f11b7351c355b86449b8bc1489b4941f44569ea0b887717f739f4ffbe0bc80c3

Resubmissions

16/02/2023, 19:09

230216-xtx7saah8y 8

16/02/2023, 18:57

230216-xlytcabb96 10

Analysis

max time kernel
141s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
16/02/2023, 19:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ns-usbloader-7.0.jar
Size

19.7MB
MD5

d9d7589748e5ff43136c0eb7b5a0ae3c
SHA1

3b660a05f8adfa725889231474ae00f3845f944f
SHA256

f11b7351c355b86449b8bc1489b4941f44569ea0b887717f739f4ffbe0bc80c3
SHA512

2ae9f9d05f3c7f3ebbc5d7260b13bd2601521affb253d7706505ad541e2425b335a3f601af88e6a0643297d40d01a2c870d3ea308d17f542122a09c75c8e62a8
SSDEEP

393216:hawIJOm0djwUrY6LMOZuWXJTkKcotCXhRwsD8IjhHa42kE:haw+OLdhcYohRwsD8IjBa44

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	javaw.exe

Executes dropped EXE 4 IoCs

pid	Process
4248	Installer-7.0.exe
2080	NS-USBloader.exe
2732	javaw.exe
1492	javaw.exe

Loads dropped DLL 64 IoCs

pid	Process
4248	Installer-7.0.exe
4248	Installer-7.0.exe
4248	Installer-7.0.exe
2732	javaw.exe
2732	javaw.exe
2732	javaw.exe
2732	javaw.exe
2732	javaw.exe
2732	javaw.exe
2732	javaw.exe
2732	javaw.exe
2732	javaw.exe
1492	javaw.exe
1492	javaw.exe
1492	javaw.exe
1492	javaw.exe
1492	javaw.exe
1492	javaw.exe
1492	javaw.exe
1492	javaw.exe
1492	javaw.exe
1492	javaw.exe
1492	javaw.exe
1492	javaw.exe
1492	javaw.exe
1492	javaw.exe
1492	javaw.exe
1492	javaw.exe
1492	javaw.exe
1492	javaw.exe
1492	javaw.exe
1492	javaw.exe
1492	javaw.exe
1492	javaw.exe
1492	javaw.exe
1492	javaw.exe
1492	javaw.exe
1492	javaw.exe
1492	javaw.exe
1492	javaw.exe
1492	javaw.exe
1492	javaw.exe
1492	javaw.exe
1492	javaw.exe
1492	javaw.exe
1492	javaw.exe
1492	javaw.exe
1492	javaw.exe
1492	javaw.exe
1492	javaw.exe
1492	javaw.exe
1492	javaw.exe
1492	javaw.exe
1492	javaw.exe
1492	javaw.exe
1492	javaw.exe
1492	javaw.exe
1492	javaw.exe
1492	javaw.exe
1492	javaw.exe
1492	javaw.exe
1492	javaw.exe
1492	javaw.exe
1492	javaw.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Drops file in System32 directory 6 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SYSTEM32\ntdll.pdb	javaw.exe
File opened for modification	C:\Windows\SYSTEM32\dll\ntdll.pdb	javaw.exe
File opened for modification	C:\Windows\SYSTEM32\symbols\dll\ntdll.pdb	javaw.exe
File opened for modification	C:\Windows\SYSTEM32\jvm.pdb	javaw.exe
File opened for modification	C:\Windows\SYSTEM32\dll\jvm.pdb	javaw.exe
File opened for modification	C:\Windows\SYSTEM32\symbols\dll\jvm.pdb	javaw.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\NS-USBloader\jdk\legal\java.net.http\LICENSE	Installer-7.0.exe
File created	C:\Program Files (x86)\NS-USBloader\jdk\legal\jdk.dynalink\LICENSE	Installer-7.0.exe
File created	C:\Program Files (x86)\NS-USBloader\jdk\legal\jdk.javadoc\LICENSE	Installer-7.0.exe
File created	C:\Program Files (x86)\NS-USBloader\jdk\bin\javaaccessbridge.dll	Installer-7.0.exe
File created	C:\Program Files (x86)\NS-USBloader\jdk\bin\management_agent.dll	Installer-7.0.exe
File created	C:\Program Files (x86)\NS-USBloader\jdk\legal\jdk.crypto.ec\ASSEMBLY_EXCEPTION	Installer-7.0.exe
File created	C:\Program Files (x86)\NS-USBloader\jdk\bin\api-ms-win-core-file-l1-1-0.dll	Installer-7.0.exe
File created	C:\Program Files (x86)\NS-USBloader\jdk\legal\jdk.internal.opt\ASSEMBLY_EXCEPTION	Installer-7.0.exe
File created	C:\Program Files (x86)\NS-USBloader\jdk\bin\management_ext.dll	Installer-7.0.exe
File created	C:\Program Files (x86)\NS-USBloader\jdk\legal\java.base\ADDITIONAL_LICENSE_INFO	Installer-7.0.exe
File created	C:\Program Files (x86)\NS-USBloader\jdk\legal\java.desktop\LICENSE	Installer-7.0.exe
File created	C:\Program Files (x86)\NS-USBloader\jdk\legal\java.prefs\LICENSE	Installer-7.0.exe
File created	C:\Program Files (x86)\NS-USBloader\jdk\legal\jdk.jstatd\LICENSE	Installer-7.0.exe
File created	C:\Program Files (x86)\NS-USBloader\jdk\legal\jdk.nio.mapmode\ASSEMBLY_EXCEPTION	Installer-7.0.exe
File created	C:\Program Files (x86)\NS-USBloader\jdk\release	Installer-7.0.exe
File created	C:\Program Files (x86)\NS-USBloader\jdk\bin\le.dll	Installer-7.0.exe
File created	C:\Program Files (x86)\NS-USBloader\jdk\legal\jdk.internal.vm.ci\ADDITIONAL_LICENSE_INFO	Installer-7.0.exe
File created	C:\Program Files (x86)\NS-USBloader\jdk\legal\jdk.jdi\ASSEMBLY_EXCEPTION	Installer-7.0.exe
File created	C:\Program Files (x86)\NS-USBloader\jdk\conf\management\jmxremote.access	Installer-7.0.exe
File created	C:\Program Files (x86)\NS-USBloader\jdk\legal\java.base\public_suffix.md	Installer-7.0.exe
File created	C:\Program Files (x86)\NS-USBloader\jdk\bin\jpackage.dll	Installer-7.0.exe
File created	C:\Program Files (x86)\NS-USBloader\jdk\legal\java.sql.rowset\ASSEMBLY_EXCEPTION	Installer-7.0.exe
File created	C:\Program Files (x86)\NS-USBloader\jdk\bin\api-ms-win-crt-multibyte-l1-1-0.dll	Installer-7.0.exe
File created	C:\Program Files (x86)\NS-USBloader\jdk\bin\freetype.dll	Installer-7.0.exe
File created	C:\Program Files (x86)\NS-USBloader\jdk\legal\jdk.jartool\ADDITIONAL_LICENSE_INFO	Installer-7.0.exe
File created	C:\Program Files (x86)\NS-USBloader\jdk\legal\java.xml.crypto\ASSEMBLY_EXCEPTION	Installer-7.0.exe
File created	C:\Program Files (x86)\NS-USBloader\jdk\bin\api-ms-win-crt-locale-l1-1-0.dll	Installer-7.0.exe
File created	C:\Program Files (x86)\NS-USBloader\jdk\bin\splashscreen.dll	Installer-7.0.exe
File created	C:\Program Files (x86)\NS-USBloader\jdk\conf\logging.properties	Installer-7.0.exe
File created	C:\Program Files (x86)\NS-USBloader\jdk\legal\jdk.jconsole\ADDITIONAL_LICENSE_INFO	Installer-7.0.exe
File created	C:\Program Files (x86)\NS-USBloader\jdk\legal\jdk.unsupported.desktop\ASSEMBLY_EXCEPTION	Installer-7.0.exe
File created	C:\Program Files (x86)\NS-USBloader\jdk\bin\rmiregistry.exe	Installer-7.0.exe
File created	C:\Program Files (x86)\NS-USBloader\jdk\legal\java.desktop\libpng.md	Installer-7.0.exe
File created	C:\Program Files (x86)\NS-USBloader\jdk\legal\jdk.crypto.mscapi\ADDITIONAL_LICENSE_INFO	Installer-7.0.exe
File created	C:\Program Files (x86)\NS-USBloader\jdk\legal\jdk.incubator.concurrent\ADDITIONAL_LICENSE_INFO	Installer-7.0.exe
File created	C:\Program Files (x86)\NS-USBloader\jdk\legal\java.base\asm.md	Installer-7.0.exe
File created	C:\Program Files (x86)\NS-USBloader\jdk\legal\jdk.jfr\LICENSE	Installer-7.0.exe
File created	C:\Program Files (x86)\NS-USBloader\jdk\legal\java.datatransfer\ASSEMBLY_EXCEPTION	Installer-7.0.exe
File created	C:\Program Files (x86)\NS-USBloader\jdk\legal\java.security.jgss\ADDITIONAL_LICENSE_INFO	Installer-7.0.exe
File created	C:\Program Files (x86)\NS-USBloader\jdk\legal\jdk.internal.vm.compiler.management\ASSEMBLY_EXCEPTION	Installer-7.0.exe
File created	C:\Program Files (x86)\NS-USBloader\jdk\legal\jdk.random\LICENSE	Installer-7.0.exe
File created	C:\Program Files (x86)\NS-USBloader\jdk\bin\jmod.exe	Installer-7.0.exe
File created	C:\Program Files (x86)\NS-USBloader\jdk\conf\management\jmxremote.password.template	Installer-7.0.exe
File created	C:\Program Files (x86)\NS-USBloader\jdk\legal\jdk.internal.vm.compiler\ASSEMBLY_EXCEPTION	Installer-7.0.exe
File created	C:\Program Files (x86)\NS-USBloader\jdk\bin\jdeprscan.exe	Installer-7.0.exe
File created	C:\Program Files (x86)\NS-USBloader\jdk\bin\jarsigner.exe	Installer-7.0.exe
File created	C:\Program Files (x86)\NS-USBloader\jdk\bin\jwebserver.exe	Installer-7.0.exe
File created	C:\Program Files (x86)\NS-USBloader\jdk\bin\management.dll	Installer-7.0.exe
File created	C:\Program Files (x86)\NS-USBloader\jdk\legal\java.rmi\ASSEMBLY_EXCEPTION	Installer-7.0.exe
File created	C:\Program Files (x86)\NS-USBloader\jdk\legal\jdk.compiler\ADDITIONAL_LICENSE_INFO	Installer-7.0.exe
File created	C:\Program Files (x86)\NS-USBloader\jdk\bin\keytool.exe	Installer-7.0.exe
File created	C:\Program Files (x86)\NS-USBloader\jdk\legal\jdk.management.agent\LICENSE	Installer-7.0.exe
File created	C:\Program Files (x86)\NS-USBloader\jdk\lib\security\blocked.certs	Installer-7.0.exe
File created	C:\Program Files (x86)\NS-USBloader\jdk\legal\jdk.jdwp.agent\ASSEMBLY_EXCEPTION	Installer-7.0.exe
File created	C:\Program Files (x86)\NS-USBloader\jdk\legal\jdk.jlink\LICENSE	Installer-7.0.exe
File created	C:\Program Files (x86)\NS-USBloader\jdk\bin\java.exe	Installer-7.0.exe
File created	C:\Program Files (x86)\NS-USBloader\jdk\legal\jdk.hotspot.agent\ADDITIONAL_LICENSE_INFO	Installer-7.0.exe
File created	C:\Program Files (x86)\NS-USBloader\jdk\lib\security\default.policy	Installer-7.0.exe
File created	C:\Program Files (x86)\NS-USBloader\jdk\bin\api-ms-win-crt-convert-l1-1-0.dll	Installer-7.0.exe
File created	C:\Program Files (x86)\NS-USBloader\jdk\bin\j2pkcs11.dll	Installer-7.0.exe
File opened for modification	C:\Program Files (x86)\NS-USBloader\symbols\dll\jvm.pdb	javaw.exe
File opened for modification	C:\Program Files (x86)\NS-USBloader\jdk\bin\dll\jvm.pdb	javaw.exe
File created	C:\Program Files (x86)\NS-USBloader\jdk\bin\j2pcsc.dll	Installer-7.0.exe
File created	C:\Program Files (x86)\NS-USBloader\jdk\legal\java.naming\ASSEMBLY_EXCEPTION	Installer-7.0.exe

Drops file in Windows directory 6 IoCs

description	ioc	Process
File opened for modification	C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_60b5254171f9507e\ntdll.pdb	javaw.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_60b5254171f9507e\dll\ntdll.pdb	javaw.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_60b5254171f9507e\symbols\dll\ntdll.pdb	javaw.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_60b5254171f9507e\jvm.pdb	javaw.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_60b5254171f9507e\dll\jvm.pdb	javaw.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_60b5254171f9507e\symbols\dll\jvm.pdb	javaw.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 10 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	javaw.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	javaw.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	javaw.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	javaw.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	javaw.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Local Settings	firefox.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\Installer-7.0.exe:Zone.Identifier	firefox.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeDebugPrivilege	2740	firefox.exe
Token: SeDebugPrivilege	2740	firefox.exe
Token: SeDebugPrivilege	2740	firefox.exe
Token: SeDebugPrivilege	2740	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
2740	firefox.exe
2740	firefox.exe
2740	firefox.exe
2740	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
2740	firefox.exe
2740	firefox.exe
2740	firefox.exe

Suspicious use of SetWindowsHookEx 12 IoCs

pid	Process
2740	firefox.exe
2740	firefox.exe
2740	firefox.exe
2740	firefox.exe
2740	firefox.exe
2740	firefox.exe
2740	firefox.exe
4248	Installer-7.0.exe
2080	NS-USBloader.exe
2732	javaw.exe
1492	javaw.exe
1492	javaw.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4748 wrote to memory of 2740	4748	firefox.exe	87
PID 4748 wrote to memory of 2740	4748	firefox.exe	87
PID 4748 wrote to memory of 2740	4748	firefox.exe	87
PID 4748 wrote to memory of 2740	4748	firefox.exe	87
PID 4748 wrote to memory of 2740	4748	firefox.exe	87
PID 4748 wrote to memory of 2740	4748	firefox.exe	87
PID 4748 wrote to memory of 2740	4748	firefox.exe	87
PID 4748 wrote to memory of 2740	4748	firefox.exe	87
PID 4748 wrote to memory of 2740	4748	firefox.exe	87
PID 2740 wrote to memory of 116	2740	firefox.exe	88
PID 2740 wrote to memory of 116	2740	firefox.exe	88
PID 2740 wrote to memory of 3492	2740	firefox.exe	91
PID 2740 wrote to memory of 3492	2740	firefox.exe	91
PID 2740 wrote to memory of 3492	2740	firefox.exe	91
PID 2740 wrote to memory of 3492	2740	firefox.exe	91
PID 2740 wrote to memory of 3492	2740	firefox.exe	91
PID 2740 wrote to memory of 3492	2740	firefox.exe	91
PID 2740 wrote to memory of 3492	2740	firefox.exe	91
PID 2740 wrote to memory of 3492	2740	firefox.exe	91
PID 2740 wrote to memory of 3492	2740	firefox.exe	91
PID 2740 wrote to memory of 3492	2740	firefox.exe	91
PID 2740 wrote to memory of 3492	2740	firefox.exe	91
PID 2740 wrote to memory of 3492	2740	firefox.exe	91
PID 2740 wrote to memory of 3492	2740	firefox.exe	91
PID 2740 wrote to memory of 3492	2740	firefox.exe	91
PID 2740 wrote to memory of 3492	2740	firefox.exe	91
PID 2740 wrote to memory of 3492	2740	firefox.exe	91
PID 2740 wrote to memory of 3492	2740	firefox.exe	91
PID 2740 wrote to memory of 3492	2740	firefox.exe	91
PID 2740 wrote to memory of 3492	2740	firefox.exe	91
PID 2740 wrote to memory of 3492	2740	firefox.exe	91
PID 2740 wrote to memory of 3492	2740	firefox.exe	91
PID 2740 wrote to memory of 3492	2740	firefox.exe	91
PID 2740 wrote to memory of 3492	2740	firefox.exe	91
PID 2740 wrote to memory of 3492	2740	firefox.exe	91
PID 2740 wrote to memory of 3492	2740	firefox.exe	91
PID 2740 wrote to memory of 3492	2740	firefox.exe	91
PID 2740 wrote to memory of 3492	2740	firefox.exe	91
PID 2740 wrote to memory of 3492	2740	firefox.exe	91
PID 2740 wrote to memory of 3492	2740	firefox.exe	91
PID 2740 wrote to memory of 3492	2740	firefox.exe	91
PID 2740 wrote to memory of 3492	2740	firefox.exe	91
PID 2740 wrote to memory of 3492	2740	firefox.exe	91
PID 2740 wrote to memory of 3492	2740	firefox.exe	91
PID 2740 wrote to memory of 3492	2740	firefox.exe	91
PID 2740 wrote to memory of 3492	2740	firefox.exe	91
PID 2740 wrote to memory of 3492	2740	firefox.exe	91
PID 2740 wrote to memory of 3492	2740	firefox.exe	91
PID 2740 wrote to memory of 3492	2740	firefox.exe	91
PID 2740 wrote to memory of 3492	2740	firefox.exe	91
PID 2740 wrote to memory of 3492	2740	firefox.exe	91
PID 2740 wrote to memory of 3492	2740	firefox.exe	91
PID 2740 wrote to memory of 3492	2740	firefox.exe	91
PID 2740 wrote to memory of 3492	2740	firefox.exe	91
PID 2740 wrote to memory of 1560	2740	firefox.exe	92
PID 2740 wrote to memory of 1560	2740	firefox.exe	92
PID 2740 wrote to memory of 1560	2740	firefox.exe	92
PID 2740 wrote to memory of 1560	2740	firefox.exe	92
PID 2740 wrote to memory of 1560	2740	firefox.exe	92
PID 2740 wrote to memory of 1560	2740	firefox.exe	92
PID 2740 wrote to memory of 1560	2740	firefox.exe	92
PID 2740 wrote to memory of 1560	2740	firefox.exe	92
PID 2740 wrote to memory of 1560	2740	firefox.exe	92
PID 2740 wrote to memory of 1560	2740	firefox.exe	92

C:\ProgramData\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\ns-usbloader-7.0.jar
1⤵
PID:2604

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4748
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2740
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2740.0.809625306\1957659983" -parentBuildID 20200403170909 -prefsHandle 1700 -prefMapHandle 1692 -prefsLen 1 -prefMapSize 220117 -appdir "C:\Program Files\Mozilla Firefox\browser" - 2740 "\\.\pipe\gecko-crash-server-pipe.2740" 1800 gpu
    3⤵
    PID:116
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2740.3.929593336\1985456751" -childID 1 -isForBrowser -prefsHandle 2260 -prefMapHandle 2460 -prefsLen 112 -prefMapSize 220117 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 2740 "\\.\pipe\gecko-crash-server-pipe.2740" 1556 tab
    3⤵
    PID:3492
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2740.13.1450893757\1163308328" -childID 2 -isForBrowser -prefsHandle 3652 -prefMapHandle 3648 -prefsLen 6894 -prefMapSize 220117 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 2740 "\\.\pipe\gecko-crash-server-pipe.2740" 3660 tab
    3⤵
    PID:1560

C:\Users\Admin\Downloads\Installer-7.0.exe
"C:\Users\Admin\Downloads\Installer-7.0.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
PID:4248
- C:\Program Files (x86)\NS-USBloader\NS-USBloader.exe
  "C:\Program Files (x86)\NS-USBloader\NS-USBloader.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2080
- - C:\Program Files (x86)\NS-USBloader\jdk\bin\javaw.exe
    "C:\Program Files (x86)\NS-USBloader\jdk\bin\javaw.exe" -version
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks processor information in registry
    - Suspicious use of SetWindowsHookEx
    PID:2732
- - C:\Program Files (x86)\NS-USBloader\jdk\bin\javaw.exe
    "C:\Program Files (x86)\NS-USBloader\jdk\bin\javaw.exe" -jar "C:\Program Files (x86)\NS-USBloader\NS-USBloader.exe"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in System32 directory
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Checks processor information in registry
    - Suspicious use of SetWindowsHookEx
    PID:1492

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

T1102

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\NS-USBloader\NS-USBloader.exe

Filesize
19.8MB

MD5
1040cb8d79e07e7fd6bf5232653c79ac

SHA1
37752c767079e38c40cbcd66cf13d0192bb40e79

SHA256
0eefa29e085428a5afdf4bc562c71a606f346970c485fb6640bea6ad714722dc

SHA512
d9acd6f1ebddda501c308313f0ba3401798894f0ae232379fb20fd70d78c7d870f7d2805ca56502f11a82a644a9341377ab32cf31b3fab0b9714e37185b34fcc

Download Submit
C:\Program Files (x86)\NS-USBloader\NS-USBloader.exe

Filesize
19.8MB

MD5
1040cb8d79e07e7fd6bf5232653c79ac

SHA1
37752c767079e38c40cbcd66cf13d0192bb40e79

SHA256
0eefa29e085428a5afdf4bc562c71a606f346970c485fb6640bea6ad714722dc

SHA512
d9acd6f1ebddda501c308313f0ba3401798894f0ae232379fb20fd70d78c7d870f7d2805ca56502f11a82a644a9341377ab32cf31b3fab0b9714e37185b34fcc

Download Submit
C:\Program Files (x86)\NS-USBloader\jdk\bin\VCRUNTIME140.dll

Filesize
95KB

MD5
7415c1cc63a0c46983e2a32581daefee

SHA1
5f8534d79c84ac45ad09b5a702c8c5c288eae240

SHA256
475ab98b7722e965bd38c8fa6ed23502309582ccf294ff1061cb290c7988f0d1

SHA512
3d4b24061f72c0e957c7b04a0c4098c94c8f1afb4a7e159850b9939c7210d73398be6f27b5ab85073b4e8c999816e7804fef0f6115c39cd061f4aaeb4dcda8cf

Download Submit
C:\Program Files (x86)\NS-USBloader\jdk\bin\java.dll

Filesize
146KB

MD5
4ac54ad8c79484f9fbab23a37c6732dc

SHA1
47b08490cf0bb003498e2da0aef5e60f7eb6f62d

SHA256
91cca7e047a9c61b755c593f9c8a4eb442368ebacf13afaf7c042a3db856d0e0

SHA512
f2fea5d0f2b05928871c9879ae77c7943f2e2072517420fa21fb8b9af82f61adb691e2cf74effc3a00700023490a5bf194d6730e34570a0fd1ba4d669b6062f4

Download Submit
C:\Program Files (x86)\NS-USBloader\jdk\bin\java.dll

Filesize
146KB

MD5
4ac54ad8c79484f9fbab23a37c6732dc

SHA1
47b08490cf0bb003498e2da0aef5e60f7eb6f62d

SHA256
91cca7e047a9c61b755c593f9c8a4eb442368ebacf13afaf7c042a3db856d0e0

SHA512
f2fea5d0f2b05928871c9879ae77c7943f2e2072517420fa21fb8b9af82f61adb691e2cf74effc3a00700023490a5bf194d6730e34570a0fd1ba4d669b6062f4

Download Submit
C:\Program Files (x86)\NS-USBloader\jdk\bin\java.dll

Filesize
146KB

MD5
4ac54ad8c79484f9fbab23a37c6732dc

SHA1
47b08490cf0bb003498e2da0aef5e60f7eb6f62d

SHA256
91cca7e047a9c61b755c593f9c8a4eb442368ebacf13afaf7c042a3db856d0e0

SHA512
f2fea5d0f2b05928871c9879ae77c7943f2e2072517420fa21fb8b9af82f61adb691e2cf74effc3a00700023490a5bf194d6730e34570a0fd1ba4d669b6062f4

Download Submit
C:\Program Files (x86)\NS-USBloader\jdk\bin\javaw.exe

Filesize
48KB

MD5
dcc46484a91003c42ea378f3df1f967b

SHA1
8f2f15aefd286484758004397bdfc408e12c2bb4

SHA256
e9075430b8dbdcb11914de82837f9b75a448c02bbb21001477878be49689e220

SHA512
7e5070e29d74e6ba3dbfa4c562725d439b18bc19cbccf6bb63be78a912b67e9ec860e5773424185b8c4d4278a73fb5dbea49a586f794bd632b57e707464143cb

Download Submit
C:\Program Files (x86)\NS-USBloader\jdk\bin\javaw.exe

Filesize
48KB

MD5
dcc46484a91003c42ea378f3df1f967b

SHA1
8f2f15aefd286484758004397bdfc408e12c2bb4

SHA256
e9075430b8dbdcb11914de82837f9b75a448c02bbb21001477878be49689e220

SHA512
7e5070e29d74e6ba3dbfa4c562725d439b18bc19cbccf6bb63be78a912b67e9ec860e5773424185b8c4d4278a73fb5dbea49a586f794bd632b57e707464143cb

Download Submit
C:\Program Files (x86)\NS-USBloader\jdk\bin\javaw.exe

Filesize
48KB

MD5
dcc46484a91003c42ea378f3df1f967b

SHA1
8f2f15aefd286484758004397bdfc408e12c2bb4

SHA256
e9075430b8dbdcb11914de82837f9b75a448c02bbb21001477878be49689e220

SHA512
7e5070e29d74e6ba3dbfa4c562725d439b18bc19cbccf6bb63be78a912b67e9ec860e5773424185b8c4d4278a73fb5dbea49a586f794bd632b57e707464143cb

Download Submit
C:\Program Files (x86)\NS-USBloader\jdk\bin\jimage.dll

Filesize
32KB

MD5
c0327317e001af5e3a207edc098cbc32

SHA1
56d6afa86b46507f69e2e6e771d1e5950093c346

SHA256
f0ba107540d646bcadb894ff3ce789450a3882ee05a5999c2ab67ed409f42cba

SHA512
c2ce042e050ffca87a0107f74d2ff15c47391b50aa8718fd0f9e2fcdccf313ac2e9aa8d5d7464b7dab3477efd84e9577b12e9018beb322e2ddf9d8054228941f

Download Submit
C:\Program Files (x86)\NS-USBloader\jdk\bin\jimage.dll

Filesize
32KB

MD5
c0327317e001af5e3a207edc098cbc32

SHA1
56d6afa86b46507f69e2e6e771d1e5950093c346

SHA256
f0ba107540d646bcadb894ff3ce789450a3882ee05a5999c2ab67ed409f42cba

SHA512
c2ce042e050ffca87a0107f74d2ff15c47391b50aa8718fd0f9e2fcdccf313ac2e9aa8d5d7464b7dab3477efd84e9577b12e9018beb322e2ddf9d8054228941f

Download Submit
C:\Program Files (x86)\NS-USBloader\jdk\bin\jimage.dll

Filesize
32KB

MD5
c0327317e001af5e3a207edc098cbc32

SHA1
56d6afa86b46507f69e2e6e771d1e5950093c346

SHA256
f0ba107540d646bcadb894ff3ce789450a3882ee05a5999c2ab67ed409f42cba

SHA512
c2ce042e050ffca87a0107f74d2ff15c47391b50aa8718fd0f9e2fcdccf313ac2e9aa8d5d7464b7dab3477efd84e9577b12e9018beb322e2ddf9d8054228941f

Download Submit
C:\Program Files (x86)\NS-USBloader\jdk\bin\jli.dll

Filesize
85KB

MD5
fb83fc8534fb9486a6509ed5c7bdfb5d

SHA1
ffc855f81dfe0b84e87ac0c3e9fc5043e0413c98

SHA256
b61733bdf1dadcfe3320a281c9d8a37354d32168ec278348433b39717e615064

SHA512
03d9b83e6ad49cbd964a2854838d5575375809c505379ace24402f18f082a33542fcd5660ccff86435c620b47a270509a7de75d66075f5b0ea12a844b5293a04

Download Submit
C:\Program Files (x86)\NS-USBloader\jdk\bin\jli.dll

Filesize
85KB

MD5
fb83fc8534fb9486a6509ed5c7bdfb5d

SHA1
ffc855f81dfe0b84e87ac0c3e9fc5043e0413c98

SHA256
b61733bdf1dadcfe3320a281c9d8a37354d32168ec278348433b39717e615064

SHA512
03d9b83e6ad49cbd964a2854838d5575375809c505379ace24402f18f082a33542fcd5660ccff86435c620b47a270509a7de75d66075f5b0ea12a844b5293a04

Download Submit
C:\Program Files (x86)\NS-USBloader\jdk\bin\jli.dll

Filesize
85KB

MD5
fb83fc8534fb9486a6509ed5c7bdfb5d

SHA1
ffc855f81dfe0b84e87ac0c3e9fc5043e0413c98

SHA256
b61733bdf1dadcfe3320a281c9d8a37354d32168ec278348433b39717e615064

SHA512
03d9b83e6ad49cbd964a2854838d5575375809c505379ace24402f18f082a33542fcd5660ccff86435c620b47a270509a7de75d66075f5b0ea12a844b5293a04

Download Submit
C:\Program Files (x86)\NS-USBloader\jdk\bin\jsvml.dll

Filesize
849KB

MD5
55cf2e0ad560951b33b59e42cf92be7a

SHA1
ace8665c10684a4992e030eb666f168f494943fa

SHA256
138d2e4cba99ac6ac7f283f2bd388c9433723b34a9d90d29a1567878a81cf632

SHA512
c56c3d2366ad0c686af469f8590a9d2771b42990f304fce3c84fa6d9d1b2c47f6a1a5c67ca921a1d95c5b16b2dd60dce8859ee67096aada5744c9497d799ac10

Download Submit
C:\Program Files (x86)\NS-USBloader\jdk\bin\jsvml.dll

Filesize
849KB

MD5
55cf2e0ad560951b33b59e42cf92be7a

SHA1
ace8665c10684a4992e030eb666f168f494943fa

SHA256
138d2e4cba99ac6ac7f283f2bd388c9433723b34a9d90d29a1567878a81cf632

SHA512
c56c3d2366ad0c686af469f8590a9d2771b42990f304fce3c84fa6d9d1b2c47f6a1a5c67ca921a1d95c5b16b2dd60dce8859ee67096aada5744c9497d799ac10

Download Submit
C:\Program Files (x86)\NS-USBloader\jdk\bin\jsvml.dll

Filesize
849KB

MD5
55cf2e0ad560951b33b59e42cf92be7a

SHA1
ace8665c10684a4992e030eb666f168f494943fa

SHA256
138d2e4cba99ac6ac7f283f2bd388c9433723b34a9d90d29a1567878a81cf632

SHA512
c56c3d2366ad0c686af469f8590a9d2771b42990f304fce3c84fa6d9d1b2c47f6a1a5c67ca921a1d95c5b16b2dd60dce8859ee67096aada5744c9497d799ac10

Download Submit
C:\Program Files (x86)\NS-USBloader\jdk\bin\msvcp140.dll

Filesize
558KB

MD5
bf78c15068d6671693dfcdfa5770d705

SHA1
4418c03c3161706a4349dfe3f97278e7a5d8962a

SHA256
a88b8c1c8f27bf90fe960e0e8bd56984ad48167071af92d96ec1051f89f827fb

SHA512
5b6b0ab4e82cc979eaa619d387c6995198fd19aa0c455bef44bd37a765685575d57448b3b4accd70d3bd20a6cd408b1f518eda0f6dae5aa106f225bee8291372

Download Submit
C:\Program Files (x86)\NS-USBloader\jdk\bin\msvcp140.dll

Filesize
558KB

MD5
bf78c15068d6671693dfcdfa5770d705

SHA1
4418c03c3161706a4349dfe3f97278e7a5d8962a

SHA256
a88b8c1c8f27bf90fe960e0e8bd56984ad48167071af92d96ec1051f89f827fb

SHA512
5b6b0ab4e82cc979eaa619d387c6995198fd19aa0c455bef44bd37a765685575d57448b3b4accd70d3bd20a6cd408b1f518eda0f6dae5aa106f225bee8291372

Download Submit
C:\Program Files (x86)\NS-USBloader\jdk\bin\msvcp140.dll

Filesize
558KB

MD5
bf78c15068d6671693dfcdfa5770d705

SHA1
4418c03c3161706a4349dfe3f97278e7a5d8962a

SHA256
a88b8c1c8f27bf90fe960e0e8bd56984ad48167071af92d96ec1051f89f827fb

SHA512
5b6b0ab4e82cc979eaa619d387c6995198fd19aa0c455bef44bd37a765685575d57448b3b4accd70d3bd20a6cd408b1f518eda0f6dae5aa106f225bee8291372

Download Submit
C:\Program Files (x86)\NS-USBloader\jdk\bin\net.dll

Filesize
66KB

MD5
743a63f9362016851689f5fb7d000f1a

SHA1
272b94414bb94ec29969b3c84263f66448e95f74

SHA256
4854437ad3a18564a914b6bf24da689079d90bbcc11c1e9b23d133da22630556

SHA512
c0c446d894e3ad240cde1860fe6771dede7c6a0ceef8f226363329c4b9bc4014a1bc192bbe44445af642120f564d4b579f853d52b357d38356d8ee6bbc6e786d

Download Submit
C:\Program Files (x86)\NS-USBloader\jdk\bin\net.dll

Filesize
66KB

MD5
743a63f9362016851689f5fb7d000f1a

SHA1
272b94414bb94ec29969b3c84263f66448e95f74

SHA256
4854437ad3a18564a914b6bf24da689079d90bbcc11c1e9b23d133da22630556

SHA512
c0c446d894e3ad240cde1860fe6771dede7c6a0ceef8f226363329c4b9bc4014a1bc192bbe44445af642120f564d4b579f853d52b357d38356d8ee6bbc6e786d

Download Submit
C:\Program Files (x86)\NS-USBloader\jdk\bin\nio.dll

Filesize
78KB

MD5
162bf95ebf5733c2dd6e7dcade92be8b

SHA1
f59aa3def46ea5a5e5f341ca3b9a0c99bcd41af4

SHA256
8ec813ca0e1a31ad071c3b13e4127853c247a79f603714defe2af1f69cc222d1

SHA512
5a29b69296f10f64ac60fc7552737e457d1b2691647be233a895ff1a92e85ed6d014d483545d77f4df134b1d39ff0f229294e64a032b200477b3c4ca4f1b0d57

Download Submit
C:\Program Files (x86)\NS-USBloader\jdk\bin\nio.dll

Filesize
78KB

MD5
162bf95ebf5733c2dd6e7dcade92be8b

SHA1
f59aa3def46ea5a5e5f341ca3b9a0c99bcd41af4

SHA256
8ec813ca0e1a31ad071c3b13e4127853c247a79f603714defe2af1f69cc222d1

SHA512
5a29b69296f10f64ac60fc7552737e457d1b2691647be233a895ff1a92e85ed6d014d483545d77f4df134b1d39ff0f229294e64a032b200477b3c4ca4f1b0d57

Download Submit
C:\Program Files (x86)\NS-USBloader\jdk\bin\server\jvm.dll

Filesize
12.4MB

MD5
2361714152239b2bf7a494c757d597d8

SHA1
25b16afb0e7769f39143fabc02a6b150c21ef21f

SHA256
0b3ebcc71e5f6544b33e02e425c47cda2d992c69a6a8b9ae9e4d825454901f8b

SHA512
61d96c39c026c91884e2cf406073e09d5a8103c508059216a78e108da2313ed7f9c2d1148afdf4474bc7c5a8c1b6628643d8f7c1308f5bab08516474ffc2eb94

Download Submit
C:\Program Files (x86)\NS-USBloader\jdk\bin\server\jvm.dll

Filesize
12.4MB

MD5
2361714152239b2bf7a494c757d597d8

SHA1
25b16afb0e7769f39143fabc02a6b150c21ef21f

SHA256
0b3ebcc71e5f6544b33e02e425c47cda2d992c69a6a8b9ae9e4d825454901f8b

SHA512
61d96c39c026c91884e2cf406073e09d5a8103c508059216a78e108da2313ed7f9c2d1148afdf4474bc7c5a8c1b6628643d8f7c1308f5bab08516474ffc2eb94

Download Submit
C:\Program Files (x86)\NS-USBloader\jdk\bin\server\jvm.dll

Filesize
12.4MB

MD5
2361714152239b2bf7a494c757d597d8

SHA1
25b16afb0e7769f39143fabc02a6b150c21ef21f

SHA256
0b3ebcc71e5f6544b33e02e425c47cda2d992c69a6a8b9ae9e4d825454901f8b

SHA512
61d96c39c026c91884e2cf406073e09d5a8103c508059216a78e108da2313ed7f9c2d1148afdf4474bc7c5a8c1b6628643d8f7c1308f5bab08516474ffc2eb94

Download Submit
C:\Program Files (x86)\NS-USBloader\jdk\bin\vcruntime140.dll

Filesize
95KB

MD5
7415c1cc63a0c46983e2a32581daefee

SHA1
5f8534d79c84ac45ad09b5a702c8c5c288eae240

SHA256
475ab98b7722e965bd38c8fa6ed23502309582ccf294ff1061cb290c7988f0d1

SHA512
3d4b24061f72c0e957c7b04a0c4098c94c8f1afb4a7e159850b9939c7210d73398be6f27b5ab85073b4e8c999816e7804fef0f6115c39cd061f4aaeb4dcda8cf

Download Submit
C:\Program Files (x86)\NS-USBloader\jdk\bin\vcruntime140.dll

Filesize
95KB

MD5
7415c1cc63a0c46983e2a32581daefee

SHA1
5f8534d79c84ac45ad09b5a702c8c5c288eae240

SHA256
475ab98b7722e965bd38c8fa6ed23502309582ccf294ff1061cb290c7988f0d1

SHA512
3d4b24061f72c0e957c7b04a0c4098c94c8f1afb4a7e159850b9939c7210d73398be6f27b5ab85073b4e8c999816e7804fef0f6115c39cd061f4aaeb4dcda8cf

Download Submit
C:\Program Files (x86)\NS-USBloader\jdk\bin\vcruntime140_1.dll

Filesize
36KB

MD5
fcda37abd3d9e9d8170cd1cd15bf9d3f

SHA1
b23ff3e9aa2287b9c1249a008c0ae06dc8b6fdf2

SHA256
0579d460ea1f7e8a815fa55a8821a5ff489c8097f051765e9beaf25d8d0f27d6

SHA512
de8be61499aaa1504dde8c19666844550c2ea7ef774ecbe26900834b252887da31d4cf4fb51338b16b6a4416de733e519ebf8c375eb03eb425232a6349da2257

Download Submit
C:\Program Files (x86)\NS-USBloader\jdk\bin\vcruntime140_1.dll

Filesize
36KB

MD5
fcda37abd3d9e9d8170cd1cd15bf9d3f

SHA1
b23ff3e9aa2287b9c1249a008c0ae06dc8b6fdf2

SHA256
0579d460ea1f7e8a815fa55a8821a5ff489c8097f051765e9beaf25d8d0f27d6

SHA512
de8be61499aaa1504dde8c19666844550c2ea7ef774ecbe26900834b252887da31d4cf4fb51338b16b6a4416de733e519ebf8c375eb03eb425232a6349da2257

Download Submit
C:\Program Files (x86)\NS-USBloader\jdk\bin\vcruntime140_1.dll

Filesize
36KB

MD5
fcda37abd3d9e9d8170cd1cd15bf9d3f

SHA1
b23ff3e9aa2287b9c1249a008c0ae06dc8b6fdf2

SHA256
0579d460ea1f7e8a815fa55a8821a5ff489c8097f051765e9beaf25d8d0f27d6

SHA512
de8be61499aaa1504dde8c19666844550c2ea7ef774ecbe26900834b252887da31d4cf4fb51338b16b6a4416de733e519ebf8c375eb03eb425232a6349da2257

Download Submit
C:\Program Files (x86)\NS-USBloader\jdk\bin\zip.dll

Filesize
85KB

MD5
522435c4d854f31fb03cbfa1af75c92f

SHA1
cc044623874cbb7ad0e3ff66bb57c6e14ccbcf91

SHA256
46ce02a8c7c68c6b4e59e648a9522a5e914ede2a544c7e856020b037b5b0ba1b

SHA512
24ef3724cb94db9688e59054e7a133224cded17f2a4f28f037081f4bb3d7daa6d2b58b50e7b9ff594050bc127aa6e94be0c189888caab4075548c2af69d20cdc

Download Submit
C:\Program Files (x86)\NS-USBloader\jdk\bin\zip.dll

Filesize
85KB

MD5
522435c4d854f31fb03cbfa1af75c92f

SHA1
cc044623874cbb7ad0e3ff66bb57c6e14ccbcf91

SHA256
46ce02a8c7c68c6b4e59e648a9522a5e914ede2a544c7e856020b037b5b0ba1b

SHA512
24ef3724cb94db9688e59054e7a133224cded17f2a4f28f037081f4bb3d7daa6d2b58b50e7b9ff594050bc127aa6e94be0c189888caab4075548c2af69d20cdc

Download Submit
C:\Program Files (x86)\NS-USBloader\jdk\bin\zip.dll

Filesize
85KB

MD5
522435c4d854f31fb03cbfa1af75c92f

SHA1
cc044623874cbb7ad0e3ff66bb57c6e14ccbcf91

SHA256
46ce02a8c7c68c6b4e59e648a9522a5e914ede2a544c7e856020b037b5b0ba1b

SHA512
24ef3724cb94db9688e59054e7a133224cded17f2a4f28f037081f4bb3d7daa6d2b58b50e7b9ff594050bc127aa6e94be0c189888caab4075548c2af69d20cdc

Download Submit
C:\Program Files (x86)\NS-USBloader\jdk\conf\logging.properties

Filesize
2KB

MD5
0f00ec3e7a7767a4efeae1875fb5f3d4

SHA1
167808418571e9209b952188ddab2f4e62920e68

SHA256
b62d2733ab99556b108a1951d894c5a8d76b1ac7a00c02c388f9eb9be046c56f

SHA512
e869f4a3b821a9933796dc9a56ee00483493369dfbfe07b3b1d895cb8318c6821cd44134eb37513f15b830c25861b596646824ed56672d08b678fefe6a4c7504

Download Submit
C:\Program Files (x86)\NS-USBloader\jdk\conf\security\java.security

Filesize
59KB

MD5
021693d9ce00bc2805da968ac1c2829a

SHA1
823deea479ff1a2f268a4832b9d11efca9f97726

SHA256
40edb7307033fd42423eef235784266b54afb3423c6ef0709e36f0c8161e0bf4

SHA512
f7efb56797ab527b71eb61bbe9677de1708826f56e4b2a10e408890448eb905e35c690bbfc028b64ddc99f0d4da3ebceb7fd0e862d1a820e82054e29bba02012

Download Submit
C:\Program Files (x86)\NS-USBloader\jdk\lib\jvm.cfg

Filesize
29B

MD5
7ce21bdcfa333c231d74a77394206302

SHA1
c5a940d2dee8e7bfc01a87d585ddca420d37e226

SHA256
aa9efb969444c1484e29adecab55a122458090616e766b2f1230ef05bc3867e0

SHA512
8b37a1a5600e0a4e5832021c4db50569e33f1ddc8ac4fc2f38d5439272b955b0e3028ea10dec0743b197aa0def32d9e185066d2bac451f81b99539d34006074b

Download Submit
C:\Program Files (x86)\NS-USBloader\jdk\lib\modules

Filesize
56.1MB

MD5
c61712d5e67817c6a9c50d57104da915

SHA1
2dbf25c37efd5206b9d8caa0fa5def539e7d1303

SHA256
1f1203af111e1d175188ebb87addc1fef405f80af594b0ce5fff8c3968049780

SHA512
449774f8caeacff42b1a6d9e573dac9b1e26a3a856ae6a7853b5cda2ec7f7e5b6e7c37269e3ea32c42f36c0969b30483ad6f62066da2856c2543e49297abbdcc

Download Submit
C:\Program Files (x86)\NS-USBloader\jdk\lib\tzdb.dat

Filesize
99KB

MD5
d3c425ab13de85782e3fa826312750d6

SHA1
45fd07c0464bb7c77693383d19343dd67229c333

SHA256
bb4f4d771d79ed49bd7f09e2be97c934625b672d393ad178b09cae82e996e999

SHA512
343ce60cf7a80bd421b5fcd4a4d22d61d6fa19bdbabca39c2f9ab6c0f53d6792f09292ee31785f70dbc46f86ae9a0ecd99275735095ef271d0e143e4caf775bd

Download Submit
C:\Program Files (x86)\NS-USBloader\jdk\lib\tzmappings

Filesize
21KB

MD5
3ecd76b9b0b645198b5df8d0abf58d4e

SHA1
f37c6677455362b00557e102f5031a44693e938e

SHA256
a170a3fe40c93489cd3414584daa71e8affe7d3d4b2f5a828eb0c71d393c0ad6

SHA512
2428c464cd33422debfaf5803d444e5b0e237cbd11e7e2eef6a929489e59d08afe7e54a21899d054b297893f6d920157c470bcd44a3359c90967930348d99843

Download Submit
C:\Users\Admin\.openjfx\cache\19.0.2.1+1\amd64\api-ms-win-core-console-l1-1-0.dll

Filesize
20KB

MD5
2c146bc8d73b8944f35506241b9953a9

SHA1
ac64abd745418cea35c0506b9cb0331b171b51ea

SHA256
89384f8f64a9b7f67c8deccaa721e2d76b8a17026d8083630859ed0cd1a9b58b

SHA512
02713948a156baccb2e7c38646193e82fef65400c086644866b698bc3e0a8c155a8eab829463e3868ce2b8a06608c5ea6de1e390bff976c5f92e2e42dd6c04f1

Download Submit
C:\Users\Admin\.openjfx\cache\19.0.2.1+1\amd64\api-ms-win-core-console-l1-1-0.dll

Filesize
20KB

MD5
2c146bc8d73b8944f35506241b9953a9

SHA1
ac64abd745418cea35c0506b9cb0331b171b51ea

SHA256
89384f8f64a9b7f67c8deccaa721e2d76b8a17026d8083630859ed0cd1a9b58b

SHA512
02713948a156baccb2e7c38646193e82fef65400c086644866b698bc3e0a8c155a8eab829463e3868ce2b8a06608c5ea6de1e390bff976c5f92e2e42dd6c04f1

Download Submit
C:\Users\Admin\.openjfx\cache\19.0.2.1+1\amd64\api-ms-win-core-console-l1-2-0.dll

Filesize
20KB

MD5
7a55e51d07e1f15221eb11479adbc53f

SHA1
8d8e2beff4dfa78372201b26a67b9dc4b116290f

SHA256
f901b0bc8c00b3afc80e151e6f54b18f7672f932602c304fbfeedd5aa3ad63c8

SHA512
e89c0e45014abdaf7548de0352949c4ad496d97cad2f9e2f6c83a90f853b7b71354b9abbb957eff89076df79bdc9cc1c431b6f35875550bfb4198c3a68124197

Download Submit
C:\Users\Admin\.openjfx\cache\19.0.2.1+1\amd64\api-ms-win-core-console-l1-2-0.dll

Filesize
20KB

MD5
7a55e51d07e1f15221eb11479adbc53f

SHA1
8d8e2beff4dfa78372201b26a67b9dc4b116290f

SHA256
f901b0bc8c00b3afc80e151e6f54b18f7672f932602c304fbfeedd5aa3ad63c8

SHA512
e89c0e45014abdaf7548de0352949c4ad496d97cad2f9e2f6c83a90f853b7b71354b9abbb957eff89076df79bdc9cc1c431b6f35875550bfb4198c3a68124197

Download Submit
C:\Users\Admin\.openjfx\cache\19.0.2.1+1\amd64\api-ms-win-core-datetime-l1-1-0.dll

Filesize
20KB

MD5
f0c9c56f56ffa3adc548173569dbd793

SHA1
220a56b84cdb8cd403483d3f6b4bb526fe198fd9

SHA256
12d801992bbb09d43bb90330bb96e77bf12e669c325dda4b5235942221c301c8

SHA512
28e24a2ccedfaf01aef615c1df7f8c76ff0eb06d992eb1b422f902d6d96357ba6a353e31ca9b1fd305e7de7a437ee6a7f2f01bfdf27c4a88c805693ae2b6352c

Download Submit
C:\Users\Admin\.openjfx\cache\19.0.2.1+1\amd64\api-ms-win-core-datetime-l1-1-0.dll

Filesize
20KB

MD5
f0c9c56f56ffa3adc548173569dbd793

SHA1
220a56b84cdb8cd403483d3f6b4bb526fe198fd9

SHA256
12d801992bbb09d43bb90330bb96e77bf12e669c325dda4b5235942221c301c8

SHA512
28e24a2ccedfaf01aef615c1df7f8c76ff0eb06d992eb1b422f902d6d96357ba6a353e31ca9b1fd305e7de7a437ee6a7f2f01bfdf27c4a88c805693ae2b6352c

Download Submit
C:\Users\Admin\.openjfx\cache\19.0.2.1+1\amd64\api-ms-win-core-debug-l1-1-0.dll

Filesize
20KB

MD5
02d669afdabfe420598041b848b71158

SHA1
25c0fdbc04ffcd570db041d02842d7530afeeb6e

SHA256
64a9ac181fd91b79270bf01759749394f57be171436ed46f43d165325bb82067

SHA512
5321290ec277fca8840e6c9cb7e77d39e820b1d98ef9c29040efaf2a7628c023209c936e08abfb6962a795130874544db25e1bac0d16256a1ebbca0fdcdaa81a

Download Submit
C:\Users\Admin\.openjfx\cache\19.0.2.1+1\amd64\api-ms-win-core-debug-l1-1-0.dll

Filesize
20KB

MD5
02d669afdabfe420598041b848b71158

SHA1
25c0fdbc04ffcd570db041d02842d7530afeeb6e

SHA256
64a9ac181fd91b79270bf01759749394f57be171436ed46f43d165325bb82067

SHA512
5321290ec277fca8840e6c9cb7e77d39e820b1d98ef9c29040efaf2a7628c023209c936e08abfb6962a795130874544db25e1bac0d16256a1ebbca0fdcdaa81a

Download Submit
C:\Users\Admin\.openjfx\cache\19.0.2.1+1\amd64\api-ms-win-core-errorhandling-l1-1-0.dll

Filesize
20KB

MD5
944a33d971704ff815a6c90733d0a72e

SHA1
7d8b9f68a3983a1b86bf4bae085cd5ca6f464921

SHA256
44822ae123a3d6c3a8bdf9a4d65a4dc89eb31004c72fcfcefa1dc3a53ff3eab0

SHA512
4d93dece856a24e50f12a53155e07f1aab501b17e7bbfcce205e1b37d2799caf3681b1770c522ba986ac3badba59d5d95a7526fe19f86a7b0d3d933ea73754e2

Download Submit
C:\Users\Admin\.openjfx\cache\19.0.2.1+1\amd64\api-ms-win-core-errorhandling-l1-1-0.dll

Filesize
20KB

MD5
944a33d971704ff815a6c90733d0a72e

SHA1
7d8b9f68a3983a1b86bf4bae085cd5ca6f464921

SHA256
44822ae123a3d6c3a8bdf9a4d65a4dc89eb31004c72fcfcefa1dc3a53ff3eab0

SHA512
4d93dece856a24e50f12a53155e07f1aab501b17e7bbfcce205e1b37d2799caf3681b1770c522ba986ac3badba59d5d95a7526fe19f86a7b0d3d933ea73754e2

Download Submit
C:\Users\Admin\.openjfx\cache\19.0.2.1+1\amd64\api-ms-win-core-file-l1-1-0.dll

Filesize
23KB

MD5
fec01082bccddadad0814f30b43ab078

SHA1
a6f6d9b61bb743651d3f65824d06427ca492c120

SHA256
c15dacec228f40ce4c5b9d69bba5e6627bc484c6e9d6550a76db6f332e9f7734

SHA512
c6039c366cb47ca31c7501423384afc0678a07abeb0ca1d97ecb5aa3c3e3acf84c9551dea1e56d1dbd4472dab70eed1c79d1c0612ba2730327ce6d0dc151c441

Download Submit
C:\Users\Admin\.openjfx\cache\19.0.2.1+1\amd64\api-ms-win-core-file-l1-1-0.dll

Filesize
23KB

MD5
fec01082bccddadad0814f30b43ab078

SHA1
a6f6d9b61bb743651d3f65824d06427ca492c120

SHA256
c15dacec228f40ce4c5b9d69bba5e6627bc484c6e9d6550a76db6f332e9f7734

SHA512
c6039c366cb47ca31c7501423384afc0678a07abeb0ca1d97ecb5aa3c3e3acf84c9551dea1e56d1dbd4472dab70eed1c79d1c0612ba2730327ce6d0dc151c441

Download Submit
C:\Users\Admin\.openjfx\cache\19.0.2.1+1\amd64\api-ms-win-core-file-l1-2-0.dll

Filesize
20KB

MD5
b5060343583e6be3b3de33ccd40398e0

SHA1
5b33b8db5d6cfb0e8a5bb7f209df2c6191b02edb

SHA256
27878021c6d48fb669f1822821b5934f5a2904740bebb340b6849e7635490cb7

SHA512
86610edc05aa1b756c87160f9eefe9365e3f712c5bed18c8feca3cae12aef07ccc44c45c4be19dc8f9d337a6f6709b260c89019a5efcfe9fa0847d85ab64d282

Download Submit
C:\Users\Admin\.openjfx\cache\19.0.2.1+1\amd64\api-ms-win-core-file-l1-2-0.dll

Filesize
20KB

MD5
b5060343583e6be3b3de33ccd40398e0

SHA1
5b33b8db5d6cfb0e8a5bb7f209df2c6191b02edb

SHA256
27878021c6d48fb669f1822821b5934f5a2904740bebb340b6849e7635490cb7

SHA512
86610edc05aa1b756c87160f9eefe9365e3f712c5bed18c8feca3cae12aef07ccc44c45c4be19dc8f9d337a6f6709b260c89019a5efcfe9fa0847d85ab64d282

Download Submit
C:\Users\Admin\.openjfx\cache\19.0.2.1+1\amd64\api-ms-win-core-file-l2-1-0.dll

Filesize
20KB

MD5
2e8995e2320e313545c3ddb5c71dc232

SHA1
45d079a704bec060a15f8eba3eab22ac5cf756c6

SHA256
c55eb043454ac2d460f86ea26f934ecb16bdb1d05294c168193a05090bf1c56c

SHA512
19adcc5dd98f30b4eebefe344e1939c93c284c802043ea3ac22654cf2e23692f868a00a482c9be1b1e88089a5031fa81a3f1165175224309828bd28ee12f2d49

Download Submit
C:\Users\Admin\.openjfx\cache\19.0.2.1+1\amd64\api-ms-win-core-file-l2-1-0.dll

Filesize
20KB

MD5
2e8995e2320e313545c3ddb5c71dc232

SHA1
45d079a704bec060a15f8eba3eab22ac5cf756c6

SHA256
c55eb043454ac2d460f86ea26f934ecb16bdb1d05294c168193a05090bf1c56c

SHA512
19adcc5dd98f30b4eebefe344e1939c93c284c802043ea3ac22654cf2e23692f868a00a482c9be1b1e88089a5031fa81a3f1165175224309828bd28ee12f2d49

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswB065.tmp\InstallOptions.dll

Filesize
21KB

MD5
155760cb4de7fe4968e6734747e92e8a

SHA1
f02e8522c6b2eccda98b24be0ad362e4470829e8

SHA256
f01183b779b69f5185c3e1e82f2eb3b7c3a6c179e614cb080357d33841c2df33

SHA512
7c4f5465c5770c3964ae07e7e9a260015c932fab93c209cd19f9dc8429846fc60e5e4f55e314fd97a04c771ce134809b10f0b3dac94e01fd2c1790b37c64e66b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswB065.tmp\InstallOptions.dll

Filesize
21KB

MD5
155760cb4de7fe4968e6734747e92e8a

SHA1
f02e8522c6b2eccda98b24be0ad362e4470829e8

SHA256
f01183b779b69f5185c3e1e82f2eb3b7c3a6c179e614cb080357d33841c2df33

SHA512
7c4f5465c5770c3964ae07e7e9a260015c932fab93c209cd19f9dc8429846fc60e5e4f55e314fd97a04c771ce134809b10f0b3dac94e01fd2c1790b37c64e66b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswB065.tmp\System.dll

Filesize
26KB

MD5
5c2674f6fb2f2a7c2987ec137e5abd4d

SHA1
ce0410b83c2f0e3dc21759aadcfb8a11d43117d4

SHA256
91d60522037aa7369f3c86da6549bcf31c52754946b32386d8063bd6d6b10596

SHA512
c3730103a30f029d52b336ca808d8998bf256162381224b7939c9dd21ecda6d219bf0d077cd611f1bd968bd4ed1166e8b0dfa1544c3344ff84a3745f9deb8e98

Download Submit
C:\Users\Admin\Downloads\Installer-7.0.exe

Filesize
87.9MB

MD5
fa3aa2fea631ab719589a46d3a6b035b

SHA1
785b8947d407a73b75c37f85d40d46afd1613629

SHA256
ce8c6b29ad3aee621b248d2b808b5b8dfe8219a850ae4b2d9ae70d435428f34b

SHA512
a123b5f8b331f093c371bf33ee58df8ad1a5e19d40c37b023c96c2a5c3d221e86201cde3b9bc8c8a6b0f07cda8ced1984f90879a31d9d5b39757a96574a5b425

Download Submit
C:\Users\Admin\Downloads\Installer-7.0.exe

Filesize
87.9MB

MD5
fa3aa2fea631ab719589a46d3a6b035b

SHA1
785b8947d407a73b75c37f85d40d46afd1613629

SHA256
ce8c6b29ad3aee621b248d2b808b5b8dfe8219a850ae4b2d9ae70d435428f34b

SHA512
a123b5f8b331f093c371bf33ee58df8ad1a5e19d40c37b023c96c2a5c3d221e86201cde3b9bc8c8a6b0f07cda8ced1984f90879a31d9d5b39757a96574a5b425

Download Submit
memory/1492-254-0x00000249C9F90000-0x00000249CAF90000-memory.dmp

Filesize
16.0MB

Download
memory/1492-227-0x00000249C9F90000-0x00000249CAF90000-memory.dmp

Filesize
16.0MB

Download
memory/1492-258-0x00000249C9F90000-0x00000249CAF90000-memory.dmp

Filesize
16.0MB

Download
memory/1492-257-0x00000249C9F90000-0x00000249CAF90000-memory.dmp

Filesize
16.0MB

Download
memory/1492-256-0x00000249C9F90000-0x00000249CAF90000-memory.dmp

Filesize
16.0MB

Download
memory/1492-214-0x00000249C9F90000-0x00000249CAF90000-memory.dmp

Filesize
16.0MB

Download
memory/1492-245-0x00000249C9F90000-0x00000249CAF90000-memory.dmp

Filesize
16.0MB

Download
memory/1492-243-0x00000249C9F90000-0x00000249CAF90000-memory.dmp

Filesize
16.0MB

Download
memory/1492-233-0x00000249C9F90000-0x00000249CAF90000-memory.dmp

Filesize
16.0MB

Download
memory/1492-255-0x00000249C9F90000-0x00000249CAF90000-memory.dmp

Filesize
16.0MB

Download
memory/1492-239-0x00000249C9F90000-0x00000249CAF90000-memory.dmp

Filesize
16.0MB

Download
memory/1492-215-0x00000249C9F90000-0x00000249CAF90000-memory.dmp

Filesize
16.0MB

Download
memory/1492-246-0x00000249C9F90000-0x00000249CAF90000-memory.dmp

Filesize
16.0MB

Download
memory/1492-247-0x00000249C9F90000-0x00000249CAF90000-memory.dmp

Filesize
16.0MB

Download
memory/1492-249-0x00000249C9F90000-0x00000249CAF90000-memory.dmp

Filesize
16.0MB

Download
memory/1492-253-0x00000249C9F90000-0x00000249CAF90000-memory.dmp

Filesize
16.0MB

Download
memory/1492-193-0x00000249C9F90000-0x00000249CAF90000-memory.dmp

Filesize
16.0MB

Download
memory/2604-136-0x0000000002880000-0x0000000003880000-memory.dmp

Filesize
16.0MB

Download
memory/2732-173-0x0000020A94030000-0x0000020A95030000-memory.dmp

Filesize
16.0MB

Download
memory/2732-259-0x0000020A94030000-0x0000020A95030000-memory.dmp

Filesize
16.0MB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads