0849405d78a198827028cf2113cbbc5ecbba439c61cf129fbc119f9298af3ae9

Analysis

max time kernel
148s
max time network
48s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
02-01-2023 18:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

UsbFix_Premium.exe
Size

4.6MB
MD5

0c3ea2c230e1e26b985944f1af7c2e19
SHA1

23451886cdfd2392cdb5c68c3f77ed02225ca94f
SHA256

0849405d78a198827028cf2113cbbc5ecbba439c61cf129fbc119f9298af3ae9
SHA512

8df05788f103994de54fce33751d1976f1b74745439634903444cedc4b4bc602bed4d6b54b3c267ce907b963f27805a7370fdee7410b81250214853b40bbc529
SSDEEP

98304:xd8oyzmRASzM6ou8bxzyXzymAZfHO4YeO1U69GlasKDtfu:n4m98bx2MfHO4Y7B9GlasKJm

Score

10^/10

discovery evasion persistence trojan

Malware Config

Signatures

Windows security bypass 2 TTPs 2 IoCs

evasion trojan

Disabling Security Tools

T1089

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Defender\Exclusions\Paths\C:\Program Files (x86)\UsbFix = "0"	UsbFix_Premium.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Defender\Exclusions\Paths	UsbFix_Premium.exe

Executes dropped EXE 2 IoCs

pid	Process
572	UsbFix.exe
1388	UsbFixMonitor.exe

Loads dropped DLL 3 IoCs

pid	Process
1368	UsbFix_Premium.exe
1368	UsbFix_Premium.exe
572	UsbFix.exe

Windows security modification 2 TTPs 3 IoCs

evasion trojan

Disabling Security Tools

T1089

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Defender\Exclusions\Paths	UsbFix_Premium.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Defender\Exclusions	UsbFix_Premium.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Defender\Exclusions\Paths\C:\Program Files (x86)\UsbFix = "0"	UsbFix_Premium.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce	UsbFix_Premium.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\	UsbFix_Premium.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 48 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\l:	UsbFix.exe
File opened (read-only)	\??\n:	UsbFix.exe
File opened (read-only)	\??\u:	UsbFix.exe
File opened (read-only)	\??\v:	UsbFixMonitor.exe
File opened (read-only)	\??\a:	UsbFix.exe
File opened (read-only)	\??\f:	UsbFix.exe
File opened (read-only)	\??\j:	UsbFix.exe
File opened (read-only)	\??\g:	UsbFixMonitor.exe
File opened (read-only)	\??\z:	UsbFixMonitor.exe
File opened (read-only)	\??\s:	UsbFix.exe
File opened (read-only)	\??\z:	UsbFix.exe
File opened (read-only)	\??\b:	UsbFixMonitor.exe
File opened (read-only)	\??\o:	UsbFixMonitor.exe
File opened (read-only)	\??\y:	UsbFix.exe
File opened (read-only)	\??\m:	UsbFixMonitor.exe
File opened (read-only)	\??\w:	UsbFixMonitor.exe
File opened (read-only)	\??\b:	UsbFix.exe
File opened (read-only)	\??\q:	UsbFix.exe
File opened (read-only)	\??\r:	UsbFix.exe
File opened (read-only)	\??\v:	UsbFix.exe
File opened (read-only)	\??\x:	UsbFix.exe
File opened (read-only)	\??\q:	UsbFixMonitor.exe
File opened (read-only)	\??\s:	UsbFixMonitor.exe
File opened (read-only)	\??\e:	UsbFix.exe
File opened (read-only)	\??\i:	UsbFix.exe
File opened (read-only)	\??\m:	UsbFix.exe
File opened (read-only)	\??\t:	UsbFix.exe
File opened (read-only)	\??\j:	UsbFixMonitor.exe
File opened (read-only)	\??\k:	UsbFixMonitor.exe
File opened (read-only)	\??\l:	UsbFixMonitor.exe
File opened (read-only)	\??\n:	UsbFixMonitor.exe
File opened (read-only)	\??\u:	UsbFixMonitor.exe
File opened (read-only)	\??\h:	UsbFix.exe
File opened (read-only)	\??\k:	UsbFix.exe
File opened (read-only)	\??\a:	UsbFixMonitor.exe
File opened (read-only)	\??\e:	UsbFixMonitor.exe
File opened (read-only)	\??\h:	UsbFixMonitor.exe
File opened (read-only)	\??\i:	UsbFixMonitor.exe
File opened (read-only)	\??\p:	UsbFixMonitor.exe
File opened (read-only)	\??\t:	UsbFixMonitor.exe
File opened (read-only)	\??\g:	UsbFix.exe
File opened (read-only)	\??\o:	UsbFix.exe
File opened (read-only)	\??\p:	UsbFix.exe
File opened (read-only)	\??\w:	UsbFix.exe
File opened (read-only)	\??\f:	UsbFixMonitor.exe
File opened (read-only)	\??\r:	UsbFixMonitor.exe
File opened (read-only)	\??\x:	UsbFixMonitor.exe
File opened (read-only)	\??\y:	UsbFixMonitor.exe

AutoIT Executable 9 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
behavioral1/files/0x00070000000126a6-60.dat	autoit_exe
behavioral1/files/0x00070000000126a6-57.dat	autoit_exe
behavioral1/files/0x00070000000126a6-63.dat	autoit_exe
behavioral1/files/0x00070000000126a6-123.dat	autoit_exe
behavioral1/files/0x000700000001313c-120.dat	autoit_exe
behavioral1/files/0x0007000000012768-119.dat	autoit_exe
behavioral1/files/0x0007000000012739-118.dat	autoit_exe
behavioral1/files/0x0007000000012721-117.dat	autoit_exe
behavioral1/files/0x0007000000012721-126.dat	autoit_exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\UsbFix\Modules\UsbFixUtils.exe	UsbFix_Premium.exe
File created	C:\Program Files (x86)\UsbFix\Res\PNG\search.png	UsbFix_Premium.exe
File opened for modification	C:\Program Files (x86)\UsbFix\Quarantine\reg	UsbFix.exe
File opened for modification	C:\Program Files (x86)\UsbFix\Res\PNG\server.png	UsbFix.exe
File opened for modification	C:\Program Files (x86)\UsbFix\Res\PNG\windows.png	UsbFix.exe
File opened for modification	C:\Program Files (x86)\UsbFix\Res\PNG\Support\Ico-Free-Support.png	UsbFix.exe
File created	C:\Program Files (x86)\UsbFix\UsbFix.exe	UsbFix_Premium.exe
File created	C:\Program Files (x86)\UsbFix\Res\delete.png	UsbFix_Premium.exe
File opened for modification	C:\Program Files (x86)\UsbFix\Res\Shop.png	UsbFix.exe
File opened for modification	C:\Program Files (x86)\UsbFix\Res\UsbFix.ico	UsbFix.exe
File opened for modification	C:\Program Files (x86)\UsbFix\Res\Ico\Shutdown.png	UsbFix.exe
File created	C:\Program Files (x86)\UsbFix\Res\partner\Bitdefender-sidebar-fr.jpg	UsbFix_Premium.exe
File created	C:\Program Files (x86)\UsbFix\Res\partner\bitdefender-hover.png	UsbFix_Premium.exe
File opened for modification	C:\Program Files (x86)\UsbFix\Res\Ico\About.png	UsbFix.exe
File opened for modification	C:\Program Files (x86)\UsbFix\Res\partner\bitdefender.png	UsbFix.exe
File opened for modification	C:\Program Files (x86)\UsbFix\Res\HomeProtected.png	UsbFix.exe
File created	C:\Program Files (x86)\UsbFix\Modules\UsbFixMonitor.exe	UsbFix_Premium.exe
File created	C:\Program Files (x86)\UsbFix\Res\logo-2-300x86.png	UsbFix_Premium.exe
File created	C:\Program Files (x86)\UsbFix\Res\Ico\Shutdown.png	UsbFix_Premium.exe
File created	C:\Program Files (x86)\UsbFix\Res\Ico\Trash.png	UsbFix_Premium.exe
File created	C:\Program Files (x86)\UsbFix\Res\PNG\vaccine.png	UsbFix_Premium.exe
File created	C:\Program Files (x86)\UsbFix\Res\PNG\Support\Ico-Tutorial.png	UsbFix_Premium.exe
File created	C:\Program Files (x86)\UsbFix\Res\partner\depannage-sosvirus.png	UsbFix_Premium.exe
File opened for modification	C:\Program Files (x86)\UsbFix\Res\Ico\SosVIrus.png	UsbFix.exe
File created	C:\Program Files (x86)\UsbFix\Res\Ico\User.png	UsbFix_Premium.exe
File opened for modification	C:\Program Files (x86)\UsbFix\Res\Ico\Support.png	UsbFix.exe
File opened for modification	C:\Program Files (x86)\UsbFix\Res\partner\depannage-sosvirus.png	UsbFix.exe
File opened for modification	C:\Program Files (x86)\UsbFix\Res\PNG\Support\Ico-Premium-Support.png	UsbFix.exe
File opened for modification	C:\Program Files (x86)\UsbFix\Modules\Res	UsbFix.exe
File created	C:\Program Files (x86)\UsbFix\Res\UsbFix-Happy-100.png	UsbFix_Premium.exe
File created	C:\Program Files (x86)\UsbFix\Res\Ico\SosVIrus.png	UsbFix_Premium.exe
File created	C:\Program Files (x86)\UsbFix\Res\PNG\Analys.png	UsbFix_Premium.exe
File opened for modification	C:\Program Files (x86)\UsbFix\Res\Ico	UsbFix.exe
File opened for modification	C:\Program Files (x86)\UsbFix\Res\PNG\search.png	UsbFix.exe
File opened for modification	C:\Program Files (x86)\UsbFix\Modules\Res\UsbFix.ico	UsbFix.exe
File created	C:\Program Files (x86)\UsbFix\Modules\UsbFixUpdater.exe	UsbFix_Premium.exe
File opened for modification	C:\Program Files (x86)\UsbFix\Res\PNG	UsbFix.exe
File opened for modification	C:\Program Files (x86)\UsbFix\Res\restore.png	UsbFix.exe
File opened for modification	C:\Program Files (x86)\UsbFix\Res\Ico\Settings.png	UsbFix.exe
File created	C:\Program Files (x86)\UsbFix\Res\partner\bitdefender.png	UsbFix_Premium.exe
File opened for modification	C:\Program Files (x86)\UsbFix\Res\partner\bitdefender-hover-2018.png	UsbFix.exe
File created	C:\Program Files (x86)\UsbFix\Modules\UsbFixNotification.exe	UsbFix_Premium.exe
File created	C:\Program Files (x86)\UsbFix\Res\HomeProtected.png	UsbFix_Premium.exe
File created	C:\Program Files (x86)\UsbFix\Res\open.png	UsbFix_Premium.exe
File created	C:\Program Files (x86)\UsbFix\Res\script installer msi.iss	UsbFix_Premium.exe
File created	C:\Program Files (x86)\UsbFix\Res\Ico\Settings.png	UsbFix_Premium.exe
File opened for modification	C:\Program Files (x86)\UsbFix\Res\Ico\home.png	UsbFix.exe
File created	C:\Program Files (x86)\UsbFix\Res\Ico\Windows-Logo.png	UsbFix_Premium.exe
File opened for modification	C:\Program Files (x86)\UsbFix\Res\HomeNotProtected.png	UsbFix.exe
File opened for modification	C:\Program Files (x86)\UsbFix\Res\Ico\flash-drive.png	UsbFix.exe
File opened for modification	C:\Program Files (x86)\UsbFix\Modules\UsbFixUtils.exe	UsbFix.exe
File created	C:\Program Files (x86)\UsbFix\Res\Ico\About.png	UsbFix_Premium.exe
File created	C:\Program Files (x86)\UsbFix\Res\partner\bitdefender-2018.png	UsbFix_Premium.exe
File opened for modification	C:\Program Files (x86)\UsbFix\Res\Sad-50.png	UsbFix.exe
File opened for modification	C:\Program Files (x86)\UsbFix\Log\UsbFix-Report-01.txt	UsbFix.exe
File created	C:\Program Files (x86)\UsbFix\Modules\Res\UsbFix.ico	UsbFix_Premium.exe
File created	C:\Program Files (x86)\UsbFix\Res\Forum.png	UsbFix_Premium.exe
File created	C:\Program Files (x86)\UsbFix\Res\Ico\home.png	UsbFix_Premium.exe
File opened for modification	C:\Program Files (x86)\UsbFix\Res\script installer msi.iss	UsbFix.exe
File opened for modification	C:\Program Files (x86)\UsbFix\Modules\Res\UsbFix.png	UsbFix.exe
File opened for modification	C:\Program Files (x86)\UsbFix\Res	UsbFix.exe
File created	C:\Program Files (x86)\UsbFix\Res\UsbFix.ico	UsbFix_Premium.exe
File created	C:\Program Files (x86)\UsbFix\Res\Ico\Network-80.png	UsbFix_Premium.exe
File created	C:\Program Files (x86)\UsbFix\Res\Ico\computer.png	UsbFix_Premium.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Creates scheduled task(s) 1 TTPs 1 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence

Scheduled Task

T1053

pid	Process
552	schtasks.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\UsbFix\winmgmts:{impersonationLevel=impersonate}	UsbFix.exe
File opened for modification	C:\Program Files (x86)\UsbFix\Modules\winmgmts:{impersonationLevel=impersonate}	UsbFixMonitor.exe

Suspicious behavior: EnumeratesProcesses 17 IoCs

pid	Process
1368	UsbFix_Premium.exe
1368	UsbFix_Premium.exe
1368	UsbFix_Premium.exe
1368	UsbFix_Premium.exe
1368	UsbFix_Premium.exe
1368	UsbFix_Premium.exe
1368	UsbFix_Premium.exe
1368	UsbFix_Premium.exe
1368	UsbFix_Premium.exe
1368	UsbFix_Premium.exe
1368	UsbFix_Premium.exe
1368	UsbFix_Premium.exe
1772	powershell.exe
572	UsbFix.exe
572	UsbFix.exe
572	UsbFix.exe
572	UsbFix.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
572	UsbFix.exe
1388	UsbFixMonitor.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	1772	powershell.exe
Token: 33	972	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	972	AUDIODG.EXE
Token: 33	972	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	972	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe
1388	UsbFixMonitor.exe

Suspicious use of WriteProcessMemory 32 IoCs

description	pid	Process	procid_target
PID 1368 wrote to memory of 936	1368	UsbFix_Premium.exe	27
PID 1368 wrote to memory of 936	1368	UsbFix_Premium.exe	27
PID 1368 wrote to memory of 936	1368	UsbFix_Premium.exe	27
PID 1368 wrote to memory of 936	1368	UsbFix_Premium.exe	27
PID 936 wrote to memory of 1772	936	cmd.exe	29
PID 936 wrote to memory of 1772	936	cmd.exe	29
PID 936 wrote to memory of 1772	936	cmd.exe	29
PID 936 wrote to memory of 1772	936	cmd.exe	29
PID 1368 wrote to memory of 572	1368	UsbFix_Premium.exe	30
PID 1368 wrote to memory of 572	1368	UsbFix_Premium.exe	30
PID 1368 wrote to memory of 572	1368	UsbFix_Premium.exe	30
PID 1368 wrote to memory of 572	1368	UsbFix_Premium.exe	30
PID 572 wrote to memory of 788	572	UsbFix.exe	32
PID 572 wrote to memory of 788	572	UsbFix.exe	32
PID 572 wrote to memory of 788	572	UsbFix.exe	32
PID 572 wrote to memory of 788	572	UsbFix.exe	32
PID 572 wrote to memory of 1928	572	UsbFix.exe	35
PID 572 wrote to memory of 1928	572	UsbFix.exe	35
PID 572 wrote to memory of 1928	572	UsbFix.exe	35
PID 572 wrote to memory of 1928	572	UsbFix.exe	35
PID 572 wrote to memory of 552	572	UsbFix.exe	36
PID 572 wrote to memory of 552	572	UsbFix.exe	36
PID 572 wrote to memory of 552	572	UsbFix.exe	36
PID 572 wrote to memory of 552	572	UsbFix.exe	36
PID 572 wrote to memory of 1080	572	UsbFix.exe	38
PID 572 wrote to memory of 1080	572	UsbFix.exe	38
PID 572 wrote to memory of 1080	572	UsbFix.exe	38
PID 572 wrote to memory of 1080	572	UsbFix.exe	38
PID 1684 wrote to memory of 1388	1684	taskeng.exe	42
PID 1684 wrote to memory of 1388	1684	taskeng.exe	42
PID 1684 wrote to memory of 1388	1684	taskeng.exe	42
PID 1684 wrote to memory of 1388	1684	taskeng.exe	42

C:\Users\Admin\AppData\Local\Temp\UsbFix_Premium.exe
"C:\Users\Admin\AppData\Local\Temp\UsbFix_Premium.exe"
1⤵
- Windows security bypass
- Loads dropped DLL
- Windows security modification
- Adds Run key to start application
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1368
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /C powershell Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\UsbFix'
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:936
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\UsbFix'
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:1772
- C:\Program Files (x86)\UsbFix\UsbFix.exe
  "C:\Program Files (x86)\UsbFix\UsbFix.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Enumerates connected drives
  - Drops file in Program Files directory
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of WriteProcessMemory
  PID:572
- - C:\Windows\SysWOW64\schtasks.exe
    schtasks /delete /tn "UsbFix Boot Scan" /f"
    3⤵
    PID:788
- - C:\Windows\SysWOW64\schtasks.exe
    schtasks /delete /tn "UsbFix Boot Scan" /f"
    3⤵
    PID:1928
- - C:\Windows\SysWOW64\schtasks.exe
    schtasks.exe /create /XML "C:\Users\Admin\AppData\Local\Temp\~ismapzr.xml" /TN "UsbFix Monitor"
    3⤵
    - Creates scheduled task(s)
    PID:552
- - C:\Windows\SysWOW64\schtasks.exe
    schtasks /run /tn "UsbFix Monitor"
    3⤵
    PID:1080

C:\Windows\system32\taskeng.exe
taskeng.exe {2AFE7493-93F9-4C1F-9B4B-1B906AA60FA2} S-1-5-21-4063495947-34355257-727531523-1000:RYNKSFQE\Admin:Interactive:[1]
1⤵
- Suspicious use of WriteProcessMemory
PID:1684
- C:\Program Files (x86)\UsbFix\Modules\UsbFixMonitor.exe
  "C:\Program Files (x86)\UsbFix\Modules\UsbFixMonitor.exe"
  2⤵
  - Executes dropped EXE
  - Enumerates connected drives
  - NTFS ADS
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:1388

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:1004

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x15c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:972

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

T1053

Persistence

Registry Run Keys / Startup Folder

T1060

Scheduled Task

T1053

Privilege Escalation

Scheduled Task

T1053

Defense Evasion

Disabling Security Tools

T1089

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\UsbFix\Modules\Res\UsbFix.ico

Filesize
264KB

MD5
610a35911b9f88d87bd7388ca379c9c7

SHA1
84a1fdcb4361ff372f41d33d2a45fcbd6a7e17e2

SHA256
09c06f65f89e5857307cf8cba6794ffa7b21362ae4adaa82b877d3b51e7a8ab3

SHA512
9222a1226dccbe363094b3cd87348b0e3b1a711bf7f4df841da9de0d2b7c9aff95b0c35dd87e5b9d826d37f2f5356e8adbe64129e0a734647121fc6c0c1e083e

Download Submit
C:\Program Files (x86)\UsbFix\Modules\Res\UsbFix.png

Filesize
4KB

MD5
c184850b49b625fbb691f1e875a19285

SHA1
012e38bbd920d9d79e379c9fae2bb71f3c430fbb

SHA256
e36adad117475ef10196ab088c352badea3239c904d97c0245c4e4ef3a151f69

SHA512
7e83ed0e7f39289668f126815c13bc9938d6d9e9c96c1d4d24a07e44c740522e4d0071d192396830023f5e8f8c476e5c23bfb869ec7248609aae34c72a0ed58a

Download Submit
C:\Program Files (x86)\UsbFix\Modules\UsbFixMonitor.exe

Filesize
1.2MB

MD5
be03ebbad2a9054f2b633566b5f8bd67

SHA1
a57b940005b87a4ebf664a46c0edb4d9c7068d1c

SHA256
1bb737759bec11d9581531025dfba9000a8b4afe093894ada362b4df87b19f5b

SHA512
95df39964b58f6f6efb4125f29856d9af11ee46bf39895c3e5032c5fd01dd809ab7655f0e64a3d2ab7885b3a86b4cbb955599b0a6e540bb4dbb096a18a24d4a0

Download Submit
C:\Program Files (x86)\UsbFix\Modules\UsbFixMonitor.exe

Filesize
1.2MB

MD5
be03ebbad2a9054f2b633566b5f8bd67

SHA1
a57b940005b87a4ebf664a46c0edb4d9c7068d1c

SHA256
1bb737759bec11d9581531025dfba9000a8b4afe093894ada362b4df87b19f5b

SHA512
95df39964b58f6f6efb4125f29856d9af11ee46bf39895c3e5032c5fd01dd809ab7655f0e64a3d2ab7885b3a86b4cbb955599b0a6e540bb4dbb096a18a24d4a0

Download Submit
C:\Program Files (x86)\UsbFix\Modules\UsbFixNotification.exe

Filesize
1.2MB

MD5
bc152dccc956cd9ad3a1bb0cb08f3bc5

SHA1
04f6089b16f9471da5573deb1c69c72e3479bb87

SHA256
22bf2ffb92e1128e1a5e3bdf4eb8f52179de8b0b07cad8d9dfed2098292b8c09

SHA512
c62504f35f358c4049914b090a29129dc1d05e4b8189712659463508b41bb193847265d250afb53cf367c27a7e7d8f3055f564b2292288342f03b5a3fd6fd036

Download Submit
C:\Program Files (x86)\UsbFix\Modules\UsbFixUpdater.exe

Filesize
1.1MB

MD5
192a455408c606bb67e93340fd0aace9

SHA1
1f9c702cda28821a3e3721c32ef177cb7ad8a18f

SHA256
8ebadfeedee5ad9bd2d09a276b70d3d49872bdfa403aeb5744182238d7190d4b

SHA512
ccd5f3759e9e59c02b60cd7fb1d39d64ef784c781cf4409a796448db6395e3159b8d006b4264e679106251e9b4067b8845ca318250f8732631e908982ff660d5

Download Submit
C:\Program Files (x86)\UsbFix\Modules\UsbFixUtils.exe

Filesize
1.1MB

MD5
101324d816f3e8d0ee0152b2c72368c7

SHA1
e7a1620ee34bd518ce9df18310b281340d6a4be9

SHA256
380fb5ae7bd534703c03b4254724f3e46be9dadc7434fd35a39fdf112e35a7dd

SHA512
c2b00b6e019a4ba8746a5ddae468dc3a14087ed39550f1e056b002a28b3b5cfc21a52397c057cf602dcec110bd3c29910ff9dde1ab4022f6f601744d0884dc48

Download Submit
C:\Program Files (x86)\UsbFix\Res\Forum.png

Filesize
57KB

MD5
a290829cd2cf641101189773f91a3495

SHA1
50109c5d76ff412b220531332bfe121a26439f59

SHA256
26daaaf45bec32cc3a9769e0c730e34c3492b239634719d93c6fdc9e16c1e529

SHA512
970c70678feb48724931e2b4709a24ade1e80402e313e576739c2ae3bf2e756f4aa768fa6fb3ce18d50ebfae788363d1f17d695ed81aa65196516f68a941df96

Download Submit
C:\Program Files (x86)\UsbFix\Res\Happy-50.png

Filesize
3KB

MD5
2cbf4836c0a814dab1bb11b0a7975654

SHA1
3c3c912a383f7270457e5ee1679fda6ee2777014

SHA256
bc4c7fa7eac703add6b9e34fafa9c5b103ee0db9e764bbbe95c2a9a87d98e5ed

SHA512
faa5dffabaa8e1d93b9876279ddb6b0561fbdc1edb966539c5dce7c9da6fdb513c5ab7a05636a7d4184916c3ac1c57f748878a81040c54a9d0677bc8654004a2

Download Submit
C:\Program Files (x86)\UsbFix\Res\HomeNotProtected.png

Filesize
68KB

MD5
b009f2a474f32153c079f9764c2ac192

SHA1
3201ac78ee5b5fb5cf8f626221350a06c4fceca0

SHA256
6d2775800e6a447e31af6cae0eb056e9a663a811877c78e94907c9c68a9c789f

SHA512
62231dc19c94267b96b52c0077c301787f3649ca95cff411cd0b5e4a3a255eb7452b5c1501d11d0465ad40a20a36a141e6eb4edb8b6f6f7c2ca59b5874715c39

Download Submit
C:\Program Files (x86)\UsbFix\Res\HomeProtected.png

Filesize
75KB

MD5
1b68fc34bac2e2cdf4ee189f668f8ad9

SHA1
2cea876ec513afa88e6ab83bf483fb12155c93d2

SHA256
bae71c7f18b23cbee511efa3a181954bf52d88ded8b988c76cb4dc10667fd9b0

SHA512
0a6b27f9356a6ad97419a48460627010baa69adb5ebbd6fbbac0f13cf8d7b7b90fff3d5657775808f7d7de701000384755fdff381329dead70cb8b15e1a2c435

Download Submit
C:\Program Files (x86)\UsbFix\Res\Ico\About.png

Filesize
507B

MD5
471d0ef5ebdfdbe156fb8dbb88116e83

SHA1
71f883235b0bedb22972a02a77ba785f234e7c3b

SHA256
d9d148cd550e7ffb5148ba9cefe7eedc3d9d609867797e624f40db09223cb592

SHA512
a347d85d0647d8112369f7d81c4102c53cdcf7f0efd1e20fd8a826926614bc1a07a69ecf7d107a1756e21f96909e5b38b421c14c23acbfaa96a1a9cb59055afd

Download Submit
C:\Program Files (x86)\UsbFix\Res\Ico\Avatar.png

Filesize
3KB

MD5
bdc069e98ee3f3d9e3a05df8acdac968

SHA1
46705f4710385b24ee7ea679a7e4d034ab59f240

SHA256
0d253db9c028a203602861d5d884606a7bf195ae716bb3dc1d9b0393ead24506

SHA512
086489eb4ea13468c1f730d7cf9ffd3d04e1301247343998e16aa9eefa9b724432f3a4ca994e5360ae8cdc43d6ec4a6f90ac3529c7bedae16754fae9850e5e99

Download Submit
C:\Program Files (x86)\UsbFix\Res\Ico\Logs.png

Filesize
513B

MD5
271cec84993fd536d2122a22df46c8d6

SHA1
d5c46358e7a182cf1343d85bcacb802ff5527fbd

SHA256
256eadf7b1b0f361332651fda2bd64e488d148f7eec0bdf5fccccdf135fcc36f

SHA512
636864aa35f8522e457b2bd65b12c4152265d1af16ada69f278890189c6afa7e5d60ca29388e499c6be2f74392c891f36459840dbd7e016703080f222ee427ae

Download Submit
C:\Program Files (x86)\UsbFix\Res\Ico\Menu.png

Filesize
170B

MD5
7d29a4b190e7282e1793b2e56d9c8566

SHA1
1fa1e383e24859bcb0248d4b20412c005c06e885

SHA256
d5d6f00e454860c4fbdaa51f2995a40c91b7b075bb7f7dce3aba3817ab30b50f

SHA512
47554479ddd32b4b348ef684595585d978d23eb3f5a383aa5637575c694e4ec977e62afc1bd011d8b155dcbaedd913fc12edef1ecc486d5914e3b479fc4eba50

Download Submit
C:\Program Files (x86)\UsbFix\Res\Ico\Network-80.png

Filesize
1KB

MD5
3bd1567a5801b0464a6fbc6cc301ac46

SHA1
cdeeec410092bbd40ce3b8f9cd0dd7ffcb61e830

SHA256
0c5bf1bbc6c1716ec2018cf60f5060cb1201cfb4a8b3d607f117c3deb2d7116d

SHA512
3f897ba4deb35814aa9250e889306aecfc003da555d3424dec47eea2a00af358b60cf569638a8134efb01616ec5d188e4adb1f3df5e0e69be2f5214077b743d6

Download Submit
C:\Program Files (x86)\UsbFix\Res\Ico\Settings.png

Filesize
754B

MD5
1caf23826f2cf5ed67d834082b178758

SHA1
fb63e57c3fa2f73ecaf12600dcf236e7b3e2e1fd

SHA256
76bf81aea84feb85c6a431fc557b2787f67f22ab1bbd797fc70fafed6a3c8e07

SHA512
b7660eb71e5097b5509ce3268d0bde23edb4955a7221d1c98abf2362988747b695974af799e865441c58e569efbfdc7466686a500d968952808599baaafbe958

Download Submit
C:\Program Files (x86)\UsbFix\Res\Ico\Shutdown.png

Filesize
970B

MD5
f0062386e5b9e3b5fd06dc23ee874389

SHA1
983f1927ce7ae46a2ee0158a82e7cf3d0258fc32

SHA256
9ac4ff46dd679605f49a5351aa000ea790e6b75ea65d4b25f98b2999a1d580d5

SHA512
ee98193ed05c0ae90dc17ee0b652c224ee7e5d20062f760967e66342c53b0a57f8bc878cde8d90f696803dc863a753abb89b0ecaf047693977d1521dfb2b2efd

Download Submit
C:\Program Files (x86)\UsbFix\Res\Ico\SosVIrus.png

Filesize
12KB

MD5
c27e6651de3c6a06fc8b55b7454e86b6

SHA1
0f05c0938fd9aa74eadf4153402f417c96b52f08

SHA256
8f54b7a43baed4790fb4aa381e81aa5c00d430e6fda6157fb1de1e7705a1c49e

SHA512
475c71d4003382f90fec31bc85a3801de5c39430348252c9923f98c30e69d3855573ded84a2537242337612be2f5bb1c75d6604986eff4ca8456dc5f28d0d529

Download Submit
C:\Program Files (x86)\UsbFix\Res\Ico\Support.png

Filesize
637B

MD5
29f27c6aadadca535066cbeb0fbf1a66

SHA1
728a74df829bb7fdf63caf12cdd41d556eacb4e7

SHA256
443b938564ceb1311d59826022459b035b443d44359bc1f59b317f6fcb4ee09a

SHA512
4f0a23de06ef88e0d8848066b5e27ef9ee6b78284040422a175a493085b93fd56e03786e6001a18c0e16f112c5d18c5d13fedad8acbedd1f14f5733a70893f34

Download Submit
C:\Program Files (x86)\UsbFix\Res\Ico\Trash.png

Filesize
947B

MD5
364971257b8cc759556ae13b99a1f8e0

SHA1
70f2137d9cc27b8c4c35f808fd40e7054d178ab4

SHA256
11d08a8223540f028a9ef539cda729892862b267836fe0a7b8d2a0ffa870c192

SHA512
2b3e8ff2d7ce50abf4b48aabbe42a0f5e0bcaf94b05e06c0bbf3b7b43108b57f2cd6b912b2134666669c6d991a607e2f02021e831b3fd495126c4fd742c640a4

Download Submit
C:\Program Files (x86)\UsbFix\Res\Ico\User.png

Filesize
613B

MD5
4f32d5bea3831a25e64f147fbd4d1e34

SHA1
101f01bd99c847071859b1afae3863ccbd483511

SHA256
52878ef2e0bde2667c73d9da80598595771be361741cf4b2528b87e9be70bb9d

SHA512
bdc30b1062d065915ecc98a4c3efd94b308ff272982e5cbe75878d674c9e79012057c51e0deacd3841a2d17fad32b8ad70e1c1ed746824df35d3f454c8420e18

Download Submit
C:\Program Files (x86)\UsbFix\Res\Ico\Windows-Logo.png

Filesize
1KB

MD5
22533aef4e579178bd8998b1ab3da40e

SHA1
f7fea9b1453194ccba72c81b9b37d59cfa95743a

SHA256
d21f45cc1e82dcc7db93d512ec2e9d2b1d1072ed0c7a9761d5737666529258e5

SHA512
bd01b7cc4ba9068b0a2c5981a59bb3b8e46b72e5fec18abca94d4b10527d6025b80cdee4229b5b8f7b262810233d6b7a6804a128bbaa4abb2a25a6b9b3f098fe

Download Submit
C:\Program Files (x86)\UsbFix\Res\Ico\computer.png

Filesize
840B

MD5
c0916b0d3230de5fd252cdbb181d22ee

SHA1
27c8ba95f1db1354008cbb3f6ba21874db40eb1e

SHA256
109302595493da51af995cdc5af99b9cfc3abce599832fe958364b3c6b2ad214

SHA512
a3c557f377485be9ab5bde43c03df59a3a45b1618d22d732918f9aef5e44f94d2d684db8d2741184929f4737f4fdd9d5d5eeaaec7110b1c8f4a6e8a4e52593fd

Download Submit
C:\Program Files (x86)\UsbFix\Res\Ico\flash-drive.png

Filesize
1KB

MD5
6aa6d8c0afe85f8fefc393af6b47144e

SHA1
28bc5a902e1eb8dc1a84b42637421be2d228984b

SHA256
8d76141b4d1b916d6c56e98a327812603f485735eb93801ba183c92940c80914

SHA512
6122213c77a4cc25e9bead882cb7c5f01b487a50c31977c7308819cb447cce707f9454a83436a26aa5e2eab9c5af19e6428776acb699bfd1b78790730602f741

Download Submit
C:\Program Files (x86)\UsbFix\Res\Ico\home.png

Filesize
586B

MD5
b46297adc11426e21f2f7f417809d07c

SHA1
e175ddfaf1539e3cc45234dbd1da33d893b5eed8

SHA256
95d430c95e8d93bd5ea38c5622adcbe5d255e4d27ed0bba8391c98ce9753a53c

SHA512
11425af14a6f6f667b9597e7dd3eaebb27295ba6948c8cee9a091b50d2c021d747c4cf0bb7f23e1ec6de72b0eb7cb3b1628cbd41e9b0c8d05a47dc8defdd2103

Download Submit
C:\Program Files (x86)\UsbFix\Res\Ico\laptop.png

Filesize
609B

MD5
827afdf5ec77d8ec9b52709af2ef38fe

SHA1
c51b31e74eee77d9c674acc6de20c3c2df05f03d

SHA256
95db7a8a507ab9d3c4412ca5e2e1e7d6828586763d25d2175564122b8fb8b6f7

SHA512
d5d93ca43aa009c4200590337833e72052754bcf58066a3adc8701177383ddaaa5b051650ce1ade7a52c4fde343923527253fce06be1e4763243c5ffa5bcff4b

Download Submit
C:\Program Files (x86)\UsbFix\Res\ManageAccount.png

Filesize
54KB

MD5
b9710ddda7a12e93b256aeef1e20c8ae

SHA1
0571ec5afd582f222f1f34c62366fdc6cbec8340

SHA256
01f904c9c17ba0e74959a60ee4705ad84fab9400e4c1ebbefdc1f624aa375973

SHA512
ce8b9a13fe3f41cedce26b5099747d8af1c09722a8f85d489da2883caee6ff2036419a726a6dd7428441ef9adf4ec9ba98a61518b0cd6e5bc251927d6a6b3b5b

Download Submit
C:\Program Files (x86)\UsbFix\Res\PNG\Analys.png

Filesize
4KB

MD5
35f8f6e612335f9a1cf59d3b6066b062

SHA1
6da8fdb56d11846562a87675ee19822a40395fed

SHA256
09109a0f444523605f7c38f2b3a357145ac95af7ec40a203910036f123497b87

SHA512
344b7ea8a2415f947a9a84080a5bf3824c26037d5908955080b8208f3adf9f6abd5a188143494cb561b68ec242452b841ea422b1b70e1146d13334795c6da21d

Download Submit
C:\Program Files (x86)\UsbFix\Res\PNG\Support\Ico-Free-Support.png

Filesize
1KB

MD5
93f35b2cc7ab2365539119d764514aa8

SHA1
7922c754b8adfec9596f6f4b09179532f82e4a2d

SHA256
b21b5ba81439bb9d139c93f875dc9e503c5581f542c14f46ca79804e46641ff3

SHA512
aa3587d154c9884298c743d9452dcbb484f9280c46a5016259317894cc27b7156f8147a1517ca8ac58f2b13b76d065fb510cbb6a7370a0dcbb8d95b59c93cede

Download Submit
C:\Program Files (x86)\UsbFix\Res\PNG\Support\Ico-Premium-Support.png

Filesize
1KB

MD5
fb1aaf981bc23e158067df41fd768899

SHA1
60931d85a15c58429249e72e572fe47b51e2d623

SHA256
888672c4587fd25fbb122373d4ae9ea30c679d4481e4a6d780cf4c890bc48f46

SHA512
038aa3317c1ecce53b6391be2238d747405d8d88effa9194ddb5967d7a9c7a9b27033e585b6d6fe22b3036f030f45db378623b6e691e4e8b3969dfdd09fa9ad7

Download Submit
C:\Program Files (x86)\UsbFix\Res\PNG\Support\Ico-Tutorial.png

Filesize
1KB

MD5
3d513b5547d4fc5d0927473bb00a770e

SHA1
774dbca25d2ebfe85f13412530a9f55e4b68f195

SHA256
c0088c18a53700fbee2ac3420ff327beb44131806dfed336f3557e9e60bba9f2

SHA512
b7f37dca10ff926ec9cd0357b536b13a1f6838e53f377a2ba9cacdf5eeccada382a20f1d1c1b11f57cfecfb83c7aaf64980d244d06a4eed77300baad03148e76

Download Submit
C:\Program Files (x86)\UsbFix\Res\PNG\search.png

Filesize
1KB

MD5
7b05ff0c8ab70b42c7c2f2d916b2ab27

SHA1
402199996c23976b6fc7602334ba03fe3f271772

SHA256
3ec639f764d5ca2c7a781cce983490a8ae18a8766544c7cf7004df5f800a1a60

SHA512
4b8f6e4834c3f6777080fd5387ad732b5ec1c2f7715b053799a6420dc90ec88e81ce7d99181aca2b1d4c39802c9b54d8289457dc0feaab002bae59d7ae3f68fc

Download Submit
C:\Program Files (x86)\UsbFix\Res\PNG\server.png

Filesize
1KB

MD5
29d0ef114c22a07053ff33b121dcd199

SHA1
53e0f2fb13b7d29db8b65f8f109f6b84ce1c1035

SHA256
6da4fe9f3006caa3583f56a111caad82b310bb458263f2b50b2a3aef2cc82147

SHA512
6aedaa7e75779b53c7719a53c5b9b099898a7185331efdf71e282c39fd6ffa6c0fd09384ce2faa2cccd6638e1e69b92e2555980bf3fe4107b748f70bc9a62ea7

Download Submit
C:\Program Files (x86)\UsbFix\Res\PNG\usb.png

Filesize
1KB

MD5
437cce818ea517304fa6372f14093312

SHA1
116a9d52620a747c4d97655ccf43dae444b418cc

SHA256
ac2e4462fe792c8fce21f0222fa5d3416c1a5a97b65c235d41c74f3f970ccec4

SHA512
2683d936aa9bbf378628404c539188147bd5753d78bf7152684cd1ebddea3ea8028b3aeff5d3dec1e3132d6e3aa396aa5ac211093cdc2cd91052edbf0eb7c41b

Download Submit
C:\Program Files (x86)\UsbFix\Res\PNG\vaccine.png

Filesize
1KB

MD5
8bb6a1a4d457db8ecaf7a7576c0718d1

SHA1
64554c3cf9ca46ce57bd3e5e5176b752128b340c

SHA256
85781f3908db93821822697b25688d95796d3de7774989fa631013402e37ecb5

SHA512
ce410060f9e8715def3f26d6598b566ea776dc940e8cc5b3bc8479e77bd02e876d6efd9896dd242d823572d21cd0d2c1889c6cc3a73d68cb28a855c19ccc2618

Download Submit
C:\Program Files (x86)\UsbFix\Res\PNG\windows.png

Filesize
1KB

MD5
bc96a899c083f7ca50ff045ba85776b7

SHA1
c476c7c1062fa319b1b437de7b6f8fa73013a0d6

SHA256
b7adcd7b7ce25ec54b27fe71a3ae45844cc516a456f79d6a7ff8fd57863251df

SHA512
8cd72698d22a15327074e4ff8d73d80f21bac561c5a3a9600c40e9929924c03e94f56c069b8f04ec5d6e58c18439130bc8e14d5b2447b54e04577291ebcc3bf4

Download Submit
C:\Program Files (x86)\UsbFix\Res\Sad-50.png

Filesize
3KB

MD5
2d8c1a9bc24cac69bfead8bc575a0bef

SHA1
98c5fd4216681492c20f24b9f7bd712ceb96a62f

SHA256
51a8922f45e7af442334a6a1db3076285ef1ebf2ebcf785311c5199dfb32dbea

SHA512
05fcff4d4535f74e951ccf9bed8bc126b549d93be7062aa2323e478e1a0fe90655ea18867278b631e7acd6796cb0adc5ec91f8363c7de6b9a09226f8450e0100

Download Submit
C:\Program Files (x86)\UsbFix\Res\Shop.png

Filesize
56KB

MD5
d1ebe2243d59741955b833ea4ecf35d4

SHA1
efff9f2482e563098677623e0047ed8b2c033d49

SHA256
97708226c36d231044fc64ad5c0ba10c90d8098e41847b7790e36c21183e83bc

SHA512
7e38aae417582d4ab993ccbae2a5e610f931e555ccef20e10bae0934d23f359632c7ba3e93514f12fd731f8b22256de099a9c11a7eb23b9ee1c8ac04662f9f76

Download Submit
C:\Program Files (x86)\UsbFix\Res\UsbFix-Happy-100.png

Filesize
3KB

MD5
9a381169e1eb28f2e6f5edc73d8f288c

SHA1
2e87a39989eb5b2bb7f746c5aa0f28797afc560a

SHA256
37f3e62e91844cd7b47758f236503d1c1c0a49eed2955d0b16f41b9c7ef7fcc9

SHA512
264de052611b6fbfd1dd7225c588b6e6477542bcfb0cb9b4c2a25bce73ef320d42aa7ef11d897f18303a4f61782abd7e66321216aa4b2bd64f38b4ceec6ebbff

Download Submit
C:\Program Files (x86)\UsbFix\Res\UsbFix.ico

Filesize
264KB

MD5
610a35911b9f88d87bd7388ca379c9c7

SHA1
84a1fdcb4361ff372f41d33d2a45fcbd6a7e17e2

SHA256
09c06f65f89e5857307cf8cba6794ffa7b21362ae4adaa82b877d3b51e7a8ab3

SHA512
9222a1226dccbe363094b3cd87348b0e3b1a711bf7f4df841da9de0d2b7c9aff95b0c35dd87e5b9d826d37f2f5356e8adbe64129e0a734647121fc6c0c1e083e

Download Submit
C:\Program Files (x86)\UsbFix\Res\checked.png

Filesize
659B

MD5
8eb11318698ab7666724223088190c36

SHA1
c4465da17b4cf9d651a2da64f399f9ad1b924d50

SHA256
8ba0b36e8984575726a18300225ad8b0433dfce4b13f41c4dc899158d5ab3f0d

SHA512
da8adbf1866f8f9cc40b4992f04683cbb299c51dfaf12cd905cc5092062005abaddc2c3eac1cc79a2fe64925716baebdc30f7d42fab251225c1932598fd1084c

Download Submit
C:\Program Files (x86)\UsbFix\Res\delete.png

Filesize
602B

MD5
36ec79892d91374cc1d16d5b109f0df7

SHA1
2f1d7508e8b391362fb3fc5a3466f414f4abec06

SHA256
58d1c4bf6b7c6703d29f8dcdbfe07ee97978c4d48186ae83178e11d842d12e94

SHA512
17e18fc199f02388bf2a7cd03edf165bf44aebdf936ef7ffbc5049af49975a0c0ee0d31034d4d44e2dc093ef5e14f81b15f228640b31fa7eeea28ac46e591150

Download Submit
C:\Program Files (x86)\UsbFix\Res\help.png

Filesize
609B

MD5
6c5c220ade0a800f06615a2b2e20e6ab

SHA1
fbce3ccfba93caf86875f55299a4f6bdc801851c

SHA256
02e10355cbad419113dc373601d66c403f31f3bdff94c34af9beb35c0ac3539f

SHA512
fd622f1922d9e3a08c86ca66ebbe69ecc51e2a5f7f1ff9e24d6ab1d8677d7423cb87496adda44fab2c0bb19debce8c7a23963767e9be6618cdac99fab50576fe

Download Submit
C:\Program Files (x86)\UsbFix\Res\logo-2-300x86.png

Filesize
7KB

MD5
f3499de8303d909f21d587da9ef128a3

SHA1
add63b63be2991e8d3e6cd3dc0b9ba32f591dbb2

SHA256
55cc0bfac1dc4a1e8be8e1e9fe57751fc4302d5cfcad438e3def50a2e640a495

SHA512
837d4bfc9f0044a524c1e69c21ed6de48ae90289b8f4db58815d3c50874e0aa21fd5229735ad3ef42f2b612be824f561b4efb606fb622528f482e598944adf00

Download Submit
C:\Program Files (x86)\UsbFix\Res\open.png

Filesize
633B

MD5
f653940a979a29b77dbc6933bfb6c8c1

SHA1
10b4eeb873dadc2b90000cbe282bca1b1747285d

SHA256
9b3d9bac8fe8a1ddfc9d42543b550f22697da6ec27304facfa9a845e3859a895

SHA512
92a7baa120d2d3575f833ae65f15c4698963910f23c161003fc3f8bcf6459724e4dcde382ba73edfbd3b5f9bbb5149abae804fd896965631dff76bfbe9745a00

Download Submit
C:\Program Files (x86)\UsbFix\Res\partner\Bitdefender-sidebar-fr.jpg

Filesize
44KB

MD5
aee977c9306c4736c2ee1ac59e14a946

SHA1
07f4d090d2eb9a42bf76e085091a77b127ddfdd3

SHA256
c6153c33766a869a38989df34667e693b05361d932a16b92bf2a2aa4f762a7a3

SHA512
2811f0a4aab8ac98ab8ac5fd372e13fb9e2994eb79fc285f90bc143385426d1863ef06e39df8f5ca67505ad82adc8c016dae0fc33050dea094ddb2f3ea51cbb6

Download Submit
C:\Program Files (x86)\UsbFix\Res\partner\bitdefender-2018.png

Filesize
73KB

MD5
e5b760351ad2444f8a0940573f271ced

SHA1
5950ebc3c9c5567240a5a666fa3eaab1f0827e06

SHA256
1f1eba2c0680e6b7699d93456b3b3669111baa6e02c1a1b5ad0f70c520047e1b

SHA512
7881979920a02e0faa5e3e9140e8c0ebd3681f58aded2ea95b7cc4063887a0925d70a565f9dc763b408fd5413ff265910c76f6b95695daa93078bbdd35567dc7

Download Submit
C:\Program Files (x86)\UsbFix\Res\partner\bitdefender-hover-2018.png

Filesize
36KB

MD5
7a4a3e19c16ff64f1886a6c3c3beb0be

SHA1
e7469f84150dd612254f646a701ffafd8c7eb392

SHA256
39ea9075a637da5e479bdc356a235d0cb443303c075bab0e296aefb6355df21d

SHA512
57afc649d3764bd2a38a90decb53dc69e0f06c2c5b9bcb216dd740fce3f57b592b576404b2cf23c7497f51f6c8cccc4719652cfc5c218de19d6f74409d5b99a8

Download Submit
C:\Program Files (x86)\UsbFix\Res\partner\bitdefender-hover.png

Filesize
98KB

MD5
2e635b09f49420f2285bdfda2caf9598

SHA1
e2219194fd53366bae90738b1a9a8265c1a72bae

SHA256
92376612d1839d3edb094aa86fc062ed1b37df7c71b527341af5fde29f8d67fd

SHA512
ba45b863cebe3e070bb7211312ebe7b4ceac31fb41dcafc9d23c52a389fe23c7abf3c5d7e865058872437da72044c2d712213bdba5eba72e45dd136e71e47f0a

Download Submit
C:\Program Files (x86)\UsbFix\Res\partner\bitdefender.png

Filesize
84KB

MD5
d18c57c5021f21285d75c109e1680f5f

SHA1
0de1354b46d79d3ec94b20572a0b9ebc0f2392a3

SHA256
8eae874b9de4fcc8844fac94d3d402f753db37baaffe5bb6e937e51f4d56e053

SHA512
767bb7c316a24163a22e762a389ec2852e252c6cc2b807e82fd3ed15ee16bf037f6586054f9e7c6fe6bda237f562a00390ddf374a9f9495367f1587c635ea41a

Download Submit
C:\Program Files (x86)\UsbFix\Res\partner\depannage-sosvirus.png

Filesize
90KB

MD5
55986a4a4e121f3370e4dab0699ae273

SHA1
335d0319cf4657e00f31855afb9bfbf9481a4160

SHA256
ffc84ef921602bc8f3072df24ca6d7b391981f9078f46dcecffa9e4283c05467

SHA512
43ba96f28d94faada858ea24635c72b0702fee6ab89df23820c94a1317ca1bdeceb83ddb46f1b026c99417a28f4a93b2965aeb7bcb1a745c49d221f5af0420a4

Download Submit
C:\Program Files (x86)\UsbFix\Res\restore.png

Filesize
624B

MD5
248beed7dbbda3c8e5e49651fecffae1

SHA1
974e3e0c95353b4da9ce9350f8e34586bbb8d121

SHA256
cbaee1b8ee3de9847ff0eef079d98b5f15da5831a49d1cf610fea66d41277eec

SHA512
fb328af61ec554d9b935d15e978a72bd16ac1de0890739e27d1d3f24f7f9846152b9d5208fbcfa68240681850202749cd188ffcc5af4d1592db89aff3d403f63

Download Submit
C:\Program Files (x86)\UsbFix\Res\script installer msi.iss

Filesize
2KB

MD5
ddf4201ad3a621838681f696e5fec4e3

SHA1
2f1c235bbf2c51898005890393ca7865a8bc771e

SHA256
04edfe2c0bb61420b0e7883a5de5620c2228fef7cdbfd2b19f6dfb0e9ca9965b

SHA512
d9b83d7ec11d724e32b0ac4c4acdd1ce1708b910892bcad884ba1e590f6a4338afa7687cebedd956bfc342fef77195b021d3b90c4d977a7f345b08f02f579222

Download Submit
C:\Program Files (x86)\UsbFix\UsbFix.exe

Filesize
2.0MB

MD5
7fd3207bf750f4bd3c3525c84b62bbbe

SHA1
32b24ece37a7d19474214973ca5481b4d70e28e3

SHA256
c01c238a37780ae7536623ee46f0cb9f8b3af1ff4a1496dbee76bc2da5664411

SHA512
bd93cc31f0c241b9ffe4313d5ac0c75a16b1bca12cf15c74f5b6c1724a2f6434054534fe989c6b3d0e06c8c24aa614fd9dd1378911366b504f59ca083cb65925

Download Submit
C:\Program Files (x86)\UsbFix\UsbFix.exe

Filesize
2.0MB

MD5
7fd3207bf750f4bd3c3525c84b62bbbe

SHA1
32b24ece37a7d19474214973ca5481b4d70e28e3

SHA256
c01c238a37780ae7536623ee46f0cb9f8b3af1ff4a1496dbee76bc2da5664411

SHA512
bd93cc31f0c241b9ffe4313d5ac0c75a16b1bca12cf15c74f5b6c1724a2f6434054534fe989c6b3d0e06c8c24aa614fd9dd1378911366b504f59ca083cb65925

Download Submit
C:\Users\Admin\AppData\Local\Temp\~ismapzr.xml

Filesize
1KB

MD5
034d2005d0e7ab6e3ed9b7c6b2dcd199

SHA1
a433503fa1de3190fb93a0c3fee75f20acfeb9cb

SHA256
a2573eea6128f80e03fdab0f2f801cc405f3cc3ebe9e37f8515233181d0ed9c6

SHA512
685dfe769ef644ef4c036aa6010bab289456fb2b4e2f1f96b6f9d5271615af0224da54b675e98ada2a4a5fb50931e61afff0f62e334c2a64c466ffe71ea93cbc

Download Submit
\Program Files (x86)\UsbFix\UsbFix.exe

Filesize
2.0MB

MD5
7fd3207bf750f4bd3c3525c84b62bbbe

SHA1
32b24ece37a7d19474214973ca5481b4d70e28e3

SHA256
c01c238a37780ae7536623ee46f0cb9f8b3af1ff4a1496dbee76bc2da5664411

SHA512
bd93cc31f0c241b9ffe4313d5ac0c75a16b1bca12cf15c74f5b6c1724a2f6434054534fe989c6b3d0e06c8c24aa614fd9dd1378911366b504f59ca083cb65925

Download Submit
\Program Files (x86)\UsbFix\UsbFix.exe

Filesize
2.0MB

MD5
7fd3207bf750f4bd3c3525c84b62bbbe

SHA1
32b24ece37a7d19474214973ca5481b4d70e28e3

SHA256
c01c238a37780ae7536623ee46f0cb9f8b3af1ff4a1496dbee76bc2da5664411

SHA512
bd93cc31f0c241b9ffe4313d5ac0c75a16b1bca12cf15c74f5b6c1724a2f6434054534fe989c6b3d0e06c8c24aa614fd9dd1378911366b504f59ca083cb65925

Download Submit
\Users\Admin\AppData\Local\Temp\nso61B.tmp\nsProcess.dll

Filesize
4KB

MD5
faa7f034b38e729a983965c04cc70fc1

SHA1
df8bda55b498976ea47d25d8a77539b049dab55e

SHA256
579a034ff5ab9b732a318b1636c2902840f604e8e664f5b93c07a99253b3c9cf

SHA512
7868f9b437fcf829ad993ff57995f58836ad578458994361c72ae1bf1dfb74022f9f9e948b48afd3361ed3426c4f85b4bb0d595e38ee278fee5c4425c4491dbf

Download Submit
memory/552-67-0x0000000000000000-mapping.dmp

Download
memory/572-59-0x0000000000000000-mapping.dmp

Download
memory/788-65-0x0000000000000000-mapping.dmp

Download
memory/936-56-0x0000000000000000-mapping.dmp

Download
memory/1004-128-0x000007FEFBB51000-0x000007FEFBB53000-memory.dmp

Filesize
8KB

Download
memory/1080-69-0x0000000000000000-mapping.dmp

Download
memory/1368-54-0x0000000076461000-0x0000000076463000-memory.dmp

Filesize
8KB

Download
memory/1388-125-0x0000000000000000-mapping.dmp

Download
memory/1772-64-0x0000000073C90000-0x000000007423B000-memory.dmp

Filesize
5.7MB

Download
memory/1772-58-0x0000000000000000-mapping.dmp

Download
memory/1772-124-0x0000000073C90000-0x000000007423B000-memory.dmp

Filesize
5.7MB

Download
memory/1928-66-0x0000000000000000-mapping.dmp

Download