sality | a94486b3e452fcf5a416fe831f9a05a28e9e45c74c468dc772926d1d20cdc910

Analysis

max time kernel
119s
max time network
124s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
29-06-2024 11:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a94486b3e452fcf5a416fe831f9a05a28e9e45c74c468dc772926d1d20cdc910_NeikiAnalytics.exe
Size

3.6MB
MD5

e9eafe5eca1d19f887b36542f4803d00
SHA1

9fd9bee8ee535554c026ddf51244fc62fbfd202a
SHA256

a94486b3e452fcf5a416fe831f9a05a28e9e45c74c468dc772926d1d20cdc910
SHA512

c30bd247376291934dbc35b98df31e348474fc80191d442ad75369a2d78cbed2b8104dd3af8ae89da4817b829625d93ede9171fab5df6fb8824d6f0589935777
SSDEEP

98304:cQqb79f6Xgrstmcs8FQyUGs2z048C32t7QoXyO:UBVr/wFhUGsu048Cmt5r

Score

10^/10

sality backdoor evasion trojan upx

Malware Config

Extracted

Family

sality

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Signatures

Modifies firewall policy service 3 TTPs 3 IoCs

evasion

Modify Registry

T1112

Windows Service

T1543.003

Disable or Modify System Firewall

T1562.004

Processes:

a94486b3e452fcf5a416fe831f9a05a28e9e45c74c468dc772926d1d20cdc910_NeikiAnalytics.exe

description	ioc	process
Set value (int)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\EnableFirewall = "0"	a94486b3e452fcf5a416fe831f9a05a28e9e45c74c468dc772926d1d20cdc910_NeikiAnalytics.exe
Set value (int)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DoNotAllowExceptions = "0"	a94486b3e452fcf5a416fe831f9a05a28e9e45c74c468dc772926d1d20cdc910_NeikiAnalytics.exe
Set value (int)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DisableNotifications = "1"	a94486b3e452fcf5a416fe831f9a05a28e9e45c74c468dc772926d1d20cdc910_NeikiAnalytics.exe

Sality
Sality is backdoor written in C++, first discovered in 2003.
backdoor sality

UAC bypass 3 TTPs 1 IoCs

evasion trojan

Bypass User Account Control

T1548.002

Disable or Modify Tools

T1562.001

Modify Registry

T1112

Processes:

a94486b3e452fcf5a416fe831f9a05a28e9e45c74c468dc772926d1d20cdc910_NeikiAnalytics.exe

description	ioc	process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	a94486b3e452fcf5a416fe831f9a05a28e9e45c74c468dc772926d1d20cdc910_NeikiAnalytics.exe

Windows security bypass 2 TTPs 6 IoCs

evasion trojan

Disable or Modify Tools

T1562.001

Modify Registry

T1112

Processes:

a94486b3e452fcf5a416fe831f9a05a28e9e45c74c468dc772926d1d20cdc910_NeikiAnalytics.exe

description	ioc	process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\UacDisableNotify = "1"	a94486b3e452fcf5a416fe831f9a05a28e9e45c74c468dc772926d1d20cdc910_NeikiAnalytics.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\AntiVirusOverride = "1"	a94486b3e452fcf5a416fe831f9a05a28e9e45c74c468dc772926d1d20cdc910_NeikiAnalytics.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\AntiVirusDisableNotify = "1"	a94486b3e452fcf5a416fe831f9a05a28e9e45c74c468dc772926d1d20cdc910_NeikiAnalytics.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\FirewallDisableNotify = "1"	a94486b3e452fcf5a416fe831f9a05a28e9e45c74c468dc772926d1d20cdc910_NeikiAnalytics.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\FirewallOverride = "1"	a94486b3e452fcf5a416fe831f9a05a28e9e45c74c468dc772926d1d20cdc910_NeikiAnalytics.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\UpdatesDisableNotify = "1"	a94486b3e452fcf5a416fe831f9a05a28e9e45c74c468dc772926d1d20cdc910_NeikiAnalytics.exe

Loads dropped DLL 18 IoCs

Processes:

a94486b3e452fcf5a416fe831f9a05a28e9e45c74c468dc772926d1d20cdc910_NeikiAnalytics.exe

pid	process
2164	a94486b3e452fcf5a416fe831f9a05a28e9e45c74c468dc772926d1d20cdc910_NeikiAnalytics.exe
2164	a94486b3e452fcf5a416fe831f9a05a28e9e45c74c468dc772926d1d20cdc910_NeikiAnalytics.exe
2164	a94486b3e452fcf5a416fe831f9a05a28e9e45c74c468dc772926d1d20cdc910_NeikiAnalytics.exe
2164	a94486b3e452fcf5a416fe831f9a05a28e9e45c74c468dc772926d1d20cdc910_NeikiAnalytics.exe
2164	a94486b3e452fcf5a416fe831f9a05a28e9e45c74c468dc772926d1d20cdc910_NeikiAnalytics.exe
2164	a94486b3e452fcf5a416fe831f9a05a28e9e45c74c468dc772926d1d20cdc910_NeikiAnalytics.exe
2164	a94486b3e452fcf5a416fe831f9a05a28e9e45c74c468dc772926d1d20cdc910_NeikiAnalytics.exe
2164	a94486b3e452fcf5a416fe831f9a05a28e9e45c74c468dc772926d1d20cdc910_NeikiAnalytics.exe
2164	a94486b3e452fcf5a416fe831f9a05a28e9e45c74c468dc772926d1d20cdc910_NeikiAnalytics.exe
2164	a94486b3e452fcf5a416fe831f9a05a28e9e45c74c468dc772926d1d20cdc910_NeikiAnalytics.exe
2164	a94486b3e452fcf5a416fe831f9a05a28e9e45c74c468dc772926d1d20cdc910_NeikiAnalytics.exe
2164	a94486b3e452fcf5a416fe831f9a05a28e9e45c74c468dc772926d1d20cdc910_NeikiAnalytics.exe
2164	a94486b3e452fcf5a416fe831f9a05a28e9e45c74c468dc772926d1d20cdc910_NeikiAnalytics.exe
2164	a94486b3e452fcf5a416fe831f9a05a28e9e45c74c468dc772926d1d20cdc910_NeikiAnalytics.exe
2164	a94486b3e452fcf5a416fe831f9a05a28e9e45c74c468dc772926d1d20cdc910_NeikiAnalytics.exe
2164	a94486b3e452fcf5a416fe831f9a05a28e9e45c74c468dc772926d1d20cdc910_NeikiAnalytics.exe
2164	a94486b3e452fcf5a416fe831f9a05a28e9e45c74c468dc772926d1d20cdc910_NeikiAnalytics.exe
2164	a94486b3e452fcf5a416fe831f9a05a28e9e45c74c468dc772926d1d20cdc910_NeikiAnalytics.exe

UPX packed file 15 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2164-3-0x00000000044A0000-0x000000000552E000-memory.dmp	upx
behavioral1/memory/2164-11-0x00000000044A0000-0x000000000552E000-memory.dmp	upx
behavioral1/memory/2164-62-0x00000000044A0000-0x000000000552E000-memory.dmp	upx
behavioral1/memory/2164-99-0x00000000044A0000-0x000000000552E000-memory.dmp	upx
behavioral1/memory/2164-102-0x00000000044A0000-0x000000000552E000-memory.dmp	upx
behavioral1/memory/2164-57-0x00000000044A0000-0x000000000552E000-memory.dmp	upx
behavioral1/memory/2164-101-0x00000000044A0000-0x000000000552E000-memory.dmp	upx
behavioral1/memory/2164-152-0x00000000044A0000-0x000000000552E000-memory.dmp	upx
behavioral1/memory/2164-153-0x00000000044A0000-0x000000000552E000-memory.dmp	upx
behavioral1/memory/2164-32-0x00000000044A0000-0x000000000552E000-memory.dmp	upx
behavioral1/memory/2164-100-0x00000000044A0000-0x000000000552E000-memory.dmp	upx
behavioral1/memory/2164-154-0x00000000044A0000-0x000000000552E000-memory.dmp	upx
behavioral1/memory/2164-164-0x00000000044A0000-0x000000000552E000-memory.dmp	upx
behavioral1/memory/2164-163-0x00000000044A0000-0x000000000552E000-memory.dmp	upx
behavioral1/memory/2164-218-0x00000000044A0000-0x000000000552E000-memory.dmp	upx

Windows security modification 2 TTPs 7 IoCs

evasion trojan

Disable or Modify Tools

T1562.001

Modify Registry

T1112

Processes:

a94486b3e452fcf5a416fe831f9a05a28e9e45c74c468dc772926d1d20cdc910_NeikiAnalytics.exe

description	ioc	process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\AntiVirusOverride = "1"	a94486b3e452fcf5a416fe831f9a05a28e9e45c74c468dc772926d1d20cdc910_NeikiAnalytics.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\AntiVirusDisableNotify = "1"	a94486b3e452fcf5a416fe831f9a05a28e9e45c74c468dc772926d1d20cdc910_NeikiAnalytics.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\FirewallDisableNotify = "1"	a94486b3e452fcf5a416fe831f9a05a28e9e45c74c468dc772926d1d20cdc910_NeikiAnalytics.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\FirewallOverride = "1"	a94486b3e452fcf5a416fe831f9a05a28e9e45c74c468dc772926d1d20cdc910_NeikiAnalytics.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\UpdatesDisableNotify = "1"	a94486b3e452fcf5a416fe831f9a05a28e9e45c74c468dc772926d1d20cdc910_NeikiAnalytics.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\UacDisableNotify = "1"	a94486b3e452fcf5a416fe831f9a05a28e9e45c74c468dc772926d1d20cdc910_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\Svc	a94486b3e452fcf5a416fe831f9a05a28e9e45c74c468dc772926d1d20cdc910_NeikiAnalytics.exe

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

Processes:

a94486b3e452fcf5a416fe831f9a05a28e9e45c74c468dc772926d1d20cdc910_NeikiAnalytics.exe

description	ioc	process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	a94486b3e452fcf5a416fe831f9a05a28e9e45c74c468dc772926d1d20cdc910_NeikiAnalytics.exe

Enumerates connected drives 3 TTPs 1 IoCs
Attempts to read the root path of hard drives other than the default C: drive.

Query Registry
T1012

Peripheral Device Discovery
T1120

System Information Discovery
T1082

Processes:

a94486b3e452fcf5a416fe831f9a05a28e9e45c74c468dc772926d1d20cdc910_NeikiAnalytics.exe

description ioc process

File opened (read-only) \??\E: a94486b3e452fcf5a416fe831f9a05a28e9e45c74c468dc772926d1d20cdc910_NeikiAnalytics.exe
Drops file in Windows directory 1 IoCs

Processes:

a94486b3e452fcf5a416fe831f9a05a28e9e45c74c468dc772926d1d20cdc910_NeikiAnalytics.exe

description ioc process

File opened for modification C:\Windows\SYSTEM.INI a94486b3e452fcf5a416fe831f9a05a28e9e45c74c468dc772926d1d20cdc910_NeikiAnalytics.exe
Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes:

a94486b3e452fcf5a416fe831f9a05a28e9e45c74c468dc772926d1d20cdc910_NeikiAnalytics.exe

pid process

2164 a94486b3e452fcf5a416fe831f9a05a28e9e45c74c468dc772926d1d20cdc910_NeikiAnalytics.exe

description	ioc	process
File opened (read-only)	\??\E:	a94486b3e452fcf5a416fe831f9a05a28e9e45c74c468dc772926d1d20cdc910_NeikiAnalytics.exe

description	ioc	process
File opened for modification	C:\Windows\SYSTEM.INI	a94486b3e452fcf5a416fe831f9a05a28e9e45c74c468dc772926d1d20cdc910_NeikiAnalytics.exe

Suspicious use of AdjustPrivilegeToken 20 IoCs

Processes:

a94486b3e452fcf5a416fe831f9a05a28e9e45c74c468dc772926d1d20cdc910_NeikiAnalytics.exe

description	pid	process
Token: SeDebugPrivilege	2164	a94486b3e452fcf5a416fe831f9a05a28e9e45c74c468dc772926d1d20cdc910_NeikiAnalytics.exe
Token: SeDebugPrivilege	2164	a94486b3e452fcf5a416fe831f9a05a28e9e45c74c468dc772926d1d20cdc910_NeikiAnalytics.exe
Token: SeDebugPrivilege	2164	a94486b3e452fcf5a416fe831f9a05a28e9e45c74c468dc772926d1d20cdc910_NeikiAnalytics.exe
Token: SeDebugPrivilege	2164	a94486b3e452fcf5a416fe831f9a05a28e9e45c74c468dc772926d1d20cdc910_NeikiAnalytics.exe
Token: SeDebugPrivilege	2164	a94486b3e452fcf5a416fe831f9a05a28e9e45c74c468dc772926d1d20cdc910_NeikiAnalytics.exe
Token: SeDebugPrivilege	2164	a94486b3e452fcf5a416fe831f9a05a28e9e45c74c468dc772926d1d20cdc910_NeikiAnalytics.exe
Token: SeDebugPrivilege	2164	a94486b3e452fcf5a416fe831f9a05a28e9e45c74c468dc772926d1d20cdc910_NeikiAnalytics.exe
Token: SeDebugPrivilege	2164	a94486b3e452fcf5a416fe831f9a05a28e9e45c74c468dc772926d1d20cdc910_NeikiAnalytics.exe
Token: SeDebugPrivilege	2164	a94486b3e452fcf5a416fe831f9a05a28e9e45c74c468dc772926d1d20cdc910_NeikiAnalytics.exe
Token: SeDebugPrivilege	2164	a94486b3e452fcf5a416fe831f9a05a28e9e45c74c468dc772926d1d20cdc910_NeikiAnalytics.exe
Token: SeDebugPrivilege	2164	a94486b3e452fcf5a416fe831f9a05a28e9e45c74c468dc772926d1d20cdc910_NeikiAnalytics.exe
Token: SeDebugPrivilege	2164	a94486b3e452fcf5a416fe831f9a05a28e9e45c74c468dc772926d1d20cdc910_NeikiAnalytics.exe
Token: SeDebugPrivilege	2164	a94486b3e452fcf5a416fe831f9a05a28e9e45c74c468dc772926d1d20cdc910_NeikiAnalytics.exe
Token: SeDebugPrivilege	2164	a94486b3e452fcf5a416fe831f9a05a28e9e45c74c468dc772926d1d20cdc910_NeikiAnalytics.exe
Token: SeDebugPrivilege	2164	a94486b3e452fcf5a416fe831f9a05a28e9e45c74c468dc772926d1d20cdc910_NeikiAnalytics.exe
Token: SeDebugPrivilege	2164	a94486b3e452fcf5a416fe831f9a05a28e9e45c74c468dc772926d1d20cdc910_NeikiAnalytics.exe
Token: SeDebugPrivilege	2164	a94486b3e452fcf5a416fe831f9a05a28e9e45c74c468dc772926d1d20cdc910_NeikiAnalytics.exe
Token: SeDebugPrivilege	2164	a94486b3e452fcf5a416fe831f9a05a28e9e45c74c468dc772926d1d20cdc910_NeikiAnalytics.exe
Token: SeDebugPrivilege	2164	a94486b3e452fcf5a416fe831f9a05a28e9e45c74c468dc772926d1d20cdc910_NeikiAnalytics.exe
Token: SeDebugPrivilege	2164	a94486b3e452fcf5a416fe831f9a05a28e9e45c74c468dc772926d1d20cdc910_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 5 IoCs

Processes:

a94486b3e452fcf5a416fe831f9a05a28e9e45c74c468dc772926d1d20cdc910_NeikiAnalytics.exe

description	pid	process	target process
PID 2164 wrote to memory of 1104	2164	a94486b3e452fcf5a416fe831f9a05a28e9e45c74c468dc772926d1d20cdc910_NeikiAnalytics.exe	taskhost.exe
PID 2164 wrote to memory of 1180	2164	a94486b3e452fcf5a416fe831f9a05a28e9e45c74c468dc772926d1d20cdc910_NeikiAnalytics.exe	Dwm.exe
PID 2164 wrote to memory of 1216	2164	a94486b3e452fcf5a416fe831f9a05a28e9e45c74c468dc772926d1d20cdc910_NeikiAnalytics.exe	Explorer.EXE
PID 2164 wrote to memory of 2012	2164	a94486b3e452fcf5a416fe831f9a05a28e9e45c74c468dc772926d1d20cdc910_NeikiAnalytics.exe	DllHost.exe
PID 2164 wrote to memory of 1520	2164	a94486b3e452fcf5a416fe831f9a05a28e9e45c74c468dc772926d1d20cdc910_NeikiAnalytics.exe	conhost.exe

System policy modification 1 TTPs 1 IoCs

evasion

Modify Registry

T1112

Processes:

a94486b3e452fcf5a416fe831f9a05a28e9e45c74c468dc772926d1d20cdc910_NeikiAnalytics.exe

description	ioc	process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	a94486b3e452fcf5a416fe831f9a05a28e9e45c74c468dc772926d1d20cdc910_NeikiAnalytics.exe

C:\Windows\system32\taskhost.exe
"taskhost.exe"
1⤵
PID:1104

C:\Windows\system32\Dwm.exe
"C:\Windows\system32\Dwm.exe"
1⤵
PID:1180

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1216

C:\Users\Admin\AppData\Local\Temp\a94486b3e452fcf5a416fe831f9a05a28e9e45c74c468dc772926d1d20cdc910_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\a94486b3e452fcf5a416fe831f9a05a28e9e45c74c468dc772926d1d20cdc910_NeikiAnalytics.exe"
2⤵
- Modifies firewall policy service
- UAC bypass
- Windows security bypass
- Loads dropped DLL
- Windows security modification
- Checks whether UAC is enabled
- Enumerates connected drives
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
- System policy modification
PID:2164

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
1⤵
PID:2012

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1431520409-209045020118018374471627470226821063392529912547-2089430862436925591"
1⤵
PID:1520

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\pdk-Admin\01c625a7a548f546e0d17976c2c03f20\OLE.dll
Filesize
80KB

MD5
01c625a7a548f546e0d17976c2c03f20

SHA1
09b2cb4d7856729e8eaa997157a49f30829b05dd

SHA256
f61850bca65b342b062e14499c84db9e2da899f337f3fd611f1bc95a55d8b04b

SHA512
08a6cebe61e4b15e33a7bb7e3d5e4079e921e159d39447830e642029a313042a3675da323dd31581498a7fa21464a385cda0e4bd042fe2218aa0283bb23f0594

Download Submit
\Users\Admin\AppData\Local\Temp\pdk-Admin\08b2d0f23c26f1819efabe6770bce185\Byte.dll
Filesize
108KB

MD5
08b2d0f23c26f1819efabe6770bce185

SHA1
9bfabd5fa152776da0f8fe6301a397900f6aae13

SHA256
d337b0851d151e769335d6935bdbafc02258c207e83f53e1340af7890be90614

SHA512
a91dc7f6392d6ac6e2c9c98cc19754e84672c2274daacd3eab2c9b1ab5343733ae53dee291abdb885b7636654c00f06e578805fe64770358ba8b11ec11160d50

Download Submit
\Users\Admin\AppData\Local\Temp\pdk-Admin\093e99f506efdfeda3e49656d5cfd64e\API.dll
Filesize
20KB

MD5
093e99f506efdfeda3e49656d5cfd64e

SHA1
85866e5eb3c3121fbd4853ec841e909525d61219

SHA256
7cec0782bb552d46c9aba873b87da56db3caab4a2cde8e509f079d9a59926322

SHA512
e75bab77110dd20e8e4fca70c993c7c5d00d2e422ea32a80adfecd6c9f8d0817da998eeb4481f8f833a42b15a16162ef44d3be1933c5cf14b98388c99dbb8365

Download Submit
\Users\Admin\AppData\Local\Temp\pdk-Admin\0ca8ac2a328a9912f911f262be9f77c4\Unicode.dll
Filesize
24KB

MD5
0ca8ac2a328a9912f911f262be9f77c4

SHA1
b987f083decb908594f092cad7e584fe0b85cadd

SHA256
500c002073656cd21aa64154e459c67a32062f1e141dc771e421b28c9fe110ce

SHA512
58ee1b8495412801f7c3e457d26ad1823631526c9dca0627065d58a98d36db63fd015a1c1fb2200b65040e072089d2642517e9fe3bf28bdb78f1b5cbece67da7

Download Submit
\Users\Admin\AppData\Local\Temp\pdk-Admin\1bcb5a06611a3509fa395d40edf46f91\Event.dll
Filesize
44KB

MD5
1bcb5a06611a3509fa395d40edf46f91

SHA1
01b544b32d85f97d38b85608e2de6c5582194b92

SHA256
4db33245560395d0d7aa6878085be7c77735b7ff7b8e15e373af9f6f2569862e

SHA512
d9cc4fda4c27d2add04c6b8b8de32b521abf0e503ad40aab15da2f4e4fe983ba72881fbe16f62327d59a46d6839676d4396ad05c5ec5de85697aa126933ce78a

Download Submit
\Users\Admin\AppData\Local\Temp\pdk-Admin\1da96e96b00d8a5645b97246f1401074\Scrollbar.dll
Filesize
24KB

MD5
1da96e96b00d8a5645b97246f1401074

SHA1
c7ae20bd6c2e49c077ea4f62bcf763f4aa68d24d

SHA256
180805d758edb27f0387f152b2ae162bdf0f79190893316be39d1bf43a978bb9

SHA512
baacff6e697a610be810afaa7dcdb9a795c78963365d03ad3967151b5751adab9ef970eaa4d8283fc49699dec2a663bdda8516a7221b6bdb25e46ff7e07e662a

Download Submit
\Users\Admin\AppData\Local\Temp\pdk-Admin\339f6190afe1fffb459fd057043a657b\HList.dll
Filesize
44KB

MD5
339f6190afe1fffb459fd057043a657b

SHA1
9ed2cf38a08000f66a7b5d7055e1dc82c9c5c8dc

SHA256
260c1fc9c069c757829d8daf88b0277b8b53727c457220dc7fd9634a757ff321

SHA512
cd77b525c211158a9a84f3f5908cdbab20d416830e4f7da0708f831190715c290c33f7e6d3bd499e8f85d106db574fa5ebfa64e65e5daaab84a7e4c40eaf691b

Download Submit
\Users\Admin\AppData\Local\Temp\pdk-Admin\44126313885eaf8807ec01b9113f6704\perl516.dll
Filesize
1.3MB

MD5
44126313885eaf8807ec01b9113f6704

SHA1
455a82028bda2e7aa623d7dde6686968b496733a

SHA256
79bcccfd032ad92d0d6ad2f4e38f0f038a800e4b04b1302daa6cb2e3cd5222ea

SHA512
1ba74002bc92c0c2893895637289b1b7f281a57b810e3d165d88c0acf91ef85df1b415f00c1e51c8527ebfb6152ccf9e83e07857388d237c804f5694bb5e028a

Download Submit
\Users\Admin\AppData\Local\Temp\pdk-Admin\5a20603c1f9de0d0db115bc6d2c7e3ef\Listbox.dll
Filesize
32KB

MD5
5a20603c1f9de0d0db115bc6d2c7e3ef

SHA1
d644a4832477510a353c97f6b9cfd7f0a10a87a7

SHA256
74bd83f04951fb543618c812b7d1b33f63cce84b52295fb2912e01ac9e1693fc

SHA512
51a3c6f90159267da06f9be85db106e16d4a793edd84378aa6fda12fa68fb61176ddbb3eda1030fc2373f6372190dab40f7e78c6ec83b4f3c5fe79688e110085

Download Submit
\Users\Admin\AppData\Local\Temp\pdk-Admin\6875a065bdba79a9ecfc842d80e53d9b\Tk.dll
Filesize
572KB

MD5
6875a065bdba79a9ecfc842d80e53d9b

SHA1
dea0051134275e96506fe8a62dcda0c310731abc

SHA256
93f3ff02b96e6dbb9137b66e2bfe909f3ada62f07b20bd1bc0bf2ffb5a0e52f7

SHA512
368c1d41ecd33b0d09b9a95355310a69ed1834c61c2c12b1792cb943e30e6d31161661835ae976158a53bad91e8cfb3e64cc34595b2c550938ddb6e53e3456fd

Download Submit
\Users\Admin\AppData\Local\Temp\pdk-Admin\92b17050b4922763b6458ce8b4897998\Text.dll
Filesize
88KB

MD5
92b17050b4922763b6458ce8b4897998

SHA1
a9fe29c8afad98ca78fd4ee7bbdc8f09869d42d0

SHA256
3bc5acdf709b3a824a4d7cd1bcf3dabb2ec68631376045451346591d160d0f22

SHA512
a9b9c3f3e3c33b5db0c1f9442690a21bbbd521621b6bf2693b4e083d87b28f97ba95df81460d75693fb876891891b8c7c41d9333c4febbc427e13ec20b7adde4

Download Submit
\Users\Admin\AppData\Local\Temp\pdk-Admin\a47179aca60dab96afa6872f74273a87\Util.dll
Filesize
24KB

MD5
a47179aca60dab96afa6872f74273a87

SHA1
52c95b72b96e2702409b468e828e639b5ca67b12

SHA256
9ff175f4cd219881d83578c1f4323cca567dc1245c4873bb55e26725587ec70e

SHA512
9b8a8aa884cf98aaee60b2e0bf9cb8d1ca4d4b0973580b4e7a8dc004b6da38a4379811710e0af68723877d2093c6306fa7733bc47db945c26f5bc74e355ab911

Download Submit
\Users\Admin\AppData\Local\Temp\pdk-Admin\a83b2a96b86f51d35c9bfb01f2da3ced\Encode.dll
Filesize
32KB

MD5
a83b2a96b86f51d35c9bfb01f2da3ced

SHA1
15ebab956951d138aaa90f0ee3f592f70070af41

SHA256
9abe849c507756a5a07dec517fac99bb77f529ec678bdd9e446ed8bc15c946a8

SHA512
fb9c32e4a5610b6c82407d27e31c3e7b98c3e0ec3590c9ded381b4609f3f528909eed8ff2078f1f72186e9bc0785ff66fcac1bcf5bf4df860f3fcfb71e08239b

Download Submit
\Users\Admin\AppData\Local\Temp\pdk-Admin\aa7919800012015d4e019f000cafc326\Socket.dll
Filesize
28KB

MD5
aa7919800012015d4e019f000cafc326

SHA1
2defca7373ae7d29b720bebb741fa8e00e81a4a1

SHA256
97c6f2677b293d97c32553c0353faeeac114fec715a834999ca48530752049e8

SHA512
c357a7d45ead6e320588252f9119b65765cd616dc37b1acaf81f3ac07585e80b98a6e3b820590a1e7cd69760adef61e08af53ac9a26598086f59f0496869bd45

Download Submit
\Users\Admin\AppData\Local\Temp\pdk-Admin\b7e8d12d323e566a0f83526ae1f36553\Win32.dll
Filesize
40KB

MD5
b7e8d12d323e566a0f83526ae1f36553

SHA1
3330c841f6b8c6ecbdef5896cf075427d7ba352e

SHA256
168b79aeb8dd8512394335ca5b221ce34e9196ce8b928d261860515f241c10c7

SHA512
6e1776183a4e5b398164b5098a722240d69288a8e473cf8fca3b00e4bd2a428a1ba77e3edc30e4839cc55d7ce728309b44880d6438f91cbdf0e8f87e80768910

Download Submit
\Users\Admin\AppData\Local\Temp\pdk-Admin\d7e05471892e97dba27ceb036fb3f94b\CN.dll
Filesize
712KB

MD5
d7e05471892e97dba27ceb036fb3f94b

SHA1
1fae8736f66ec385e41d74a68bbfd35e6b2070a8

SHA256
d2a54c8a9306a08da8abb102fc6fc17e2d37dee4c45a10dce39ea6ba57c0359e

SHA512
48fe17fa7eac236e014a874a5ae07371a954085547b48d0268d67ac281d0919327a748d2d48f57fd2c743a18d8d5cdb157321cd68234256a7e241e20a496841c

Download Submit
\Users\Admin\AppData\Local\Temp\pdk-Admin\e76828203225d526e5d6ebb13a67e672\Cwd.dll
Filesize
20KB

MD5
e76828203225d526e5d6ebb13a67e672

SHA1
6571d8ebd9979a674d3be8b5ba2872f8ef579855

SHA256
6b957981401148e2e45d89168e625fba61fc7b17eeda2065286f7fb51efe900d

SHA512
4cb6de6af59307d0bd322b60ae18d9ce39bd37b0dc0c4308a66aa5c8bffd138de8a1f30e1b4873c8354ffac043728eca7d818b92df9e86a364ee5955de770ff5

Download Submit
\Users\Admin\AppData\Local\Temp\pdk-Admin\fd9d764dfb48405844de110a932ad3e4\Entry.dll
Filesize
40KB

MD5
fd9d764dfb48405844de110a932ad3e4

SHA1
5b627afb63fca62789019ab5a5d347cc34cd70f2

SHA256
01b8eee999ea0cbb887a42b28717d2dbca9f6cd31b3e3d98e098a2f31cc1a894

SHA512
6176ef2d716f0675a0e8c6114cecf8d2de26124b3f319a70f4a0da3b6ae1e055236dc79727381e83c737245ab8f60c3a7096306b74eb5b779af775c1c8081da6

Download Submit
memory/1104-77-0x0000000001C60000-0x0000000001C62000-memory.dmp

Filesize
8KB

Download
memory/2164-101-0x00000000044A0000-0x000000000552E000-memory.dmp

Filesize
16.6MB

Download
memory/2164-102-0x00000000044A0000-0x000000000552E000-memory.dmp

Filesize
16.6MB

Download
memory/2164-153-0x00000000044A0000-0x000000000552E000-memory.dmp

Filesize
16.6MB

Download
memory/2164-152-0x00000000044A0000-0x000000000552E000-memory.dmp

Filesize
16.6MB

Download
memory/2164-32-0x00000000044A0000-0x000000000552E000-memory.dmp

Filesize
16.6MB

Download
memory/2164-126-0x00000000056E0000-0x00000000056F6000-memory.dmp

Filesize
88KB

Download
memory/2164-151-0x0000000000210000-0x0000000000212000-memory.dmp

Filesize
8KB

Download
memory/2164-100-0x00000000044A0000-0x000000000552E000-memory.dmp

Filesize
16.6MB

Download
memory/2164-111-0x000000000F020000-0x000000000F0B0000-memory.dmp

Filesize
576KB

Download
memory/2164-114-0x0000000000210000-0x0000000000212000-memory.dmp

Filesize
8KB

Download
memory/2164-0-0x0000000000400000-0x0000000000794000-memory.dmp

Filesize
3.6MB

Download
memory/2164-92-0x00000000003B0000-0x00000000003BA000-memory.dmp

Filesize
40KB

Download
memory/2164-57-0x00000000044A0000-0x000000000552E000-memory.dmp

Filesize
16.6MB

Download
memory/2164-86-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2164-85-0x0000000000210000-0x0000000000212000-memory.dmp

Filesize
8KB

Download
memory/2164-149-0x000000000F910000-0x000000000F924000-memory.dmp

Filesize
80KB

Download
memory/2164-109-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2164-99-0x00000000044A0000-0x000000000552E000-memory.dmp

Filesize
16.6MB

Download
memory/2164-62-0x00000000044A0000-0x000000000552E000-memory.dmp

Filesize
16.6MB

Download
memory/2164-131-0x0000000005700000-0x000000000570A000-memory.dmp

Filesize
40KB

Download
memory/2164-136-0x000000000F8F0000-0x000000000F8FB000-memory.dmp

Filesize
44KB

Download
memory/2164-97-0x00000000003D0000-0x00000000003DB000-memory.dmp

Filesize
44KB

Download
memory/2164-154-0x00000000044A0000-0x000000000552E000-memory.dmp

Filesize
16.6MB

Download
memory/2164-11-0x00000000044A0000-0x000000000552E000-memory.dmp

Filesize
16.6MB

Download
memory/2164-3-0x00000000044A0000-0x000000000552E000-memory.dmp

Filesize
16.6MB

Download
memory/2164-164-0x00000000044A0000-0x000000000552E000-memory.dmp

Filesize
16.6MB

Download
memory/2164-163-0x00000000044A0000-0x000000000552E000-memory.dmp

Filesize
16.6MB

Download
memory/2164-220-0x0000000000210000-0x0000000000212000-memory.dmp

Filesize
8KB

Download
memory/2164-233-0x0000000000400000-0x0000000000794000-memory.dmp

Filesize
3.6MB

Download
memory/2164-218-0x00000000044A0000-0x000000000552E000-memory.dmp

Filesize
16.6MB

Download