08c360b7951aa8d195297d2d0d80872d12ace1f9788ecdc36a89d00ee64c6617

Analysis

max time kernel
109s
max time network
116s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
28-12-2022 15:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

DixMax Setup 1.0.13_x64.exe
Size

48.5MB
MD5

0cbb9628d1db4ff49d8503d3664689d8
SHA1

acbe2c54f84edf57f92bf007e1f05234e3d6aed9
SHA256

08c360b7951aa8d195297d2d0d80872d12ace1f9788ecdc36a89d00ee64c6617
SHA512

4d8b9f7eecaf1f0e2738dafc7d5a5ecf26bdf80c5736951938bec9bb83f94a70af9c9fe9dfeff397bc78629ee5fe7b09d72e39f1dce2bcbb6d5335a075595a05
SSDEEP

1572864:0ySustSxHEDwwaNAZOnk3x7vOfGOH4zhsTC:0ySZtmkgNdnk3x7Gfx4O+

Score

8^/10

discovery

Malware Config

Signatures

Executes dropped EXE 4 IoCs

pid	Process
1724	DixMax.exe
1572	DixMax.exe
1532	DixMax.exe
288	DixMax.exe

Loads dropped DLL 26 IoCs

pid	Process
1640	DixMax Setup 1.0.13_x64.exe
1640	DixMax Setup 1.0.13_x64.exe
1640	DixMax Setup 1.0.13_x64.exe
1640	DixMax Setup 1.0.13_x64.exe
1640	DixMax Setup 1.0.13_x64.exe
1640	DixMax Setup 1.0.13_x64.exe
1640	DixMax Setup 1.0.13_x64.exe
1640	DixMax Setup 1.0.13_x64.exe
1640	DixMax Setup 1.0.13_x64.exe
1640	DixMax Setup 1.0.13_x64.exe
1640	DixMax Setup 1.0.13_x64.exe
1284	Process not Found
1284	Process not Found
1284	Process not Found
1284	Process not Found
1724	DixMax.exe
1572	DixMax.exe
1572	DixMax.exe
1572	DixMax.exe
1572	DixMax.exe
1284	Process not Found
1532	DixMax.exe
288	DixMax.exe
288	DixMax.exe
288	DixMax.exe
288	DixMax.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies system certificate store 2 TTPs 8 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	DixMax.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474	DixMax.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 0f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f0b0000000100000034000000420061006c00740069006d006f007200650020004300790062006500720054007200750073007400200052006f006f007400000053000000010000002400000030223020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c09000000010000000c000000300a06082b06010505070301030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	DixMax.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 19000000010000001000000068cb42b035ea773e52ef50ecf50ec529030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47409000000010000000c000000300a06082b060105050703011d0000000100000010000000918ad43a9475f78bb5243de886d8103c140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df053000000010000002400000030223020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c00b0000000100000034000000420061006c00740069006d006f007200650020004300790062006500720054007200750073007400200052006f006f00740000000f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f20000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	DixMax.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 040000000100000010000000acb694a59c17e0d791529bb19706a6e40f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f0b0000000100000034000000420061006c00740069006d006f007200650020004300790062006500720054007200750073007400200052006f006f007400000053000000010000002400000030223020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c09000000010000000c000000300a06082b06010505070301030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47419000000010000001000000068cb42b035ea773e52ef50ecf50ec52920000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	DixMax.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	DixMax.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	DixMax.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13	DixMax.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
1640	DixMax Setup 1.0.13_x64.exe
1640	DixMax Setup 1.0.13_x64.exe
1640	DixMax Setup 1.0.13_x64.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeSecurityPrivilege	1640	DixMax Setup 1.0.13_x64.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 1724 wrote to memory of 1572	1724	DixMax.exe	30
PID 1724 wrote to memory of 1572	1724	DixMax.exe	30
PID 1724 wrote to memory of 1572	1724	DixMax.exe	30
PID 1724 wrote to memory of 1532	1724	DixMax.exe	31
PID 1724 wrote to memory of 1532	1724	DixMax.exe	31
PID 1724 wrote to memory of 1532	1724	DixMax.exe	31
PID 1724 wrote to memory of 288	1724	DixMax.exe	32
PID 1724 wrote to memory of 288	1724	DixMax.exe	32
PID 1724 wrote to memory of 288	1724	DixMax.exe	32

C:\Users\Admin\AppData\Local\Temp\DixMax Setup 1.0.13_x64.exe
"C:\Users\Admin\AppData\Local\Temp\DixMax Setup 1.0.13_x64.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1640

C:\Users\Admin\AppData\Local\Programs\DixMax\DixMax.exe
"C:\Users\Admin\AppData\Local\Programs\DixMax\DixMax.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies system certificate store
- Suspicious use of WriteProcessMemory
PID:1724
- C:\Users\Admin\AppData\Local\Programs\DixMax\DixMax.exe
  "C:\Users\Admin\AppData\Local\Programs\DixMax\DixMax.exe" --type=gpu-process --enable-features=SharedArrayBuffer --no-sandbox --gpu-preferences=KAAAAAAAAACAAwBAAQAAAAAAAAAAAGAAAAAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --service-request-channel-token=3396077739082762143 --mojo-platform-channel-handle=940 /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1572
- C:\Users\Admin\AppData\Local\Programs\DixMax\DixMax.exe
  "C:\Users\Admin\AppData\Local\Programs\DixMax\DixMax.exe" --type=renderer --no-sandbox --enable-features=SharedArrayBuffer --disable-gpu-compositing --service-pipe-token=16649690063040669421 --lang=en-US --app-path="C:\Users\Admin\AppData\Local\Programs\DixMax\resources\app.asar" --user-agent="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) DixMax/1.0.13 Chrome/69.0.3497.128 Electron/4.2.12 Safari/537.36" --node-integration=true --webview-tag=true --no-sandbox --background-color=#000 --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=16649690063040669421 --renderer-client-id=4 --mojo-platform-channel-handle=1956 /prefetch:1
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1532
- C:\Users\Admin\AppData\Local\Programs\DixMax\DixMax.exe
  "C:\Users\Admin\AppData\Local\Programs\DixMax\DixMax.exe" --type=gpu-process --enable-features=SharedArrayBuffer --disable-gpu-sandbox --no-sandbox --gpu-preferences=KAAAAAAAAACAAwBAAQAAAAAAAAAAAGAAAAAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --service-request-channel-token=14615696691408818825 --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:288

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Programs\DixMax\D3DCompiler_47.dll

Filesize
4.1MB

MD5
222d020bd33c90170a8296adc1b7036a

SHA1
612e6f443d927330b9b8ac13cc4a2a6b959cee48

SHA256
4432bbd1a390874f3f0a503d45cc48d346abc3a8c0213c289f4b615bf0ee84f3

SHA512
ad8c7ce7f6f353da5e2cf816e1a69f1ec14011612e8041e4f9bb6ebed3e0fa4e4ebc069155a0c66e23811467012c201893b9b3b7a947d089ce2c749d5e8910c6

Download Submit
C:\Users\Admin\AppData\Local\Programs\DixMax\DixMax.exe

Filesize
87.9MB

MD5
608adf902b35f015c100f4cd86d5699e

SHA1
b883bee29fb5c1597636ee540f21f16fef02b7aa

SHA256
adfffd984b7805c16b03e183d0d4954016c906df69ce957c153a12eabd1eccf6

SHA512
7264c26f0c035420db9b3d6a74ffcdf3ae9e1ebe6cb259bbd372b838d02089c3c3fee8b09acd483ce3ea6864501394ffbc9d95c71aba6b121e12ca0dc55d93bc

Download Submit
C:\Users\Admin\AppData\Local\Programs\DixMax\DixMax.exe

Filesize
87.9MB

MD5
608adf902b35f015c100f4cd86d5699e

SHA1
b883bee29fb5c1597636ee540f21f16fef02b7aa

SHA256
adfffd984b7805c16b03e183d0d4954016c906df69ce957c153a12eabd1eccf6

SHA512
7264c26f0c035420db9b3d6a74ffcdf3ae9e1ebe6cb259bbd372b838d02089c3c3fee8b09acd483ce3ea6864501394ffbc9d95c71aba6b121e12ca0dc55d93bc

Download Submit
C:\Users\Admin\AppData\Local\Programs\DixMax\DixMax.exe

Filesize
87.9MB

MD5
608adf902b35f015c100f4cd86d5699e

SHA1
b883bee29fb5c1597636ee540f21f16fef02b7aa

SHA256
adfffd984b7805c16b03e183d0d4954016c906df69ce957c153a12eabd1eccf6

SHA512
7264c26f0c035420db9b3d6a74ffcdf3ae9e1ebe6cb259bbd372b838d02089c3c3fee8b09acd483ce3ea6864501394ffbc9d95c71aba6b121e12ca0dc55d93bc

Download Submit
C:\Users\Admin\AppData\Local\Programs\DixMax\DixMax.exe

Filesize
87.9MB

MD5
608adf902b35f015c100f4cd86d5699e

SHA1
b883bee29fb5c1597636ee540f21f16fef02b7aa

SHA256
adfffd984b7805c16b03e183d0d4954016c906df69ce957c153a12eabd1eccf6

SHA512
7264c26f0c035420db9b3d6a74ffcdf3ae9e1ebe6cb259bbd372b838d02089c3c3fee8b09acd483ce3ea6864501394ffbc9d95c71aba6b121e12ca0dc55d93bc

Download Submit
C:\Users\Admin\AppData\Local\Programs\DixMax\DixMax.exe

Filesize
87.9MB

MD5
608adf902b35f015c100f4cd86d5699e

SHA1
b883bee29fb5c1597636ee540f21f16fef02b7aa

SHA256
adfffd984b7805c16b03e183d0d4954016c906df69ce957c153a12eabd1eccf6

SHA512
7264c26f0c035420db9b3d6a74ffcdf3ae9e1ebe6cb259bbd372b838d02089c3c3fee8b09acd483ce3ea6864501394ffbc9d95c71aba6b121e12ca0dc55d93bc

Download Submit
C:\Users\Admin\AppData\Local\Programs\DixMax\chrome_100_percent.pak

Filesize
163KB

MD5
6b0554d58e8c0cdbf0bb88ee032fdc4b

SHA1
0985707237768abbf89acb3d362c7e62f9ef80bb

SHA256
ebc1a06972979c372fda5711d505a3b5041e6ee448d80de84f9eda84d37e4a86

SHA512
c01af1a038030f0141988cc4c0e6676c50934e705f13046dc57b00b4814abb37c88d623aa1c64ae0740be191bf261e6ce3c1a05100037a9c33eb877b0b8b95ad

Download Submit
C:\Users\Admin\AppData\Local\Programs\DixMax\chrome_200_percent.pak

Filesize
243KB

MD5
8ab92f2b5d78419af2e4e66d4391dfd2

SHA1
220e001d9fac6f01217b6f6d9b167aa5d9654620

SHA256
b2d93b68f9b8e3b6ccfa4d0225af4d6e55e2a47ace53e4e64d105ce7183a04d6

SHA512
afdb8d9345720ac7bcecb376ce21bc07ebed978e8b8c451762b50b1108127b1dbb04a1010cd746cc06084339b2e0dcc38dde16192ae26faa1d5030b87fee729c

Download Submit
C:\Users\Admin\AppData\Local\Programs\DixMax\ffmpeg.dll

Filesize
2.0MB

MD5
acc463c075a20634167ec586582c2396

SHA1
ac64529de3c53f28235dfafd6d70016cdfb5b588

SHA256
f3fcf4a870e9fd69fce237684fc7a927b5bdb0e492bd433b0ad47c455401865c

SHA512
a930151a2d36bd5ee211bb47481c46c1dd0a4ce315368bd5fdd62aa1baf66e5c7b945613f4010e1888ec150294eee8dfba2c3e22dda12a601d0e0ee184bcf1ec

Download Submit
C:\Users\Admin\AppData\Local\Programs\DixMax\icudtl.dat

Filesize
9.7MB

MD5
197d5ce41d85a28c649011ffbf4a9cdf

SHA1
1a54a54202df0e5647223956229817be03a34e8e

SHA256
74a7799772f24d858d06661d89f35cf556f4fc4c48c30dc307faef369874b4cd

SHA512
edc634f157895e6831a9dd2f9613b498dd27cd8e4db2761d7043f12a4897e8d3d0b6a750d991096ac0d5468ce972866af526fad91beab6f302b5dd889484e8f6

Download Submit
C:\Users\Admin\AppData\Local\Programs\DixMax\locales\en-US.pak

Filesize
58KB

MD5
104437c82defe34717b1dc667d9e28aa

SHA1
844b450de3f12e1c4b76bb32f3513ab3a7331dc8

SHA256
df2f5f3830fc3fdeaf4f941b6b30cf051ab52b592bc6e31ae7176eecfda0c1a7

SHA512
f7d917bc492c8aba74eb2148baf9836bb6cb3ed058c53ae3eac7128f5156da54384d5dac2134b35f6b5ae05bf086fcaf2977e9a4374f14aee64d942329042572

Download Submit
C:\Users\Admin\AppData\Local\Programs\DixMax\natives_blob.bin

Filesize
122KB

MD5
99e9ed492dc4b9318704745f69e3ff43

SHA1
4276e245efeb0256bbbdefa77063d2585712198e

SHA256
ad6654fca057a8b8735c8b5cdba9d322396befe7e706429b8236c234a3941da1

SHA512
5163af106d268ff2a324519eac9a17572191add3a5283496170dcff10f52bd9854e47a00c4fe40d83c01b8cd21eaaa0665647044ddb038cf7191ff19c95af539

Download Submit
C:\Users\Admin\AppData\Local\Programs\DixMax\resources.pak

Filesize
8.3MB

MD5
568f2c54aac562146f2edf9b5f8aaf97

SHA1
bbc870b823bd2cb4f6315fc6803b042eee743efb

SHA256
154a02e4c92054c6d4c04acd78d81a2fddee2b5613f9456bd36e9fdee5d4d56a

SHA512
885acb4f72ad9cc3bb0d50f2e2af3388bded8042ec82da70e9762f08be8e9d773dead16c223c39b675374b4831e580a30e8fe029526512291499f88ae13cbc1d

Download Submit
C:\Users\Admin\AppData\Local\Programs\DixMax\resources\app.asar

Filesize
30.7MB

MD5
b89db0658f6ae84bb432b9837b25bc81

SHA1
7e654a3ccf37441ec2eb64824ed382f71efbc575

SHA256
5832842cbf79ccc9a3ad79f20153d2744f11b2a14cb5fe9ea0d931f68e4e7e87

SHA512
38668066d893880fdf0706a5b78e1177c166a0f86d670f1fd6f0679abd2cc662c8334dcf9614e229c962d4039ed74dfb74d9e0181c63caeba1f34afff5094bcc

Download Submit
C:\Users\Admin\AppData\Local\Programs\DixMax\resources\electron.asar

Filesize
275KB

MD5
5999abd3aa259733faa5058db2f25c1d

SHA1
ef12fe9cba9502bf042c73136b56b327bd1abb56

SHA256
a8e20cc87c29a16223a9ce45dc1c11ff213aaf1b19890a8c92b180e8e9fe030f

SHA512
58b439afbfd2db646a09c03023d5d8d1597ceac9420409175599265840991a1760b18631fffd63fb9a56eab01b1bca154d7ad107850c5cb1648d0bf1dee4b066

Download Submit
C:\Users\Admin\AppData\Local\Programs\DixMax\swiftshader\libegl.dll

Filesize
138KB

MD5
190f093bfb15b8bf591a67294b2aab9b

SHA1
5d200596004f730bc17e0714e0ac622595ecadf2

SHA256
322badcf08c960fd351f2bd6243b87742b7f6360c932b0a2cba88ad353c685f7

SHA512
7455c7b711033694677087254ac6ed537233688796fd3dff69a661d2cba168b8cb8a9e335d840acd4d062d5a15f7cce07ab825cb6b4ddf2a08510c95224c6267

Download Submit
C:\Users\Admin\AppData\Local\Programs\DixMax\swiftshader\libglesv2.dll

Filesize
2.6MB

MD5
f0164d31a40170a21c9c9436d915be01

SHA1
e909fb440c341bf93f885ab0edfbc95d806d93ae

SHA256
e35e4eefbac90147b2448488e255a6d3dc1e0ecd2da0a7892ff5b477e11f3be0

SHA512
769505fd2f6704787d4f80e025b2194dcb813fa607bf6bc0f992897989431fdb0f546cd6f362009d61dbef87a1b89e206f4b53dd84695bd60d198a3494137ea4

Download Submit
C:\Users\Admin\AppData\Local\Programs\DixMax\v8_context_snapshot.bin

Filesize
1017KB

MD5
31fc5c514ddc20dacaef9bb162c97130

SHA1
1138d1fcea6bda11fe8195cb7fc55d9f831e60e7

SHA256
fac9222dabb1e320085bc3a921db2e202714a318826aa4e3d47830be736b2a47

SHA512
2ad8d893878d115a125a21a2ee393c6712a6e0579c3eb6b0092d02b6a7507c4144ea554536fe17dd84a83ba13e33e55a81510bfad3c6a5c5f121d3817f038530

Download Submit
\Users\Admin\AppData\Local\Programs\DixMax\DixMax.exe

Filesize
87.9MB

MD5
608adf902b35f015c100f4cd86d5699e

SHA1
b883bee29fb5c1597636ee540f21f16fef02b7aa

SHA256
adfffd984b7805c16b03e183d0d4954016c906df69ce957c153a12eabd1eccf6

SHA512
7264c26f0c035420db9b3d6a74ffcdf3ae9e1ebe6cb259bbd372b838d02089c3c3fee8b09acd483ce3ea6864501394ffbc9d95c71aba6b121e12ca0dc55d93bc

Download Submit
\Users\Admin\AppData\Local\Programs\DixMax\DixMax.exe

Filesize
87.9MB

MD5
608adf902b35f015c100f4cd86d5699e

SHA1
b883bee29fb5c1597636ee540f21f16fef02b7aa

SHA256
adfffd984b7805c16b03e183d0d4954016c906df69ce957c153a12eabd1eccf6

SHA512
7264c26f0c035420db9b3d6a74ffcdf3ae9e1ebe6cb259bbd372b838d02089c3c3fee8b09acd483ce3ea6864501394ffbc9d95c71aba6b121e12ca0dc55d93bc

Download Submit
\Users\Admin\AppData\Local\Programs\DixMax\DixMax.exe

Filesize
87.9MB

MD5
608adf902b35f015c100f4cd86d5699e

SHA1
b883bee29fb5c1597636ee540f21f16fef02b7aa

SHA256
adfffd984b7805c16b03e183d0d4954016c906df69ce957c153a12eabd1eccf6

SHA512
7264c26f0c035420db9b3d6a74ffcdf3ae9e1ebe6cb259bbd372b838d02089c3c3fee8b09acd483ce3ea6864501394ffbc9d95c71aba6b121e12ca0dc55d93bc

Download Submit
\Users\Admin\AppData\Local\Programs\DixMax\DixMax.exe

Filesize
87.9MB

MD5
608adf902b35f015c100f4cd86d5699e

SHA1
b883bee29fb5c1597636ee540f21f16fef02b7aa

SHA256
adfffd984b7805c16b03e183d0d4954016c906df69ce957c153a12eabd1eccf6

SHA512
7264c26f0c035420db9b3d6a74ffcdf3ae9e1ebe6cb259bbd372b838d02089c3c3fee8b09acd483ce3ea6864501394ffbc9d95c71aba6b121e12ca0dc55d93bc

Download Submit
\Users\Admin\AppData\Local\Programs\DixMax\DixMax.exe

Filesize
87.9MB

MD5
608adf902b35f015c100f4cd86d5699e

SHA1
b883bee29fb5c1597636ee540f21f16fef02b7aa

SHA256
adfffd984b7805c16b03e183d0d4954016c906df69ce957c153a12eabd1eccf6

SHA512
7264c26f0c035420db9b3d6a74ffcdf3ae9e1ebe6cb259bbd372b838d02089c3c3fee8b09acd483ce3ea6864501394ffbc9d95c71aba6b121e12ca0dc55d93bc

Download Submit
\Users\Admin\AppData\Local\Programs\DixMax\DixMax.exe

Filesize
87.9MB

MD5
608adf902b35f015c100f4cd86d5699e

SHA1
b883bee29fb5c1597636ee540f21f16fef02b7aa

SHA256
adfffd984b7805c16b03e183d0d4954016c906df69ce957c153a12eabd1eccf6

SHA512
7264c26f0c035420db9b3d6a74ffcdf3ae9e1ebe6cb259bbd372b838d02089c3c3fee8b09acd483ce3ea6864501394ffbc9d95c71aba6b121e12ca0dc55d93bc

Download Submit
\Users\Admin\AppData\Local\Programs\DixMax\DixMax.exe

Filesize
87.9MB

MD5
608adf902b35f015c100f4cd86d5699e

SHA1
b883bee29fb5c1597636ee540f21f16fef02b7aa

SHA256
adfffd984b7805c16b03e183d0d4954016c906df69ce957c153a12eabd1eccf6

SHA512
7264c26f0c035420db9b3d6a74ffcdf3ae9e1ebe6cb259bbd372b838d02089c3c3fee8b09acd483ce3ea6864501394ffbc9d95c71aba6b121e12ca0dc55d93bc

Download Submit
\Users\Admin\AppData\Local\Programs\DixMax\DixMax.exe

Filesize
87.9MB

MD5
608adf902b35f015c100f4cd86d5699e

SHA1
b883bee29fb5c1597636ee540f21f16fef02b7aa

SHA256
adfffd984b7805c16b03e183d0d4954016c906df69ce957c153a12eabd1eccf6

SHA512
7264c26f0c035420db9b3d6a74ffcdf3ae9e1ebe6cb259bbd372b838d02089c3c3fee8b09acd483ce3ea6864501394ffbc9d95c71aba6b121e12ca0dc55d93bc

Download Submit
\Users\Admin\AppData\Local\Programs\DixMax\DixMax.exe

Filesize
87.9MB

MD5
608adf902b35f015c100f4cd86d5699e

SHA1
b883bee29fb5c1597636ee540f21f16fef02b7aa

SHA256
adfffd984b7805c16b03e183d0d4954016c906df69ce957c153a12eabd1eccf6

SHA512
7264c26f0c035420db9b3d6a74ffcdf3ae9e1ebe6cb259bbd372b838d02089c3c3fee8b09acd483ce3ea6864501394ffbc9d95c71aba6b121e12ca0dc55d93bc

Download Submit
\Users\Admin\AppData\Local\Programs\DixMax\d3dcompiler_47.dll

Filesize
4.1MB

MD5
222d020bd33c90170a8296adc1b7036a

SHA1
612e6f443d927330b9b8ac13cc4a2a6b959cee48

SHA256
4432bbd1a390874f3f0a503d45cc48d346abc3a8c0213c289f4b615bf0ee84f3

SHA512
ad8c7ce7f6f353da5e2cf816e1a69f1ec14011612e8041e4f9bb6ebed3e0fa4e4ebc069155a0c66e23811467012c201893b9b3b7a947d089ce2c749d5e8910c6

Download Submit
\Users\Admin\AppData\Local\Programs\DixMax\d3dcompiler_47.dll

Filesize
4.1MB

MD5
222d020bd33c90170a8296adc1b7036a

SHA1
612e6f443d927330b9b8ac13cc4a2a6b959cee48

SHA256
4432bbd1a390874f3f0a503d45cc48d346abc3a8c0213c289f4b615bf0ee84f3

SHA512
ad8c7ce7f6f353da5e2cf816e1a69f1ec14011612e8041e4f9bb6ebed3e0fa4e4ebc069155a0c66e23811467012c201893b9b3b7a947d089ce2c749d5e8910c6

Download Submit
\Users\Admin\AppData\Local\Programs\DixMax\ffmpeg.dll

Filesize
2.0MB

MD5
acc463c075a20634167ec586582c2396

SHA1
ac64529de3c53f28235dfafd6d70016cdfb5b588

SHA256
f3fcf4a870e9fd69fce237684fc7a927b5bdb0e492bd433b0ad47c455401865c

SHA512
a930151a2d36bd5ee211bb47481c46c1dd0a4ce315368bd5fdd62aa1baf66e5c7b945613f4010e1888ec150294eee8dfba2c3e22dda12a601d0e0ee184bcf1ec

Download Submit
\Users\Admin\AppData\Local\Programs\DixMax\ffmpeg.dll

Filesize
2.0MB

MD5
acc463c075a20634167ec586582c2396

SHA1
ac64529de3c53f28235dfafd6d70016cdfb5b588

SHA256
f3fcf4a870e9fd69fce237684fc7a927b5bdb0e492bd433b0ad47c455401865c

SHA512
a930151a2d36bd5ee211bb47481c46c1dd0a4ce315368bd5fdd62aa1baf66e5c7b945613f4010e1888ec150294eee8dfba2c3e22dda12a601d0e0ee184bcf1ec

Download Submit
\Users\Admin\AppData\Local\Programs\DixMax\ffmpeg.dll

Filesize
2.0MB

MD5
acc463c075a20634167ec586582c2396

SHA1
ac64529de3c53f28235dfafd6d70016cdfb5b588

SHA256
f3fcf4a870e9fd69fce237684fc7a927b5bdb0e492bd433b0ad47c455401865c

SHA512
a930151a2d36bd5ee211bb47481c46c1dd0a4ce315368bd5fdd62aa1baf66e5c7b945613f4010e1888ec150294eee8dfba2c3e22dda12a601d0e0ee184bcf1ec

Download Submit
\Users\Admin\AppData\Local\Programs\DixMax\ffmpeg.dll

Filesize
2.0MB

MD5
acc463c075a20634167ec586582c2396

SHA1
ac64529de3c53f28235dfafd6d70016cdfb5b588

SHA256
f3fcf4a870e9fd69fce237684fc7a927b5bdb0e492bd433b0ad47c455401865c

SHA512
a930151a2d36bd5ee211bb47481c46c1dd0a4ce315368bd5fdd62aa1baf66e5c7b945613f4010e1888ec150294eee8dfba2c3e22dda12a601d0e0ee184bcf1ec

Download Submit
\Users\Admin\AppData\Local\Programs\DixMax\swiftshader\libEGL.dll

Filesize
138KB

MD5
190f093bfb15b8bf591a67294b2aab9b

SHA1
5d200596004f730bc17e0714e0ac622595ecadf2

SHA256
322badcf08c960fd351f2bd6243b87742b7f6360c932b0a2cba88ad353c685f7

SHA512
7455c7b711033694677087254ac6ed537233688796fd3dff69a661d2cba168b8cb8a9e335d840acd4d062d5a15f7cce07ab825cb6b4ddf2a08510c95224c6267

Download Submit
\Users\Admin\AppData\Local\Programs\DixMax\swiftshader\libEGL.dll

Filesize
138KB

MD5
190f093bfb15b8bf591a67294b2aab9b

SHA1
5d200596004f730bc17e0714e0ac622595ecadf2

SHA256
322badcf08c960fd351f2bd6243b87742b7f6360c932b0a2cba88ad353c685f7

SHA512
7455c7b711033694677087254ac6ed537233688796fd3dff69a661d2cba168b8cb8a9e335d840acd4d062d5a15f7cce07ab825cb6b4ddf2a08510c95224c6267

Download Submit
\Users\Admin\AppData\Local\Programs\DixMax\swiftshader\libGLESv2.dll

Filesize
2.6MB

MD5
f0164d31a40170a21c9c9436d915be01

SHA1
e909fb440c341bf93f885ab0edfbc95d806d93ae

SHA256
e35e4eefbac90147b2448488e255a6d3dc1e0ecd2da0a7892ff5b477e11f3be0

SHA512
769505fd2f6704787d4f80e025b2194dcb813fa607bf6bc0f992897989431fdb0f546cd6f362009d61dbef87a1b89e206f4b53dd84695bd60d198a3494137ea4

Download Submit
\Users\Admin\AppData\Local\Programs\DixMax\swiftshader\libGLESv2.dll

Filesize
2.6MB

MD5
f0164d31a40170a21c9c9436d915be01

SHA1
e909fb440c341bf93f885ab0edfbc95d806d93ae

SHA256
e35e4eefbac90147b2448488e255a6d3dc1e0ecd2da0a7892ff5b477e11f3be0

SHA512
769505fd2f6704787d4f80e025b2194dcb813fa607bf6bc0f992897989431fdb0f546cd6f362009d61dbef87a1b89e206f4b53dd84695bd60d198a3494137ea4

Download Submit
\Users\Admin\AppData\Local\Temp\nso14BB.tmp\SpiderBanner.dll

Filesize
9KB

MD5
17309e33b596ba3a5693b4d3e85cf8d7

SHA1
7d361836cf53df42021c7f2b148aec9458818c01

SHA256
996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93

SHA512
1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

Download Submit
\Users\Admin\AppData\Local\Temp\nso14BB.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
\Users\Admin\AppData\Local\Temp\nso14BB.tmp\System.dll

Filesize
11KB

MD5
75ed96254fbf894e42058062b4b4f0d1

SHA1
996503f1383b49021eb3427bc28d13b5bbd11977

SHA256
a632d74332b3f08f834c732a103dafeb09a540823a2217ca7f49159755e8f1d7

SHA512
58174896db81d481947b8745dafe3a02c150f3938bb4543256e8cce1145154e016d481df9fe68dac6d48407c62cbe20753320ebd5fe5e84806d07ce78e0eb0c4

Download Submit
\Users\Admin\AppData\Local\Temp\nso14BB.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
\Users\Admin\AppData\Local\Temp\nso14BB.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
\Users\Admin\AppData\Local\Temp\nso14BB.tmp\nsProcess.dll

Filesize
4KB

MD5
f0438a894f3a7e01a4aae8d1b5dd0289

SHA1
b058e3fcfb7b550041da16bf10d8837024c38bf6

SHA256
30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

SHA512
f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

Download Submit
\Users\Admin\AppData\Local\Temp\nso14BB.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
memory/288-99-0x0000000000000000-mapping.dmp

Download
memory/1532-95-0x0000000000000000-mapping.dmp

Download
memory/1572-84-0x0000000000000000-mapping.dmp

Download
memory/1640-54-0x0000000074DA1000-0x0000000074DA3000-memory.dmp

Filesize
8KB

Download
memory/1724-73-0x000007FEFB5D1000-0x000007FEFB5D3000-memory.dmp

Filesize
8KB

Download