Malware Analysis Report

2025-08-10 12:05

Sample ID 240222-z8y4qsfc5z
Target Baixaki_Mouse Recorder Pro 2_v1.959.506.18.3.exe
SHA256 c55e8c66b34447a3ded2fc2ace928241b8d4f7b959ce887fd206274858a055e4
Tags
discovery
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

c55e8c66b34447a3ded2fc2ace928241b8d4f7b959ce887fd206274858a055e4

Threat Level: Likely malicious

The file Baixaki_Mouse Recorder Pro 2_v1.959.506.18.3.exe was found to be: Likely malicious.

Malicious Activity Summary

discovery

Downloads MZ/PE file

Checks for any installed AV software in registry

Checks installed software on the system

Enumerates physical storage devices

Modifies system certificate store

Suspicious behavior: EnumeratesProcesses

Uses Task Scheduler COM API

Uses Volume Shadow Copy WMI provider

Uses Volume Shadow Copy service COM API

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-22 21:23

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-22 21:23

Reported

2024-02-22 21:25

Platform

win7-20240221-en

Max time kernel

31s

Max time network

54s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Baixaki_Mouse Recorder Pro 2_v1.959.506.18.3.exe"

Signatures

Downloads MZ/PE file

Checks for any installed AV software in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SOFTWARE\Avira\Browser C:\Users\Admin\AppData\Local\Temp\Baixaki_Mouse Recorder Pro 2_v1.959.506.18.3.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Avira\Browser C:\Users\Admin\AppData\Local\Temp\Baixaki_Mouse Recorder Pro 2_v1.959.506.18.3.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Browser C:\Users\Admin\AppData\Local\Temp\Baixaki_Mouse Recorder Pro 2_v1.959.506.18.3.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\AVG\AV C:\Users\Admin\AppData\Local\Temp\Baixaki_Mouse Recorder Pro 2_v1.959.506.18.3.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\AVG\AV C:\Users\Admin\AppData\Local\Temp\Baixaki_Mouse Recorder Pro 2_v1.959.506.18.3.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\AVAST Software\Avast C:\Users\Admin\AppData\Local\Temp\Baixaki_Mouse Recorder Pro 2_v1.959.506.18.3.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\AVAST Software\Avast C:\Users\Admin\AppData\Local\Temp\Baixaki_Mouse Recorder Pro 2_v1.959.506.18.3.exe N/A

Checks installed software on the system

discovery

Enumerates physical storage devices

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 040000000100000010000000324a4bbbc863699bbe749ac6dd1d46240f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a190000000100000010000000fd960962ac6938e0d4b0769aa1a64e262000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 C:\Users\Admin\AppData\Local\Temp\Baixaki_Mouse Recorder Pro 2_v1.959.506.18.3.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 19000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca61d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e4090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f006700690065007300000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a92000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd C:\Users\Admin\AppData\Local\Temp\Baixaki_Mouse Recorder Pro 2_v1.959.506.18.3.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e709000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 C:\Users\Admin\AppData\Local\Temp\Baixaki_Mouse Recorder Pro 2_v1.959.506.18.3.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\SystemCertificates\CA\Certificates\D89E3BD43D5D909B47A18977AA9D5CE36CEE184C\Blob = 030000000100000014000000d89e3bd43d5d909b47a18977aa9d5ce36cee184c1400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb040000000100000010000000285ec909c4ab0d2d57f5086b225799aa0f000000010000003000000013baa039635f1c5292a8c2f36aae7e1d25c025202e9092f5b0f53f5f752dfa9c71b3d1b8d9a6358fcee6ec75622fabf9190000000100000010000000ea6089055218053dd01e37e1d806eedf1800000001000000100000002aa1c05e2ae606f198c2c5e937c97aa22000000001000000850500003082058130820469a00302010202103972443af922b751d7d36c10dd313595300d06092a864886f70d01010c0500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3139303331323030303030305a170d3238313233313233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a381f23081ef301f0603551d23041830168014a0110a233e96f107ece2af29ef82a57fd030a4b4301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff30110603551d20040a300830060604551d200030430603551d1f043c303a3038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c303406082b0601050507010104283026302406082b060105050730018618687474703a2f2f6f6373702e636f6d6f646f63612e636f6d300d06092a864886f70d01010c05000382010100188751dc74213d9c8ae027b733d02eccecf0e6cb5e11de226f9b758e9e72fee4d6feaa1f9c962def034a7eaef48d6f723c433bc03febb8df5caaa9c6aef2fcd8eea37b43f686367c14e0cdf4f73ffedeb8b48af09196fefd43647efdccd201a17d7df81919c9422b13bf588bbaa4a266047688914e0c8914cea24dc932b3bae8141abc71f15bf0410b98000a220310e50cb1f9cd923719ed3bf1e43ab6f945132675afbbaaef3f7b773bd2c402913d1900d3175c39db3f7b180d45cd9385962f5ddf59164f3f51bdd545183fed4a8ee80661742316b50d50732744477f105d892a6b853114c4e8a96a4c80bc6a78cfb87f8e7672990c9dfed7910816a1a35f95 C:\Users\Admin\AppData\Local\Temp\Baixaki_Mouse Recorder Pro 2_v1.959.506.18.3.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 C:\Users\Admin\AppData\Local\Temp\Baixaki_Mouse Recorder Pro 2_v1.959.506.18.3.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6 C:\Users\Admin\AppData\Local\Temp\Baixaki_Mouse Recorder Pro 2_v1.959.506.18.3.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 040000000100000010000000a923759bba49366e31c2dbf2e766ba870f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca619000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd C:\Users\Admin\AppData\Local\Temp\Baixaki_Mouse Recorder Pro 2_v1.959.506.18.3.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 C:\Users\Admin\AppData\Local\Temp\Baixaki_Mouse Recorder Pro 2_v1.959.506.18.3.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\SystemCertificates\CA\Certificates\D89E3BD43D5D909B47A18977AA9D5CE36CEE184C C:\Users\Admin\AppData\Local\Temp\Baixaki_Mouse Recorder Pro 2_v1.959.506.18.3.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030853000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c00b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e C:\Users\Admin\AppData\Local\Temp\Baixaki_Mouse Recorder Pro 2_v1.959.506.18.3.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f00000053000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e C:\Users\Admin\AppData\Local\Temp\Baixaki_Mouse Recorder Pro 2_v1.959.506.18.3.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 0f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd C:\Users\Admin\AppData\Local\Temp\Baixaki_Mouse Recorder Pro 2_v1.959.506.18.3.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A C:\Users\Admin\AppData\Local\Temp\Baixaki_Mouse Recorder Pro 2_v1.959.506.18.3.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Baixaki_Mouse Recorder Pro 2_v1.959.506.18.3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Baixaki_Mouse Recorder Pro 2_v1.959.506.18.3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Baixaki_Mouse Recorder Pro 2_v1.959.506.18.3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Baixaki_Mouse Recorder Pro 2_v1.959.506.18.3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Baixaki_Mouse Recorder Pro 2_v1.959.506.18.3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Baixaki_Mouse Recorder Pro 2_v1.959.506.18.3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Baixaki_Mouse Recorder Pro 2_v1.959.506.18.3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Baixaki_Mouse Recorder Pro 2_v1.959.506.18.3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Baixaki_Mouse Recorder Pro 2_v1.959.506.18.3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Baixaki_Mouse Recorder Pro 2_v1.959.506.18.3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Baixaki_Mouse Recorder Pro 2_v1.959.506.18.3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Baixaki_Mouse Recorder Pro 2_v1.959.506.18.3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Baixaki_Mouse Recorder Pro 2_v1.959.506.18.3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Baixaki_Mouse Recorder Pro 2_v1.959.506.18.3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Baixaki_Mouse Recorder Pro 2_v1.959.506.18.3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Baixaki_Mouse Recorder Pro 2_v1.959.506.18.3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Baixaki_Mouse Recorder Pro 2_v1.959.506.18.3.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Baixaki_Mouse Recorder Pro 2_v1.959.506.18.3.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Baixaki_Mouse Recorder Pro 2_v1.959.506.18.3.exe N/A

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy WMI provider

ransomware

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Users\Admin\AppData\Local\Temp\Baixaki_Mouse Recorder Pro 2_v1.959.506.18.3.exe

"C:\Users\Admin\AppData\Local\Temp\Baixaki_Mouse Recorder Pro 2_v1.959.506.18.3.exe"

C:\Users\Admin\AppData\Local\Temp\_files\avg_antivirus_free_setup.exe

"C:\Users\Admin\AppData\Local\Temp\_files\avg_antivirus_free_setup.exe" /silent /ws /psh:M75AarNmURXaefQCshsj7oISzRHI5dl1uGTy4ZhGYcoVY3A5cS8pK1Al27k7NO7tEBv9wMcAqOlp9OWzpHgqjPM

C:\Users\Admin\AppData\Local\Temp\_files\avg_secure_browser_setup.exe

"C:\Users\Admin\AppData\Local\Temp\_files\avg_secure_browser_setup.exe" /s /run_source=avg_ads_is_control /is_pixel_psh=3cFh3l8LQCOMieRrgMM4SWy5jm5Ku1xsQy4OU9dns2Ru5qVjIwJ6ozGuKwFK1hHhQxi8uCH9cjnRkCBilpQ49tXMO /make-default

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.baixaki.com.br/portal/redir-partners.htm

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2564 CREDAT:275457 /prefetch:2

C:\Windows\Temp\asw.430af9afc84d64f2\avg_antivirus_free_setup_x64.exe

"C:\Windows\Temp\asw.430af9afc84d64f2\avg_antivirus_free_setup_x64.exe" /silent /ws /psh:M75AarNmURXaefQCshsj7oISzRHI5dl1uGTy4ZhGYcoVY3A5cS8pK1Al27k7NO7tEBv9wMcAqOlp9OWzpHgqjPM /cookie:mmm_irs_ppi_902_451_o /ga_clientid:62368072-f98e-4f8e-b7d6-d05a816ffc09 /edat_dir:C:\Windows\Temp\asw.430af9afc84d64f2

C:\Windows\Temp\asw.41ee66661e8dae6a\instup.exe

"C:\Windows\Temp\asw.41ee66661e8dae6a\instup.exe" /sfx:lite /sfxstorage:C:\Windows\Temp\asw.41ee66661e8dae6a /edition:15 /prod:ais /stub_mapping_guid:fc2d9f5d-b9fb-444e-926b-26251f7c896b:10789136 /guid:298f5aa8-8359-4e5a-9a33-dc248de64929 /ga_clientid:62368072-f98e-4f8e-b7d6-d05a816ffc09 /silent /ws /psh:M75AarNmURXaefQCshsj7oISzRHI5dl1uGTy4ZhGYcoVY3A5cS8pK1Al27k7NO7tEBv9wMcAqOlp9OWzpHgqjPM /cookie:mmm_irs_ppi_902_451_o /ga_clientid:62368072-f98e-4f8e-b7d6-d05a816ffc09 /edat_dir:C:\Windows\Temp\asw.430af9afc84d64f2

Network

Country Destination Domain Proto
US 8.8.8.8:53 d27lmqivijg1bj.cloudfront.net udp
DE 18.155.139.39:443 d27lmqivijg1bj.cloudfront.net tcp
US 8.8.8.8:53 www.ssl.com udp
US 3.91.129.7:80 www.ssl.com tcp
DE 18.155.139.39:443 d27lmqivijg1bj.cloudfront.net tcp
US 8.8.8.8:53 download1074.mediafire.com udp
US 205.196.122.15:80 download1074.mediafire.com tcp
DE 18.155.139.39:443 d27lmqivijg1bj.cloudfront.net tcp
DE 18.155.139.39:443 d27lmqivijg1bj.cloudfront.net tcp
US 8.8.8.8:53 www.mediafire.com udp
US 104.16.114.74:80 www.mediafire.com tcp
US 205.196.122.15:80 download1074.mediafire.com tcp
US 104.16.114.74:80 www.mediafire.com tcp
US 8.8.8.8:53 v7event.stats.avast.com udp
US 8.8.8.8:53 iavs9x.avg.u.avcdn.net udp
GB 142.250.178.14:80 www.google-analytics.com tcp
US 34.117.223.223:80 v7event.stats.avast.com tcp
GB 104.91.71.134:443 iavs9x.avg.u.avcdn.net tcp
GB 104.91.71.134:443 iavs9x.avg.u.avcdn.net tcp
US 8.8.8.8:53 stats.securebrowser.com udp
US 104.20.159.62:443 stats.securebrowser.com tcp
GB 104.91.71.134:443 iavs9x.avg.u.avcdn.net tcp
US 8.8.8.8:53 www.baixaki.com.br udp
GB 104.91.71.134:443 iavs9x.avg.u.avcdn.net tcp
US 8.8.8.8:53 www.baixaki.com.br udp
GB 179.191.165.65:443 www.baixaki.com.br tcp
GB 179.191.165.65:443 www.baixaki.com.br tcp
GB 104.91.71.134:443 iavs9x.avg.u.avcdn.net tcp
GB 179.191.165.65:443 www.baixaki.com.br tcp
GB 179.191.165.65:443 www.baixaki.com.br tcp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
GB 179.191.165.65:443 www.baixaki.com.br tcp
GB 179.191.165.65:443 www.baixaki.com.br tcp
US 8.8.8.8:53 tm.jsuol.com.br udp
US 8.8.8.8:53 bk.ibxk.com.br udp
GB 179.191.165.65:443 bk.ibxk.com.br tcp
GB 179.191.165.65:443 bk.ibxk.com.br tcp
GB 172.217.169.34:443 securepubads.g.doubleclick.net tcp
GB 172.217.169.34:443 securepubads.g.doubleclick.net tcp
DE 18.155.153.83:443 tm.jsuol.com.br tcp
DE 18.155.153.83:443 tm.jsuol.com.br tcp
GB 104.91.71.134:80 iavs9x.avg.u.avcdn.net tcp
US 8.8.8.8:53 analytics.avcdn.net udp
US 8.8.8.8:53 v7event.stats.avcdn.net udp
GB 142.250.178.14:80 www.google-analytics.com tcp
US 34.117.223.223:443 v7event.stats.avcdn.net tcp
US 34.117.223.223:443 v7event.stats.avcdn.net tcp
US 8.8.8.8:53 shepherd.avcdn.net udp
US 8.8.8.8:53 shepherd.avcdn.net udp
US 8.8.8.8:53 shepherd.avcdn.net udp
US 8.8.8.8:53 shepherd.avcdn.net udp
US 34.160.176.28:443 shepherd.avcdn.net tcp
US 8.8.8.8:53 b0017156.iavs9x.avg.u.avcdn.net udp
US 8.8.8.8:53 b0017156.iavs9x.avg.u.avcdn.net udp
GB 104.91.71.137:80 z3477431.iavs9x.avg.u.avcdn.net tcp
GB 104.91.71.137:80 z3477431.iavs9x.avg.u.avcdn.net tcp
GB 104.91.71.137:80 z3477431.iavs9x.avg.u.avcdn.net tcp
GB 104.91.71.137:80 z3477431.iavs9x.avg.u.avcdn.net tcp
GB 104.91.71.137:80 z3477431.iavs9x.avg.u.avcdn.net tcp
GB 104.91.71.137:80 z3477431.iavs9x.avg.u.avcdn.net tcp

Files

memory/1280-0-0x0000000000E40000-0x0000000000FA4000-memory.dmp

memory/1280-1-0x000007FEF58A0000-0x000007FEF628C000-memory.dmp

memory/1280-2-0x000000001B4A0000-0x000000001B520000-memory.dmp

memory/1280-3-0x000000001AB30000-0x000000001AB4A000-memory.dmp

memory/1280-4-0x000000001B4A0000-0x000000001B520000-memory.dmp

memory/1280-5-0x000000001B4A0000-0x000000001B520000-memory.dmp

memory/1280-6-0x000000001B4A0000-0x000000001B520000-memory.dmp

memory/1280-7-0x000000001B4A0000-0x000000001B520000-memory.dmp

memory/1280-8-0x000000001B4A0000-0x000000001B520000-memory.dmp

memory/1280-10-0x000000001B4A0000-0x000000001B520000-memory.dmp

memory/1280-9-0x000000001B4A0000-0x000000001B520000-memory.dmp

memory/1280-11-0x000007FEF58A0000-0x000007FEF628C000-memory.dmp

memory/1280-12-0x000000001B4A0000-0x000000001B520000-memory.dmp

memory/1280-13-0x000000001B4A0000-0x000000001B520000-memory.dmp

memory/1280-14-0x000000001B4A0000-0x000000001B520000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\CabB750.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\TarB7B0.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0bcab5470e25005d1caac43d1c95a232
SHA1 b3c2aa65a1d35a807fd11f3d29a771b042db9c4a
SHA256 0505a9482b9a97ffea2fd2cb89fea5623fc9ddd1057eef6abc5cdb3210fe7cd5
SHA512 8983b2ad96787cfce5b0f48761dedc94907dc494203577ea4130500e443b1ec53fe4fa74281e2cb8dcaf91610f8246e8e4b447be84b1d89720f06c1a06c9a877

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 65617ebff3f9eed10cf7d12d4ee5d67f
SHA1 29898b5c2203f4e24aacfe5ab681f6864d848837
SHA256 3233e019a0ef0e24af460acd993bddc4157bc1167731b03e826f574e27bc1ad3
SHA512 250da1047372af6aa0d0d2696975687368754d785b38c60b15fa02df4cae3011d4cf9b8309b5e84b4d24d0c42249a590821b0e6a53096493914451e7a7cd63c8

memory/1280-155-0x000000001B4A0000-0x000000001B520000-memory.dmp

memory/1280-248-0x000000001B4A0000-0x000000001B520000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_files\avg_antivirus_free_setup.exe

MD5 26816af65f2a3f1c61fb44c682510c97
SHA1 6ca3fe45b3ccd41b25d02179b6529faedef7884a
SHA256 2025c8c2acc5537366e84809cb112589ddc9e16630a81c301d24c887e2d25f45
SHA512 2426e54f598e3a4a6d2242ab668ce593d8947f5ddb36aded7356be99134cbc2f37323e1d36db95703a629ef712fab65f1285d9f9433b1e1af0123fd1773d0384

C:\Users\Admin\AppData\Local\Temp\_files\avg_secure_browser_setup.exe

MD5 6bf8dc84aae1268aed7804e384988f81
SHA1 a388312af5744db8398b296f446ecdd56090fa9b
SHA256 9cd55757984d6c36843713d56fbecd583568b9ffd4bd6a2426b59274400569fb
SHA512 9431b00d80cfd2cfc5fccb27e2c68ccf4d2b5c62bd71d71fdd903c02f476ba4941f98bec66c3786678c0693c2d59377c9a18cf858f61802478081ab3462f5bbc

C:\Users\Admin\AppData\Local\Temp\_files\avg_secure_browser_setup.exe

MD5 27968c6dc910ae83a64ec5f3def6b6ed
SHA1 8abc57cc9e8e7866a19e784078a886bbb6949fcc
SHA256 7ceb6a6d9a5751c37418a22d725a798f5631c52d374c96f1985ace91fe648683
SHA512 1030e1b65aeadc72be769b3f6de3e218c562d8fe49c0fb9aa22d9917295f38845938c42a9e3ac251168eb1808c94f05f6006933e0131915185368b62978a2341

\Users\Admin\AppData\Local\Temp\nsoE996.tmp\jsis.dll

MD5 6a35d3143f446036571304e06b29ef22
SHA1 79ab94c5eb47674335c0e61052c918201e09e05e
SHA256 e83d2a0e800966336b8389515d352b04ddec2af0975650074feb60a0dbea1929
SHA512 df8ef360dec11d606c5f15b6377c99ab90a6f7c3942d00dcc6b59b74aa7651552881b8c7de18fea67384e9f79b6d9b057555ad88f06fd0500c9fb3d948457553

\Users\Admin\AppData\Local\Temp\nsoE996.tmp\nsJSON.dll

MD5 53614296f876e37f34f3c3378d704d0c
SHA1 94c4a291866b3151229db3ecce4d042977801ce3
SHA256 526d455d7c692ef1d9d71037c7737bb4ae32ed64a50d4ebc13f4816583cf6c81
SHA512 43e4148d14bc5710e6e0d28d743eeb7a01e9fdc3299299939e6bfebd4ba05289be93dcf484c0f2971c137c65c81be2fd978207d60a60ef79f9ae37250fa29acd

C:\Users\Admin\AppData\Local\Temp\nsoE996.tmp\JsisPlugins.dll

MD5 fbbd5b7b54141b767e81c3070e3f6a7d
SHA1 9e89210173d416692e6f55803c2b72a79a35316f
SHA256 db2315fbe6661c07d24fe474331d18b5eab5ee4b5805d6c3d37f6406def1a128
SHA512 a5a0e3cb58f88350fd521f2ad24de9081b85f31e70ab2fcf5bfb8b5879b5a9b2dac158714eb9153968f5d9f7abe071e39d146f864d8f868e0f829fb6bc0e1303

\Users\Admin\AppData\Local\Temp\nsoE996.tmp\StdUtils.dll

MD5 43126c4b7e3adca3392f6cc7d2bdaec7
SHA1 e91e10f325acb0d4ac65e000b1ca3a7d6d3c463f
SHA256 9cfac112194753d95a5d4ec7960d680ad81ffdf8e79aaec561689238494752da
SHA512 0d7cc873345025a75a652562ae2c7191f96c3b3c00f73de4ab0743874c482bafa285850fce4b19e694f56583e5d0015b35a66684e23313d4fa21483d7f87f2af

\Users\Admin\AppData\Local\Temp\nsoE996.tmp\thirdparty.dll

MD5 461e9736719debc0513775b2217c3292
SHA1 dac97bd67202b8fc55ce4d58e687a4027c34449a
SHA256 0cf5da50d678596f408dca858506dfcda91a22e9feb19d0d107fe1ba482e2ade
SHA512 fadbbea14fb244a9c9d72fe571fd787f8727938c16c9568519feed29adca820f1eabd252df4062cd3fe879e5b09d69894af6d3c93cb2312c8aa2cf0250077a96

C:\Users\Admin\AppData\Local\Temp\nsoE996.tmp\Midex.dll

MD5 47747ccbc31a8871f98cc8d0872d0677
SHA1 9bb465f700c58242df425c7fccc96f2afa573628
SHA256 d3caaaca5216a4bdc1904e5752dc87d75226eeff8f54f7980a692f8e9cc93d44
SHA512 764770710c6bdc61122bca4973c0ffe84c28a14501d0bfa7500c196d4e55e760d69dd855b83f3ecb61212586e936c2c78bfe85c5ce125ac3bd9c6a9b8d642d8f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5925bf9933fd0824ee3ba4dd6561bedd
SHA1 0734ae27d6f6bba12a4170949f643ba46380799c
SHA256 c6b7d0cbfba879bbabcc6d81acd211a67cc26e47f503d07b5bb564c791b4f220
SHA512 7421db9b88ed354a0c8619687df5a75a995e49cb7f0869e6eb628666eafe398e45a1c83b6df7965396003430d2e95461cefcec77ab846b2f653ac07756f9d5a8

memory/1280-357-0x000007FEF58A0000-0x000007FEF628C000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e3b3adbc7639d38e622770d9bb043d5c
SHA1 92ccaadfd12f84267d3230ef39d0215a5cf03f27
SHA256 1884edab8bcac7ab874172558d3cd0c773d29286b8c2a1d5e9a1d281285fa71b
SHA512 2579f2787d0929ec4e68344eef42b2365cd891b9f32c742711f98d1845ccc2057b52433f2ea4558ddd9ba9e5f6f06e1e12cfa1598fc53f25efdded30b24ec662

\Windows\Temp\asw.430af9afc84d64f2\avg_antivirus_free_setup_x64.exe

MD5 d60545f890caeb95c4ba3d6efb7e1ec8
SHA1 eb94b2110ad3e399b0ae3df85bf831f716da528b
SHA256 bf4b73618befd7d05a71452a4aba45edafcac95db94aab541b9d55bb9db4f829
SHA512 4bec9ee623d66e9335b21dd0191ba16f33c20d48e512110eaf7468e82146ef09d49d85e8ee1a0029dc7b7879ad667c9866cb56385adbc8a5cbeadf648e94081d

\Windows\Temp\asw.430af9afc84d64f2\avg_antivirus_free_setup_x64.exe

MD5 3fa657ef5a9f583d8ac49d3be25140f7
SHA1 d37dd2ec4833282563224108fe54477052a86945
SHA256 a9be57263ede6b0cf421b64b336651e2ff19fa9d699dfc7aea0a6bfda923401f
SHA512 bc23888efe2e3c00dddc30ea11fdcec25ecb27f2f03176a99bf0d9b88a2365a8405cb7c83e9f68c36626ae56d6a9a5a6e8362b9751d9f32988e7ea4e974ce63b

C:\Windows\Temp\asw.430af9afc84d64f2\avg_antivirus_free_setup_x64.exe

MD5 711d32463dff96e82e9a276865432eb0
SHA1 171858a4fe8a154ada972db4244a47f1e3e32adf
SHA256 9c72c652984a4167f5f10926fa83ca641ade3a71164e345b2a1be76572add8e4
SHA512 81902a5135fd6225b12f24648afd5f07d482c55106ca1f9bb24e2b08f5d5ee7dd43e81a37bfdaa5503cc97d23e5551c68596023ce9d1547a8ee9885b883d0162

C:\Windows\Temp\asw.430af9afc84d64f2\avg_antivirus_free_setup_x64.exe

MD5 e77af61a67a19e35f2dd767661570f02
SHA1 948bf98aa4a5c2ca0e87461bebd6b409e8af3761
SHA256 2f80c0ed135efaee681eac1bcfbeb64e42c119596d471d4ad16e96e7720ea806
SHA512 2ff69170c9c81f84ff35e7a2e64710d64597a371064f6ca646efd0ddd0ff891a9e3e4160ccf11d15eb074b9ae760c86535766e23096123a635cb6314c93954bb

\Windows\Temp\asw.430af9afc84d64f2\avg_antivirus_free_setup_x64.exe

MD5 9d09802ed1dc9c886268ebe804d8acab
SHA1 ef8d577f95a15cc240a5729c0903f059f83cac8a
SHA256 526b8640f69014bd9620c24ad30f29eac5abe22cd9c070cd62ae1a534575fb1c
SHA512 301d5b913b60a945a61dc253f6e8b077660bbac87486f524abb02ca49d4efc9ee29a3f61543b0cacbd05f3af5e5decddddc888d06f61f56d4a64ee0e9c007ad8

\Windows\Temp\asw.430af9afc84d64f2\avg_antivirus_free_setup_x64.exe

MD5 6277e14af5ddf273e6e5089c3b9fd506
SHA1 3a9cab759054ff70d904c005f68042a2d74e5392
SHA256 d611ae7300efc89d0378867d227a2868022418db5a43c28d17d660ed77b2ac4b
SHA512 7cc464c58869972f1adc298e29b309db02a61eea2f5a544235dbeaeef183d6b42c1fe60e7cda05c075f710460d94fbbcb8cf5a3b5c81bfc5e89963716678d139

\Windows\Temp\asw.430af9afc84d64f2\avg_antivirus_free_setup_x64.exe

MD5 b4318802ad29034ee6d5860ec243fa99
SHA1 242d4afbfdf9b55c013e9caab2b039df3a1a971f
SHA256 c38a55bbb92ab8ad94782e18399031e6e2a5f8933fa8b10664d0e81527de8c0a
SHA512 32e2ae8f6da9cb6f5d3aa4c6c519fede7005eaa35bb1e42c172bbb641361e19eba414ac34abfa21605635d70344dfae7e1643d44b3ddcde4ca9bbca9afad74e5

\Windows\Temp\asw.430af9afc84d64f2\avg_antivirus_free_setup_x64.exe

MD5 95520e07d6e69d862a21422e533bfc35
SHA1 8f3cf702ce8b4ebdbcbc4d56c6ba4ccbb107b05e
SHA256 40ed0bfe77628a2491d3d152b71d70f7cac2ffdba9d78dbfe00afc652de57a3e
SHA512 1fc39e8f00cb077d75ac3599519f1ba8968abc0dce344d533470c389f39425f61a9ee48db5eb93fe1fe75ed06e90a7ad0832ed94ffd3dff11d8314bd6373140f

\Windows\Temp\asw.430af9afc84d64f2\avg_antivirus_free_setup_x64.exe

MD5 a9f67aa345e4bbd69a9f1358b88f2a1b
SHA1 93baf50e36ba8bfa0363fd150a1df0be86a7d69c
SHA256 7b9da53007fffb066f198bbd747cdcc18c5eaa1c32cb56d4af1741e50f78dabd
SHA512 b5457a09f1dd528a92bac93f5e0350c58fd9ea0051d9d3d28eeb40ace83cfbaa36b517476c2e4394fad0d095ec810c32677772159b7c9df06812c537d3b139bb

\Windows\Temp\asw.430af9afc84d64f2\avg_antivirus_free_setup_x64.exe

MD5 5ea8b1a9a22328324b33744c695912f3
SHA1 6c8e663747d82d9b819ddfaa739f17aef2869541
SHA256 b84ee06f276ccc63580a4550039f3469dffede3d46950c9f3c0156a7f353c1c6
SHA512 884f0b4be782866807750b45633b792bd4612ae233176c42ad353595a54c11ed73667cfdcab59ef027bba06acae7ecffbcfe5557a7723e05445defcd693c9a4a

C:\Windows\Temp\asw.430af9afc84d64f2\ecoo.edat

MD5 3f44a3c655ac2a5c3ab32849ecb95672
SHA1 93211445dcf90bb3200abe3902c2a10fe2baa8e4
SHA256 51516a61a1e25124173def4ef68a6b8babedc28ca143f9eee3e729ebdc1ef31f
SHA512 d3f95262cf3e910dd707dfeef8d2e9db44db76b2a13092d238d0145c822d87a529ca58ccbb24995dfcf6dad1ffc8ced6d50948bb550760cd03049598c6943bc0

C:\Windows\Temp\asw.41ee66661e8dae6a\servers.def

MD5 7d8263312165f04f2b32382f004282d7
SHA1 3b90d2aa3fce90f19c2029aceb47abf39de1f395
SHA256 4dfba94624a02fb1e5e3dcaaab40dd010de7bfe7ffbedec7ccd01e8303be0d1b
SHA512 fd64d3a5ae5024143472c507060fad9b6ee9d44b648097077d354f6a616e00e4c9c0f7eddd9c28a5385b3658686b5d05ca955bbe9a4c063e319c81f8aabdb778

C:\Windows\Temp\asw.41ee66661e8dae6a\Instup.exe

MD5 5ab6b3dd386f678e6f6bc1bdd3df60dd
SHA1 dcafbe07d81b9aea15055a7cff9f73c32102a975
SHA256 e034876f4f37275a649e39e7f2893d54dfb106eba442a192b5050f180d1c9c96
SHA512 af7b2360e1a52580a192584f0ccfac08bc9de1894f7f18ddf8921eb32b43c684276e3dfdff781034bf56bc0b242832c2f7478c2dc85e6af3162bdeb19677cfcd

C:\Windows\Temp\asw.41ee66661e8dae6a\Instup.dll

MD5 0eb8e7806b173b90c2ea1ab7e6e15b7e
SHA1 393b1516e297f4d3b9a4372814791c073d0e9b40
SHA256 8f852bbdd8562c071857c48381c935d5645494f4e0f9cfade88058940bce7e83
SHA512 afa7592859c2dfacbf49d0f1fa7e2021b8d1f08500d55058af090357215d94745f595c8777c42e5cb583f6c93f5b698bcd8ef16caaecb7a8a25dba74c60677df

\Windows\Temp\asw.41ee66661e8dae6a\Instup.exe

MD5 72b8e60eedf87a442c9c81465e777878
SHA1 efd7e2bb7b757431b38d268789179a8177787b8e
SHA256 f8b53b1bb57969d9ee4480036bb680835245acfa61a49c50d74ee6fd3bbe4d3d
SHA512 88e53d43774a9b4223baa7b242234a92b27445e9b21e79ec9de518ec84b61b042d216f9ff97e657354b700e21afec410acfc5991f659f9978fad8f4a3e007dac

\Windows\Temp\asw.41ee66661e8dae6a\Instup.dll

MD5 7b36b7245ace9e14d78496748b0c3283
SHA1 8fb777ebd72ec7af7c7003f3e16c2e400641733e
SHA256 e35f69d949f111c79291f3108c577d05b86859fa0d5a44079992b8eba80e3d47
SHA512 16273158780a78e662bc083d34803f1f3ec90ee7084d9c5db96c87741d8a4926a3f8372267db5aad2c4ba368fa984496b6bfd2934acc21794bd8c40702d358ba

C:\ProgramData\AVG\Persistent Data\Antivirus\Logs\Setup.log

MD5 492cb9d33cc29093d06fa97182d9bcdb
SHA1 ada450b5b3f914c5cbb3b4625953665a22494175
SHA256 0cbb6acd161ea499d59731450b95100b4663992c3925d23140ed53b670e7bf87
SHA512 14d622c3123d0827177afca2bf4a9f639038e9540ed6a4c11469570cabd5db563a3025a313269fce7f2cbd249cdc2e607b63101908dc21cd6296cd0870d3c02f

C:\Windows\Temp\asw.41ee66661e8dae6a\config.def

MD5 a08dfe1f2d22903d9618828773900f12
SHA1 a8e140856048381926fdb0842fb060d559869412
SHA256 22297885577d4301037d99718319e570218e9ea082db9f0a6974972ff0f4396c
SHA512 7d7890c41197cd54222719418d27e6c1f75f4eaea70bd383814aa4924fd625bd7beecb00d5fdd7e25e4ec7dd438c355771dbe41266c6729c57cb79aea16405d3

C:\Windows\Temp\asw.41ee66661e8dae6a\asw95d345027f57a933.ini

MD5 0e8de88cab9b9ea3088a10f4794a4ae1
SHA1 db39e9ab9f945fe92531176ddc0f0db1a5aea22e
SHA256 e1e406b151e8bc9a49e0120391a349db27b30b079971c8fa2148a80b5cbd9924
SHA512 331e8fc99d58116f9a1aa872bace1256fe5f2e4b8f761dc820f9c9664bd600b362a5f9fd10b971971f69296a4565582f4ed80081115bb2cf2fddefbb582b18ec

C:\Windows\Temp\asw.41ee66661e8dae6a\config.def

MD5 bb7c4d8e4dfd5ddd1ec4d031c0bc3ce5
SHA1 4f2ea96de41e588591a9827eea82b7709d94f020
SHA256 dff37ebbca5abc9dd8feee50392b1ef4814362c5ea428fa324ce3f77579c4740
SHA512 9d924e1cf9aaafee50947cf93b39ec6a3c8687c2d5112bfde48da2653463c51e1a0093262d026952613a45ce7dcc70a7a7212f9d814d6e505f55277e7365a990

C:\Windows\Temp\asw.41ee66661e8dae6a\asw95d345027f57a933.ini

MD5 3093bf5cd5c918995616380be64dbf23
SHA1 7c4a2ffe626abe3304f2d76d892d2918164179fa
SHA256 faf108ab39e8cfc1fd8353f7e47a5dd1696aac8d1881e68b1d984eca82e0e0c2
SHA512 a1075bd1d677a1352856d18f147be28403658e21b913952d1643fb4e82001198efb5b5e16fd1037026aa23506ee033dc192f06f5006794f4828b232bf17a7943

C:\Windows\Temp\asw.41ee66661e8dae6a\servers.def.vpx

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Windows\Temp\asw.41ee66661e8dae6a\servers.def.vpx

MD5 3aa869f4c645e3fcaed484cc44289f40
SHA1 70992eeb6559d83353c41f130a1952b6697dd4b8
SHA256 793fc06cb7e0a01547484c36a93b0c829e4d5d04e3f089e2dc09d6332d44f9ec
SHA512 f67ebd1f08f2bdaf2299aa9fe634568f62237d206de8f9543456a5fe8063d0ea77b940bf3c66d14b04ff0c6814ace97458571c5d756dfab0add7faff296c4047

C:\Windows\Temp\asw.41ee66661e8dae6a\prod-pgm.vpx

MD5 5f8c40b957706746fbb38dd572264a3f
SHA1 48b6eb07bae59e15c31adb5d17d1f564276ef730
SHA256 2e734f4b0c8d1bc4a7d9eee93a90bdb3f1b0ec7694a0ef651bae84931fefde5b
SHA512 76b21ecc8c01b0eeb1ba63161d8b39b107fd0939bb5676f61394fa19bb1d69e0904317c0d87ab158a2a0bcbe9e00aeaf9d605e992c6e3c6a55788d69bb48ce06

C:\Windows\Temp\asw.41ee66661e8dae6a\uat64.vpx

MD5 b10e591a45499acd1e5333365af33864
SHA1 1e46d676ac3c71a28bf3dacd649d0b89c692d16c
SHA256 0c8c965b08d60ebf3f0718ff48649dc73a83eaeed47c6417be111987f2a5e696
SHA512 78a44c5c322378a37f8dd22a534ca2be1b6c117c0b5f09bb96cf05803d784ad1bb270da045f9feb6ec05420a3623b9f942fc92f7f64599c43810af07d4267875

\Windows\Temp\asw.41ee66661e8dae6a\uat64.dll

MD5 ceb30780eecdd503e62dd89989e1aa38
SHA1 f1d71ed902f09dcb59445bdd7e3ac8b27513339f
SHA256 cff61251635939df4021c752792184a688c32b47b391328e138c5f0d400a8c42
SHA512 2aedeb8b55df3e4f10cec4b996b25f1a493bc486095a4baefe4516124f423d561eaae2a8ed183fe5d882f4db4d0ab8352f5a2080441e3652b82894915ba5a90f

C:\Windows\Temp\asw.41ee66661e8dae6a\prod-vps.vpx

MD5 fc61679cfd35f80cd1e54665c9e9f5e9
SHA1 2884385bf3a0a140b75f8a82ca7742342c98f648
SHA256 af287f7298dfc622c30bc99872938bb791b021316039e9f3c4b660f46904448d
SHA512 cc86fa2c0da593ffbd5906389e49e2f5ce4a3f26b251be3ea73624cc851114af66b3149d71a3c0c3a79b5b027dcbae72fc7b234b1d7d0fbc639ae927ff031747

C:\Windows\Temp\asw.41ee66661e8dae6a\part-setup_ais-15020c62.vpx

MD5 d5b798d8816b252e7d718195dfeb8a8c
SHA1 860c5807fd491aeeb12d661d8cf2ecca4ca1639b
SHA256 75176962c8691f84eb299a555d4c82796b53a12161f1e6616ec50cf97393b499
SHA512 16cd2e8f57c05ba2bae79de39867cc35178a6d99cd035d7d20efd8788076360a408affa9b6caf3ea09daf5c32834b995e47b1ab4ec29fcc1fdfddcf0ba96cce5

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-22 21:23

Reported

2024-02-22 21:26

Platform

win10v2004-20240221-en

Max time kernel

147s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Baixaki_Mouse Recorder Pro 2_v1.959.506.18.3.exe"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Baixaki_Mouse Recorder Pro 2_v1.959.506.18.3.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Baixaki_Mouse Recorder Pro 2_v1.959.506.18.3.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Baixaki_Mouse Recorder Pro 2_v1.959.506.18.3.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\Baixaki_Mouse Recorder Pro 2_v1.959.506.18.3.exe

"C:\Users\Admin\AppData\Local\Temp\Baixaki_Mouse Recorder Pro 2_v1.959.506.18.3.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 149.177.190.20.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 134.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 201.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 169.253.116.51.in-addr.arpa udp

Files

memory/1420-0-0x0000000000A30000-0x0000000000B94000-memory.dmp

memory/1420-1-0x00007FF91E450000-0x00007FF91EF11000-memory.dmp

memory/1420-2-0x0000000001490000-0x00000000014A0000-memory.dmp

memory/1420-3-0x000000001C1B0000-0x000000001C6D8000-memory.dmp

memory/1420-4-0x000000001BE30000-0x000000001BE80000-memory.dmp

memory/1420-5-0x000000001BF40000-0x000000001BFF2000-memory.dmp

memory/1420-6-0x000000001BE00000-0x000000001BE12000-memory.dmp

memory/1420-7-0x000000001BE80000-0x000000001BEA0000-memory.dmp

memory/1420-8-0x000000001BEE0000-0x000000001BF12000-memory.dmp

memory/1420-9-0x000000001BEA0000-0x000000001BEBE000-memory.dmp

memory/1420-10-0x000000001BEC0000-0x000000001BEDA000-memory.dmp

memory/1420-11-0x0000000001490000-0x00000000014A0000-memory.dmp

memory/1420-12-0x0000000001490000-0x00000000014A0000-memory.dmp

memory/1420-13-0x0000000001490000-0x00000000014A0000-memory.dmp

memory/1420-14-0x00007FF91E450000-0x00007FF91EF11000-memory.dmp

memory/1420-15-0x0000000001490000-0x00000000014A0000-memory.dmp

memory/1420-16-0x0000000001490000-0x00000000014A0000-memory.dmp

memory/1420-17-0x0000000001490000-0x00000000014A0000-memory.dmp

memory/1420-18-0x0000000001490000-0x00000000014A0000-memory.dmp

memory/1420-19-0x0000000001490000-0x00000000014A0000-memory.dmp