be432f760e277fcdc786058e9b4ab3857c754045159fa1b150b528a357afb430

Analysis

max time kernel
148s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
03-04-2023 03:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
Size

6.7MB
MD5

65c6c55ff7a297cb8038ed701d6cdef1
SHA1

70bc9fabbc72224d3ad5ad54211e2e6865aefc9c
SHA256

8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486
SHA512

80521a7a5592d6bd52187af31c6a293802a7d654308ec0f3aab234e3e0df294b7439d510973bc8db5ea85bb1a80e5532fdbcf9f75e401935046441065ab1dac6
SSDEEP

98304:2TOYcpeE6kT/hh5UhamPSzGOljFbY/qAt8Z06Sgn6W9BO+xmLaGDaQHmm/z:moehkKhhaz/lBbY/qAtifSZOt8aeb

Score

8^/10

bootkit discovery persistence

Malware Config

Signatures

Downloads MZ/PE file

Loads dropped DLL 8 IoCs

Processes:

8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe

pid	process
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1067

Processes:

8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe

description ioc process

File opened for modification \??\PhysicalDrive0 8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe

Drops file in Program Files directory 64 IoCs

Processes:

8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe

description	ioc	process
File created	C:\Program Files (x86)\Ludashi\Utils\cef\locales\hi.pak	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
File created	C:\Program Files (x86)\Ludashi\Utils\cef\locales\lv.pak	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
File created	C:\Program Files (x86)\Ludashi\Utils\cef\locales\tr.pak	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
File created	C:\Program Files (x86)\Ludashi\Utils\cef\version.txt	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
File created	C:\Program Files (x86)\Ludashi\Utils\cef\cef_resources.pak	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
File opened for modification	C:\Program Files (x86)\Ludashi\Utils\cef\locales\et.pak	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
File opened for modification	C:\Program Files (x86)\Ludashi\Utils\cef\locales\fi.pak	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
File opened for modification	C:\Program Files (x86)\Ludashi\Utils\cef\locales\id.pak	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
File opened for modification	C:\Program Files (x86)\Ludashi\Utils\cef\locales\sk.pak	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
File opened for modification	C:\Program Files (x86)\Ludashi\Utils\cef\locales\th.pak	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
File opened for modification	C:\Program Files (x86)\Ludashi\Utils\cef	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
File opened for modification	C:\Program Files (x86)\Ludashi\Utils\cef\locales\ar.pak	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
File opened for modification	C:\Program Files (x86)\Ludashi\Utils\cef\locales\nl.pak	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
File created	C:\Program Files (x86)\Ludashi\Utils\cef\locales\pt-PT.pak	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
File opened for modification	C:\Program Files (x86)\Ludashi\Utils\cef\locales\tr.pak	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
File opened for modification	C:\Program Files (x86)\Ludashi\Utils\cef\locales\vi.pak	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
File created	C:\Program Files (x86)\Ludashi\Utils\cef\snapshot_blob.bin	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
File opened for modification	C:\Program Files (x86)\Ludashi\Utils\cef\cef_100_percent.pak	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
File created	C:\Program Files (x86)\Ludashi\Utils\cef\locales\bg.pak	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
File created	C:\Program Files (x86)\Ludashi\Utils\cef\locales\ca.pak	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
File created	C:\Program Files (x86)\Ludashi\Utils\cef\locales\fi.pak	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
File created	C:\Program Files (x86)\Ludashi\Utils\cef\locales\nb.pak	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
File created	C:\Program Files (x86)\Ludashi\Utils\cef\locales\sl.pak	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
File opened for modification	C:\Program Files (x86)\Ludashi\Utils\cef\widevinecdmadapter.dll	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
File created	C:\Program Files (x86)\Ludashi\Utils\cef\locales\da.pak	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
File created	C:\Program Files (x86)\Ludashi\Utils\cef\locales\es-419.pak	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
File opened for modification	C:\Program Files (x86)\Ludashi\Utils\cef\locales\es.pak	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
File opened for modification	C:\Program Files (x86)\Ludashi\Utils\cef\locales\pt-BR.pak	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
File created	C:\Program Files (x86)\Ludashi\Utils\cef\locales\el.pak	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
File created	C:\Program Files (x86)\Ludashi\Utils\cef\locales\es.pak	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
File created	C:\Program Files (x86)\Ludashi\Utils\cef\locales\zh-CN.pak	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
File opened for modification	C:\Program Files (x86)\Ludashi\Utils\cef\snapshot_blob.bin	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
File opened for modification	C:\Program Files (x86)\Ludashi\Utils\cef\locales\bn.pak	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
File opened for modification	C:\Program Files (x86)\Ludashi\Utils\cef\locales\sw.pak	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
File opened for modification	C:\Program Files (x86)\Ludashi\Utils\cef\locales\lv.pak	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
File created	C:\Program Files (x86)\Ludashi\Utils\cef\locales\sk.pak	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
File opened for modification	C:\Program Files (x86)\Ludashi\Utils\cef\cef_200_percent.pak	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
File created	C:\Program Files (x86)\Ludashi\Utils\cef\locales\fa.pak	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
File created	C:\Program Files (x86)\Ludashi\Utils\cef\locales\ms.pak	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
File opened for modification	C:\Program Files (x86)\Ludashi\Utils\cef\locales\da.pak	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
File opened for modification	C:\Program Files (x86)\Ludashi\Utils\cef\locales\lt.pak	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
File opened for modification	C:\Program Files (x86)\Ludashi\Utils\cef\locales\fil.pak	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
File opened for modification	C:\Program Files (x86)\Ludashi\Utils\cef\locales\hi.pak	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
File created	C:\Program Files (x86)\Ludashi\Utils\cef\locales\nl.pak	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
File opened for modification	C:\Program Files (x86)\Ludashi\Utils\cef\locales\pl.pak	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
File opened for modification	C:\Program Files (x86)\Ludashi\Utils\cef\locales\uk.pak	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
File opened for modification	C:\Program Files (x86)\Ludashi\updatecfg.ini	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
File opened for modification	C:\Program Files (x86)\Ludashi\Utils\cef\LdsCefView.exe.manifest	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
File opened for modification	C:\Program Files (x86)\Ludashi\Utils\cef\LICENSE.txt	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
File created	C:\Program Files (x86)\Ludashi\Utils\cef\locales\gu.pak	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
File opened for modification	C:\Program Files (x86)\Ludashi\Utils\cef\locales\mr.pak	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
File opened for modification	C:\Program Files (x86)\Ludashi\Utils\cef\locales\sv.pak	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
File opened for modification	C:\Program Files (x86)\Ludashi\Utils\cef\locales\ta.pak	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
File opened for modification	C:\Program Files (x86)\Ludashi\Utils\cef\libEGL.dll	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
File created	C:\Program Files (x86)\Ludashi\Utils\cef\cef.pak	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
File created	C:\Program Files (x86)\Ludashi\Utils\cef\locales\fr.pak	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
File created	C:\Program Files (x86)\Ludashi\Utils\cef\locales\th.pak	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
File created	C:\Program Files (x86)\Ludashi\Utils\cef\locales\cs.pak	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
File created	C:\Program Files (x86)\Ludashi\Utils\cef\locales\ro.pak	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
File created	C:\Program Files (x86)\Ludashi\Utils\cef\locales\he.pak	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
File opened for modification	C:\Program Files (x86)\Ludashi\Utils\cef\locales\ms.pak	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
File opened for modification	C:\Program Files (x86)\Ludashi\Utils\cef\d3dcompiler_43.dll	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
File created	C:\Program Files (x86)\Ludashi\Utils\cef\libcef.dll	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
File opened for modification	C:\Program Files (x86)\Ludashi\Utils\cef\libcef.dll	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies system certificate store 2 TTPs 5 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

Processes:

8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f6200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 5c000000010000000400000000080000190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f6200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa604000000010000001000000087ce0b7b2a0e4900e158719b37a893722000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

Processes:

8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe

pid	process
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes:

8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe

description	pid	process
Token: SeDebugPrivilege	4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
Token: SeDebugPrivilege	4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
Token: SeDebugPrivilege	4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
Token: SeDebugPrivilege	4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe

pid	process
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe

pid	process
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
4260	8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe

C:\Users\Admin\AppData\Local\Temp\8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe
"C:\Users\Admin\AppData\Local\Temp\8f1d957803f3501d26f385df4f2f92408b9bd1cbf825ac7bce3584a495253486.exe"
1⤵
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Drops file in Program Files directory
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4260

C:\Program Files (x86)\Ludashi\Utils\LdsHelper.exe
"C:\Program Files (x86)\Ludashi\Utils\LdsHelper.exe"
2⤵
PID:3860

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

T1067

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Ludashi\ComputerZTray.exe
Filesize
1.1MB

MD5
fa1b5c8f3b84f509998607944695b50f

SHA1
a4f8893ba06ada1c10802edc8e1f448408498d4b

SHA256
7e99815c978b5503439e146b87c026b322316e93b42274ce2eca9418c0221cd5

SHA512
664bbbb2bae32545b2a3fb16526881e677d2b46a5f0db9d287c338036565f61be77033650b447630e2eceda3311c6826e1f6810a4f4d4ebf41a73647defe05c6

Download Submit
C:\Program Files (x86)\Ludashi\ComputerZ_CN.exe
Filesize
3.7MB

MD5
b833bcb9bfe16563c36be0c430b848b9

SHA1
a90866f92d6c8af51f58baf08a2982ada27233cb

SHA256
e50ded7fa0ba74eb10bccc03f9fdb022d9fb6bbc68bc4755f7324e5f2cc36ebc

SHA512
3c47f162c7503450d4c9ba1e499aa222e47211f96815db2f0d33659758cdcc27801271f33677142f8092cdbc80c7fd1910a29197846d61f073928afb40dc071b

Download Submit
C:\Program Files (x86)\Ludashi\ComputerZ_CN.exe
Filesize
1.1MB

MD5
ef9ec4bf1d9a070fef3f82fbfe7a018b

SHA1
a0d774858e715f36a274fdd9e5637b5acfe6e569

SHA256
125cbaa48cfa8085b72deb8fa1a4fef4eb6bb3dadcec8572af268717ec4943b0

SHA512
f74be883554be60381d0b5eaf0855b7d35040afae650c6357dff32e0270dc5d300b578268973bb78e7f75f14366e6418c7f688f791a97300197651b8ce54670b

Download Submit
C:\Program Files (x86)\Ludashi\HardwareProtectEx.sys
Filesize
823KB

MD5
17886cea8ca119d81c18386db2d60dcb

SHA1
f32ee26e2f714274cdd0263c5d283ba7acaf8556

SHA256
0ec17f2a91a39ac5bbfcfedcbf2b2d6203cffd6cb4acff1100a17e7947143aa9

SHA512
c6dbf58f3f655f41a0488f0b508ddd9b29963c9259b8b5ae6cd6b7ab65a7715715f05a0fc3bd91744b69dd5be30decb788b61c1ff8b2c91e32ece98a9b97f8c1

Download Submit
C:\Program Files (x86)\Ludashi\HardwareProtectEx_x64.sys
Filesize
1.5MB

MD5
e0214b87cfd2696be7251a9a172c5c3c

SHA1
32b14f8c830e9c2be4ea5e6a6306e8b03d44f15f

SHA256
e7387e12a0cddaa29a6397f226fdf21143d4c5419500cc614c09a555bb3bda00

SHA512
16caaa2af15504463963373b8e14ade78d8024e5e4b4d9a821dcee1441baa0dc1f38e06d9bff9d2488436ac09d1fb12865759e79e3ce75a57fab9ed5bfdfe10e

Download Submit
C:\Program Files (x86)\Ludashi\HardwareProtectSlim.sys
Filesize
717KB

MD5
bc999ef2f36ff70d992fa3b67e514cfb

SHA1
304dd7e223ea1e18e983360bc9dd003985ba1b58

SHA256
b78ec94f6512f32d431bafb074cecd8480210ee9b9b2a40eb889414e7f7a0423

SHA512
f580ac422ccc8e1eb44b128b16c013551f52a269bb2424f394fceed43d4552caad3f7a32e5a1419bcf5a7437013838a84f62ae31f2ead651ddcffe5d94f9e3eb

Download Submit
C:\Program Files (x86)\Ludashi\HardwareProtectSlim_x64.sys
Filesize
1.3MB

MD5
d2840a4a5a86bf1047724cc06b37a2e8

SHA1
811b7ec3b686393827d47b67f30b6cee1b6b92e6

SHA256
b090e6fbea1a7260b195ccf58564719405efadf7b3b5eb80d1564389f04c9bbc

SHA512
90cbb26c020ddf2583a9edfeaf52c9350629996af9e473b7fcb4bff342019095d847450455ad3a88087030e3b12bca36d4f5f2aa1a0b8ef566e6f5eea79bceed

Download Submit
C:\Program Files (x86)\Ludashi\Utils\7z.dll
Filesize
1.1MB

MD5
2706693dda10c6cc79eed24c56d4e5ef

SHA1
4f34ef1bd49273a0d260b9dab15c73eb0ccb6383

SHA256
0edad8a1af22d5b97c1f324791c86243a6ecce7b5a9d2f30415af99aba9129c3

SHA512
7e7f7ae894528587ba33b6e10999549bb9a2ec2748b5662fa1b8806e5f4ce33af47507b3ef2954f2747a76b5b7c775c1cd671061f577c5016d1f8ba165bbe21c

Download Submit
C:\Program Files (x86)\Ludashi\Utils\7z.dll
Filesize
1.1MB

MD5
2706693dda10c6cc79eed24c56d4e5ef

SHA1
4f34ef1bd49273a0d260b9dab15c73eb0ccb6383

SHA256
0edad8a1af22d5b97c1f324791c86243a6ecce7b5a9d2f30415af99aba9129c3

SHA512
7e7f7ae894528587ba33b6e10999549bb9a2ec2748b5662fa1b8806e5f4ce33af47507b3ef2954f2747a76b5b7c775c1cd671061f577c5016d1f8ba165bbe21c

Download Submit
C:\Program Files (x86)\Ludashi\Utils\CefHelper.dll
Filesize
477KB

MD5
91d986307ab1e56f7f77710664cdb70d

SHA1
18fe10c7b1ec55632c03b9f06f9d881a022c970a

SHA256
d85bfd004e2ca8dbdfa72a4bdcb1510df76ed56d46ef5128500883c8c7f7c8fb

SHA512
480659e912ef3053a4542eb2e8eaa3a70df92569e9834d950d9d7ee07e8c9d740b59f1eaed90276454ab71211da41d2f3d945cc486539cba7be3a5c5c0a61e32

Download Submit
C:\Program Files (x86)\Ludashi\Utils\CefHelper.dll
Filesize
477KB

MD5
91d986307ab1e56f7f77710664cdb70d

SHA1
18fe10c7b1ec55632c03b9f06f9d881a022c970a

SHA256
d85bfd004e2ca8dbdfa72a4bdcb1510df76ed56d46ef5128500883c8c7f7c8fb

SHA512
480659e912ef3053a4542eb2e8eaa3a70df92569e9834d950d9d7ee07e8c9d740b59f1eaed90276454ab71211da41d2f3d945cc486539cba7be3a5c5c0a61e32

Download Submit
C:\Program Files (x86)\Ludashi\Utils\CefHelper.dll
Filesize
477KB

MD5
91d986307ab1e56f7f77710664cdb70d

SHA1
18fe10c7b1ec55632c03b9f06f9d881a022c970a

SHA256
d85bfd004e2ca8dbdfa72a4bdcb1510df76ed56d46ef5128500883c8c7f7c8fb

SHA512
480659e912ef3053a4542eb2e8eaa3a70df92569e9834d950d9d7ee07e8c9d740b59f1eaed90276454ab71211da41d2f3d945cc486539cba7be3a5c5c0a61e32

Download Submit
C:\Program Files (x86)\Ludashi\Utils\CefRes.dll
Filesize
24.2MB

MD5
009b2a92ea877e1c8b33b13cc17137d4

SHA1
fe41711307e7a596e5b30f0ac00d7b75a6002d04

SHA256
6af751a5f0b73c1ccb723afd0089ea7bcecf0e302afe03f10040fb9c11ce05c1

SHA512
6b68d45bd7707e4bfa3bf8ed0bb9f73205c5c002c634d9e6619a1e7996859d6cf6624037b8cb0c730a7965d8dd7566121401bf4726484814879cb6372684fc0f

Download Submit
C:\Program Files (x86)\Ludashi\Utils\CefRes.dll
Filesize
24.2MB

MD5
009b2a92ea877e1c8b33b13cc17137d4

SHA1
fe41711307e7a596e5b30f0ac00d7b75a6002d04

SHA256
6af751a5f0b73c1ccb723afd0089ea7bcecf0e302afe03f10040fb9c11ce05c1

SHA512
6b68d45bd7707e4bfa3bf8ed0bb9f73205c5c002c634d9e6619a1e7996859d6cf6624037b8cb0c730a7965d8dd7566121401bf4726484814879cb6372684fc0f

Download Submit
C:\Program Files (x86)\Ludashi\Utils\CefRes.dll
Filesize
8.1MB

MD5
78625ecd8833b5464fee8b8781fcf11a

SHA1
8eb2da3eb583223f7be62ecc8b7327f32a5381c6

SHA256
1574798c08634a412195e5a59c1139a5776bdd31db510f5fd8a1bf4fba92edf7

SHA512
8e319acf441b64f397c7f0e192e3cdb9a18f15a2fd05c281c4f30ccfa5336ec7313e9661640ed7c71ee445f72dc7ed72d3c1567c06223836389353dd4c84c5f9

Download Submit
C:\Program Files (x86)\Ludashi\Utils\ComputerZ12.dll
Filesize
956KB

MD5
d4bedaf01cc67ad161cd454cff3ddb93

SHA1
36571a19ae58c8ae9d1505cc0b6b673be47b1756

SHA256
019380b69ab5410d923abc86487d636e28dc51fb03015ef15b7c5be7be13b4b3

SHA512
d121d8d2676f6426aa94ee31af93c60ce72b451c8d48cf1e98ce844fba997da859a2140e7d2f4fd2c34ca9f1fd1ace3b8a84c8befa74d035879a036b0671ea3c

Download Submit
C:\Program Files (x86)\Ludashi\Utils\ComputerZ12_x64.dll
Filesize
1.2MB

MD5
0e426bd24d7a8b9058622259a6da352b

SHA1
ab833eee8362f1f32537a436e1fb95b810010db4

SHA256
a876bee4db2c330ca4d6e959ba878c28a2032d2da4a03a1a4b5e1dae9c8612d5

SHA512
d7c90110f053158db57e1d1d6d9790dff03efda64b2186a0b0da26bde06d58a77d580cfc497ebe037cdf7da398292b7b1e35b377f52bd6f60f5699aca4f39200

Download Submit
C:\Program Files (x86)\Ludashi\Utils\ComputerZ8.dll
Filesize
241KB

MD5
08d4addb59ec78303aeeb2b08030defb

SHA1
ea058e83945ef8e20712ff1c7659d528362d1b46

SHA256
c27454a2e8b56665a9282fd774b8568da3aad3a00b1ff673c5115a28acdb5f25

SHA512
ef792cda42ebca4ea3c6547b0c7f4d1aa603cb71922db154b96b22deef6ba22d1a5cb23849cf168281aaf7c956fbd46976e929ae15f3295491724c363e567b6c

Download Submit
C:\Program Files (x86)\Ludashi\Utils\ComputerZ8_x64.dll
Filesize
288KB

MD5
5a0f33714bf8ae637fb6800473819af7

SHA1
b788684a669362765f472083fc316f7d36c0eeaf

SHA256
f2e0d6fa5d7590bfc694ffe222e503dc7171ce585bde4feec3f165899caf09a1

SHA512
71113af332c7e78a8cf9a1a7221d4c10c8b6db6f61f739b3ed3755d50e130dbe26e6a73e2c370be5fb9c89ea3f711f5027a19e8df32920407fe8fb67a5236dae

Download Submit
C:\Program Files (x86)\Ludashi\Utils\LDSBasic.dll
Filesize
1.7MB

MD5
2d3d1b3fd61d0230161b1c43e367df45

SHA1
a1090c691dd54b9bc2509c0e81d00cfeb6c2db32

SHA256
fb3b48b2980ac6cbecd7c579a58e0358dcfe03ea2d66c839e965627c4612a619

SHA512
217f7f1f41c26e0ac9910d10f0ff2d538acc0156595244f33d4bce018a8097d1911d5a668e3a6d889e5147b27a40b7cd6904e2d8e1d49dd53eb184468fdb1764

Download Submit
C:\Program Files (x86)\Ludashi\Utils\LdsHelper.exe
Filesize
871KB

MD5
789ff3ad5461728f393f86ffc0351fc6

SHA1
c5d994ac9dfe8440ddc9fd4c8cebe9776cf13356

SHA256
ae9ea86fcc401d29e5b92e2cb6e6b6fe0cfbee7408f781b2e217a509a533cc94

SHA512
c7500c88125b278de8e17a602d96d26b703aabbbd3624913afa0e56d313ec0a8abc0080794061de8e5f4688bf45c0aa136019509420437222e8452e5da8c62c1

Download Submit
C:\Program Files (x86)\Ludashi\Utils\LdsVolumeCtrl.dll
Filesize
104KB

MD5
e3de14a4c2e1ea9c73d6e865a0fab837

SHA1
489f2b30c5e6c2af516e69ccad1f96d34411e66c

SHA256
23785aa5bae50bf822f3b2306fda41743b5937d770a8d9f391fae8f50497e20b

SHA512
941d8ec98afa5acd4b6a9d52c126e86c1e1f3460660171f70631124a422ec24b7f3c9ceca17eca01142b398a71cda045e136ffd420c01eba8cc4c883ef0cb0ef

Download Submit
C:\Program Files (x86)\Ludashi\Utils\Ldshelper.exe
Filesize
871KB

MD5
789ff3ad5461728f393f86ffc0351fc6

SHA1
c5d994ac9dfe8440ddc9fd4c8cebe9776cf13356

SHA256
ae9ea86fcc401d29e5b92e2cb6e6b6fe0cfbee7408f781b2e217a509a533cc94

SHA512
c7500c88125b278de8e17a602d96d26b703aabbbd3624913afa0e56d313ec0a8abc0080794061de8e5f4688bf45c0aa136019509420437222e8452e5da8c62c1

Download Submit
C:\Program Files (x86)\Ludashi\Utils\Ldshelper.exe
Filesize
871KB

MD5
789ff3ad5461728f393f86ffc0351fc6

SHA1
c5d994ac9dfe8440ddc9fd4c8cebe9776cf13356

SHA256
ae9ea86fcc401d29e5b92e2cb6e6b6fe0cfbee7408f781b2e217a509a533cc94

SHA512
c7500c88125b278de8e17a602d96d26b703aabbbd3624913afa0e56d313ec0a8abc0080794061de8e5f4688bf45c0aa136019509420437222e8452e5da8c62c1

Download Submit
C:\Program Files (x86)\Ludashi\Utils\LuDaShiHelper.dll
Filesize
164KB

MD5
48484aa35450ac9595af42af04dd7f4e

SHA1
734653c55ba2a66e893b3884e9fe31d57851051c

SHA256
04b4b37315904097e7d12d72400dd43c3f1afa39147f974299e506a152a75542

SHA512
cafcb978b36c0ad7aa4255f207dcd7b69c32217c959f03c4a63dd6f67d4f9a7e1fd008787f2ba38deabeefb5e4b58c1a7e274baf327005ad35e33b0f00758a3c

Download Submit
C:\Program Files (x86)\Ludashi\Utils\NavAd.dll
Filesize
281KB

MD5
b235e69a3ae8f02e68bb94190bd238f9

SHA1
7747450aa888f6a59258c574a2a5a0cef5a06d54

SHA256
c4a019be64262055113cbc0be66d57eb56d750fd0cf57af623d589c94d3dc1c1

SHA512
9cb74d447accfed346292370de31cef6b1c53a29b7d9a4b147dc50840941cee6ee65147ca8dc71c7cf4491e88fee1c6f0a86183c65f2bf22ab8cb38a4eef489a

Download Submit
C:\Program Files (x86)\Ludashi\Utils\NavLauncher.dll
Filesize
111KB

MD5
81c7432015c24ed91800f759dc2bfabc

SHA1
d94828fd9dca99f840701437a1c041f647c58dfc

SHA256
b3b6820713c5c8e6354eb8a48f83d18ab7253b2dbec38d2b6e49a550fb18edea

SHA512
950067663e276aee30a912602c8ba7a00bc18d8e9cb3417da51be068a44e6e54eb31d6f8ec92e68ec84275926abd75517ec0c289ddb804d952fc0bce3c795ca4

Download Submit
C:\Program Files (x86)\Ludashi\Utils\NavLauncher64.dll
Filesize
392KB

MD5
fdc2298ccfff6d6b43c2d0f7779ef9dd

SHA1
8bb48b41cf55f9baf177eee720ad7cf3fe3ebce0

SHA256
97e71f6b65f749b070d47d22bf0c5776d79180e19cd4bbbb5a9a33da037ef5c3

SHA512
0024dd6e63e6de0d7b585ea0f03eb6bd4dd30104a70861eb2b09bbe7d577a4f25a6941f0dd2513b51a73b979a174d92afc81507085e2d784dfc7b81e7414c8a7

Download Submit
C:\Program Files (x86)\Ludashi\Utils\PCStoreSetup_officialwebsite.dll
Filesize
8.4MB

MD5
32ed47d4afc28e05e2a8f414469ab358

SHA1
00f99f223bc9f674b12f6a4f875530cfc1697fa8

SHA256
d97f4a05964c729a80b799230c528270f061c1839bbeb458563d8cad2d66a617

SHA512
98b44a64db0661e425fa8828a71446c215e23ae8ae245184aed2a4ba8ce4f19ab8c271c19990ffe8cc941d6e4f8a94c205272c17827ab26e22debe6403300206

Download Submit
C:\Program Files (x86)\Ludashi\Utils\PageMgr.dll
Filesize
425KB

MD5
019559fa067a3d9393d6ef37eed4719c

SHA1
35fbd0221ac8bad7a14f8d7fa86750d89fd595bb

SHA256
eff4f5d5632a3ffdc06ee91b80f429df3a85d3b4c73916a2a08fac433230bdbd

SHA512
48b6fc945d356ca57e0c72249f39d1fd1adbec6276050c0cce247d725a3a1162a3c61c0badcbd0180f16abd705969f1ad7ab2f9de331b1e3521bd0c959b96eba

Download Submit
C:\Program Files (x86)\Ludashi\Utils\Pop.dll
Filesize
779KB

MD5
f6deffeb114254e0bcece46eb8951a5b

SHA1
b1ba2d37c6fb3776e525ae0de522e6939715f36b

SHA256
7d2d9b02acbee9a0afe04d6e7f9d3f4336ca9e31cfa0ad73c8bfc031fb0058e0

SHA512
9e2f830e08bf8aaac84c7b757a7bbc5b763141710015ae41dc075effb375fd7915700be05d78a9661be8d3543ae02029f02d15e1c21f98988e16800d607427da

Download Submit
C:\Program Files (x86)\Ludashi\Utils\PopEx.dll
Filesize
554KB

MD5
c6494b04750e6757252e88cf5c061530

SHA1
e8e0becd8e5daa11529e5d5c3ae3051db6b0ebdd

SHA256
2d7fcf14674527f524f3ec19d090b9c8367cfc7db6533b4e88c6a769836c5597

SHA512
fc45d135239d3273813fb22ba59620b2bf1ce973cab9f7b8a59d47d4347fc7a5f8c3ef97a51c2e859f2f081d8e9e90b7e79ef41371835efb02ea379a2d19952a

Download Submit
C:\Program Files (x86)\Ludashi\Utils\ProductInfo.dat
Filesize
87KB

MD5
c4e602bd780397e61daab7394ae39b28

SHA1
81abf2e28c681d99999a7c046e0629d03031f898

SHA256
e10a0a93fa88bcae6618fcb71051cf3c893bc19409ad6fb9578c2bd8a8fb77f4

SHA512
01e9247813038f4a66f4dc1642542984a95e2ee8d0d1580a52ad7cf5c51e5d8e2fb904a3438955d9600a9f22a51d88cea1f663df309153959beb2099c4efa1fe

Download Submit
C:\Program Files (x86)\Ludashi\Utils\WebDataMgr.dll
Filesize
677KB

MD5
c7053f00f6267d5a5e9cc09df392a651

SHA1
b324e8f786faa6f80f3a6f0fb6523eb270e8af7f

SHA256
ddb9a485fef65a3a92ef94f9169a1ad3996d92d450ac947052eef91be1f0dd79

SHA512
cb78b7c913e8222210037a2cd903781fd99f23bc4433e23de50f4ddc0b8631b94bf730e23729130e0866cccf4272e49160f49d8c87fb7f9a3bed43a9128f899a

Download Submit
C:\Program Files (x86)\Ludashi\Utils\WebView.dll
Filesize
1.9MB

MD5
e68618982c94bc388d59de8cae81ea5a

SHA1
6f472bec25b114292221c87b24aa883f2eb64448

SHA256
3cb47fd6f2e653382c93006dd47eb9d2aca6b47e80c05992a5355cb9843c97ee

SHA512
91c56505ca14d2d621407d5dc0e33c4c10416d4061bd30a5a3d8e9f56f34d02b0a588cbb92d39590249c069e3aceb34bbf826d2539750c4f3fc7343e3d4d5c65

Download Submit
C:\Program Files (x86)\Ludashi\Utils\Websocket.dll
Filesize
1.8MB

MD5
1c659410366b145d81cdbf3c92878faf

SHA1
e87c7811afc4b2fc7c08750a03027381c4cb609e

SHA256
8238b12809fa9540566b373e97e3947a8543d27def5a6cdca428d8516256dffb

SHA512
c82fe7e7943cb9c6d2f5e9f5904ae41096182d2ae777460721f563781305cff9296d470fb118fb4e30ea29f55e67f230de41e604dc418c8fbecd206353487ebb

Download Submit
C:\Program Files (x86)\Ludashi\Utils\arctrl.dll
Filesize
551KB

MD5
5d5ff285798b4fb701632f92a598142d

SHA1
709d2346fd44ae3171afc065589f0db547b49eaf

SHA256
d9dec9914a31e6396349186659c6ffb351cfb0766a8b5f9108fbaa41c92462d5

SHA512
456a41902614f7c838c1cf68a96f551fad428629ac8f0738091f4b9ce73b3862f63ff95d6856f93ddff64578d05998aa0927c29fd03d94b15fe78b121692b942

Download Submit
C:\Program Files (x86)\Ludashi\Utils\arctrl.dll
Filesize
551KB

MD5
5d5ff285798b4fb701632f92a598142d

SHA1
709d2346fd44ae3171afc065589f0db547b49eaf

SHA256
d9dec9914a31e6396349186659c6ffb351cfb0766a8b5f9108fbaa41c92462d5

SHA512
456a41902614f7c838c1cf68a96f551fad428629ac8f0738091f4b9ce73b3862f63ff95d6856f93ddff64578d05998aa0927c29fd03d94b15fe78b121692b942

Download Submit
C:\Program Files (x86)\Ludashi\Utils\arctrl.dll
Filesize
551KB

MD5
5d5ff285798b4fb701632f92a598142d

SHA1
709d2346fd44ae3171afc065589f0db547b49eaf

SHA256
d9dec9914a31e6396349186659c6ffb351cfb0766a8b5f9108fbaa41c92462d5

SHA512
456a41902614f7c838c1cf68a96f551fad428629ac8f0738091f4b9ce73b3862f63ff95d6856f93ddff64578d05998aa0927c29fd03d94b15fe78b121692b942

Download Submit
C:\Program Files (x86)\Ludashi\Utils\instcore.dll
Filesize
411KB

MD5
47b2c31bc568b8692b607bef27f4fa1d

SHA1
00e542b7fca1ee66030adaf40c8bbfaade17dd87

SHA256
36200786c7e9c0b66636b0be13b8d15ceeb21ea797b59b4bd118ac21e3417207

SHA512
bcd09ff477433baf937da073157f1800e0a03a95f792d7b62cb4f0d52b5d6446698192186dcbaf090d9a0627a5c1711d2b1f9d8589495e91268900bde8ea7f19

Download Submit
C:\Program Files (x86)\Ludashi\Utils\js_basic.dll
Filesize
1.1MB

MD5
6cf181e7db1b5d7776ddf5044c6188a9

SHA1
4da3f1865575d3eee8d420ac61015b7b9ef3c4d5

SHA256
4f66bf85f00110ca3ee21d1e038b25c97c13e2f91cd514217ad59fca23ac5c02

SHA512
d2ca52fa7362d7cb830807981b03efd4c78e9bfee2917b16b6b87b9f17393dbf2f938acc68f1f0aef7f55f7d6bf7113c4c06bd4aa1be1d2d196ab86ee050a294

Download Submit
C:\Program Files (x86)\Ludashi\Utils\netul.dll
Filesize
1.9MB

MD5
7c450e5f5ce44c5acb8f3b27f5f1dded

SHA1
095c36b0db24a11389d901540e8b76c7aea518b0

SHA256
480c4c286a55562468d29da6771d38020d81c0af9d3883be10fd4a2f3b50d0ec

SHA512
c70a53d23d70cf93f3f9f40fbcb3cb7d49378185aa0c97683439900f5f2dae0cb7f6e279c856d56299dc993ffca786cd8e52239f2f2806096073f21bb00b63a4

Download Submit
C:\Program Files (x86)\Ludashi\Utils\product_helper.dll
Filesize
727KB

MD5
75654073797ec30585cb0d0531f741a3

SHA1
8d6ea13c4f767191a286fd012b20443772d4341d

SHA256
db382ea923e2ec3da7f004b932faa7854ac723efd3a4d01d87f96d4bb5f145d7

SHA512
ea13fb5c67344540398ee4467c66301681f1bf452bdc7a739d8eb611b98c89cf845e424283f0862e2bcf8650a7f803bf884e6e54f971b2bdd1ccd2a9e2cc103d

Download Submit
C:\Program Files (x86)\Ludashi\Utils\product_helper.dll
Filesize
727KB

MD5
75654073797ec30585cb0d0531f741a3

SHA1
8d6ea13c4f767191a286fd012b20443772d4341d

SHA256
db382ea923e2ec3da7f004b932faa7854ac723efd3a4d01d87f96d4bb5f145d7

SHA512
ea13fb5c67344540398ee4467c66301681f1bf452bdc7a739d8eb611b98c89cf845e424283f0862e2bcf8650a7f803bf884e6e54f971b2bdd1ccd2a9e2cc103d

Download Submit
C:\Program Files (x86)\Ludashi\Utils\product_helper.dll
Filesize
727KB

MD5
75654073797ec30585cb0d0531f741a3

SHA1
8d6ea13c4f767191a286fd012b20443772d4341d

SHA256
db382ea923e2ec3da7f004b932faa7854ac723efd3a4d01d87f96d4bb5f145d7

SHA512
ea13fb5c67344540398ee4467c66301681f1bf452bdc7a739d8eb611b98c89cf845e424283f0862e2bcf8650a7f803bf884e6e54f971b2bdd1ccd2a9e2cc103d

Download Submit
C:\Program Files (x86)\Ludashi\Utils\product_helper.dll
Filesize
727KB

MD5
75654073797ec30585cb0d0531f741a3

SHA1
8d6ea13c4f767191a286fd012b20443772d4341d

SHA256
db382ea923e2ec3da7f004b932faa7854ac723efd3a4d01d87f96d4bb5f145d7

SHA512
ea13fb5c67344540398ee4467c66301681f1bf452bdc7a739d8eb611b98c89cf845e424283f0862e2bcf8650a7f803bf884e6e54f971b2bdd1ccd2a9e2cc103d

Download Submit
C:\Program Files (x86)\Ludashi\Utils\product_helper_x64.dll
Filesize
839KB

MD5
551e02af61cd1324f18ad0951f87eba7

SHA1
8a33d2332f345bb29b7409b7173f590473cc1f2a

SHA256
affe4376e85fb36d30c31ee3cecb5dbd82e97d87d1fd04aff2b35789055189f3

SHA512
e686f1883ebc1ea02a086e916ea315b4404c931e7b854bb31cf38d87a3ad51f840bd6ea0d0fed4489d33e6e9396f345285a76f3f235f94ad2bb3b1ef115e7268

Download Submit
C:\Program Files (x86)\Ludashi\uninst.exe
Filesize
1.8MB

MD5
cdb7bcd1dba461952a30e0230228b86b

SHA1
2bcadb2421a334a4cb47973fcb0bdf7f0858b642

SHA256
8e5d49a673265dc01e73389c21d2984fab56bb1539d7814066cef7fe86e3bc18

SHA512
d0bf8fd3622fbb15dde11671d41ffa6420896e995cc5577f7ca96e6f4ba7741ebc9885fd06383b529a5b013600531f013ba2032e2f36759e0eb0e59205e99ef6

Download Submit
C:\Program Files (x86)\Ludashi\updatecfg.ini
Filesize
9KB

MD5
5da420f9fe691c58dd4bbf34e055a08e

SHA1
6913e849e2c616361bf451b1bab1bbf7b051cf9d

SHA256
7f4b36331c6c2c683b34a6f0f912d41d1cfde140f03ee5375951b12d4219afe7

SHA512
8a2a4686b19f03861ea69dcb840676bfde6b248b9b9503ecd25676ca75198b70ebdfdf4ec0a9c48b181391d1017f154ccf16764218357e55b364a3dc48d02eaf

Download Submit
C:\Program Files (x86)\Ludashi\updatecfg.ini
Filesize
10KB

MD5
ae392a68a95df740fcfc2a78336d5b53

SHA1
f1e832cf47fac32c24266eb949196d89e5f94f78

SHA256
581737229a773e75e01bc1a4e5639bc2cb239fe6831e990d558b8fb203bad269

SHA512
0b89e5a0eb74f8eb7f25284680925fca6d3e977953a267b073123f8bcd7c64ac76a5742ffbd004d610ecbafd191fdaf40248008a3777281a64575477d5219850

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\LZ0AI98S\pc[1].htm
Filesize
37B

MD5
ada78a022ea49f281ec66c46d0e079c2

SHA1
e21d7168ddfb77b723d01e2d8a24001f9524f20b

SHA256
b96fff2e4edb3bd0c1ed901021b69a2dffe7040b022a409b47a66ec4a00d9e91

SHA512
24933940a69bbcd247636316ed9b7373020b86c00984fbed79a7f635c8e4620910d86a3340e58ee57611a9c5c5542e499bc5813416d0e4b640eeb5a7a01756b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\lds_setup.log
Filesize
2KB

MD5
808312619c82d3f2f4b23925dbc2b06e

SHA1
eb90bfcc887d0f1721d73e742a8c0f1812168882

SHA256
31765852c00159e6ceceb1e0f71902b2e8a15825193f2f39a473d684a9935de0

SHA512
41f16ee5a76b63f60b6cbcee1730166ea07dd4f9f97d2093168e3f8bcf2da4b7c2a54020ce1dbcf1b8eaa312827297377b03a9febafd99b12afce34466a1f29f

Download Submit
C:\Users\Admin\AppData\Local\Temp\lds_setup.log
Filesize
2KB

MD5
808312619c82d3f2f4b23925dbc2b06e

SHA1
eb90bfcc887d0f1721d73e742a8c0f1812168882

SHA256
31765852c00159e6ceceb1e0f71902b2e8a15825193f2f39a473d684a9935de0

SHA512
41f16ee5a76b63f60b6cbcee1730166ea07dd4f9f97d2093168e3f8bcf2da4b7c2a54020ce1dbcf1b8eaa312827297377b03a9febafd99b12afce34466a1f29f

Download Submit
C:\Users\Admin\AppData\Local\Temp\lds_setup.log
Filesize
2KB

MD5
808312619c82d3f2f4b23925dbc2b06e

SHA1
eb90bfcc887d0f1721d73e742a8c0f1812168882

SHA256
31765852c00159e6ceceb1e0f71902b2e8a15825193f2f39a473d684a9935de0

SHA512
41f16ee5a76b63f60b6cbcee1730166ea07dd4f9f97d2093168e3f8bcf2da4b7c2a54020ce1dbcf1b8eaa312827297377b03a9febafd99b12afce34466a1f29f

Download Submit
C:\Users\Admin\AppData\Local\Temp\lds_setup.log
Filesize
4KB

MD5
17a56857b8e8538f95a09358d1e87e3c

SHA1
485833356cd1bbd3d5a6977c62ee92401fdbd40a

SHA256
1055a0f742ccdc85c5f011fd9b66d515d4324cf852dff9e107c6653dd8b90b5c

SHA512
726df4e2cd3567885d6b679a5167752c061ca4f12866c90b186d2566b8cd50aa8f8dae3e315b74276685aa6e6126327a2910f5070da64569f07cbe389c97fe4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\{DCA6A79E-063D-422d-A2D8-8E2669CCF2D2}.tmp\NetBridge.dll
Filesize
238KB

MD5
8786d469338c30e0ba9fedfc62bd5197

SHA1
5fb12028ceae9772f938e1b98b699f0e02e32718

SHA256
beeaf8b72f7008e9adabacfcd85e32a50747a0dfb5c86802aeb973bd1f5c3d2f

SHA512
5db1e5b78e62cda81a63e8e712e720f87a7c7a539237a55a9098c076f9fb4e0b5adb83383c23657b4ccc90c117e55e3946a399cdf3d15cb94444b203d9d6c45c

Download Submit
C:\Users\Admin\AppData\Local\Temp\{DCA6A79E-063D-422d-A2D8-8E2669CCF2D2}.tmp\NetBridge.dll
Filesize
238KB

MD5
8786d469338c30e0ba9fedfc62bd5197

SHA1
5fb12028ceae9772f938e1b98b699f0e02e32718

SHA256
beeaf8b72f7008e9adabacfcd85e32a50747a0dfb5c86802aeb973bd1f5c3d2f

SHA512
5db1e5b78e62cda81a63e8e712e720f87a7c7a539237a55a9098c076f9fb4e0b5adb83383c23657b4ccc90c117e55e3946a399cdf3d15cb94444b203d9d6c45c

Download Submit
C:\Users\Admin\AppData\Local\Temp\{DE5951FD-9595-4df0-9DBB-61674A8F0959}.tmp\7z.dll
Filesize
1.1MB

MD5
2706693dda10c6cc79eed24c56d4e5ef

SHA1
4f34ef1bd49273a0d260b9dab15c73eb0ccb6383

SHA256
0edad8a1af22d5b97c1f324791c86243a6ecce7b5a9d2f30415af99aba9129c3

SHA512
7e7f7ae894528587ba33b6e10999549bb9a2ec2748b5662fa1b8806e5f4ce33af47507b3ef2954f2747a76b5b7c775c1cd671061f577c5016d1f8ba165bbe21c

Download Submit
C:\Users\Admin\AppData\Local\Temp\{DE5951FD-9595-4df0-9DBB-61674A8F0959}.tmp\7z.dll
Filesize
1.1MB

MD5
2706693dda10c6cc79eed24c56d4e5ef

SHA1
4f34ef1bd49273a0d260b9dab15c73eb0ccb6383

SHA256
0edad8a1af22d5b97c1f324791c86243a6ecce7b5a9d2f30415af99aba9129c3

SHA512
7e7f7ae894528587ba33b6e10999549bb9a2ec2748b5662fa1b8806e5f4ce33af47507b3ef2954f2747a76b5b7c775c1cd671061f577c5016d1f8ba165bbe21c

Download Submit
C:\Users\Admin\AppData\Roaming\ludashi\setup.dll
Filesize
74.3MB

MD5
dbdeda5c627771ca871dfc1bfc830843

SHA1
016a0fc4b0b8a80c9ddb7d59997851139b225238

SHA256
3d01828c32f3fbd23aecbd4e5213eaff3b62256ee947ba9fd8f04294e14ca47e

SHA512
7713fc4166004bade360d3c764d663b07316dfec6d71b2ca336af0e959da8f51bc8e04389b2fde732fd24a4cd6e5b60c0e54fd6cad9681ca6402c6d41c78c02b

Download Submit
C:\Users\Admin\AppData\Roaming\ludashi\setup.dll
Filesize
74.3MB

MD5
dbdeda5c627771ca871dfc1bfc830843

SHA1
016a0fc4b0b8a80c9ddb7d59997851139b225238

SHA256
3d01828c32f3fbd23aecbd4e5213eaff3b62256ee947ba9fd8f04294e14ca47e

SHA512
7713fc4166004bade360d3c764d663b07316dfec6d71b2ca336af0e959da8f51bc8e04389b2fde732fd24a4cd6e5b60c0e54fd6cad9681ca6402c6d41c78c02b

Download Submit
memory/3860-1913-0x0000000076E40000-0x0000000076E50000-memory.dmp

Filesize
64KB

Download
memory/4260-143-0x0000000076E40000-0x0000000076E50000-memory.dmp

Filesize
64KB

Download
memory/4260-140-0x0000000000410000-0x0000000000F89000-memory.dmp

Filesize
11.5MB

Download
memory/4260-139-0x0000000003140000-0x0000000003141000-memory.dmp

Filesize
4KB

Download
memory/4260-138-0x0000000003120000-0x0000000003121000-memory.dmp

Filesize
4KB

Download
memory/4260-137-0x0000000003110000-0x0000000003111000-memory.dmp

Filesize
4KB

Download
memory/4260-136-0x0000000003100000-0x0000000003101000-memory.dmp

Filesize
4KB

Download
memory/4260-144-0x0000000076E40000-0x0000000076E50000-memory.dmp

Filesize
64KB

Download
memory/4260-135-0x00000000030E0000-0x00000000030E1000-memory.dmp

Filesize
4KB

Download
memory/4260-134-0x00000000030D0000-0x00000000030D1000-memory.dmp

Filesize
4KB

Download
memory/4260-133-0x00000000030C0000-0x00000000030C1000-memory.dmp

Filesize
4KB

Download