603d05bd523d1c483d7f80a589607fcee43252e1c85ab67ffa9777960e01d26c

Resubmissions

16/02/2023, 06:41

230216-hf1y7agc57 8

16/02/2023, 06:36

230216-hdeyyaga2y 8

Analysis

max time kernel
144s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
16/02/2023, 06:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
Size

6.7MB
MD5

ae242bd1226aaa270e2e167c252c4555
SHA1

850aed65c3efce9090b4b6552075af3bc57e0659
SHA256

7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78
SHA512

1c2ae75fe6017957323251d3d8004e41e1f81e3c3c5dba23aecf3902d47e922b731b2ca7232e04d228b7c402140352c75ca77e88afb9de76688cf7b40abd0fa6
SSDEEP

98304:is5DZoRvVmqkGpsV7Owx7FYhX4vs/6uur+GZIB6TPgV6Vf4YiYcHR4cLJpB/EO:v+RvV9kGMxF8Es/6uCdZXF0N6AJrL

Score

8^/10

bootkit discovery persistence

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe

Executes dropped EXE 1 IoCs

pid	Process
3300	LdsHelper.exe

Loads dropped DLL 9 IoCs

pid	Process
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
3300	LdsHelper.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Writes to the Master Boot Record (MBR) 1 TTPs 2 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1067

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
File opened for modification	\??\PhysicalDrive0	LdsHelper.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Ludashi\Utils\cef\locales\ko.pak	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
File created	C:\Program Files (x86)\Ludashi\Utils\cef\locales\uk.pak	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
File created	C:\Program Files (x86)\Ludashi\Utils\cef\locales\ar.pak	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
File opened for modification	C:\Program Files (x86)\Ludashi\Utils\cef\locales\bg.pak	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
File created	C:\Program Files (x86)\Ludashi\Utils\cef\locales\bn.pak	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
File opened for modification	C:\Program Files (x86)\Ludashi\Utils\cef\locales\et.pak	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
File created	C:\Program Files (x86)\Ludashi\Utils\cef\locales\fi.pak	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
File created	C:\Program Files (x86)\Ludashi\Utils\cef\locales\vi.pak	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
File created	C:\Program Files (x86)\Ludashi\Utils\cef\wow_helper.exe	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
File opened for modification	C:\Program Files (x86)\Ludashi\Utils\cef\LdsCefView.exe.manifest	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
File opened for modification	C:\Program Files (x86)\Ludashi\Utils\cef\locales\fa.pak	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
File created	C:\Program Files (x86)\Ludashi\Utils\cef\locales\fil.pak	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
File opened for modification	C:\Program Files (x86)\Ludashi\Utils\cef\locales\fil.pak	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
File created	C:\Program Files (x86)\Ludashi\Utils\cef\locales\sl.pak	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
File created	C:\Program Files (x86)\Ludashi\Utils\cef\locales\he.pak	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
File opened for modification	C:\Program Files (x86)\Ludashi\Utils\cef\locales\sk.pak	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
File created	C:\Program Files (x86)\Ludashi\Utils\cef\version.txt	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
File opened for modification	C:\Program Files (x86)\Ludashi\Utils\cef\locales\am.pak	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
File created	C:\Program Files (x86)\Ludashi\Utils\cef\locales\en-US.pak	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
File opened for modification	C:\Program Files (x86)\Ludashi\Utils\cef\locales\en-US.pak	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
File created	C:\Program Files (x86)\Ludashi\Utils\cef\locales\it.pak	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
File opened for modification	C:\Program Files (x86)\Ludashi\Utils\cef\locales\it.pak	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
File created	C:\Program Files (x86)\Ludashi\{7D7F0054-1619-460a-A6C9-1878664B0C55}.tf	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
File created	C:\Program Files (x86)\Ludashi\{9A5D65FB-F02E-4ce6-AC5E-DE02A10FE8FE}.tf	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
File opened for modification	C:\Program Files (x86)\Ludashi\Utils\cef\locales\da.pak	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
File created	C:\Program Files (x86)\Ludashi\Utils\cef\locales\hi.pak	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
File created	C:\Program Files (x86)\Ludashi\Utils\cef\locales\sw.pak	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
File created	C:\Program Files (x86)\Ludashi\Utils\cef\locales\cs.pak	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
File opened for modification	C:\Program Files (x86)\Ludashi\Utils\cef\locales\es.pak	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
File created	C:\Program Files (x86)\Ludashi\Utils\cef\locales\lt.pak	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
File opened for modification	C:\Program Files (x86)\Ludashi\Utils\cef\locales\nb.pak	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
File created	C:\Program Files (x86)\Ludashi\Utils\cef\locales\ru.pak	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
File created	C:\Program Files (x86)\Ludashi\{E7189C49-FFFD-44b5-9FB0-AE84256AA838}.tf	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
File created	C:\Program Files (x86)\Ludashi\Utils\cef\locales\de.pak	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
File opened for modification	C:\Program Files (x86)\Ludashi\Utils\cef\locales\gu.pak	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
File created	C:\Program Files (x86)\Ludashi\Utils\cef\locales\zh-TW.pak	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
File opened for modification	C:\Program Files (x86)\Ludashi\HardwareProtect.sys	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
File created	C:\Program Files (x86)\Ludashi\Utils\cef\locales\te.pak	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
File opened for modification	C:\Program Files (x86)\Ludashi\Utils\cef\cef.pak	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
File opened for modification	C:\Program Files (x86)\Ludashi\Utils\cef\LICENSE.txt	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
File created	C:\Program Files (x86)\Ludashi\Utils\cef\locales\bg.pak	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
File created	C:\Program Files (x86)\Ludashi\Utils\cef\locales\fr.pak	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
File created	C:\Program Files (x86)\Ludashi\Utils\cef\natives_blob.bin	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
File opened for modification	C:\Program Files (x86)\Ludashi\Utils\cef\widevinecdmadapter.dll	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
File opened for modification	C:\Program Files (x86)\Ludashi\ComputerZ.set	LdsHelper.exe
File created	C:\Program Files (x86)\Ludashi\Utils\cef\icudtl.dat	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
File opened for modification	C:\Program Files (x86)\Ludashi\Utils\cef\locales\ca.pak	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
File created	C:\Program Files (x86)\Ludashi\Utils\cef\locales\da.pak	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
File created	C:\Program Files (x86)\Ludashi\Utils\cef\locales\fa.pak	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
File opened for modification	C:\Program Files (x86)\Ludashi\Utils\cef\locales\fi.pak	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
File created	C:\Program Files (x86)\Ludashi\Utils\cef\locales\pl.pak	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
File created	C:\Program Files (x86)\Ludashi\HardwareProtect.sys	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
File opened for modification	C:\Program Files (x86)\Ludashi\Utils\cef\snapshot_blob.bin	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
File created	C:\Program Files (x86)\Ludashi\Utils\cef\cef_200_percent.pak	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
File created	C:\Program Files (x86)\Ludashi\Utils\cef\locales\es-419.pak	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
File created	C:\Program Files (x86)\Ludashi\Utils\cef\locales\hr.pak	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
File opened for modification	C:\Program Files (x86)\Ludashi\Utils\cef\locales\lv.pak	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
File created	C:\Program Files (x86)\Ludashi\Utils\cef\locales\ml.pak	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
File opened for modification	C:\Program Files (x86)\Ludashi\Utils\cef\locales\uk.pak	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
File opened for modification	C:\Program Files (x86)\Ludashi\Utils\cef\d3dcompiler_47.dll	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
File opened for modification	C:\Program Files (x86)\Ludashi\Utils\cef\cef_200_percent.pak	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
File created	C:\Program Files (x86)\Ludashi\Utils\cef\cef_extensions.pak	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
File created	C:\Program Files (x86)\Ludashi\Utils\cef\cef_resources.pak	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
File opened for modification	C:\Program Files (x86)\Ludashi\Utils\cef\locales\cs.pak	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies system certificate store 2 TTPs 8 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 5c000000010000000400000000080000190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f6200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa604000000010000001000000087ce0b7b2a0e4900e158719b37a893722000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81\Blob = 0f000000010000001400000085fef11b4f47fe3952f98301c9f98976fefee0ce7f000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030109000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000002500000030233021060b6086480186f8450107300130123010060a2b0601040182373c0101030200c06200000001000000200000008d722f81a9c113c0791df136a2966db26c950a971db46b4199f4ea54b78bfb9f1400000001000000140000007b5b45cfafcecb7afd31921a6ab6f346eb5748501d00000001000000100000005b3b67000eeb80022e42605b6b3b72400b000000010000000e00000074006800610077007400650000007e000000010000000800000000c0032f2df8d60103000000010000001400000091c6d6ee3e8ac86384e548c299295c756c817b812000000001000000240400003082042030820308a0030201020210344ed55720d5edec49f42fce37db2b6d300d06092a864886f70d01010505003081a9310b300906035504061302555331153013060355040a130c7468617774652c20496e632e31283026060355040b131f43657274696669636174696f6e205365727669636573204469766973696f6e31383036060355040b132f2863292032303036207468617774652c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79311f301d06035504031316746861777465205072696d61727920526f6f74204341301e170d3036313131373030303030305a170d3336303731363233353935395a3081a9310b300906035504061302555331153013060355040a130c7468617774652c20496e632e31283026060355040b131f43657274696669636174696f6e205365727669636573204469766973696f6e31383036060355040b132f2863292032303036207468617774652c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79311f301d06035504031316746861777465205072696d61727920526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100aca0f0fb8059d49cc7a4cf9da159730910450c0d2c6e68f16c5b4868495937fc0b3319c2777fcc102d95341ce6eb4d09a71cd2b8c9973602b789d4245f06c0cc4494948d02626feb5add118d289a5c8490107a0dbd74662f6a38a0e2d55444eb1d079f07ba6feee9fd4e0b29f53e84a001f19cabf81c7e89a4e8a1d871650da3517beebcd222600db95b9ddfbafc515b0baf98b2e92ee904e86287de2bc8d74ec14c641eddcf8758ba4a4fca68071d1c9d4ac6d52f91cc7c71721cc5c067eb32fdc9925c94da85c09bbf537d2b09f48c9d911f976a52cbde0936a477d87b875044d53e6e2969fb3949261e09a5807b402debe82785c9fe61fd7ee67c971dd59d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e041604147b5b45cfafcecb7afd31921a6ab6f346eb574850300d06092a864886f70d010105050003820101007911c04bb391b6fcf0e967d40d6e45be55e893d2ce033fedda25b01d57cb1e3a76a04cec5076e864720ca4a9f1b88bd6d68784bb32e54111c077d9b3609deb1bd5d16e4444a9a601ec55621d77b85c8e48497c9c3b5711acad73378e2f785c906847d96060e6fc073d222017c4f716e9c4d872f9c8737cdf162f15a93efd6a27b6a1eb5aba981fd5e34d640a9d13c861baf5391c87bab8bd7b227ff6feac4079e5ac106f3d8f1b79768bc437b3211884e53600eb632099b9e9fe3304bb41c8c102f94463209e81ce42d3d63f2c76d3639c59dd8fa6e10ea02e41f72e9547cfbcfd33f3f60b617e7e912b8147c22730eea7105d378f5c392be404f07b8d568c68	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81\Blob = 190000000100000010000000dc73f9b71e16d51d26527d32b11a6a3d03000000010000001400000091c6d6ee3e8ac86384e548c299295c756c817b817e000000010000000800000000c0032f2df8d6010b000000010000000e00000074006800610077007400650000001d00000001000000100000005b3b67000eeb80022e42605b6b3b72401400000001000000140000007b5b45cfafcecb7afd31921a6ab6f346eb5748506200000001000000200000008d722f81a9c113c0791df136a2966db26c950a971db46b4199f4ea54b78bfb9f53000000010000002500000030233021060b6086480186f8450107300130123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703017f000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703010f000000010000001400000085fef11b4f47fe3952f98301c9f98976fefee0ce2000000001000000240400003082042030820308a0030201020210344ed55720d5edec49f42fce37db2b6d300d06092a864886f70d01010505003081a9310b300906035504061302555331153013060355040a130c7468617774652c20496e632e31283026060355040b131f43657274696669636174696f6e205365727669636573204469766973696f6e31383036060355040b132f2863292032303036207468617774652c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79311f301d06035504031316746861777465205072696d61727920526f6f74204341301e170d3036313131373030303030305a170d3336303731363233353935395a3081a9310b300906035504061302555331153013060355040a130c7468617774652c20496e632e31283026060355040b131f43657274696669636174696f6e205365727669636573204469766973696f6e31383036060355040b132f2863292032303036207468617774652c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79311f301d06035504031316746861777465205072696d61727920526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100aca0f0fb8059d49cc7a4cf9da159730910450c0d2c6e68f16c5b4868495937fc0b3319c2777fcc102d95341ce6eb4d09a71cd2b8c9973602b789d4245f06c0cc4494948d02626feb5add118d289a5c8490107a0dbd74662f6a38a0e2d55444eb1d079f07ba6feee9fd4e0b29f53e84a001f19cabf81c7e89a4e8a1d871650da3517beebcd222600db95b9ddfbafc515b0baf98b2e92ee904e86287de2bc8d74ec14c641eddcf8758ba4a4fca68071d1c9d4ac6d52f91cc7c71721cc5c067eb32fdc9925c94da85c09bbf537d2b09f48c9d911f976a52cbde0936a477d87b875044d53e6e2969fb3949261e09a5807b402debe82785c9fe61fd7ee67c971dd59d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e041604147b5b45cfafcecb7afd31921a6ab6f346eb574850300d06092a864886f70d010105050003820101007911c04bb391b6fcf0e967d40d6e45be55e893d2ce033fedda25b01d57cb1e3a76a04cec5076e864720ca4a9f1b88bd6d68784bb32e54111c077d9b3609deb1bd5d16e4444a9a601ec55621d77b85c8e48497c9c3b5711acad73378e2f785c906847d96060e6fc073d222017c4f716e9c4d872f9c8737cdf162f15a93efd6a27b6a1eb5aba981fd5e34d640a9d13c861baf5391c87bab8bd7b227ff6feac4079e5ac106f3d8f1b79768bc437b3211884e53600eb632099b9e9fe3304bb41c8c102f94463209e81ce42d3d63f2c76d3639c59dd8fa6e10ea02e41f72e9547cfbcfd33f3f60b617e7e912b8147c22730eea7105d378f5c392be404f07b8d568c68	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f6200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
3300	LdsHelper.exe
3300	LdsHelper.exe

Suspicious behavior: LoadsDriver 1 IoCs

pid	Process
648	Process not Found

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeDebugPrivilege	4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
Token: SeDebugPrivilege	4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
Token: SeDebugPrivilege	4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
Token: SeDebugPrivilege	4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4152 wrote to memory of 3300	4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe	90
PID 4152 wrote to memory of 3300	4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe	90
PID 4152 wrote to memory of 3300	4152	7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe	90

C:\Users\Admin\AppData\Local\Temp\7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe
"C:\Users\Admin\AppData\Local\Temp\7aac382736121f38e6b045703ba1f8f95352d5a9c3ec4a85dee13e885a152d78.exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Drops file in Program Files directory
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4152
- C:\Program Files (x86)\Ludashi\Utils\LdsHelper.exe
  "C:\Program Files (x86)\Ludashi\Utils\LdsHelper.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Writes to the Master Boot Record (MBR)
  - Drops file in Program Files directory
  - Suspicious behavior: EnumeratesProcesses
  PID:3300

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

T1067

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Ludashi\ComputerZ.set

Filesize
82B

MD5
50bd162a74e4b28911ab67890d59c677

SHA1
161b37ab432badb577786661eaf797c26f5c62f0

SHA256
3341c6e1207ac6ed684511482f88964dbdb5e1886da5b6963bf636081ae0f009

SHA512
716fa9ed18b0845512a39aca962efda65d3b73ed848d6a0aa774a98875487a533a251a0321255b31ceea61329dbedadc6b757267da3ba21daea10368d1c4ec83

Download Submit
C:\Program Files (x86)\Ludashi\ComputerZ.set

Filesize
82B

MD5
50bd162a74e4b28911ab67890d59c677

SHA1
161b37ab432badb577786661eaf797c26f5c62f0

SHA256
3341c6e1207ac6ed684511482f88964dbdb5e1886da5b6963bf636081ae0f009

SHA512
716fa9ed18b0845512a39aca962efda65d3b73ed848d6a0aa774a98875487a533a251a0321255b31ceea61329dbedadc6b757267da3ba21daea10368d1c4ec83

Download Submit
C:\Program Files (x86)\Ludashi\ComputerZTray.exe

Filesize
8.4MB

MD5
e9042e8c7b59b84fb6f57517798cae52

SHA1
30ab0ec13983a6bd9037d3ad0ba7dfa5750f650c

SHA256
151d5c2cdee63352a32010bba1b2fd34d39eb4fe4b8ad45d8acfb70715c63b20

SHA512
e9e2f0d43400a21e796c3769c8a91546e6ae121ebe04788d1fb6d724595e2b3493720d756e54b6e25b7db6c3fedec8836042d44715dc23f95af5e2509db1f4d1

Download Submit
C:\Program Files (x86)\Ludashi\ComputerZ_CN.exe

Filesize
3.7MB

MD5
b833bcb9bfe16563c36be0c430b848b9

SHA1
a90866f92d6c8af51f58baf08a2982ada27233cb

SHA256
e50ded7fa0ba74eb10bccc03f9fdb022d9fb6bbc68bc4755f7324e5f2cc36ebc

SHA512
3c47f162c7503450d4c9ba1e499aa222e47211f96815db2f0d33659758cdcc27801271f33677142f8092cdbc80c7fd1910a29197846d61f073928afb40dc071b

Download Submit
C:\Program Files (x86)\Ludashi\Utils\7z.dll

Filesize
1.1MB

MD5
2706693dda10c6cc79eed24c56d4e5ef

SHA1
4f34ef1bd49273a0d260b9dab15c73eb0ccb6383

SHA256
0edad8a1af22d5b97c1f324791c86243a6ecce7b5a9d2f30415af99aba9129c3

SHA512
7e7f7ae894528587ba33b6e10999549bb9a2ec2748b5662fa1b8806e5f4ce33af47507b3ef2954f2747a76b5b7c775c1cd671061f577c5016d1f8ba165bbe21c

Download Submit
C:\Program Files (x86)\Ludashi\Utils\7z.dll

Filesize
1.1MB

MD5
2706693dda10c6cc79eed24c56d4e5ef

SHA1
4f34ef1bd49273a0d260b9dab15c73eb0ccb6383

SHA256
0edad8a1af22d5b97c1f324791c86243a6ecce7b5a9d2f30415af99aba9129c3

SHA512
7e7f7ae894528587ba33b6e10999549bb9a2ec2748b5662fa1b8806e5f4ce33af47507b3ef2954f2747a76b5b7c775c1cd671061f577c5016d1f8ba165bbe21c

Download Submit
C:\Program Files (x86)\Ludashi\Utils\CefHelper.dll

Filesize
477KB

MD5
91d986307ab1e56f7f77710664cdb70d

SHA1
18fe10c7b1ec55632c03b9f06f9d881a022c970a

SHA256
d85bfd004e2ca8dbdfa72a4bdcb1510df76ed56d46ef5128500883c8c7f7c8fb

SHA512
480659e912ef3053a4542eb2e8eaa3a70df92569e9834d950d9d7ee07e8c9d740b59f1eaed90276454ab71211da41d2f3d945cc486539cba7be3a5c5c0a61e32

Download Submit
C:\Program Files (x86)\Ludashi\Utils\CefHelper.dll

Filesize
477KB

MD5
91d986307ab1e56f7f77710664cdb70d

SHA1
18fe10c7b1ec55632c03b9f06f9d881a022c970a

SHA256
d85bfd004e2ca8dbdfa72a4bdcb1510df76ed56d46ef5128500883c8c7f7c8fb

SHA512
480659e912ef3053a4542eb2e8eaa3a70df92569e9834d950d9d7ee07e8c9d740b59f1eaed90276454ab71211da41d2f3d945cc486539cba7be3a5c5c0a61e32

Download Submit
C:\Program Files (x86)\Ludashi\Utils\CefRes.dll

Filesize
24.2MB

MD5
009b2a92ea877e1c8b33b13cc17137d4

SHA1
fe41711307e7a596e5b30f0ac00d7b75a6002d04

SHA256
6af751a5f0b73c1ccb723afd0089ea7bcecf0e302afe03f10040fb9c11ce05c1

SHA512
6b68d45bd7707e4bfa3bf8ed0bb9f73205c5c002c634d9e6619a1e7996859d6cf6624037b8cb0c730a7965d8dd7566121401bf4726484814879cb6372684fc0f

Download Submit
C:\Program Files (x86)\Ludashi\Utils\CefRes.dll

Filesize
24.2MB

MD5
009b2a92ea877e1c8b33b13cc17137d4

SHA1
fe41711307e7a596e5b30f0ac00d7b75a6002d04

SHA256
6af751a5f0b73c1ccb723afd0089ea7bcecf0e302afe03f10040fb9c11ce05c1

SHA512
6b68d45bd7707e4bfa3bf8ed0bb9f73205c5c002c634d9e6619a1e7996859d6cf6624037b8cb0c730a7965d8dd7566121401bf4726484814879cb6372684fc0f

Download Submit
C:\Program Files (x86)\Ludashi\Utils\ComputerZ12.dll

Filesize
956KB

MD5
d4bedaf01cc67ad161cd454cff3ddb93

SHA1
36571a19ae58c8ae9d1505cc0b6b673be47b1756

SHA256
019380b69ab5410d923abc86487d636e28dc51fb03015ef15b7c5be7be13b4b3

SHA512
d121d8d2676f6426aa94ee31af93c60ce72b451c8d48cf1e98ce844fba997da859a2140e7d2f4fd2c34ca9f1fd1ace3b8a84c8befa74d035879a036b0671ea3c

Download Submit
C:\Program Files (x86)\Ludashi\Utils\ComputerZ12_x64.dll

Filesize
1.2MB

MD5
0e426bd24d7a8b9058622259a6da352b

SHA1
ab833eee8362f1f32537a436e1fb95b810010db4

SHA256
a876bee4db2c330ca4d6e959ba878c28a2032d2da4a03a1a4b5e1dae9c8612d5

SHA512
d7c90110f053158db57e1d1d6d9790dff03efda64b2186a0b0da26bde06d58a77d580cfc497ebe037cdf7da398292b7b1e35b377f52bd6f60f5699aca4f39200

Download Submit
C:\Program Files (x86)\Ludashi\Utils\ComputerZ8.dll

Filesize
241KB

MD5
08d4addb59ec78303aeeb2b08030defb

SHA1
ea058e83945ef8e20712ff1c7659d528362d1b46

SHA256
c27454a2e8b56665a9282fd774b8568da3aad3a00b1ff673c5115a28acdb5f25

SHA512
ef792cda42ebca4ea3c6547b0c7f4d1aa603cb71922db154b96b22deef6ba22d1a5cb23849cf168281aaf7c956fbd46976e929ae15f3295491724c363e567b6c

Download Submit
C:\Program Files (x86)\Ludashi\Utils\ComputerZ8_x64.dll

Filesize
288KB

MD5
5a0f33714bf8ae637fb6800473819af7

SHA1
b788684a669362765f472083fc316f7d36c0eeaf

SHA256
f2e0d6fa5d7590bfc694ffe222e503dc7171ce585bde4feec3f165899caf09a1

SHA512
71113af332c7e78a8cf9a1a7221d4c10c8b6db6f61f739b3ed3755d50e130dbe26e6a73e2c370be5fb9c89ea3f711f5027a19e8df32920407fe8fb67a5236dae

Download Submit
C:\Program Files (x86)\Ludashi\Utils\LDSBasic.dll

Filesize
1.7MB

MD5
2d3d1b3fd61d0230161b1c43e367df45

SHA1
a1090c691dd54b9bc2509c0e81d00cfeb6c2db32

SHA256
fb3b48b2980ac6cbecd7c579a58e0358dcfe03ea2d66c839e965627c4612a619

SHA512
217f7f1f41c26e0ac9910d10f0ff2d538acc0156595244f33d4bce018a8097d1911d5a668e3a6d889e5147b27a40b7cd6904e2d8e1d49dd53eb184468fdb1764

Download Submit
C:\Program Files (x86)\Ludashi\Utils\LdsHelper.exe

Filesize
871KB

MD5
789ff3ad5461728f393f86ffc0351fc6

SHA1
c5d994ac9dfe8440ddc9fd4c8cebe9776cf13356

SHA256
ae9ea86fcc401d29e5b92e2cb6e6b6fe0cfbee7408f781b2e217a509a533cc94

SHA512
c7500c88125b278de8e17a602d96d26b703aabbbd3624913afa0e56d313ec0a8abc0080794061de8e5f4688bf45c0aa136019509420437222e8452e5da8c62c1

Download Submit
C:\Program Files (x86)\Ludashi\Utils\LdsVolumeCtrl.dll

Filesize
104KB

MD5
e3de14a4c2e1ea9c73d6e865a0fab837

SHA1
489f2b30c5e6c2af516e69ccad1f96d34411e66c

SHA256
23785aa5bae50bf822f3b2306fda41743b5937d770a8d9f391fae8f50497e20b

SHA512
941d8ec98afa5acd4b6a9d52c126e86c1e1f3460660171f70631124a422ec24b7f3c9ceca17eca01142b398a71cda045e136ffd420c01eba8cc4c883ef0cb0ef

Download Submit
C:\Program Files (x86)\Ludashi\Utils\Ldshelper.exe

Filesize
871KB

MD5
789ff3ad5461728f393f86ffc0351fc6

SHA1
c5d994ac9dfe8440ddc9fd4c8cebe9776cf13356

SHA256
ae9ea86fcc401d29e5b92e2cb6e6b6fe0cfbee7408f781b2e217a509a533cc94

SHA512
c7500c88125b278de8e17a602d96d26b703aabbbd3624913afa0e56d313ec0a8abc0080794061de8e5f4688bf45c0aa136019509420437222e8452e5da8c62c1

Download Submit
C:\Program Files (x86)\Ludashi\Utils\LuDaShiHelper.dll

Filesize
164KB

MD5
48484aa35450ac9595af42af04dd7f4e

SHA1
734653c55ba2a66e893b3884e9fe31d57851051c

SHA256
04b4b37315904097e7d12d72400dd43c3f1afa39147f974299e506a152a75542

SHA512
cafcb978b36c0ad7aa4255f207dcd7b69c32217c959f03c4a63dd6f67d4f9a7e1fd008787f2ba38deabeefb5e4b58c1a7e274baf327005ad35e33b0f00758a3c

Download Submit
C:\Program Files (x86)\Ludashi\Utils\NavAd.dll

Filesize
281KB

MD5
b235e69a3ae8f02e68bb94190bd238f9

SHA1
7747450aa888f6a59258c574a2a5a0cef5a06d54

SHA256
c4a019be64262055113cbc0be66d57eb56d750fd0cf57af623d589c94d3dc1c1

SHA512
9cb74d447accfed346292370de31cef6b1c53a29b7d9a4b147dc50840941cee6ee65147ca8dc71c7cf4491e88fee1c6f0a86183c65f2bf22ab8cb38a4eef489a

Download Submit
C:\Program Files (x86)\Ludashi\Utils\NavLauncher.dll

Filesize
111KB

MD5
81c7432015c24ed91800f759dc2bfabc

SHA1
d94828fd9dca99f840701437a1c041f647c58dfc

SHA256
b3b6820713c5c8e6354eb8a48f83d18ab7253b2dbec38d2b6e49a550fb18edea

SHA512
950067663e276aee30a912602c8ba7a00bc18d8e9cb3417da51be068a44e6e54eb31d6f8ec92e68ec84275926abd75517ec0c289ddb804d952fc0bce3c795ca4

Download Submit
C:\Program Files (x86)\Ludashi\Utils\NavLauncher64.dll

Filesize
392KB

MD5
fdc2298ccfff6d6b43c2d0f7779ef9dd

SHA1
8bb48b41cf55f9baf177eee720ad7cf3fe3ebce0

SHA256
97e71f6b65f749b070d47d22bf0c5776d79180e19cd4bbbb5a9a33da037ef5c3

SHA512
0024dd6e63e6de0d7b585ea0f03eb6bd4dd30104a70861eb2b09bbe7d577a4f25a6941f0dd2513b51a73b979a174d92afc81507085e2d784dfc7b81e7414c8a7

Download Submit
C:\Program Files (x86)\Ludashi\Utils\PCStoreSetup_officialwebsite.dll

Filesize
10.3MB

MD5
214063c2e8eb56472421ffcf066fcc5e

SHA1
0802b450986e2c954fa13018e3fda122a57b7c47

SHA256
ed93f5fc7d3bc958b15f4f57a149abd16cf58c985dbac75d592cc41c3acf7345

SHA512
7e5f8b00a00b4130db7bb69d863001d24b38c510d1294487878bc224c673dc280c1962e477048720caa81d6cd237a37c4b947c8490dd4822de43b1b1a96b8ff5

Download Submit
C:\Program Files (x86)\Ludashi\Utils\PageMgr.dll

Filesize
425KB

MD5
019559fa067a3d9393d6ef37eed4719c

SHA1
35fbd0221ac8bad7a14f8d7fa86750d89fd595bb

SHA256
eff4f5d5632a3ffdc06ee91b80f429df3a85d3b4c73916a2a08fac433230bdbd

SHA512
48b6fc945d356ca57e0c72249f39d1fd1adbec6276050c0cce247d725a3a1162a3c61c0badcbd0180f16abd705969f1ad7ab2f9de331b1e3521bd0c959b96eba

Download Submit
C:\Program Files (x86)\Ludashi\Utils\Pop.dll

Filesize
779KB

MD5
f6deffeb114254e0bcece46eb8951a5b

SHA1
b1ba2d37c6fb3776e525ae0de522e6939715f36b

SHA256
7d2d9b02acbee9a0afe04d6e7f9d3f4336ca9e31cfa0ad73c8bfc031fb0058e0

SHA512
9e2f830e08bf8aaac84c7b757a7bbc5b763141710015ae41dc075effb375fd7915700be05d78a9661be8d3543ae02029f02d15e1c21f98988e16800d607427da

Download Submit
C:\Program Files (x86)\Ludashi\Utils\PopEx.dll

Filesize
554KB

MD5
c6494b04750e6757252e88cf5c061530

SHA1
e8e0becd8e5daa11529e5d5c3ae3051db6b0ebdd

SHA256
2d7fcf14674527f524f3ec19d090b9c8367cfc7db6533b4e88c6a769836c5597

SHA512
fc45d135239d3273813fb22ba59620b2bf1ce973cab9f7b8a59d47d4347fc7a5f8c3ef97a51c2e859f2f081d8e9e90b7e79ef41371835efb02ea379a2d19952a

Download Submit
C:\Program Files (x86)\Ludashi\Utils\ProductInfo.dat

Filesize
87KB

MD5
c4e602bd780397e61daab7394ae39b28

SHA1
81abf2e28c681d99999a7c046e0629d03031f898

SHA256
e10a0a93fa88bcae6618fcb71051cf3c893bc19409ad6fb9578c2bd8a8fb77f4

SHA512
01e9247813038f4a66f4dc1642542984a95e2ee8d0d1580a52ad7cf5c51e5d8e2fb904a3438955d9600a9f22a51d88cea1f663df309153959beb2099c4efa1fe

Download Submit
C:\Program Files (x86)\Ludashi\Utils\WebDataMgr.dll

Filesize
677KB

MD5
c7053f00f6267d5a5e9cc09df392a651

SHA1
b324e8f786faa6f80f3a6f0fb6523eb270e8af7f

SHA256
ddb9a485fef65a3a92ef94f9169a1ad3996d92d450ac947052eef91be1f0dd79

SHA512
cb78b7c913e8222210037a2cd903781fd99f23bc4433e23de50f4ddc0b8631b94bf730e23729130e0866cccf4272e49160f49d8c87fb7f9a3bed43a9128f899a

Download Submit
C:\Program Files (x86)\Ludashi\Utils\WebView.dll

Filesize
1.9MB

MD5
e68618982c94bc388d59de8cae81ea5a

SHA1
6f472bec25b114292221c87b24aa883f2eb64448

SHA256
3cb47fd6f2e653382c93006dd47eb9d2aca6b47e80c05992a5355cb9843c97ee

SHA512
91c56505ca14d2d621407d5dc0e33c4c10416d4061bd30a5a3d8e9f56f34d02b0a588cbb92d39590249c069e3aceb34bbf826d2539750c4f3fc7343e3d4d5c65

Download Submit
C:\Program Files (x86)\Ludashi\Utils\Websocket.dll

Filesize
1.8MB

MD5
1c659410366b145d81cdbf3c92878faf

SHA1
e87c7811afc4b2fc7c08750a03027381c4cb609e

SHA256
8238b12809fa9540566b373e97e3947a8543d27def5a6cdca428d8516256dffb

SHA512
c82fe7e7943cb9c6d2f5e9f5904ae41096182d2ae777460721f563781305cff9296d470fb118fb4e30ea29f55e67f230de41e604dc418c8fbecd206353487ebb

Download Submit
C:\Program Files (x86)\Ludashi\Utils\arctrl.dll

Filesize
551KB

MD5
5d5ff285798b4fb701632f92a598142d

SHA1
709d2346fd44ae3171afc065589f0db547b49eaf

SHA256
d9dec9914a31e6396349186659c6ffb351cfb0766a8b5f9108fbaa41c92462d5

SHA512
456a41902614f7c838c1cf68a96f551fad428629ac8f0738091f4b9ce73b3862f63ff95d6856f93ddff64578d05998aa0927c29fd03d94b15fe78b121692b942

Download Submit
C:\Program Files (x86)\Ludashi\Utils\arctrl.dll

Filesize
551KB

MD5
5d5ff285798b4fb701632f92a598142d

SHA1
709d2346fd44ae3171afc065589f0db547b49eaf

SHA256
d9dec9914a31e6396349186659c6ffb351cfb0766a8b5f9108fbaa41c92462d5

SHA512
456a41902614f7c838c1cf68a96f551fad428629ac8f0738091f4b9ce73b3862f63ff95d6856f93ddff64578d05998aa0927c29fd03d94b15fe78b121692b942

Download Submit
C:\Program Files (x86)\Ludashi\Utils\instcore.dll

Filesize
411KB

MD5
47b2c31bc568b8692b607bef27f4fa1d

SHA1
00e542b7fca1ee66030adaf40c8bbfaade17dd87

SHA256
36200786c7e9c0b66636b0be13b8d15ceeb21ea797b59b4bd118ac21e3417207

SHA512
bcd09ff477433baf937da073157f1800e0a03a95f792d7b62cb4f0d52b5d6446698192186dcbaf090d9a0627a5c1711d2b1f9d8589495e91268900bde8ea7f19

Download Submit
C:\Program Files (x86)\Ludashi\Utils\js_basic.dll

Filesize
1.1MB

MD5
6cf181e7db1b5d7776ddf5044c6188a9

SHA1
4da3f1865575d3eee8d420ac61015b7b9ef3c4d5

SHA256
4f66bf85f00110ca3ee21d1e038b25c97c13e2f91cd514217ad59fca23ac5c02

SHA512
d2ca52fa7362d7cb830807981b03efd4c78e9bfee2917b16b6b87b9f17393dbf2f938acc68f1f0aef7f55f7d6bf7113c4c06bd4aa1be1d2d196ab86ee050a294

Download Submit
C:\Program Files (x86)\Ludashi\Utils\netul.dll

Filesize
1.9MB

MD5
7c450e5f5ce44c5acb8f3b27f5f1dded

SHA1
095c36b0db24a11389d901540e8b76c7aea518b0

SHA256
480c4c286a55562468d29da6771d38020d81c0af9d3883be10fd4a2f3b50d0ec

SHA512
c70a53d23d70cf93f3f9f40fbcb3cb7d49378185aa0c97683439900f5f2dae0cb7f6e279c856d56299dc993ffca786cd8e52239f2f2806096073f21bb00b63a4

Download Submit
C:\Program Files (x86)\Ludashi\Utils\product_helper.dll

Filesize
727KB

MD5
75654073797ec30585cb0d0531f741a3

SHA1
8d6ea13c4f767191a286fd012b20443772d4341d

SHA256
db382ea923e2ec3da7f004b932faa7854ac723efd3a4d01d87f96d4bb5f145d7

SHA512
ea13fb5c67344540398ee4467c66301681f1bf452bdc7a739d8eb611b98c89cf845e424283f0862e2bcf8650a7f803bf884e6e54f971b2bdd1ccd2a9e2cc103d

Download Submit
C:\Program Files (x86)\Ludashi\Utils\product_helper.dll

Filesize
727KB

MD5
75654073797ec30585cb0d0531f741a3

SHA1
8d6ea13c4f767191a286fd012b20443772d4341d

SHA256
db382ea923e2ec3da7f004b932faa7854ac723efd3a4d01d87f96d4bb5f145d7

SHA512
ea13fb5c67344540398ee4467c66301681f1bf452bdc7a739d8eb611b98c89cf845e424283f0862e2bcf8650a7f803bf884e6e54f971b2bdd1ccd2a9e2cc103d

Download Submit
C:\Program Files (x86)\Ludashi\Utils\product_helper.dll

Filesize
727KB

MD5
75654073797ec30585cb0d0531f741a3

SHA1
8d6ea13c4f767191a286fd012b20443772d4341d

SHA256
db382ea923e2ec3da7f004b932faa7854ac723efd3a4d01d87f96d4bb5f145d7

SHA512
ea13fb5c67344540398ee4467c66301681f1bf452bdc7a739d8eb611b98c89cf845e424283f0862e2bcf8650a7f803bf884e6e54f971b2bdd1ccd2a9e2cc103d

Download Submit
C:\Program Files (x86)\Ludashi\Utils\product_helper_x64.dll

Filesize
839KB

MD5
551e02af61cd1324f18ad0951f87eba7

SHA1
8a33d2332f345bb29b7409b7173f590473cc1f2a

SHA256
affe4376e85fb36d30c31ee3cecb5dbd82e97d87d1fd04aff2b35789055189f3

SHA512
e686f1883ebc1ea02a086e916ea315b4404c931e7b854bb31cf38d87a3ad51f840bd6ea0d0fed4489d33e6e9396f345285a76f3f235f94ad2bb3b1ef115e7268

Download Submit
C:\Users\Admin\AppData\Local\Temp\{28D3A916-AE0A-4437-9A57-2D007B6FD586}.tmp\NetBridge.dll

Filesize
238KB

MD5
8786d469338c30e0ba9fedfc62bd5197

SHA1
5fb12028ceae9772f938e1b98b699f0e02e32718

SHA256
beeaf8b72f7008e9adabacfcd85e32a50747a0dfb5c86802aeb973bd1f5c3d2f

SHA512
5db1e5b78e62cda81a63e8e712e720f87a7c7a539237a55a9098c076f9fb4e0b5adb83383c23657b4ccc90c117e55e3946a399cdf3d15cb94444b203d9d6c45c

Download Submit
C:\Users\Admin\AppData\Local\Temp\{6D7232AB-6F33-413a-B66A-FC7C46CE82DD}.tmp\7z.dll

Filesize
1.1MB

MD5
2706693dda10c6cc79eed24c56d4e5ef

SHA1
4f34ef1bd49273a0d260b9dab15c73eb0ccb6383

SHA256
0edad8a1af22d5b97c1f324791c86243a6ecce7b5a9d2f30415af99aba9129c3

SHA512
7e7f7ae894528587ba33b6e10999549bb9a2ec2748b5662fa1b8806e5f4ce33af47507b3ef2954f2747a76b5b7c775c1cd671061f577c5016d1f8ba165bbe21c

Download Submit
C:\Users\Admin\AppData\Roaming\ludashi\setup.dll

Filesize
74.3MB

MD5
dbdeda5c627771ca871dfc1bfc830843

SHA1
016a0fc4b0b8a80c9ddb7d59997851139b225238

SHA256
3d01828c32f3fbd23aecbd4e5213eaff3b62256ee947ba9fd8f04294e14ca47e

SHA512
7713fc4166004bade360d3c764d663b07316dfec6d71b2ca336af0e959da8f51bc8e04389b2fde732fd24a4cd6e5b60c0e54fd6cad9681ca6402c6d41c78c02b

Download Submit
memory/3300-182-0x00000000772E0000-0x00000000772F0000-memory.dmp

Filesize
64KB

Download
memory/4152-132-0x0000000000F90000-0x0000000001B0A000-memory.dmp

Filesize
11.5MB

Download
memory/4152-137-0x0000000000F90000-0x0000000001B0A000-memory.dmp

Filesize
11.5MB

Download
memory/4152-136-0x00000000772E0000-0x00000000772F0000-memory.dmp

Filesize
64KB

Download
memory/4152-135-0x00000000772E0000-0x00000000772F0000-memory.dmp

Filesize
64KB

Download