco Secure Client\InstallHelper.exe" -registerdll "C:\Program Files (x86)\Cisco\Cisco Secure Client\vpnapi.dll"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      PID:3480
    • C:\Program Files (x86)\Cisco\Cisco Secure Client\InstallHelper.exe
      "C:\Program Files (x86)\Cisco\Cisco Secure Client\InstallHelper.exe" -moveFiles "C:\Program Files (x86)\Cisco\Cisco Secure Client\\" "C:\Program Files (x86)\Cisco\Cisco Secure Client\Plugins\\" "pluginreg_vpn_feedback.json"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of AdjustPrivilegeToken
      PID:3400
    • C:\Program Files (x86)\Cisco\Cisco Secure Client\InstallHelper.exe
      "C:\Program Files (x86)\Cisco\Cisco Secure Client\InstallHelper.exe" -moveFiles "C:\Program Files (x86)\Cisco\Cisco Secure Client\\" "C:\Program Files (x86)\Cisco\Cisco Secure Client\Plugins\\" "pluginreg_vpn_ipsec.json"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:4896
    • C:\Program Files (x86)\Cisco\Cisco Secure Client\InstallHelper.exe
      "C:\Program Files (x86)\Cisco\Cisco Secure Client\InstallHelper.exe" -moveFiles "C:\Program Files (x86)\Cisco\Cisco Secure Client\\" "C:\Program Files (x86)\Cisco\Cisco Secure Client\Plugins\\" "pluginreg_vpn_webhelper.json"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:944
    • C:\Windows\System32\MsiExec.exe
      C:\Windows\System32\MsiExec.exe -Embedding 7CCADE1D028586EE431CDAC0C81E5CA1 E Global\MSI0000
      2⤵
      • Drops file in Drivers directory
      • Adds Run key to start application
      • Drops file in Windows directory
      • Suspicious use of WriteProcessMemory
      PID:3256
      • C:\Windows\system32\runonce.exe
        "C:\Windows\system32\runonce.exe" -r
        3⤵
        • Checks processor information in registry
        • Modifies data under HKEY_USERS
        • Suspicious use of WriteProcessMemory
        PID:3416
        • C:\Windows\System32\grpconv.exe
          "C:\Windows\System32\grpconv.exe" -o
          4⤵
          • Modifies data under HKEY_USERS
          PID:3168
      • C:\Windows\system32\runonce.exe
        "C:\Windows\system32\runonce.exe" -r
        3⤵
        • Checks processor information in registry
        • Modifies data under HKEY_USERS
        • Suspicious use of WriteProcessMemory
        PID:4740
        • C:\Windows\System32\grpconv.exe
          "C:\Windows\System32\grpconv.exe" -o
          4⤵
          • Modifies data under HKEY_USERS
          PID:2368
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 1512 -ip 1512
    1⤵
      PID:1588

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files (x86)\Cisco\Cisco Secure Client\InstallHelper.exe
      Filesize

      549KB

      MD5

      a942f7085cf6e0584943727a7b804342

      SHA1

      c79f5a2946400942f75bb6d05a853d4018ed7419

      SHA256

      ab1abbfb3f0ad6a0e16f8fc94f485c67a8ab002a5c05549cf676e4d701e26ff0

      SHA512

      69d42640785aa0b4fabbadd894a92643b4d32bc6fb404b0ccc0b056d8413abd3684d81bed43d10ced24620bf26a749b4f87a557916f987501986dca9980c0f44

      Download Submit

    • C:\Program Files (x86)\Cisco\Cisco Secure Client\UI\Setup\5.0.00923\l10n\fr-fr\LC_MESSAGES\SecureClientDefault.mo
      Filesize

      353KB

      MD5

      0656a498b0adf363a0d80baf67a4c24b

      SHA1

      a8d919e044ef0c20bdc2671f74ee38c3428c42d1

      SHA256

      f1bbf2d27c7cd80028e38e54097a975735f06035674bd991aaff05429b479a30

      SHA512

      93d1603302bb59c25cb93b5012caab94a846092342cc947f508c46a7be464f6c40b526e1f080e0536ff577da74891ec51a3b3a65501547898aaabd71613fa84a

      Download Submit

    • C:\Program Files (x86)\Cisco\Cisco Secure Client\acciscossl.dll
      Filesize

      438KB

      MD5

      5608f2feeec9519abc4c45ad6156f224

      SHA1

      55b1e59342a3f0011714e146a0ffdb52cde267dd

      SHA256

      3dec5d47533e9dccaf3f851de4d37e289407cb9064cd1f32add08d2abfab75d4

      SHA512

      ff605f0f7ec45be82696d1fab43d74c59991afc692c61674ca7317df1c9953ee25d65ac94910d856eb98e6d48c280d8298c54c09ba2346b9a1959e9071ecf717

      Download Submit

    • C:\Program Files (x86)\Cisco\Cisco Secure Client\vpncommon.dll
      Filesize

      2.3MB

      MD5

      208bc604df1e3c9ff524c9ad9066e552

      SHA1

      dc76f03e1a6851a8610fca6a73efca567ada84cb

      SHA256

      025635a4e805da1241f752fe664c766b745c7f70de070dc4ac87875d249150c5

      SHA512

      4a95407898d6ea16ed96208b9b94825091ca9e554a278654d71009ae04c695fef3745ba3ff2dffd5ff1c76dc62c58522300f0fd903f52f0a3e4f68da5ce23892

      Download Submit

    • C:\Program Files (x86)\Cisco\Cisco Secure Client\vpncommoncrypt.dll
      Filesize

      513KB

      MD5

      4ce708f0420389b058b7f2d74561a2c3

      SHA1

      9abccdeb744dffd374df72117cc47c7d18eef506

      SHA256

      382b6cd7055a36deccad2839ec47bfd49b1c4077ee5dfc9cb07c829a4caaabbe

      SHA512

      53a0bc22c6772cb46dbb1cbe6be2079ab620845cd0cb49fb4afe7d8dc861d38351a4ce7226adcce70180f65ab112701f55f91aa438b018d6c370a4244fb943ed

      Download Submit

    • C:\Program Files (x86)\prflbmsg.zip
      Filesize

      2.0MB

      MD5

      bce64c218ab2d90739e1965f44eaefc9

      SHA1

      e97838b05200a69c7981afcf9215137936e99416

      SHA256

      38cb03bb108b88715d554d1141eb734b2dc25b63fc69c4b037e589caa2e77bec

      SHA512

      90c2b1147e6b524a8b78ad0f23d305c0389c6f9dfe80a2a59aace232bf5f1fd4b8b5c8f05f1faade959a8f62b25d5d3af1b42e60c17b5075bf3e356e1596052c

      Download Submit

    • C:\ProgramData\CiscoMedia\AudioCapture.dll
      Filesize

      76KB

      MD5

      2a82792f7b45d537edfe58eb758c1197

      SHA1

      a039182d4d1ef29c6d8c238f20f7b8218c28f90c

      SHA256

      05aa13a6c1d18f691e552f04a996960917202a322d0dacfd330e553ad56978ed

      SHA512

      c6c6799b386e0d6489d9346f1d403b03b9425572e7418a93a72c413a4b9413945aaf4ea97a7d7b65772e5e3f00cff65f180f6fef51a26d4fdc2ff063816b5386

      Download Submit

    • C:\ProgramData\CiscoMedia\HTCTL32.DLL
      Filesize

      306KB

      MD5

      3eed18b47412d3f91a394ae880b56ed2

      SHA1

      1b521a3ed4a577a33cce78eee627ae02445694ab

      SHA256

      13a17f2ad9288aac8941d895251604beb9524fa3c65c781197841ee15480a13f

      SHA512

      835f35af4fd241caa8b6a639626b8762db8525ccceb43afe8fffc24dffad76ca10852a5a8e9fc114bfbf7d1dc1950130a67037fc09b63a74374517a1f5448990

      Download Submit

    • C:\ProgramData\CiscoMedia\KBDTAM99.DLL
      Filesize

      7KB

      MD5

      ccc736781cf4a49f42cd07c703b3a18b

      SHA1

      6ad817d7e8b7e9dc978763305a4cd4f1ab9abb66

      SHA256

      000c4b5b50966634df58078511794f83690d693fccf2aca5c970c20981b29556

      SHA512

      39245c4ba554a5a178310af2b8578401360bf60efda427332249eca02d6d65e4b419270ba648e4ad36aacca810133f8e4404372dee98a3648c1e4a9b85dedccb

      Download Submit

    • C:\ProgramData\CiscoMedia\MSVCR100.dll
      Filesize

      755KB

      MD5

      0e37fbfa79d349d672456923ec5fbbe3

      SHA1

      4e880fc7625ccf8d9ca799d5b94ce2b1e7597335

      SHA256

      8793353461826fbd48f25ea8b835be204b758ce7510db2af631b28850355bd18

      SHA512

      2bea9bd528513a3c6a54beac25096ee200a4e6ccfc2a308ae9cfd1ad8738e2e2defd477d59db527a048e5e9a4fe1fc1d771701de14ef82b4dbcdc90df0387630

      Download Submit

    • C:\ProgramData\CiscoMedia\NSM.LIC
      Filesize

      262B

      MD5

      b9956282a0fed076ed083892e498ac69

      SHA1

      d14a665438385203283030a189ff6c5e7c4bf518

      SHA256

      fcc6afd664a8045bd61c398be3c37a97536a199a48d277e11977f93868ae1acc

      SHA512

      7daa09113c0e8a36c91cc6d657c65851a20dff6b60ac3d2f40c5737c12c1613c553955f84d131ba2139959973fef9fc616ca5e968cb16c25acf2d4739eed87eb

      Download Submit

    • C:\ProgramData\CiscoMedia\NSM.ini
      Filesize

      5KB

      MD5

      99f493dce7fab330dc47f0cab8fe6172

      SHA1

      16906fb5988303bb462b65ff4ece23539a12f4b5

      SHA256

      e0ed36c897eaa5352fab181c20020b60df4c58986193d6aaf5bf3e3ecdc4c05d

      SHA512

      2c58171c30aec8ae131a7c32162856fce551b55f861d0d9fb0e27a91bd7084388df5860392f80cdbc6df6e64e97d8bf2cae587c3d6b7c142ce711ae8e240bb01

      Download Submit

    • C:\ProgramData\CiscoMedia\PCICAPI.dll
      Filesize

      44KB

      MD5

      9daa86d91a18131d5caf49d14fb8b6f2

      SHA1

      6b2f7ceb6157909e114a2b05a48a1a2606b5caf1

      SHA256

      1716640cce74322f7ee3e3e02b75cd53b91686f66e389d606dab01bd9f88c557

      SHA512

      9a98e0d9e2dda8aefa54bddb3c7b71501d638dff68863939de6caa117b0e7bf15e581a75419ef8a0da3f1c56a19f1b0f4c86d65f8581773ab88ff5764b9bb3aa

      Download Submit

    • C:\ProgramData\CiscoMedia\PCICHEK.DLL
      Filesize

      27KB

      MD5

      e311935a26ee920d5b7176cfa469253c

      SHA1

      eda6c815a02c4c91c9aacd819dc06e32ececf8f0

      SHA256

      0038ab626624fa2df9f65dd5e310b1206a9cd4d8ab7e65fb091cc25f13ebd34e

      SHA512

      48164e8841cfc91f4cbf4d3291d4f359518d081d9079a7995378f970e4085b534f4bafc15b83f4824cc79b5a1e54457b879963589b1acbcfe727a03eb3dffd1c

      Download Submit

    • C:\ProgramData\CiscoMedia\PCICL32.dll
      Filesize

      3.3MB

      MD5

      77b3988cbae5a2550caec42cc5e8ec35

      SHA1

      5fa1eeb60e881bfd82eb7c3d9e911587982aaa38

      SHA256

      650382fe6596c8dc0c1739713c2076d4ddff32d5c177210b1241550bb8148cfd

      SHA512

      480f3abef7b799bd604ba9825e2b8cf681e7850373761c579ef181607980d5159c225fb486996e3088f39662f873743d25b52368045d3ae5bd8d45e44d1e8bec

      Download Submit

    • C:\ProgramData\CiscoMedia\TsUsbRedirectionGroupPolicyExtension.dll
      Filesize

      13KB

      MD5

      d89cda3ff8427da82de6cce39008c5bc

      SHA1

      33889517517b8953707796d12d6907b039c715d1

      SHA256

      f44cc1e23d0d192dcfd84069b27704cd0b2a8e7720eee43656f57cb474433762

      SHA512

      4a73be7228960719236f39abc6dba7741498d3a3539f7bcc31b6d28a2574e41e4f85e6c2e0fbcffe9ba3b6a646fa3fa078adc0a53c46a4676b871fb92e11fe4f

      Download Submit

    • C:\ProgramData\CiscoMedia\WiaExtensionHost64.dll
      Filesize

      11KB

      MD5

      5d084613c0e5c8c3022d9e0f316b0e23

      SHA1

      784dd38d9e553eb4b8955320fb596ae4e6854f23

      SHA256

      07bc4dc48d5d9bcc2ce52ca8a0f925ca021092dc34cb811e183cbc0d32e576ba

      SHA512

      263d3de392b5a4e40e9fbd791062b2731f27410e977dbdacb61810d1a1c2cf24658d8abf5d09a99a18ff7a87c122d9b6744d40723c1637621c5feb327fad752a

      Download Submit

    • C:\ProgramData\CiscoMedia\client32.exe
      Filesize

      117KB

      MD5

      1c19c2e97c5e6b30de69ee684e6e5589

      SHA1

      5734ef7f9e4dba0639c98881e00f03eea35a62ee

      SHA256

      312a0e4db34a40cb95ba1fac8bf87deb45d0c5f048d38ac65eb060273b07df67

      SHA512

      ab7240b81be04f1bced47701a5791bbeedcba6037ee936327478c304aa1ce5ae75856ca7f568f909f847e27db2a6b9c08db7cc1057a18fab14a39a5854f15cba

      Download Submit

    • C:\ProgramData\CiscoMedia\client32.ini
      Filesize

      633B

      MD5

      5baebfb74e32c8825003a20f6f3af32c

      SHA1

      9f929de178f9da2c1de1ff7576d28246d90fe5ac

      SHA256

      5d2e3e095e7c0de4cf4c83f3ea81127e5c96ff88c7c601ad41fd8ff10ab89947

      SHA512

      661e64b4be23f466d8987ecc4ce171640510e55db53d2b6b2b39a2c4ceb5feda4d2d409b6c17d0fdfb9bbd090b62ad2d229c0118a291ff0b072bc8d27d603338

      Download Submit

    • C:\ProgramData\CiscoMedia\client32u.ini
      Filesize

      647B

      MD5

      101be8429531365501b2e75811aad6e2

      SHA1

      1f47a9ff63c21d61b4798e2c73b72ab76cd03cb0

      SHA256

      1b4cc80439164c6a1988b8fededdb6c829551b0e9da9e7679654277d7adf2e14

      SHA512

      4c8fd7579c49c4136dc41796fda46de9cc8247735e4f6f3da472772dfe3bf908f84c169a71ecaa46042fdf33645b140942bb737ec3e12326165f494bd97e7b9d

      Download Submit

    • C:\ProgramData\CiscoMedia\comcat.dll
      Filesize

      10KB

      MD5

      835ff05a3f5e16e0fe41e515ea398bd4

      SHA1

      e025cb17bbb01a1b5715ebbc745272a8611dae6c

      SHA256

      8dcfb1e6aa965df4bd4c0551d03bdfd6472c80219ada4671910958688fbb4ab6

      SHA512

      e6a7002316b05759c433b3e0516843a14199ee4b23315d799b533a52f9932f4715fc8aa5fae96892901ac67f0dae6d239eb37fc722558cb7c9dd906564719cd1

      Download Submit

    • C:\ProgramData\CiscoMedia\getuname.dll
      Filesize

      11KB

      MD5

      91c68038bfc064ea8fb6d432acd38ee0

      SHA1

      4df7e33b6e325f31231eaaab366e2e710955babb

      SHA256

      68de057c4175d4c94afa2acb2abc1a9ccac04a3ceb8e84c33f7f414bb8b0eeb6

      SHA512

      002aef67593058c88b980a4107f1ca4ddfec5268456f76d1d358179e00ea2a0cd64c93fb31a7e78055885cfd508c90a7b19c6c6fa7a5a3c3ffa305677a0955d2

      Download Submit

    • C:\ProgramData\CiscoMedia\ifsutilx.dll
      Filesize

      16KB

      MD5

      27a7213091cda31e84967bead4d29bd1

      SHA1

      e705e0fd25167c8cdaf984f067e3bdf4be8558d3

      SHA256

      42214053995b6188b2e20935ca8c92af77639f0d5541a132920a5cba2cfcbde6

      SHA512

      a16ee540cad2661f3d31071aed3b2f30ea5c0f068f51a350ef693fb83df30ce97ea4701714091ed0ef4a0806d908d93691beb0d8060b5ec73f62422477c8f3ce

      Download Submit

    • C:\ProgramData\CiscoMedia\mprext.dll
      Filesize

      13KB

      MD5

      0eabd6ab464758f058fc039a47f61750

      SHA1

      51bc562a59e565e3f39a54e4c788896b8803354b

      SHA256

      f96e8d99b736e4ce7997bb1de65d88c32e16f1f725d8bd98f52c39a02969fd87

      SHA512

      f5a038615ecbb72072ef2a72d166cabbfd26aa879f28c911a26db71581cb8b93b7554b1cfa1517b063fdc5f942281e7d409e70c998b8273fe9ee6a0fc61a00fb

      Download Submit

    • C:\ProgramData\CiscoMedia\msidle.dll
      Filesize

      11KB

      MD5

      b1c1bb1ef2ac2d739aeaed77c33c1848

      SHA1

      efa181a1ea01e02cd44614f80259ce794b7a455c

      SHA256

      cd8d7caebfeb4eb9124ba3e025aff68dde554a8dd6b3365654bf936200c4e563

      SHA512

      f4e24c508248e6f331aa16ed01c7cdc6cebbc4cd09dfa9f511d02544e2c04eb36c9480ae71d9ddef039a1e9d6e0324179a9ba0f1c323e20c4bbf813a154e2fc0

      Download Submit

    • C:\ProgramData\CiscoMedia\msidntld.dll
      Filesize

      5KB

      MD5

      504e51418d856d664db23dd55a61352d

      SHA1

      522c0fb1ed2b9594e7a2aab9481883da57d8ca23

      SHA256

      f190e142f402de460455ff2d1835294a3e118ba74d76aa092af49372bb9b76f4

      SHA512

      28bebb26eeb8ba97fb0ac8cc4869576d3cc58cd7c0fdce988f6fe160c7b426c2a3906799ca021a65a26394cba266dfa3d3e58790ec41c7eb7ecd0fbd89d6e0db

      Download Submit

    • C:\ProgramData\CiscoMedia\neth.dll
      Filesize

      2KB

      MD5

      26bf659dc283cd389baad0ca54c1abca

      SHA1

      b386c4c9400880ec8315a93af0c5b38db6be9abd

      SHA256

      ad2310e7f3ba73c29872a14826f6a5118765a4c6b67a57168a336c05365dd152

      SHA512

      871449eb6b24a9d13134ca2d45f0839a2a417517969d1c7029219570aaee932e27026b29987553d41c58c13f265cf2a406442e21db54a07fb2555392cc4bf19f

      Download Submit

    • C:\ProgramData\CiscoMedia\netmsg.dll
      Filesize

      2KB

      MD5

      176e3d19f665faefd5c5f892cb310ac8

      SHA1

      da39984d4f8522ae694cb310a64282f150aa3b26

      SHA256

      6ff38f25cbf31af03633654469c67024df13bf59b1ed9fa29597c4d6cc5a624d

      SHA512

      4cacf6f1277a563ae80fff86c277580d9d570a53ef75ca7cd27e63bf33c2d0a4795eeff0696cadfec619018c6c9fd1b9f023ce7694e3a847e534cf7a24a8a19f

      Download Submit

    • C:\ProgramData\CiscoMedia\nskbfltr.inf
      Filesize

      328B

      MD5

      26e28c01461f7e65c402bdf09923d435

      SHA1

      1d9b5cfcc30436112a7e31d5e4624f52e845c573

      SHA256

      d96856cd944a9f1587907cacef974c0248b7f4210f1689c1e6bcac5fed289368

      SHA512

      c30ec66fecb0a41e91a31804be3a8b6047fc3789306adc106c723b3e5b166127766670c7da38d77d3694d99a8cddb26bc266ee21dba60a148cdf4d6ee10d27d7

      Download Submit

    • C:\ProgramData\CiscoMedia\nsm_vpro.ini
      Filesize

      46B

      MD5

      3be27483fdcdbf9ebae93234785235e3

      SHA1

      360b61fe19cdc1afb2b34d8c25d8b88a4c843a82

      SHA256

      4bfa4c00414660ba44bddde5216a7f28aeccaa9e2d42df4bbff66db57c60522b

      SHA512

      edbe8cf1cbc5fed80fedf963ade44e08052b19c064e8bca66fa0fe1b332141fbe175b8b727f8f56978d1584baaf27d331947c0b3593aaff5632756199dc470e5

      Download Submit

    • C:\ProgramData\CiscoMedia\panmap.dll
      Filesize

      14KB

      MD5

      c3f21a1cc9dc3cccc38491da27273f11

      SHA1

      b59cd05fa587eb37993e87359d26a9210beebb01

      SHA256

      cdb271b988bf3dc272ad93c272c446efa981c93fe19b7cbee8d2f01fb058a005

      SHA512

      a0d882bde23d545f37395311639b78123a1108c022d866d86fb449992387cb7e53fa4b4a54c0e53d74c3e31a9220a9e15a3058158df851cf598bf7e520b3e7b2

      Download Submit

    • C:\ProgramData\CiscoMedia\prflbmsg.dll
      Filesize

      13KB

      MD5

      54fb96ffb3e2984755f82cfff72e317a

      SHA1

      e569e22624267b38abfe33a452a1f7657848ea13

      SHA256

      73b88e1238ab71ed4142952f06e49d230f611c28ceeac263820f6af148d2965b

      SHA512

      105e5353ea3db3c90e5d2a7ad0ee0dea52d648e61c0a34a2ee507a3393ec3c925d15e96eab59cd186ecd2d9322211de886058db88ccd8b6ea706884d0eb632d3

      Download Submit

    • C:\ProgramData\CiscoMedia\provdiagnostics.dll
      Filesize

      21KB

      MD5

      81bd7399ef847e73954ae785471ac5b8

      SHA1

      3557ec236de42c3c1221898ae1e1dcee3fb40dad

      SHA256

      b7eb4c207979e5c4311e8c7553cf478129c5ede51bf93f4f53a99ab63c6029a2

      SHA512

      9bc2261001c4483aeed4c19ae089693fc0b220f784813ad64b9cdef97207d78a5d9b338ba85f8dc99752d87d4b4d73f90bb9db95cd16084c81ab8a25c738255a

      Download Submit

    • C:\ProgramData\CiscoMedia\remcmdstub.exe
      Filesize

      67KB

      MD5

      62cb7909b5247f472b0e3f748faedf35

      SHA1

      f424005eb21deb09f1617f33814d6e6c3851b7dc

      SHA256

      f6aac87863a73299b260315748cb0bc0b964d860cf5710993ca54bd79aaae5db

      SHA512

      2f4e36f6a0718e7fc9e08e5cca13b76089cb6c42ab772475a2fd68128268e3c0b6c6371ea665b793a8f6bcc3da76c6a57cb0b916d1d8b71c47d603933a7d72c4

      Download Submit

    • C:\ProgramData\CiscoMedia\wiatrace.dll
      Filesize

      18KB

      MD5

      2bdce845c9ab1d3eb0020b8e74c536dc

      SHA1

      2d9745fb19b3661d7bcea9b06cd2611d5b5ca80d

      SHA256

      9ad91cc28cbc6cb010911427a9b3d406a193d13f05f85e58ed7af01e8d9e3b2f

      SHA512

      321cec721eae62374384b82f092ff609b5ee48746d3a7839e20c098a40439f0fdbea1555922dda1e42ccfb1e28ca54ef6a0157016506f3ea8dc504db0e1f8f29

      Download Submit

    • C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco\Cisco Secure Client\Cisco Secure Client.lnk
      Filesize

      1KB

      MD5

      a9b23479b204dc5d0726740ed6051baf

      SHA1

      abdbda944eef0b86ec10635fdebac3a2f4160dfb

      SHA256

      01a26e4b995af007a4a2345e45e99cc39cc9e04bfbe12f566b71f3912955ac6d

      SHA512

      2ad283c8989a7e94ab279981c7c726b16306e74002863a07e52ad02095faa3f03ceb652cde29ed33ae09fd69fb14ea6103ece93119f907e820f37b26882d8ce4

      Download Submit

    • C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco\Cisco Secure Client\Cisco Secure Client.lnk~RFe57af0c.TMP
      Filesize

      1KB

      MD5

      fe6405731b37d9fa1491474d09a92d9c

      SHA1

      9116997d1553f466bc9068d539a3012bd2fc79d3

      SHA256

      398999e763172223c44c5d0f0ff784a8facc4922a193ca5a23dfde99a001a989

      SHA512

      b3ab5a1117ea8077cc33e7ab6b46a4dee5d8c5b2a01c6479d59486934c353554d4e6562da251bd8d7336688d8dd5df67da678c2fa120fbcbd6b76ffcdd9767c0

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\is-H1ROD.tmp\cisco-secure-client-win-5.0.05040-core-vpn-predeploy-k9.tmp
      Filesize

      3.5MB

      MD5

      0c9b2469f1bbe633a84f87171fe068be

      SHA1

      c8d1f609174570249a0e88cf65b77c099bfa5748

      SHA256

      3919a8efaa2fcf44c4b8215c647e811a38a8bd31c97825304e706be41b0bdf24

      SHA512

      21224c27c0f57aaff05ce7065817b35522ef9e792d127ef6dbf74989d61fdf646d8801cf5a4502415a0aaae7bb7505a8e3c103051c8eb5b336ddbe41fd7ee818

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\is-PLHJL.tmp\cisco-secure-client-win-5.0.05040-core-vpn-predeploy-k9.msi
      Filesize

      20.3MB

      MD5

      969ef0daa53bfca5aa7475a9f41f8ec6

      SHA1

      7c83027e2e6a87dd30c41664ef8cfe3b3f2748ab

      SHA256

      e7eaa64ef6340797febe588ab733e41e851e3825e5b9e4b5e0ae375204eacc43

      SHA512

      9a7df2d933ac72ad5ae3e0660714a636c2f099d8ccbe3f8de89100dffbdcf8fbace6e56c07669e1348b402ce425c6fecde1f5598f65d634654496fed6ce86e9f

      Download Submit

    • C:\Windows\Installer\MSI9FDA.tmp
      Filesize

      550KB

      MD5

      bda991d64e27606ac1d3abb659a0b33b

      SHA1

      a87ee1430f86effa5488ae654704c40aca3424c6

      SHA256

      ffea8222126b77f8da93e27edbadeb8b97fb023ef0d6a51522c35688f66283ca

      SHA512

      94fe1eadd4b4325fc1a8c769180c6ecf92e2dbf9f8262d6746fada603929977f3d40100ba84cffb4074c6900a2b2d307355e6a5116e6f16d9d3173fa17ad461f

      Download Submit

    • C:\Windows\Installer\MSIA26D.tmp
      Filesize

      286KB

      MD5

      89d8bf861e74f89efea9284f572b45ae

      SHA1

      2be6fdf26119a40be59b28ba2cdf08df73648990

      SHA256

      33c6a15e158e2bad8a13249a5807e4ad806b155573d2c18b154f66ec1b96d050

      SHA512

      194c7d6cc76b40c28be19b9dff1d55bb86a3d9ba7d8ee53504578af87793540e216bd25ab2d3272c60cd0aec09b5c34cb229c3253f371b6c956923199ef98361

      Download Submit

    • C:\Windows\Installer\MSIA8C9.tmp
      Filesize

      699KB

      MD5

      4f404769bf5c541049efdff1004063ca

      SHA1

      2fa070a143cff91e19d06b70a004d44e4a2e0699

      SHA256

      3faa9e35ec9bcad3532e7c1d0e5f7335befed8b696f37138404fd1e0db78ebda

      SHA512

      5f0692451e70577bfc59a0364d5cb035b991a79bd8ef0f96b34ec09c760199e5819e75e08febc2a023dadcb2c9dc44740e0b2c77d656aadafe9fa8151018ecc8

      Download Submit

    • C:\Windows\Installer\MSIA9E5.tmp
      Filesize

      338KB

      MD5

      b920f702371e53bc8d8597bd71f64aac

      SHA1

      580cd8366ab2cc630eabdda414bde27b70183859

      SHA256

      c67465ceedd66a340a351a600b56a08c3bfbfc1741c433da3522c7c823e4ec22

      SHA512

      5e966fb8886a51e7c3ca78ed7466e73468cdb2bf33f25dfbbfeaf7c5198733835b52df872b888e1130a1f4ee2727e83d51012bec4ec02719b31156cd8e55fb0a

      Download Submit

    • C:\Windows\System32\drivers\acsock64.sys
      Filesize

      298KB

      MD5

      7119f4b20ecbf6bbb4478a983d34ac70

      SHA1

      60c6e6b2ef96c540318fbededf81f5d8bd90148e

      SHA256

      372d4c634e9c8f1da8ee0ed5dd54e4d2956564ff7fcf62cdef20689d2ec47f92

      SHA512

      5895f370d1641611bb110d75aada34dc34359da83143fe067bb8dd99ccbab64b832ba7b958c3f09d81b78e3abbd4601a495bd51070c053d298e7a48745cec0bc

      Download Submit

    • memory/4624-0-0x0000000000D00000-0x0000000000E10000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/4624-2-0x0000000000D01000-0x0000000000DA9000-memory.dmp

      Filesize

      672KB

      Download

    • memory/4624-715-0x0000000000D00000-0x0000000000E10000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/4624-790-0x0000000000D00000-0x0000000000E10000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/4816-6-0x0000000003080000-0x0000000003081000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4816-717-0x0000000003080000-0x0000000003081000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4816-716-0x0000000000140000-0x00000000004D8000-memory.dmp

      Filesize

      3.6MB

      Download

    • memory/4816-788-0x0000000000140000-0x00000000004D8000-memory.dmp

      Filesize

      3.6MB

      Download