9746c16df7b6be74da65247ae8e97ca496e1fa1a85b49f641217efa9894b12cb

Analysis

max time kernel
151s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 09:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9746c16df7b6be74da65247ae8e97ca496e1fa1a85b49f641217efa9894b12cb.exe
Size

7.2MB
MD5

f6f67d62dc4d8c38a11e80f444455c75
SHA1

8e7a35240aedf74d1dd705a9c8861b7c35f9802f
SHA256

9746c16df7b6be74da65247ae8e97ca496e1fa1a85b49f641217efa9894b12cb
SHA512

e3e0814a713fc095bc58f69c77b1ff2b02bd927d4df1b5c6fbb5718ec4794c8e6fedfa5435cc14c50dce2b776670724484aa682a27bf0656319e2d18022e6a82
SSDEEP

196608:63F6n80W6uG09+KOvpyUUgd8KVmHxs5XzkBLCW2d1:eFREugJ8K8Hx2zkBwd1

Score

8^/10

discovery persistence upx

Malware Config

Signatures

Executes dropped EXE 2 IoCs

Processes:

irsetup.exeSecure Fast PC.exe

pid process

2504 irsetup.exe
4836 Secure Fast PC.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe	upx
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe	upx
behavioral2/memory/2504-137-0x0000000000400000-0x00000000007CB000-memory.dmp	upx
behavioral2/memory/2504-143-0x0000000000400000-0x00000000007CB000-memory.dmp	upx

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

9746c16df7b6be74da65247ae8e97ca496e1fa1a85b49f641217efa9894b12cb.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	9746c16df7b6be74da65247ae8e97ca496e1fa1a85b49f641217efa9894b12cb.exe

Loads dropped DLL 11 IoCs

Processes:

irsetup.exeSecure Fast PC.exe

pid	process
2504	irsetup.exe
4836	Secure Fast PC.exe
4836	Secure Fast PC.exe
4836	Secure Fast PC.exe
4836	Secure Fast PC.exe
4836	Secure Fast PC.exe
4836	Secure Fast PC.exe
4836	Secure Fast PC.exe
4836	Secure Fast PC.exe
4836	Secure Fast PC.exe
4836	Secure Fast PC.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

msedge.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Windows\CurrentVersion\Run	msedge.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 50 IoCs

Processes:

irsetup.exesetup.exe

description	ioc	process
File opened for modification	C:\Program Files (x86)\Developerts LLC\Secure Fast PC\Uninstall\uninstall.xml	irsetup.exe
File created	C:\Program Files (x86)\Developerts LLC\Secure Fast PC\SFCAutoScan.exe.config	irsetup.exe
File opened for modification	C:\Program Files (x86)\Developerts LLC\Secure Fast PC\System.Data.SQLite.dll	irsetup.exe
File opened for modification	C:\Program Files (x86)\Developerts LLC\Secure Fast PC\System.Data.SQLite.Linq.dll	irsetup.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\40c34757-8dc7-4e00-b2bc-e682c77e5183.tmp	setup.exe
File created	C:\Program Files (x86)\Developerts LLC\Secure Fast PC\TelerikCommon.dll	irsetup.exe
File created	C:\Program Files (x86)\Developerts LLC\Secure Fast PC\EULA.rtf	irsetup.exe
File created	C:\Program Files (x86)\Developerts LLC\Secure Fast PC\Ionic.Zip.dll	irsetup.exe
File opened for modification	C:\Program Files (x86)\Developerts LLC\Secure Fast PC\Secure Fast PC.exe	irsetup.exe
File created	C:\Program Files (x86)\Developerts LLC\Secure Fast PC\SFCAutoScan.exe	irsetup.exe
File created	C:\Program Files (x86)\Developerts LLC\Secure Fast PC\SQLite.Interop.dll	irsetup.exe
File opened for modification	C:\Program Files (x86)\Developerts LLC\Secure Fast PC\Telerik.WinControls.Themes.Windows8.dll	irsetup.exe
File opened for modification	C:\Program Files (x86)\Developerts LLC\Secure Fast PC\Telerik.WinControls.UI.dll	irsetup.exe
File opened for modification	C:\Program Files (x86)\Developerts LLC\Secure Fast PC\SQLite.Interop.dll	irsetup.exe
File created	C:\Program Files (x86)\Developerts LLC\Secure Fast PC\lua5.1.dll	irsetup.exe
File opened for modification	C:\Program Files (x86)\Developerts LLC\Secure Fast PC\Common Tools.dll	irsetup.exe
File created	C:\Program Files (x86)\Developerts LLC\Secure Fast PC\Secure Fast PC.exe.config	irsetup.exe
File opened for modification	C:\Program Files (x86)\Developerts LLC\Secure Fast PC\SFCAutoScan.exe	irsetup.exe
File created	C:\Program Files (x86)\Developerts LLC\Secure Fast PC\SFCUpdater.exe	irsetup.exe
File opened for modification	C:\Program Files (x86)\Developerts LLC\Secure Fast PC\SFCUpdater.exe	irsetup.exe
File opened for modification	C:\Program Files (x86)\Developerts LLC\Secure Fast PC\SFCUpdater.exe.config	irsetup.exe
File opened for modification	C:\Program Files (x86)\Developerts LLC\Secure Fast PC\Telerik.WinControls.Themes.Aqua.dll	irsetup.exe
File created	C:\Program Files (x86)\Developerts LLC\Secure Fast PC\Uninstall\uninstall.dat	irsetup.exe
File created	C:\Program Files (x86)\Developerts LLC\Secure Fast PC\Common Tools.dll	irsetup.exe
File opened for modification	C:\Program Files (x86)\Developerts LLC\Secure Fast PC\SFCAutoScan.exe.config	irsetup.exe
File created	C:\Program Files (x86)\Developerts LLC\Secure Fast PC\System.Data.SQLite.Linq.dll	irsetup.exe
File created	C:\Program Files (x86)\Developerts LLC\Secure Fast PC\Telerik.WinControls.UI.dll	irsetup.exe
File created	C:\Program Files (x86)\Developerts LLC\Secure Fast PC\Uninstall\uni715C.tmp	irsetup.exe
File created	C:\Program Files (x86)\Developerts LLC\Secure Fast PC\uninstall.exe	irsetup.exe
File opened for modification	C:\Program Files (x86)\Developerts LLC\Secure Fast PC\EntityFramework.SqlServer.dll	irsetup.exe
File opened for modification	C:\Program Files (x86)\Developerts LLC\Secure Fast PC\Ionic.Zip.dll	irsetup.exe
File created	C:\Program Files (x86)\Developerts LLC\Secure Fast PC\Secure Fast PC.exe	irsetup.exe
File opened for modification	C:\Program Files (x86)\Developerts LLC\Secure Fast PC\Secure Fast PC.exe.config	irsetup.exe
File created	C:\Program Files (x86)\Developerts LLC\Secure Fast PC\Telerik.WinControls.dll	irsetup.exe
File created	C:\Program Files (x86)\Developerts LLC\Secure Fast PC\Telerik.WinControls.Themes.Windows8.dll	irsetup.exe
File opened for modification	C:\Program Files (x86)\Developerts LLC\Secure Fast PC\TelerikCommon.dll	irsetup.exe
File opened for modification	C:\Program Files (x86)\Developerts LLC\Secure Fast PC\Uninstall\uninstall.dat	irsetup.exe
File created	C:\Program Files (x86)\Developerts LLC\Secure Fast PC\Uninstall\uninstall.xml	irsetup.exe
File opened for modification	C:\Program Files (x86)\Developerts LLC\Secure Fast PC\EntityFramework.dll	irsetup.exe
File opened for modification	C:\Program Files (x86)\Developerts LLC\Secure Fast PC\EULA.rtf	irsetup.exe
File created	C:\Program Files (x86)\Developerts LLC\Secure Fast PC\System.Data.SQLite.dll	irsetup.exe
File created	C:\Program Files (x86)\Developerts LLC\Secure Fast PC\System.Data.SQLite.EF6.dll	irsetup.exe
File created	C:\Program Files (x86)\Developerts LLC\Secure Fast PC\Telerik.WinControls.Themes.Aqua.dll	irsetup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20221123100553.pma	setup.exe
File opened for modification	C:\Program Files (x86)\Developerts LLC\Secure Fast PC\Uninstall\uni715C.tmp	irsetup.exe
File created	C:\Program Files (x86)\Developerts LLC\Secure Fast PC\EntityFramework.dll	irsetup.exe
File created	C:\Program Files (x86)\Developerts LLC\Secure Fast PC\EntityFramework.SqlServer.dll	irsetup.exe
File created	C:\Program Files (x86)\Developerts LLC\Secure Fast PC\SFCUpdater.exe.config	irsetup.exe
File opened for modification	C:\Program Files (x86)\Developerts LLC\Secure Fast PC\System.Data.SQLite.EF6.dll	irsetup.exe
File opened for modification	C:\Program Files (x86)\Developerts LLC\Secure Fast PC\Telerik.WinControls.dll	irsetup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

Processes:

msedge.exe

description ioc process

Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ msedge.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Modifies system certificate store 2 TTPs 5 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

Processes:

Secure Fast PC.exe

description	ioc	process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	Secure Fast PC.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f6200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	Secure Fast PC.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d4304000000010000001000000087ce0b7b2a0e4900e158719b37a893722000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	Secure Fast PC.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 5c00000001000000040000000008000004000000010000001000000087ce0b7b2a0e4900e158719b37a893720300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f6200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	Secure Fast PC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43	Secure Fast PC.exe

Suspicious behavior: EnumeratesProcesses 11 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
4872	msedge.exe
4872	msedge.exe
4336	identity_helper.exe
4336	identity_helper.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

Processes:

msedge.exe

pid process

4872 msedge.exe
4872 msedge.exe
4872 msedge.exe
4872 msedge.exe
4872 msedge.exe
4872 msedge.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

Secure Fast PC.exe

description pid process

Token: SeDebugPrivilege 4836 Secure Fast PC.exe
Suspicious use of FindShellTrayWindow 4 IoCs

Processes:

msedge.exeSecure Fast PC.exe

pid process

4872 msedge.exe
4872 msedge.exe
4872 msedge.exe
4836 Secure Fast PC.exe
Suspicious use of SendNotifyMessage 1 IoCs

Processes:

Secure Fast PC.exe

pid process

4836 Secure Fast PC.exe
Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

irsetup.exeSecure Fast PC.exe

pid process

2504 irsetup.exe
2504 irsetup.exe
2504 irsetup.exe
4836 Secure Fast PC.exe

pid	process
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe

description	pid	process
Token: SeDebugPrivilege	4836	Secure Fast PC.exe

pid	process
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4836	Secure Fast PC.exe

pid	process
4836	Secure Fast PC.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

9746c16df7b6be74da65247ae8e97ca496e1fa1a85b49f641217efa9894b12cb.exeirsetup.exemsedge.exe

description	pid	process	target process
PID 4712 wrote to memory of 2504	4712	9746c16df7b6be74da65247ae8e97ca496e1fa1a85b49f641217efa9894b12cb.exe	irsetup.exe
PID 4712 wrote to memory of 2504	4712	9746c16df7b6be74da65247ae8e97ca496e1fa1a85b49f641217efa9894b12cb.exe	irsetup.exe
PID 4712 wrote to memory of 2504	4712	9746c16df7b6be74da65247ae8e97ca496e1fa1a85b49f641217efa9894b12cb.exe	irsetup.exe
PID 2504 wrote to memory of 4872	2504	irsetup.exe	msedge.exe
PID 2504 wrote to memory of 4872	2504	irsetup.exe	msedge.exe
PID 2504 wrote to memory of 4836	2504	irsetup.exe	Secure Fast PC.exe
PID 2504 wrote to memory of 4836	2504	irsetup.exe	Secure Fast PC.exe
PID 2504 wrote to memory of 4836	2504	irsetup.exe	Secure Fast PC.exe
PID 4872 wrote to memory of 4224	4872	msedge.exe	msedge.exe
PID 4872 wrote to memory of 4224	4872	msedge.exe	msedge.exe
PID 4872 wrote to memory of 448	4872	msedge.exe	msedge.exe
PID 4872 wrote to memory of 448	4872	msedge.exe	msedge.exe
PID 4872 wrote to memory of 448	4872	msedge.exe	msedge.exe
PID 4872 wrote to memory of 448	4872	msedge.exe	msedge.exe
PID 4872 wrote to memory of 448	4872	msedge.exe	msedge.exe
PID 4872 wrote to memory of 448	4872	msedge.exe	msedge.exe
PID 4872 wrote to memory of 448	4872	msedge.exe	msedge.exe
PID 4872 wrote to memory of 448	4872	msedge.exe	msedge.exe
PID 4872 wrote to memory of 448	4872	msedge.exe	msedge.exe
PID 4872 wrote to memory of 448	4872	msedge.exe	msedge.exe
PID 4872 wrote to memory of 448	4872	msedge.exe	msedge.exe
PID 4872 wrote to memory of 448	4872	msedge.exe	msedge.exe
PID 4872 wrote to memory of 448	4872	msedge.exe	msedge.exe
PID 4872 wrote to memory of 448	4872	msedge.exe	msedge.exe
PID 4872 wrote to memory of 448	4872	msedge.exe	msedge.exe
PID 4872 wrote to memory of 448	4872	msedge.exe	msedge.exe
PID 4872 wrote to memory of 448	4872	msedge.exe	msedge.exe
PID 4872 wrote to memory of 448	4872	msedge.exe	msedge.exe
PID 4872 wrote to memory of 448	4872	msedge.exe	msedge.exe
PID 4872 wrote to memory of 448	4872	msedge.exe	msedge.exe
PID 4872 wrote to memory of 448	4872	msedge.exe	msedge.exe
PID 4872 wrote to memory of 448	4872	msedge.exe	msedge.exe
PID 4872 wrote to memory of 448	4872	msedge.exe	msedge.exe
PID 4872 wrote to memory of 448	4872	msedge.exe	msedge.exe
PID 4872 wrote to memory of 448	4872	msedge.exe	msedge.exe
PID 4872 wrote to memory of 448	4872	msedge.exe	msedge.exe
PID 4872 wrote to memory of 448	4872	msedge.exe	msedge.exe
PID 4872 wrote to memory of 448	4872	msedge.exe	msedge.exe
PID 4872 wrote to memory of 448	4872	msedge.exe	msedge.exe
PID 4872 wrote to memory of 448	4872	msedge.exe	msedge.exe
PID 4872 wrote to memory of 448	4872	msedge.exe	msedge.exe
PID 4872 wrote to memory of 448	4872	msedge.exe	msedge.exe
PID 4872 wrote to memory of 448	4872	msedge.exe	msedge.exe
PID 4872 wrote to memory of 448	4872	msedge.exe	msedge.exe
PID 4872 wrote to memory of 448	4872	msedge.exe	msedge.exe
PID 4872 wrote to memory of 448	4872	msedge.exe	msedge.exe
PID 4872 wrote to memory of 448	4872	msedge.exe	msedge.exe
PID 4872 wrote to memory of 448	4872	msedge.exe	msedge.exe
PID 4872 wrote to memory of 448	4872	msedge.exe	msedge.exe
PID 4872 wrote to memory of 448	4872	msedge.exe	msedge.exe
PID 4872 wrote to memory of 3944	4872	msedge.exe	msedge.exe
PID 4872 wrote to memory of 3944	4872	msedge.exe	msedge.exe
PID 4872 wrote to memory of 4788	4872	msedge.exe	msedge.exe
PID 4872 wrote to memory of 4788	4872	msedge.exe	msedge.exe
PID 4872 wrote to memory of 4788	4872	msedge.exe	msedge.exe
PID 4872 wrote to memory of 4788	4872	msedge.exe	msedge.exe
PID 4872 wrote to memory of 4788	4872	msedge.exe	msedge.exe
PID 4872 wrote to memory of 4788	4872	msedge.exe	msedge.exe
PID 4872 wrote to memory of 4788	4872	msedge.exe	msedge.exe
PID 4872 wrote to memory of 4788	4872	msedge.exe	msedge.exe
PID 4872 wrote to memory of 4788	4872	msedge.exe	msedge.exe
PID 4872 wrote to memory of 4788	4872	msedge.exe	msedge.exe
PID 4872 wrote to memory of 4788	4872	msedge.exe	msedge.exe
PID 4872 wrote to memory of 4788	4872	msedge.exe	msedge.exe

C:\Users\Admin\AppData\Local\Temp\9746c16df7b6be74da65247ae8e97ca496e1fa1a85b49f641217efa9894b12cb.exe
"C:\Users\Admin\AppData\Local\Temp\9746c16df7b6be74da65247ae8e97ca496e1fa1a85b49f641217efa9894b12cb.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:4712

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
"C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1742194 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\9746c16df7b6be74da65247ae8e97ca496e1fa1a85b49f641217efa9894b12cb.exe" "__IRCT:0" "__IRTSS:0" "__IRSID:S-1-5-21-2629973501-4017243118-3254762364-1000"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2504

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.developerts.com/ThankYou.aspx?ADV=5
3⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:4872

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x114,0x118,0x11c,0xf4,0x120,0x7ff8851b46f8,0x7ff8851b4708,0x7ff8851b4718
4⤵
PID:4224

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,7967881641590223878,2415197573228190330,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
4⤵
PID:448

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,7967881641590223878,2415197573228190330,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
4⤵
- Suspicious behavior: EnumeratesProcesses
PID:3944

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,7967881641590223878,2415197573228190330,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8
4⤵
PID:4788

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7967881641590223878,2415197573228190330,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3612 /prefetch:1
4⤵
PID:1160

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7967881641590223878,2415197573228190330,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3632 /prefetch:1
4⤵
PID:1788

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2112,7967881641590223878,2415197573228190330,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4504 /prefetch:8
4⤵
PID:4448

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7967881641590223878,2415197573228190330,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
4⤵
PID:4920

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7967881641590223878,2415197573228190330,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
4⤵
PID:4612

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2112,7967881641590223878,2415197573228190330,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5776 /prefetch:8
4⤵
PID:4940

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7967881641590223878,2415197573228190330,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2064 /prefetch:1
4⤵
PID:3064

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7967881641590223878,2415197573228190330,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1
4⤵
PID:1388

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,7967881641590223878,2415197573228190330,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6368 /prefetch:8
4⤵
PID:4892

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
4⤵
- Drops file in Program Files directory
PID:1544

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x298,0x29c,0x2a0,0x274,0x2a4,0x7ff6710f5460,0x7ff6710f5470,0x7ff6710f5480
5⤵
PID:4480

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,7967881641590223878,2415197573228190330,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6368 /prefetch:8
4⤵
- Suspicious behavior: EnumeratesProcesses
PID:4336

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2112,7967881641590223878,2415197573228190330,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3600 /prefetch:8
4⤵
PID:620

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,7967881641590223878,2415197573228190330,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4704 /prefetch:2
4⤵
- Suspicious behavior: EnumeratesProcesses
PID:4600

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2112,7967881641590223878,2415197573228190330,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5312 /prefetch:8
4⤵
PID:4396

C:\Program Files (x86)\Developerts LLC\Secure Fast PC\Secure Fast PC.exe
"C:\Program Files (x86)\Developerts LLC\Secure Fast PC\Secure Fast PC.exe"
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies system certificate store
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:4836

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4420

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Developerts LLC\Secure Fast PC\Common Tools.dll

Filesize
361KB

MD5
b9f1a6a7e3592ace4cfac8569f169427

SHA1
30b68067c79b69db805efc4c4af4d7e0e7a65c5b

SHA256
ef38e4491652a733c9e6e184c72b2b67874b0f0db3e44685f30b81e75bd6f30b

SHA512
a3df9eaf9a2da3dd94f49cb6aebf51c23eee72cd401721d15e3741f2ee7976ae737b390965815ac5bb9f482b7bbc9ecc5781d2e503dabffeaaf9ac0d7da7695c

Download Submit
C:\Program Files (x86)\Developerts LLC\Secure Fast PC\Common Tools.dll

Filesize
361KB

MD5
b9f1a6a7e3592ace4cfac8569f169427

SHA1
30b68067c79b69db805efc4c4af4d7e0e7a65c5b

SHA256
ef38e4491652a733c9e6e184c72b2b67874b0f0db3e44685f30b81e75bd6f30b

SHA512
a3df9eaf9a2da3dd94f49cb6aebf51c23eee72cd401721d15e3741f2ee7976ae737b390965815ac5bb9f482b7bbc9ecc5781d2e503dabffeaaf9ac0d7da7695c

Download Submit
C:\Program Files (x86)\Developerts LLC\Secure Fast PC\Common Tools.dll

Filesize
361KB

MD5
b9f1a6a7e3592ace4cfac8569f169427

SHA1
30b68067c79b69db805efc4c4af4d7e0e7a65c5b

SHA256
ef38e4491652a733c9e6e184c72b2b67874b0f0db3e44685f30b81e75bd6f30b

SHA512
a3df9eaf9a2da3dd94f49cb6aebf51c23eee72cd401721d15e3741f2ee7976ae737b390965815ac5bb9f482b7bbc9ecc5781d2e503dabffeaaf9ac0d7da7695c

Download Submit
C:\Program Files (x86)\Developerts LLC\Secure Fast PC\Secure Fast PC.exe

Filesize
729KB

MD5
7218cc6f8a65c82764883ddc4ad695ea

SHA1
3b4d54521371a5f511d78911f63aafe9d11942f7

SHA256
054532151e0c65f450d4a12369e4ce26ddb1e1cd8705f8ce49a8ff6362f767f6

SHA512
389a7113e2a7017be155520a9afcc5375a3a6d0622a8e3931d4ed4bfdbb261e72f2d1098ab8836dd60c6597b1024b454c99395e76200d0657e567b200c1417ba

Download Submit
C:\Program Files (x86)\Developerts LLC\Secure Fast PC\Secure Fast PC.exe

Filesize
729KB

MD5
7218cc6f8a65c82764883ddc4ad695ea

SHA1
3b4d54521371a5f511d78911f63aafe9d11942f7

SHA256
054532151e0c65f450d4a12369e4ce26ddb1e1cd8705f8ce49a8ff6362f767f6

SHA512
389a7113e2a7017be155520a9afcc5375a3a6d0622a8e3931d4ed4bfdbb261e72f2d1098ab8836dd60c6597b1024b454c99395e76200d0657e567b200c1417ba

Download Submit
C:\Program Files (x86)\Developerts LLC\Secure Fast PC\Secure Fast PC.exe.config

Filesize
11KB

MD5
381889268c3a15e9b781217710aea797

SHA1
0671dcb2cdb043ff34ae7c8517d129bd9e95c359

SHA256
f0d52c6f8aa7dcbafd1c3159c6eb77f74a3dc6cf9c79ffc8213d69a3a198127f

SHA512
3352631a491e8cac0edb5ec3e7abad38e913d72c1e2370098537ae68de6a85e9e7ff7ce75d83dffbc7d3d17f0f207b0ec00fc87ead7341555d64f95e17a0052d

Download Submit
C:\Program Files (x86)\Developerts LLC\Secure Fast PC\Telerik.WinControls.Themes.Aqua.dll

Filesize
256KB

MD5
cb2a70a96d1a5169ce0da120ac1678be

SHA1
03813ab2b451ffaaac1da32cab0b8fb6049cc566

SHA256
d0174ad55f9d4a46fd24bbf8289806bedc2f05f2b28aea798e9bf5fd20313807

SHA512
01fe48912ba79116aa2a698603176f4fb4158f7626677b315cc9f606dd879d69977b734b81f69a788fcbf9464cce038e690a6925c1335bcf852c71620d5a4ecb

Download Submit
C:\Program Files (x86)\Developerts LLC\Secure Fast PC\Telerik.WinControls.Themes.Aqua.dll

Filesize
256KB

MD5
cb2a70a96d1a5169ce0da120ac1678be

SHA1
03813ab2b451ffaaac1da32cab0b8fb6049cc566

SHA256
d0174ad55f9d4a46fd24bbf8289806bedc2f05f2b28aea798e9bf5fd20313807

SHA512
01fe48912ba79116aa2a698603176f4fb4158f7626677b315cc9f606dd879d69977b734b81f69a788fcbf9464cce038e690a6925c1335bcf852c71620d5a4ecb

Download Submit
C:\Program Files (x86)\Developerts LLC\Secure Fast PC\Telerik.WinControls.Themes.Aqua.dll

Filesize
256KB

MD5
cb2a70a96d1a5169ce0da120ac1678be

SHA1
03813ab2b451ffaaac1da32cab0b8fb6049cc566

SHA256
d0174ad55f9d4a46fd24bbf8289806bedc2f05f2b28aea798e9bf5fd20313807

SHA512
01fe48912ba79116aa2a698603176f4fb4158f7626677b315cc9f606dd879d69977b734b81f69a788fcbf9464cce038e690a6925c1335bcf852c71620d5a4ecb

Download Submit
C:\Program Files (x86)\Developerts LLC\Secure Fast PC\Telerik.WinControls.UI.dll

Filesize
3.8MB

MD5
092cff53504132e4e8ce5556e223478c

SHA1
bc5b666ee5ca7059d17d91f937a94fb34dafa3c9

SHA256
7acbb46dea04fa30cb81bf50e3d79c8d505bb0e382371e1cd26e82ce8f00d480

SHA512
7f5bd19bf40145000f4bb0cce73e644b6a6d678c641a357995e60fb22c3b870f1c3e876c505314b13793d6ce73e97ede9ea240dd5243c73fb0992460fc43c4fb

Download Submit
C:\Program Files (x86)\Developerts LLC\Secure Fast PC\Telerik.WinControls.UI.dll

Filesize
3.8MB

MD5
092cff53504132e4e8ce5556e223478c

SHA1
bc5b666ee5ca7059d17d91f937a94fb34dafa3c9

SHA256
7acbb46dea04fa30cb81bf50e3d79c8d505bb0e382371e1cd26e82ce8f00d480

SHA512
7f5bd19bf40145000f4bb0cce73e644b6a6d678c641a357995e60fb22c3b870f1c3e876c505314b13793d6ce73e97ede9ea240dd5243c73fb0992460fc43c4fb

Download Submit
C:\Program Files (x86)\Developerts LLC\Secure Fast PC\Telerik.WinControls.UI.dll

Filesize
3.8MB

MD5
092cff53504132e4e8ce5556e223478c

SHA1
bc5b666ee5ca7059d17d91f937a94fb34dafa3c9

SHA256
7acbb46dea04fa30cb81bf50e3d79c8d505bb0e382371e1cd26e82ce8f00d480

SHA512
7f5bd19bf40145000f4bb0cce73e644b6a6d678c641a357995e60fb22c3b870f1c3e876c505314b13793d6ce73e97ede9ea240dd5243c73fb0992460fc43c4fb

Download Submit
C:\Program Files (x86)\Developerts LLC\Secure Fast PC\Telerik.WinControls.dll

Filesize
2.1MB

MD5
364c96e78fa520745223bf6d0dbbdd65

SHA1
ae333f358bc31caa54759cd0d38a48eeb068599c

SHA256
7aec4d5b2089fed53c1b9fd5bdbdc0e1c7df1239606f0f9dfdcd49966947af9d

SHA512
ed9cfbea54ed44e89ecc6c77235b9a98341cf45eb75af784bd8b3ebcb41db9fc17300f2773a6e7c7a1c9e2c1b042a84425f720ab1c4413e5102f5e6d4cca380b

Download Submit
C:\Program Files (x86)\Developerts LLC\Secure Fast PC\Telerik.WinControls.dll

Filesize
2.1MB

MD5
364c96e78fa520745223bf6d0dbbdd65

SHA1
ae333f358bc31caa54759cd0d38a48eeb068599c

SHA256
7aec4d5b2089fed53c1b9fd5bdbdc0e1c7df1239606f0f9dfdcd49966947af9d

SHA512
ed9cfbea54ed44e89ecc6c77235b9a98341cf45eb75af784bd8b3ebcb41db9fc17300f2773a6e7c7a1c9e2c1b042a84425f720ab1c4413e5102f5e6d4cca380b

Download Submit
C:\Program Files (x86)\Developerts LLC\Secure Fast PC\Telerik.WinControls.dll

Filesize
2.1MB

MD5
364c96e78fa520745223bf6d0dbbdd65

SHA1
ae333f358bc31caa54759cd0d38a48eeb068599c

SHA256
7aec4d5b2089fed53c1b9fd5bdbdc0e1c7df1239606f0f9dfdcd49966947af9d

SHA512
ed9cfbea54ed44e89ecc6c77235b9a98341cf45eb75af784bd8b3ebcb41db9fc17300f2773a6e7c7a1c9e2c1b042a84425f720ab1c4413e5102f5e6d4cca380b

Download Submit
C:\Program Files (x86)\Developerts LLC\Secure Fast PC\TelerikCommon.dll

Filesize
573KB

MD5
fb5bad50e8660cd38262cb32e7e99a24

SHA1
fb8ab3fb38652ac1b507a09a904e9a147b2b70ef

SHA256
f13e30542ad51c7fce136e0384c82c9453aaed7644aceecdb07d63bb08f7ec46

SHA512
4ecd705c178e75016df91bdea85595252b02f8c2e60dddb0255eca150eea606a93307b596d9c4a02fd09c166ad1af5f5f620c77d240c3872c06cc4e0157dc2eb

Download Submit
C:\Program Files (x86)\Developerts LLC\Secure Fast PC\TelerikCommon.dll

Filesize
573KB

MD5
fb5bad50e8660cd38262cb32e7e99a24

SHA1
fb8ab3fb38652ac1b507a09a904e9a147b2b70ef

SHA256
f13e30542ad51c7fce136e0384c82c9453aaed7644aceecdb07d63bb08f7ec46

SHA512
4ecd705c178e75016df91bdea85595252b02f8c2e60dddb0255eca150eea606a93307b596d9c4a02fd09c166ad1af5f5f620c77d240c3872c06cc4e0157dc2eb

Download Submit
C:\Program Files (x86)\Developerts LLC\Secure Fast PC\TelerikCommon.dll

Filesize
573KB

MD5
fb5bad50e8660cd38262cb32e7e99a24

SHA1
fb8ab3fb38652ac1b507a09a904e9a147b2b70ef

SHA256
f13e30542ad51c7fce136e0384c82c9453aaed7644aceecdb07d63bb08f7ec46

SHA512
4ecd705c178e75016df91bdea85595252b02f8c2e60dddb0255eca150eea606a93307b596d9c4a02fd09c166ad1af5f5f620c77d240c3872c06cc4e0157dc2eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

Filesize
1.3MB

MD5
dec931e86140139380ea0df57cd132b6

SHA1
b717fd548382064189c16cb94dda28b1967a5712

SHA256
5ffd4b20dccfb84c8890abdb780184a7651e760aefba4ab0c6fba5b2a81f97d9

SHA512
14d594e88c4a1f0ec8bc1b4fe2d66e26358f907b1106c047ada35d500ca9e608f1ce5a57599453cf10f11f4d9f1948ced9056ce8bd944b16eca7e9b83e8b27af

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

Filesize
1.3MB

MD5
dec931e86140139380ea0df57cd132b6

SHA1
b717fd548382064189c16cb94dda28b1967a5712

SHA256
5ffd4b20dccfb84c8890abdb780184a7651e760aefba4ab0c6fba5b2a81f97d9

SHA512
14d594e88c4a1f0ec8bc1b4fe2d66e26358f907b1106c047ada35d500ca9e608f1ce5a57599453cf10f11f4d9f1948ced9056ce8bd944b16eca7e9b83e8b27af

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll

Filesize
318KB

MD5
b5fc476c1bf08d5161346cc7dd4cb0ba

SHA1
280fac9cf711d93c95f6b80ac97d89cf5853c096

SHA256
12cb9b8f59c00ef40ea8f28bfc59a29f12dc28332bf44b1a5d8d6a8823365650

SHA512
17fa97f399287b941e958d2d42fe6adb62700b01d9dbe0c824604e8e06d903b330f9d7d8ffb109bfb7f6742f46e7e9cedad6981f0d94d629b8402d0a0174f697

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll

Filesize
318KB

MD5
b5fc476c1bf08d5161346cc7dd4cb0ba

SHA1
280fac9cf711d93c95f6b80ac97d89cf5853c096

SHA256
12cb9b8f59c00ef40ea8f28bfc59a29f12dc28332bf44b1a5d8d6a8823365650

SHA512
17fa97f399287b941e958d2d42fe6adb62700b01d9dbe0c824604e8e06d903b330f9d7d8ffb109bfb7f6742f46e7e9cedad6981f0d94d629b8402d0a0174f697

Download Submit
\??\pipe\LOCAL\crashpad_4872_UPTJEFZCAWOELAGJ

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/448-161-0x0000000000000000-mapping.dmp

Download
memory/620-196-0x0000000000000000-mapping.dmp

Download
memory/1160-172-0x0000000000000000-mapping.dmp

Download
memory/1388-191-0x0000000000000000-mapping.dmp

Download
memory/1544-192-0x0000000000000000-mapping.dmp

Download
memory/1788-174-0x0000000000000000-mapping.dmp

Download
memory/2504-143-0x0000000000400000-0x00000000007CB000-memory.dmp

Filesize
3.8MB

Download
memory/2504-132-0x0000000000000000-mapping.dmp

Download
memory/2504-137-0x0000000000400000-0x00000000007CB000-memory.dmp

Filesize
3.8MB

Download
memory/3064-189-0x0000000000000000-mapping.dmp

Download
memory/3944-162-0x0000000000000000-mapping.dmp

Download
memory/4224-144-0x0000000000000000-mapping.dmp

Download
memory/4336-194-0x0000000000000000-mapping.dmp

Download
memory/4396-199-0x0000000000000000-mapping.dmp

Download
memory/4448-176-0x0000000000000000-mapping.dmp

Download
memory/4480-193-0x0000000000000000-mapping.dmp

Download
memory/4600-197-0x0000000000000000-mapping.dmp

Download
memory/4612-185-0x0000000000000000-mapping.dmp

Download
memory/4788-165-0x0000000000000000-mapping.dmp

Download
memory/4836-150-0x00000000057D0000-0x0000000005D74000-memory.dmp

Filesize
5.6MB

Download
memory/4836-159-0x0000000005580000-0x0000000005794000-memory.dmp

Filesize
2.1MB

Download
memory/4836-166-0x00000000063B0000-0x00000000063BA000-memory.dmp

Filesize
40KB

Download
memory/4836-183-0x00000000097C0000-0x00000000097FC000-memory.dmp

Filesize
240KB

Download
memory/4836-155-0x00000000052C0000-0x0000000005352000-memory.dmp

Filesize
584KB

Download
memory/4836-154-0x0000000005D80000-0x000000000614C000-memory.dmp

Filesize
3.8MB

Download
memory/4836-145-0x00000000004C0000-0x000000000057A000-memory.dmp

Filesize
744KB

Download
memory/4836-149-0x0000000002970000-0x00000000029D0000-memory.dmp

Filesize
384KB

Download
memory/4836-139-0x0000000000000000-mapping.dmp

Download
memory/4836-180-0x00000000086B0000-0x00000000086F6000-memory.dmp

Filesize
280KB

Download
memory/4836-170-0x0000000006A90000-0x0000000006B26000-memory.dmp

Filesize
600KB

Download
memory/4872-138-0x0000000000000000-mapping.dmp

Download
memory/4920-182-0x0000000000000000-mapping.dmp

Download
memory/4940-187-0x0000000000000000-mapping.dmp

Download