Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

MalRepairT...up.exe

windows7-x64

7

MalRepairT...up.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    103s
  • max time network
    116s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/10/2023, 11:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    MalRepairToolkitSetup.exe

  • Size

    6.0MB

  • MD5

    23f2491a8116caf1d2b1f5b39676577f

  • SHA1

    5f51b6110c8f1cdea547ff873778e24cb6b20596

  • SHA256

    a44aaca64d14fa31d3752ae67fe709a3cdec6369f4547792cbe60e4a1f945bf8

  • SHA512

    535ec265ba12da399e8d73f6f7305ddea1bc50a804ae8d09e219ad7819da63bc3949495eda888b66c59ef6628651b266125161187e100e1e24d668732458d187

  • SSDEEP

    98304:00xNLNQWgAERBO59FQr58uXfCB52ceG6XKALJE/mQmN+fmYmVzgdgoB9H:1xNufAVucP6XKk0m9N+fmYmXoTH

Score
10/10
evasionpersistencetrojan

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 2 IoCs
    persistence
  • UAC bypass 3 TTPs 4 IoCs
    evasiontrojan
  • Disables RegEdit via registry modification 1 IoCs
    evasion
  • Disables Task Manager via registry modification
    evasion
  • Sets file execution options in registry 2 TTPs 48 IoCs
    persistence
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 20 IoCs
  • Modifies system executable filetype association 2 TTPs 2 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 2 IoCs
    evasiontrojan
  • Enumerates connected drives 3 TTPs 64 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 4 IoCs
  • Drops file in Windows directory 15 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 5 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Control Panel 6 IoCs
    evasion
  • Modifies data under HKEY_USERS 3 IoCs
  • Modifies registry class 27 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs
  • System policy modification 1 TTPs 6 IoCs
    evasion
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Users\Admin\AppData\Local\Temp\MalRepairToolkitSetup.exe
    "C:\Users\Admin\AppData\Local\Temp\MalRepairToolkitSetup.exe"
    1⤵
    • Checks computer location settings
    • Loads dropped DLL
    • Enumerates connected drives
    • Modifies Control Panel
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:736
    • C:\Users\Admin\AppData\Local\Temp\MalRepairToolkitSetup.exe
      "C:\Users\Admin\AppData\Local\Temp\MalRepairToolkitSetup.exe" /i "C:\Users\Admin\AppData\Roaming\Vichingo455\Malware Repair Toolkit 1.0.0\install\44206DA\MalRepairToolkitSetup.msi" AI_EUIMSI=1 APPDIR="C:\Program Files (x86)\Vichingo455\Malware Repair Toolkit" SHORTCUTDIR="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malware Repair Toolkit" SECONDSEQUENCE="1" CLIENTPROCESSID="736" CHAINERUIPROCESSID="736Chainer" ACTION="INSTALL" EXECUTEACTION="INSTALL" CLIENTUILEVEL="0" ADDLOCAL="MainFeature,RunAsTIExt" PRIMARYFOLDER="APPDIR" ROOTDRIVE="C:\" AI_DETECTED_INTERNET_CONNECTION="1" AI_SETUPEXEPATH="C:\Users\Admin\AppData\Local\Temp\MalRepairToolkitSetup.exe" SETUPEXEDIR="C:\Users\Admin\AppData\Local\Temp\" EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1695918177 " AI_EXTEND_GLASS="26" AI_EXTENDER_IMAGES="GlassBackgroundSmall" TARGETDIR="C:\" AI_SETUPEXEPATH_ORIGINAL="C:\Users\Admin\AppData\Local\Temp\MalRepairToolkitSetup.exe" AI_INSTALL="1"
      2⤵
      • Enumerates connected drives
      PID:4284
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:496
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 8C62E4AA256A14574E10B1AB9532A52B C
      2⤵
      • Loads dropped DLL
      PID:4548
    • C:\Windows\system32\srtasks.exe
      C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
      2⤵
        PID:2844
      • C:\Windows\syswow64\MsiExec.exe
        C:\Windows\syswow64\MsiExec.exe -Embedding 265DE8A71CFD78D7DC185539512CDE31
        2⤵
        • Loads dropped DLL
        PID:4568
    • C:\Windows\system32\vssvc.exe
      C:\Windows\system32\vssvc.exe
      1⤵
      • Checks SCSI registry key(s)
      PID:4160
    • C:\Program Files (x86)\Vichingo455\Malware Repair Toolkit\MalRepairToolkit.exe
      "C:\Program Files (x86)\Vichingo455\Malware Repair Toolkit\MalRepairToolkit.exe"
      1⤵
      • Modifies WinLogon for persistence
      • UAC bypass
      • Disables RegEdit via registry modification
      • Sets file execution options in registry
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Checks whether UAC is enabled
      • Modifies Control Panel
      • Modifies registry class
      • System policy modification
      PID:8

    Network

    MITRE ATT&CK Enterprise v15

    Reconnaissance

    Resource Development

    Initial Access

    Execution

    Persistence

    Boot or Logon Autostart Execution

    2
    T1547

    Registry Run Keys / Startup Folder

    1
    T1547.001

    Winlogon Helper DLL

    1
    T1547.004

    Event Triggered Execution

    1
    T1546

    Change Default File Association

    1
    T1546.001

    Privilege Escalation

    Abuse Elevation Control Mechanism

    1
    T1548

    Bypass User Account Control

    1
    T1548.002

    Boot or Logon Autostart Execution

    2
    T1547

    Registry Run Keys / Startup Folder

    1
    T1547.001

    Winlogon Helper DLL

    1
    T1547.004

    Event Triggered Execution

    1
    T1546

    Change Default File Association

    1
    T1546.001

    Defense Evasion

    Abuse Elevation Control Mechanism

    1
    T1548

    Bypass User Account Control

    1
    T1548.002

    Impair Defenses

    1
    T1562

    Disable or Modify Tools

    1
    T1562.001

    Modify Registry

    5
    T1112

    Credential Access

    Discovery

    Peripheral Device Discovery

    2
    T1120

    Query Registry

    3
    T1012

    System Information Discovery

    5
    T1082

    Lateral Movement

    Collection

    Command and Control

    Exfiltration

    Impact

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Config.Msi\e5825e3.rbs
      Filesize

      11KB

      MD5

      7b7aa2d150d7dad34d9ba1fc294fde78

      SHA1

      5230676118f94f99c53cbe7d4d35149aa26d4073

      SHA256

      920be69a83b592a3c61dfc7c97ab02a6b03c0bc163ed74a6b5e1fd56274bdc3b

      SHA512

      e8c586c6dcad6f20db74e76ac92069d8a220ca4cf06c82729d8cbdfbc00e11de21258a7b559ec7f005c9e567ce9c57e7e8dc32c14af707110597b73d22b05d54

      Download Submit

    • C:\Program Files (x86)\Vichingo455\Malware Repair Toolkit\MalRepairToolkit.exe
      Filesize

      410KB

      MD5

      e29d935c2416c74a58fdf60e21b65af2

      SHA1

      4368c0142656f6d995b719e026aba2e660b51355

      SHA256

      7e57fb0bb8192c120a2135ffce5b54f8fe64374a5e0afa705547569b1939020e

      SHA512

      8ef903322ec8169f6cf4de08e1ba9a8a6e0047b89d33656c9ef478b553f4baf33f0ce182fb3a73cd6fa480145f517e1ded8cfbd74c3b063eb0892b510256c498

      Download Submit

    • C:\Program Files (x86)\Vichingo455\Malware Repair Toolkit\MalRepairToolkit.exe
      Filesize

      410KB

      MD5

      e29d935c2416c74a58fdf60e21b65af2

      SHA1

      4368c0142656f6d995b719e026aba2e660b51355

      SHA256

      7e57fb0bb8192c120a2135ffce5b54f8fe64374a5e0afa705547569b1939020e

      SHA512

      8ef903322ec8169f6cf4de08e1ba9a8a6e0047b89d33656c9ef478b553f4baf33f0ce182fb3a73cd6fa480145f517e1ded8cfbd74c3b063eb0892b510256c498

      Download Submit

    • C:\Program Files (x86)\Vichingo455\Malware Repair Toolkit\MalRepairToolkit.exe.config
      Filesize

      178B

      MD5

      5471f52322053839dafe0a6cb899f97a

      SHA1

      df4bcfc0518ac43b40f3793aadcbbad98dae4cc1

      SHA256

      b019fe7e793a781f26dc79e4189a6b4c81686ef0b2c1bf455562ca5e9ec6bd2b

      SHA512

      62ca2723113e5172a129b374e0303c2b786edf484a868dc87a88b744ed7f10c4e64cec4311475a2ddbcfef6a6543bdc70ea79ccc80f60fd70bd6d1cb3ac0e70e

      Download Submit

    • C:\Program Files (x86)\Vichingo455\Malware Repair Toolkit\Siticone.UI.dll
      Filesize

      1.3MB

      MD5

      750c58af2e56b6addecffcf152520ab8

      SHA1

      14995e7f1d12498606d9d209d78d55fe6fd87802

      SHA256

      27c56a28cbde094157206da1bfcd7a395111ab97b8a5ff600b11c2175dcefb26

      SHA512

      2179790e23f61b3dfea828457f8609279c70b1e071cddc73b1dbda02caa664e0aae2553fc24a4956f9e89c477d66b1a704bde26fa23bc6db26c19e18db00abb5

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_736\backbutton
      Filesize

      9KB

      MD5

      22f47b8e2a1dbe9726bc16559e6a7ef8

      SHA1

      ed6a4aace45a0d41976932aa751d7ff7808b804f

      SHA256

      95ebf0c53bfc4560a16587f3e13e7c0d9864c66317844e6e2b202c56467bba8b

      SHA512

      287b20db94610a7671f83c8de74d319130300aaac70a753cf2acd89c13922ad11e9432feda6b24337779ef85a8aa3d44c1d04ca32a0d01a51061ce3137854c32

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_736\nextcancelbuttons
      Filesize

      3KB

      MD5

      1227bfff63d4150a4c5bf4ca11ba91d6

      SHA1

      4470b6e50385da5588e32a6dcb571fe47ee90d32

      SHA256

      8af4cf03cbab6d7c25d2aa732cc64d4b953650d89fdc37ac866bf97022266e04

      SHA512

      fcd1ab314bb44e2380adc22b2549f60b318c6de404bcfbd6f2f4862753eb3271bc23e81636d5d43e57f72ca985e1164e1c7c54719554ef3bef377ceabed8394d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_736\runapplicationbutton
      Filesize

      18KB

      MD5

      f5a120b564fc7823d1c269b7a6e70473

      SHA1

      1b85466c12f83b7872214f787390614df50eaddb

      SHA256

      c178ed81de4aa8b049efcf0670c10cf2043a51c6be1144ee95d09c1c2afd6087

      SHA512

      96d285759f8a8c5d17d7cac4ef224995dfa09554a3687c7f34e63651888c98a9c60095cd1a71c82030781ff6e7d58b7d49068bd9f53126ff7b775579d3368ace

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\MSI39D4.tmp
      Filesize

      436KB

      MD5

      5788efa607d26332d6d7f5e6a1f6bd6f

      SHA1

      e7749843cc3e89bc81649087de4ad44c93d48bc6

      SHA256

      9fc2608c9e5ef5a88dd91c82660fa297144ba6bbf4602140d638de7233a4625d

      SHA512

      ce472ca4f956da4160cfd9b9051455974e24dd8b23a0b7b197afd1f7552e37980809e523bedc0d4c2f4c9cb6ef300b221e6404e6e6a1b789b67756550ddd2104

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\MSI39D4.tmp
      Filesize

      436KB

      MD5

      5788efa607d26332d6d7f5e6a1f6bd6f

      SHA1

      e7749843cc3e89bc81649087de4ad44c93d48bc6

      SHA256

      9fc2608c9e5ef5a88dd91c82660fa297144ba6bbf4602140d638de7233a4625d

      SHA512

      ce472ca4f956da4160cfd9b9051455974e24dd8b23a0b7b197afd1f7552e37980809e523bedc0d4c2f4c9cb6ef300b221e6404e6e6a1b789b67756550ddd2104

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\MSI74E3.tmp
      Filesize

      436KB

      MD5

      5788efa607d26332d6d7f5e6a1f6bd6f

      SHA1

      e7749843cc3e89bc81649087de4ad44c93d48bc6

      SHA256

      9fc2608c9e5ef5a88dd91c82660fa297144ba6bbf4602140d638de7233a4625d

      SHA512

      ce472ca4f956da4160cfd9b9051455974e24dd8b23a0b7b197afd1f7552e37980809e523bedc0d4c2f4c9cb6ef300b221e6404e6e6a1b789b67756550ddd2104

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\MSI74E3.tmp
      Filesize

      436KB

      MD5

      5788efa607d26332d6d7f5e6a1f6bd6f

      SHA1

      e7749843cc3e89bc81649087de4ad44c93d48bc6

      SHA256

      9fc2608c9e5ef5a88dd91c82660fa297144ba6bbf4602140d638de7233a4625d

      SHA512

      ce472ca4f956da4160cfd9b9051455974e24dd8b23a0b7b197afd1f7552e37980809e523bedc0d4c2f4c9cb6ef300b221e6404e6e6a1b789b67756550ddd2104

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\MSI75ED.tmp
      Filesize

      875KB

      MD5

      01ab8034f722cbac50b8bcfc36e5b2e8

      SHA1

      b25868af5713e37c398b712f19692edd7db2d858

      SHA256

      e5c41b1af4d865b1b4b09a9fcb99a1f6eb2b2a75b148f4390298aff1ea348689

      SHA512

      25e24e4d691b1fecc6991997ace400682bb812d48374f95a14e21a9045d7905f4630f4672e88b41afd7933b11fb81c10935e49aba337b15924cfc7e814ca2558

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\MSI75ED.tmp
      Filesize

      875KB

      MD5

      01ab8034f722cbac50b8bcfc36e5b2e8

      SHA1

      b25868af5713e37c398b712f19692edd7db2d858

      SHA256

      e5c41b1af4d865b1b4b09a9fcb99a1f6eb2b2a75b148f4390298aff1ea348689

      SHA512

      25e24e4d691b1fecc6991997ace400682bb812d48374f95a14e21a9045d7905f4630f4672e88b41afd7933b11fb81c10935e49aba337b15924cfc7e814ca2558

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\MSI81C6.tmp
      Filesize

      575KB

      MD5

      8c1a778e0754301c97a660dbf3e8303b

      SHA1

      f489c45cde796de0d23ee862948f5e50379dee60

      SHA256

      000b773a448b107cbf3268fea3a0eec388daa71c5f911979c5d21f0cd8d6da54

      SHA512

      010e76ed659f73cc263ce9b2d2635d775b296c10e53ba133fba6aacde02ed409b19f4c4e2ba6df7730ddc8669c818e99773f25854a1916ccf8acf9e459482fea

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\MSI81C6.tmp
      Filesize

      575KB

      MD5

      8c1a778e0754301c97a660dbf3e8303b

      SHA1

      f489c45cde796de0d23ee862948f5e50379dee60

      SHA256

      000b773a448b107cbf3268fea3a0eec388daa71c5f911979c5d21f0cd8d6da54

      SHA512

      010e76ed659f73cc263ce9b2d2635d775b296c10e53ba133fba6aacde02ed409b19f4c4e2ba6df7730ddc8669c818e99773f25854a1916ccf8acf9e459482fea

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\MSI8234.tmp
      Filesize

      436KB

      MD5

      5788efa607d26332d6d7f5e6a1f6bd6f

      SHA1

      e7749843cc3e89bc81649087de4ad44c93d48bc6

      SHA256

      9fc2608c9e5ef5a88dd91c82660fa297144ba6bbf4602140d638de7233a4625d

      SHA512

      ce472ca4f956da4160cfd9b9051455974e24dd8b23a0b7b197afd1f7552e37980809e523bedc0d4c2f4c9cb6ef300b221e6404e6e6a1b789b67756550ddd2104

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\MSI8234.tmp
      Filesize

      436KB

      MD5

      5788efa607d26332d6d7f5e6a1f6bd6f

      SHA1

      e7749843cc3e89bc81649087de4ad44c93d48bc6

      SHA256

      9fc2608c9e5ef5a88dd91c82660fa297144ba6bbf4602140d638de7233a4625d

      SHA512

      ce472ca4f956da4160cfd9b9051455974e24dd8b23a0b7b197afd1f7552e37980809e523bedc0d4c2f4c9cb6ef300b221e6404e6e6a1b789b67756550ddd2104

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\MSI8234.tmp
      Filesize

      436KB

      MD5

      5788efa607d26332d6d7f5e6a1f6bd6f

      SHA1

      e7749843cc3e89bc81649087de4ad44c93d48bc6

      SHA256

      9fc2608c9e5ef5a88dd91c82660fa297144ba6bbf4602140d638de7233a4625d

      SHA512

      ce472ca4f956da4160cfd9b9051455974e24dd8b23a0b7b197afd1f7552e37980809e523bedc0d4c2f4c9cb6ef300b221e6404e6e6a1b789b67756550ddd2104

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\MSI82C2.tmp
      Filesize

      436KB

      MD5

      5788efa607d26332d6d7f5e6a1f6bd6f

      SHA1

      e7749843cc3e89bc81649087de4ad44c93d48bc6

      SHA256

      9fc2608c9e5ef5a88dd91c82660fa297144ba6bbf4602140d638de7233a4625d

      SHA512

      ce472ca4f956da4160cfd9b9051455974e24dd8b23a0b7b197afd1f7552e37980809e523bedc0d4c2f4c9cb6ef300b221e6404e6e6a1b789b67756550ddd2104

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\MSI82C2.tmp
      Filesize

      436KB

      MD5

      5788efa607d26332d6d7f5e6a1f6bd6f

      SHA1

      e7749843cc3e89bc81649087de4ad44c93d48bc6

      SHA256

      9fc2608c9e5ef5a88dd91c82660fa297144ba6bbf4602140d638de7233a4625d

      SHA512

      ce472ca4f956da4160cfd9b9051455974e24dd8b23a0b7b197afd1f7552e37980809e523bedc0d4c2f4c9cb6ef300b221e6404e6e6a1b789b67756550ddd2104

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\MSI835F.tmp
      Filesize

      436KB

      MD5

      5788efa607d26332d6d7f5e6a1f6bd6f

      SHA1

      e7749843cc3e89bc81649087de4ad44c93d48bc6

      SHA256

      9fc2608c9e5ef5a88dd91c82660fa297144ba6bbf4602140d638de7233a4625d

      SHA512

      ce472ca4f956da4160cfd9b9051455974e24dd8b23a0b7b197afd1f7552e37980809e523bedc0d4c2f4c9cb6ef300b221e6404e6e6a1b789b67756550ddd2104

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\MSI835F.tmp
      Filesize

      436KB

      MD5

      5788efa607d26332d6d7f5e6a1f6bd6f

      SHA1

      e7749843cc3e89bc81649087de4ad44c93d48bc6

      SHA256

      9fc2608c9e5ef5a88dd91c82660fa297144ba6bbf4602140d638de7233a4625d

      SHA512

      ce472ca4f956da4160cfd9b9051455974e24dd8b23a0b7b197afd1f7552e37980809e523bedc0d4c2f4c9cb6ef300b221e6404e6e6a1b789b67756550ddd2104

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\MSI837F.tmp
      Filesize

      436KB

      MD5

      5788efa607d26332d6d7f5e6a1f6bd6f

      SHA1

      e7749843cc3e89bc81649087de4ad44c93d48bc6

      SHA256

      9fc2608c9e5ef5a88dd91c82660fa297144ba6bbf4602140d638de7233a4625d

      SHA512

      ce472ca4f956da4160cfd9b9051455974e24dd8b23a0b7b197afd1f7552e37980809e523bedc0d4c2f4c9cb6ef300b221e6404e6e6a1b789b67756550ddd2104

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\MSI837F.tmp
      Filesize

      436KB

      MD5

      5788efa607d26332d6d7f5e6a1f6bd6f

      SHA1

      e7749843cc3e89bc81649087de4ad44c93d48bc6

      SHA256

      9fc2608c9e5ef5a88dd91c82660fa297144ba6bbf4602140d638de7233a4625d

      SHA512

      ce472ca4f956da4160cfd9b9051455974e24dd8b23a0b7b197afd1f7552e37980809e523bedc0d4c2f4c9cb6ef300b221e6404e6e6a1b789b67756550ddd2104

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\MSI841C.tmp
      Filesize

      436KB

      MD5

      5788efa607d26332d6d7f5e6a1f6bd6f

      SHA1

      e7749843cc3e89bc81649087de4ad44c93d48bc6

      SHA256

      9fc2608c9e5ef5a88dd91c82660fa297144ba6bbf4602140d638de7233a4625d

      SHA512

      ce472ca4f956da4160cfd9b9051455974e24dd8b23a0b7b197afd1f7552e37980809e523bedc0d4c2f4c9cb6ef300b221e6404e6e6a1b789b67756550ddd2104

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\MSI841C.tmp
      Filesize

      436KB

      MD5

      5788efa607d26332d6d7f5e6a1f6bd6f

      SHA1

      e7749843cc3e89bc81649087de4ad44c93d48bc6

      SHA256

      9fc2608c9e5ef5a88dd91c82660fa297144ba6bbf4602140d638de7233a4625d

      SHA512

      ce472ca4f956da4160cfd9b9051455974e24dd8b23a0b7b197afd1f7552e37980809e523bedc0d4c2f4c9cb6ef300b221e6404e6e6a1b789b67756550ddd2104

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\MSI84F8.tmp
      Filesize

      875KB

      MD5

      01ab8034f722cbac50b8bcfc36e5b2e8

      SHA1

      b25868af5713e37c398b712f19692edd7db2d858

      SHA256

      e5c41b1af4d865b1b4b09a9fcb99a1f6eb2b2a75b148f4390298aff1ea348689

      SHA512

      25e24e4d691b1fecc6991997ace400682bb812d48374f95a14e21a9045d7905f4630f4672e88b41afd7933b11fb81c10935e49aba337b15924cfc7e814ca2558

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\MSI84F8.tmp
      Filesize

      875KB

      MD5

      01ab8034f722cbac50b8bcfc36e5b2e8

      SHA1

      b25868af5713e37c398b712f19692edd7db2d858

      SHA256

      e5c41b1af4d865b1b4b09a9fcb99a1f6eb2b2a75b148f4390298aff1ea348689

      SHA512

      25e24e4d691b1fecc6991997ace400682bb812d48374f95a14e21a9045d7905f4630f4672e88b41afd7933b11fb81c10935e49aba337b15924cfc7e814ca2558

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\MSI8576.tmp
      Filesize

      575KB

      MD5

      8c1a778e0754301c97a660dbf3e8303b

      SHA1

      f489c45cde796de0d23ee862948f5e50379dee60

      SHA256

      000b773a448b107cbf3268fea3a0eec388daa71c5f911979c5d21f0cd8d6da54

      SHA512

      010e76ed659f73cc263ce9b2d2635d775b296c10e53ba133fba6aacde02ed409b19f4c4e2ba6df7730ddc8669c818e99773f25854a1916ccf8acf9e459482fea

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\MSI8576.tmp
      Filesize

      575KB

      MD5

      8c1a778e0754301c97a660dbf3e8303b

      SHA1

      f489c45cde796de0d23ee862948f5e50379dee60

      SHA256

      000b773a448b107cbf3268fea3a0eec388daa71c5f911979c5d21f0cd8d6da54

      SHA512

      010e76ed659f73cc263ce9b2d2635d775b296c10e53ba133fba6aacde02ed409b19f4c4e2ba6df7730ddc8669c818e99773f25854a1916ccf8acf9e459482fea

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\MSI8681.tmp
      Filesize

      436KB

      MD5

      5788efa607d26332d6d7f5e6a1f6bd6f

      SHA1

      e7749843cc3e89bc81649087de4ad44c93d48bc6

      SHA256

      9fc2608c9e5ef5a88dd91c82660fa297144ba6bbf4602140d638de7233a4625d

      SHA512

      ce472ca4f956da4160cfd9b9051455974e24dd8b23a0b7b197afd1f7552e37980809e523bedc0d4c2f4c9cb6ef300b221e6404e6e6a1b789b67756550ddd2104

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\MSI8681.tmp
      Filesize

      436KB

      MD5

      5788efa607d26332d6d7f5e6a1f6bd6f

      SHA1

      e7749843cc3e89bc81649087de4ad44c93d48bc6

      SHA256

      9fc2608c9e5ef5a88dd91c82660fa297144ba6bbf4602140d638de7233a4625d

      SHA512

      ce472ca4f956da4160cfd9b9051455974e24dd8b23a0b7b197afd1f7552e37980809e523bedc0d4c2f4c9cb6ef300b221e6404e6e6a1b789b67756550ddd2104

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\shiAD76.tmp
      Filesize

      4.8MB

      MD5

      77d6c08c6448071b47f02b41fa18ed37

      SHA1

      e7fdb62abdb6d4131c00398f92bc72a3b9b34668

      SHA256

      047e2df9ccf0ce298508ee7f0db0abcb2ff9cff9916b6e8a1fbd806b7a9d064b

      SHA512

      e1aeb8e8b441d755a119f45a465ca5660678f4131984322252bfb6d2cec52e7ee54d65a64b98429b23915eb5707b04b5cd62a85446c60de8842314130a926dbd

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Vichingo455\Malware Repair Toolkit 1.0.0\install\44206DA\MalRepairToolkit.exe
      Filesize

      410KB

      MD5

      e29d935c2416c74a58fdf60e21b65af2

      SHA1

      4368c0142656f6d995b719e026aba2e660b51355

      SHA256

      7e57fb0bb8192c120a2135ffce5b54f8fe64374a5e0afa705547569b1939020e

      SHA512

      8ef903322ec8169f6cf4de08e1ba9a8a6e0047b89d33656c9ef478b553f4baf33f0ce182fb3a73cd6fa480145f517e1ded8cfbd74c3b063eb0892b510256c498

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Vichingo455\Malware Repair Toolkit 1.0.0\install\44206DA\MalRepairToolkit.exe.config
      Filesize

      178B

      MD5

      5471f52322053839dafe0a6cb899f97a

      SHA1

      df4bcfc0518ac43b40f3793aadcbbad98dae4cc1

      SHA256

      b019fe7e793a781f26dc79e4189a6b4c81686ef0b2c1bf455562ca5e9ec6bd2b

      SHA512

      62ca2723113e5172a129b374e0303c2b786edf484a868dc87a88b744ed7f10c4e64cec4311475a2ddbcfef6a6543bdc70ea79ccc80f60fd70bd6d1cb3ac0e70e

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Vichingo455\Malware Repair Toolkit 1.0.0\install\44206DA\MalRepairToolkitSetup.msi
      Filesize

      3.0MB

      MD5

      667e6f73e7f5927109eb0cc54c54143d

      SHA1

      69853891994e81b3251c3bb4ceab361e4d9fd7eb

      SHA256

      1a70333730223914febc44d720f22746888b338ff032a9442af8cebb330c8c4d

      SHA512

      ad8fa0d956e4b8e3a5ec2974ff8e31709e758b5d2598a3f79c9b212a3a6d9094af5110652c72a8ee1d150b345aac073eeff0823d406c86128c3acaeb8f8b5844

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Vichingo455\Malware Repair Toolkit 1.0.0\install\44206DA\MalRepairToolkitSetup.msi
      Filesize

      3.0MB

      MD5

      667e6f73e7f5927109eb0cc54c54143d

      SHA1

      69853891994e81b3251c3bb4ceab361e4d9fd7eb

      SHA256

      1a70333730223914febc44d720f22746888b338ff032a9442af8cebb330c8c4d

      SHA512

      ad8fa0d956e4b8e3a5ec2974ff8e31709e758b5d2598a3f79c9b212a3a6d9094af5110652c72a8ee1d150b345aac073eeff0823d406c86128c3acaeb8f8b5844

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Vichingo455\Malware Repair Toolkit 1.0.0\install\44206DA\PsExec.exe
      Filesize

      429KB

      MD5

      cb8a14388e1da3956849d638af50fe9d

      SHA1

      a0ee0761602470e24bcea5f403e8d1e8bfa29832

      SHA256

      08c6e20b1785d4ec4e3f9956931d992377963580b4b2c6579fd9930e08882b1c

      SHA512

      29730d61aa433131487b62850980bb3f558adbee773f774c50c6b4da39297a33f4a070ff8d394190ded9f39eb59eafbf23ea4c15190f1d76c2d5ba2b586ba718

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Vichingo455\Malware Repair Toolkit 1.0.0\install\44206DA\Siticone.UI.dll
      Filesize

      1.3MB

      MD5

      750c58af2e56b6addecffcf152520ab8

      SHA1

      14995e7f1d12498606d9d209d78d55fe6fd87802

      SHA256

      27c56a28cbde094157206da1bfcd7a395111ab97b8a5ff600b11c2175dcefb26

      SHA512

      2179790e23f61b3dfea828457f8609279c70b1e071cddc73b1dbda02caa664e0aae2553fc24a4956f9e89c477d66b1a704bde26fa23bc6db26c19e18db00abb5

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Vichingo455\Malware Repair Toolkit 1.0.0\install\decoder.dll
      Filesize

      205KB

      MD5

      31daf181536165ef11461c18d98d04da

      SHA1

      9310a5837eb30fd3994f644b9913a88f945c4f98

      SHA256

      0e38b521210b476057892fa2085ee60d1fb79b8c77cceffdaa0e2ef5d63b0f09

      SHA512

      b10f62e3c1fec62c17ef00234c4f8c6fa1937cf2a3f63a1439fefe1daee3699135486fc303d1dc3b7e75d90048cf65300d3e0ded0b7d336ea08e9c9696ad6131

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Vichingo455\Malware Repair Toolkit 1.0.0\install\decoder.dll
      Filesize

      205KB

      MD5

      31daf181536165ef11461c18d98d04da

      SHA1

      9310a5837eb30fd3994f644b9913a88f945c4f98

      SHA256

      0e38b521210b476057892fa2085ee60d1fb79b8c77cceffdaa0e2ef5d63b0f09

      SHA512

      b10f62e3c1fec62c17ef00234c4f8c6fa1937cf2a3f63a1439fefe1daee3699135486fc303d1dc3b7e75d90048cf65300d3e0ded0b7d336ea08e9c9696ad6131

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Vichingo455\Malware Repair Toolkit 1.0.0\install\decoder.dll
      Filesize

      205KB

      MD5

      31daf181536165ef11461c18d98d04da

      SHA1

      9310a5837eb30fd3994f644b9913a88f945c4f98

      SHA256

      0e38b521210b476057892fa2085ee60d1fb79b8c77cceffdaa0e2ef5d63b0f09

      SHA512

      b10f62e3c1fec62c17ef00234c4f8c6fa1937cf2a3f63a1439fefe1daee3699135486fc303d1dc3b7e75d90048cf65300d3e0ded0b7d336ea08e9c9696ad6131

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Vichingo455\Malware Repair Toolkit 1.0.0\install\decoder.dll
      Filesize

      205KB

      MD5

      31daf181536165ef11461c18d98d04da

      SHA1

      9310a5837eb30fd3994f644b9913a88f945c4f98

      SHA256

      0e38b521210b476057892fa2085ee60d1fb79b8c77cceffdaa0e2ef5d63b0f09

      SHA512

      b10f62e3c1fec62c17ef00234c4f8c6fa1937cf2a3f63a1439fefe1daee3699135486fc303d1dc3b7e75d90048cf65300d3e0ded0b7d336ea08e9c9696ad6131

      Download Submit

    • C:\Windows\Installer\MSI26EC.tmp
      Filesize

      436KB

      MD5

      5788efa607d26332d6d7f5e6a1f6bd6f

      SHA1

      e7749843cc3e89bc81649087de4ad44c93d48bc6

      SHA256

      9fc2608c9e5ef5a88dd91c82660fa297144ba6bbf4602140d638de7233a4625d

      SHA512

      ce472ca4f956da4160cfd9b9051455974e24dd8b23a0b7b197afd1f7552e37980809e523bedc0d4c2f4c9cb6ef300b221e6404e6e6a1b789b67756550ddd2104

      Download Submit

    • C:\Windows\Installer\MSI26EC.tmp
      Filesize

      436KB

      MD5

      5788efa607d26332d6d7f5e6a1f6bd6f

      SHA1

      e7749843cc3e89bc81649087de4ad44c93d48bc6

      SHA256

      9fc2608c9e5ef5a88dd91c82660fa297144ba6bbf4602140d638de7233a4625d

      SHA512

      ce472ca4f956da4160cfd9b9051455974e24dd8b23a0b7b197afd1f7552e37980809e523bedc0d4c2f4c9cb6ef300b221e6404e6e6a1b789b67756550ddd2104

      Download Submit

    • C:\Windows\Installer\MSI2835.tmp
      Filesize

      436KB

      MD5

      5788efa607d26332d6d7f5e6a1f6bd6f

      SHA1

      e7749843cc3e89bc81649087de4ad44c93d48bc6

      SHA256

      9fc2608c9e5ef5a88dd91c82660fa297144ba6bbf4602140d638de7233a4625d

      SHA512

      ce472ca4f956da4160cfd9b9051455974e24dd8b23a0b7b197afd1f7552e37980809e523bedc0d4c2f4c9cb6ef300b221e6404e6e6a1b789b67756550ddd2104

      Download Submit

    • C:\Windows\Installer\MSI2835.tmp
      Filesize

      436KB

      MD5

      5788efa607d26332d6d7f5e6a1f6bd6f

      SHA1

      e7749843cc3e89bc81649087de4ad44c93d48bc6

      SHA256

      9fc2608c9e5ef5a88dd91c82660fa297144ba6bbf4602140d638de7233a4625d

      SHA512

      ce472ca4f956da4160cfd9b9051455974e24dd8b23a0b7b197afd1f7552e37980809e523bedc0d4c2f4c9cb6ef300b221e6404e6e6a1b789b67756550ddd2104

      Download Submit

    • C:\Windows\Installer\MSI28B3.tmp
      Filesize

      575KB

      MD5

      8c1a778e0754301c97a660dbf3e8303b

      SHA1

      f489c45cde796de0d23ee862948f5e50379dee60

      SHA256

      000b773a448b107cbf3268fea3a0eec388daa71c5f911979c5d21f0cd8d6da54

      SHA512

      010e76ed659f73cc263ce9b2d2635d775b296c10e53ba133fba6aacde02ed409b19f4c4e2ba6df7730ddc8669c818e99773f25854a1916ccf8acf9e459482fea

      Download Submit

    • C:\Windows\Installer\MSI28B3.tmp
      Filesize

      575KB

      MD5

      8c1a778e0754301c97a660dbf3e8303b

      SHA1

      f489c45cde796de0d23ee862948f5e50379dee60

      SHA256

      000b773a448b107cbf3268fea3a0eec388daa71c5f911979c5d21f0cd8d6da54

      SHA512

      010e76ed659f73cc263ce9b2d2635d775b296c10e53ba133fba6aacde02ed409b19f4c4e2ba6df7730ddc8669c818e99773f25854a1916ccf8acf9e459482fea

      Download Submit

    • C:\Windows\Installer\MSI28B3.tmp
      Filesize

      575KB

      MD5

      8c1a778e0754301c97a660dbf3e8303b

      SHA1

      f489c45cde796de0d23ee862948f5e50379dee60

      SHA256

      000b773a448b107cbf3268fea3a0eec388daa71c5f911979c5d21f0cd8d6da54

      SHA512

      010e76ed659f73cc263ce9b2d2635d775b296c10e53ba133fba6aacde02ed409b19f4c4e2ba6df7730ddc8669c818e99773f25854a1916ccf8acf9e459482fea

      Download Submit

    • C:\Windows\Installer\MSI2B35.tmp
      Filesize

      575KB

      MD5

      8c1a778e0754301c97a660dbf3e8303b

      SHA1

      f489c45cde796de0d23ee862948f5e50379dee60

      SHA256

      000b773a448b107cbf3268fea3a0eec388daa71c5f911979c5d21f0cd8d6da54

      SHA512

      010e76ed659f73cc263ce9b2d2635d775b296c10e53ba133fba6aacde02ed409b19f4c4e2ba6df7730ddc8669c818e99773f25854a1916ccf8acf9e459482fea

      Download Submit

    • C:\Windows\Installer\MSI2B35.tmp
      Filesize

      575KB

      MD5

      8c1a778e0754301c97a660dbf3e8303b

      SHA1

      f489c45cde796de0d23ee862948f5e50379dee60

      SHA256

      000b773a448b107cbf3268fea3a0eec388daa71c5f911979c5d21f0cd8d6da54

      SHA512

      010e76ed659f73cc263ce9b2d2635d775b296c10e53ba133fba6aacde02ed409b19f4c4e2ba6df7730ddc8669c818e99773f25854a1916ccf8acf9e459482fea

      Download Submit

    • C:\Windows\Installer\MSI2E33.tmp
      Filesize

      436KB

      MD5

      5788efa607d26332d6d7f5e6a1f6bd6f

      SHA1

      e7749843cc3e89bc81649087de4ad44c93d48bc6

      SHA256

      9fc2608c9e5ef5a88dd91c82660fa297144ba6bbf4602140d638de7233a4625d

      SHA512

      ce472ca4f956da4160cfd9b9051455974e24dd8b23a0b7b197afd1f7552e37980809e523bedc0d4c2f4c9cb6ef300b221e6404e6e6a1b789b67756550ddd2104

      Download Submit

    • C:\Windows\Installer\MSI2E33.tmp
      Filesize

      436KB

      MD5

      5788efa607d26332d6d7f5e6a1f6bd6f

      SHA1

      e7749843cc3e89bc81649087de4ad44c93d48bc6

      SHA256

      9fc2608c9e5ef5a88dd91c82660fa297144ba6bbf4602140d638de7233a4625d

      SHA512

      ce472ca4f956da4160cfd9b9051455974e24dd8b23a0b7b197afd1f7552e37980809e523bedc0d4c2f4c9cb6ef300b221e6404e6e6a1b789b67756550ddd2104

      Download Submit

    • \??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2
      Filesize

      23.0MB

      MD5

      79f5d830fa6a6c4f0b4da881cade4e7a

      SHA1

      99add54be376448cbf3503fa8db70212e3de1f89

      SHA256

      bc27b5e5fa111528e269b1254eb0c839673cd5a76cc88968a0dc1a5c3e369154

      SHA512

      a6226a57ff438e0d430d9193a3e153435ea1605d3be044064bdc714c2f71d8ba45cea102e91ca77867a9aa2e2ab9a6d912ce6d4a1815f1c437396b621c2d532a

      Download Submit

    • \??\Volume{6814a8cd-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{3ab0b5ae-4930-4662-9c61-04da474f2a9b}_OnDiskSnapshotProp
      Filesize

      5KB

      MD5

      0fcc5fb48de76e7bbd4e49d85e6a8c2f

      SHA1

      788e02376f7c25232ed960389a0e03e0587da3a3

      SHA256

      3e0b13e7971b67bfa5d7a873f40375823f43a60f7b1d458675c0fb69221382e4

      SHA512

      005d3698e83ed9d37495f1e0fdffac32bb27a2e6a6a54c380d36ca136dff8c12a1f5abf54b42eb7bfa73c494ab0aeb9b5eb79db2739fda450e1a1e530bd70852

      Download Submit

    • memory/8-328-0x000001E66C2C0000-0x000001E66C40E000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/8-325-0x00007FFA2FE80000-0x00007FFA30941000-memory.dmp

      Filesize

      10.8MB

      Download

    • memory/8-329-0x000001E6694F0000-0x000001E669504000-memory.dmp

      Filesize

      80KB

      Download

    • memory/8-330-0x000001E669520000-0x000001E669530000-memory.dmp

      Filesize

      64KB

      Download

    • memory/8-331-0x000001E669520000-0x000001E669530000-memory.dmp

      Filesize

      64KB

      Download

    • memory/8-332-0x000001E66EAB0000-0x000001E66EAC2000-memory.dmp

      Filesize

      72KB

      Download

    • memory/8-333-0x000001E66EC60000-0x000001E66EC9C000-memory.dmp

      Filesize

      240KB

      Download

    • memory/8-326-0x000001E669520000-0x000001E669530000-memory.dmp

      Filesize

      64KB

      Download

    • memory/8-268-0x000001E6690D0000-0x000001E66913C000-memory.dmp

      Filesize

      432KB

      Download

    • memory/8-336-0x00007FFA2FE80000-0x00007FFA30941000-memory.dmp

      Filesize

      10.8MB

      Download

    • memory/8-337-0x000001E669520000-0x000001E669530000-memory.dmp

      Filesize

      64KB

      Download

    • memory/8-340-0x000001E669520000-0x000001E669530000-memory.dmp

      Filesize

      64KB

      Download

    • memory/8-341-0x000001E669520000-0x000001E669530000-memory.dmp

      Filesize

      64KB

      Download

    • memory/8-344-0x00007FFA2FE80000-0x00007FFA30941000-memory.dmp

      Filesize

      10.8MB

      Download