Analysis

  • max time kernel
    119s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    02/03/2024, 16:44

General

  • Target

    OpenIVSetup.exe

  • Size

    33.0MB

  • MD5

    58446a05397f2b391ad66c18ac42dd46

  • SHA1

    fbca2ceb4da791983c133d54b44e9f8191b18260

  • SHA256

    3683b717c0651a35fe3a0a5cf8a0a20f19e8a848675005fb08d0152b29857616

  • SHA512

    f5fb192726a75051bb2cdb101a9ec85bbf7015d70568caacd32d9af64690ae6503c7699d860b611275005c3997de6fae1e4490990a40d12d1a7b836db852d991

  • SSDEEP

    786432:JpY72Jimx2oeNm9iePejodLaYLCaYYXTU2vKBorzDa:eUfPeNm9mqHLqYj7a

Malware Config

Signatures

  • Downloads MZ/PE file
  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 14 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Checks whether UAC is enabled 1 TTPs 2 IoCs
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 8 IoCs
  • Drops file in Windows directory 40 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 48 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\OpenIVSetup.exe
    "C:\Users\Admin\AppData\Local\Temp\OpenIVSetup.exe"
    1⤵
    • Loads dropped DLL
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2228
    • C:\Users\Admin\AppData\Local\Temp\oivsetup-02032024164434.exe
      "C:\Users\Admin\AppData\Local\Temp\oivsetup-02032024164434.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:2264
      • C:\Users\Admin\AppData\Local\Temp\OpenIV Setup_0F762250\dxwebsetup.exe
        "C:\Users\Admin\AppData\Local\Temp\OpenIV Setup_0F762250\dxwebsetup.exe" /Q
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Adds Run key to start application
        • Suspicious use of WriteProcessMemory
        PID:2280
        • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
          C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe /windowsupdate
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Enumerates connected drives
          • Drops file in System32 directory
          • Drops file in Windows directory
          • Suspicious use of AdjustPrivilegeToken
          PID:2288
  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe"
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2044
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6f89758,0x7fef6f89768,0x7fef6f89778
      2⤵
        PID:1896
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1168 --field-trial-handle=1228,i,815600635775845285,16770462689557779490,131072 /prefetch:2
        2⤵
          PID:1420
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1516 --field-trial-handle=1228,i,815600635775845285,16770462689557779490,131072 /prefetch:8
          2⤵
            PID:1160
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1600 --field-trial-handle=1228,i,815600635775845285,16770462689557779490,131072 /prefetch:8
            2⤵
              PID:1796
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2296 --field-trial-handle=1228,i,815600635775845285,16770462689557779490,131072 /prefetch:1
              2⤵
                PID:2460
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2320 --field-trial-handle=1228,i,815600635775845285,16770462689557779490,131072 /prefetch:1
                2⤵
                  PID:2476
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1168 --field-trial-handle=1228,i,815600635775845285,16770462689557779490,131072 /prefetch:2
                  2⤵
                    PID:1640
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1432 --field-trial-handle=1228,i,815600635775845285,16770462689557779490,131072 /prefetch:1
                    2⤵
                      PID:1704
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3636 --field-trial-handle=1228,i,815600635775845285,16770462689557779490,131072 /prefetch:8
                      2⤵
                        PID:1280
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3704 --field-trial-handle=1228,i,815600635775845285,16770462689557779490,131072 /prefetch:1
                        2⤵
                          PID:2432
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3840 --field-trial-handle=1228,i,815600635775845285,16770462689557779490,131072 /prefetch:8
                          2⤵
                            PID:1664
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3996 --field-trial-handle=1228,i,815600635775845285,16770462689557779490,131072 /prefetch:1
                            2⤵
                              PID:1728
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3456 --field-trial-handle=1228,i,815600635775845285,16770462689557779490,131072 /prefetch:1
                              2⤵
                                PID:2800
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3808 --field-trial-handle=1228,i,815600635775845285,16770462689557779490,131072 /prefetch:1
                                2⤵
                                  PID:2360
                              • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                                "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                                1⤵
                                  PID:2360
                                • C:\Users\Admin\AppData\Local\New Technology Studio\Apps\OpenIV\OpenIV.exe
                                  "C:\Users\Admin\AppData\Local\New Technology Studio\Apps\OpenIV\OpenIV.exe"
                                  1⤵
                                  • Executes dropped EXE
                                  PID:3552

                                Network

                                      MITRE ATT&CK Enterprise v15

                                      Replay Monitor

                                      Loading Replay Monitor...

                                      Downloads

                                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

                                        Filesize

                                        67KB

                                        MD5

                                        753df6889fd7410a2e9fe333da83a429

                                        SHA1

                                        3c425f16e8267186061dd48ac1c77c122962456e

                                        SHA256

                                        b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

                                        SHA512

                                        9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

                                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                        Filesize

                                        344B

                                        MD5

                                        367ccf02be43b3237a4556e8ccb7df54

                                        SHA1

                                        f81098ce86166319bba6bef75d24b65dc144d792

                                        SHA256

                                        e9f5c2e2d23f57752c03d1f6f64afa9da9e1a7f6e35c0d923d44c91a1731845d

                                        SHA512

                                        56e6dd85bf9c91b7ea83d512b22b35512f8de03e39e59973e94e41acefcdb17fb3735ad2809b4b09f10774e8148cbe35ff03818de87d7634cbea0ffeaae5533d

                                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                        Filesize

                                        344B

                                        MD5

                                        e5ac7c20a5b55ef9fd48c9c5c842230d

                                        SHA1

                                        460b47b431a9cd91c35147e312d4c3f473836a16

                                        SHA256

                                        a431c8aa25ff6b58f633c191a932c974ad7fc0bce540f0f8d5fadb88165cdfa8

                                        SHA512

                                        64896d56f3e3fe0a8d20164d51e371005aef57262989d980c8067a5eba3e221e1a4940413320cfa054131998390cbd7ad89a8979b5e73a0e7d98812c566ee2ae

                                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                        Filesize

                                        344B

                                        MD5

                                        e6dc452f068a5c923e27a880e07aca15

                                        SHA1

                                        95b40307a64b8a3f294afb179bbdc5221c876939

                                        SHA256

                                        f0ee94ea71e34e54ace4ab9573360d07125be7fb64583d53d7a4af76f78d7502

                                        SHA512

                                        38fb09fa6b40b6bbaa180182e4688a4646bdccac973659aebf132b906b106408afc9030a36fa055c09b2d111dbaed774a5094aa2f27388fc0953b61e4ad17038

                                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                        Filesize

                                        344B

                                        MD5

                                        0623d79d08511c8aec635f70792444c2

                                        SHA1

                                        6f3088c1dc48c0f621fdd18767a908860443ffda

                                        SHA256

                                        0859b1c69a1fc48a87a1d8edf7360a41f21a38f476076ba57ca96236b329b470

                                        SHA512

                                        fd29574acc6f30a7c0e89e5085c5d42e565c6ec0e4c15b00b11c00506f511829dfa03ecce84a149d444724ae70e2e6473bed1761a215c612b4b2f2457664012e

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\126571c8-4ee8-44d5-a4fe-376929a75c30.tmp

                                        Filesize

                                        255KB

                                        MD5

                                        e6eeff10ad6ab162fb6d1170cae8618b

                                        SHA1

                                        fd614cbca3d38a30655b710ea37445bab735defc

                                        SHA256

                                        c5915e19505f4328109cd1be0c9721fcb155c0e682305da5da0265e1f0c15a4a

                                        SHA512

                                        32b870a87dbb211d1923ca7b136a01c028281ce3eebeb324284ef8d0a6fe0ad56e06d76ddea42ea47c1eb2e02c12ed4fd622e4ea5785705be32c9efe0b37d0f6

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

                                        Filesize

                                        16B

                                        MD5

                                        aefd77f47fb84fae5ea194496b44c67a

                                        SHA1

                                        dcfbb6a5b8d05662c4858664f81693bb7f803b82

                                        SHA256

                                        4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

                                        SHA512

                                        b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

                                        Filesize

                                        264KB

                                        MD5

                                        f50f89a0a91564d0b8a211f8921aa7de

                                        SHA1

                                        112403a17dd69d5b9018b8cede023cb3b54eab7d

                                        SHA256

                                        b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

                                        SHA512

                                        bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                        Filesize

                                        5KB

                                        MD5

                                        126a4148a1d4e446dc3a7a245f2a4bef

                                        SHA1

                                        d5945ba904d1b7421187229c3169db0546f7f451

                                        SHA256

                                        5cfbccd31718fc27f4ea52cd8c4f6872a591334aaded78a8a7cc67fa0b4014b8

                                        SHA512

                                        8a2bf2a96a078e28352ab20c149ed9d09d15b1b418341ba8ae8845c87186f62afc31c2da9dcb6274f8be9f6a972a705760d179568bd74535b8b92a29ded4ea83

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                        Filesize

                                        5KB

                                        MD5

                                        9184c67f2c19112f7856a3906559b6a8

                                        SHA1

                                        3d3e61135dfffe617738eebc242303d1ce31f57a

                                        SHA256

                                        d11a0d54ef5cacfea22ea6314b8e028e21b011084af34a1ceeb34a1c2c761fec

                                        SHA512

                                        19455243c78327d9e346c446752cb2b3e595111c19a997cfa0c9b6552447c2ddffa6bf48811f35876627153c5d48dc82ae10f2ea1baa30b51368d313dd59d8e2

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

                                        Filesize

                                        16B

                                        MD5

                                        18e723571b00fb1694a3bad6c78e4054

                                        SHA1

                                        afcc0ef32d46fe59e0483f9a3c891d3034d12f32

                                        SHA256

                                        8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

                                        SHA512

                                        43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                        Filesize

                                        255KB

                                        MD5

                                        c734819938851a80346821391f5de93d

                                        SHA1

                                        87d93c01f299b00bd18851f8ddd22725a2142808

                                        SHA256

                                        de7761bceb4d0ff51b957a7b355fd10d663ff03cb5299cc0858ef2580bbcf37c

                                        SHA512

                                        02b0f853ab50cb4e0d3352fc35476763c05f1b115a09176a09f27f1de4c5c89f5556c2719857cc686ad3f46221ef29a0c0a5090f357c109ec4b690415583191f

                                      • C:\Users\Admin\AppData\Local\New Technology Studio\Apps\OpenIV\OpenIV.exe

                                        Filesize

                                        8.6MB

                                        MD5

                                        f0d4dc6dedb92543a85ddfdd88cc48df

                                        SHA1

                                        70275da00c15f02664e061025a2e0cdd0b758ba8

                                        SHA256

                                        e41c385d5bf0212672e96fe164f6e856a40dcaf4aabf6a7746fc3ad15e961f1c

                                        SHA512

                                        8a071a158a3c6307d65f2a4dbf0a06670cc813492d2736f8ec41e909435fa64624a66d4b20cdecb6885a2f1e54dec8de4f490162d4e21933e280aaee70dcde78

                                      • C:\Users\Admin\AppData\Local\New Technology Studio\Apps\OpenIV\OpenIV.exe

                                        Filesize

                                        30.5MB

                                        MD5

                                        9329cfae526eaceb4d736807ea49138b

                                        SHA1

                                        1e546fa9ff53532b68b4108174e17453a3287f1e

                                        SHA256

                                        51bad3dea5d533cf53779f852b106dacc356991e5ffd0878c3c7abe9cd6bd9d8

                                        SHA512

                                        10454741c8feedab1cf6fad290d1ec96f6822c63f20ebc827c70732ca861c0882ce2cfea8732f3137bd89fb9cddefa58fc9f299e47e2ff9eab604989f468f9ec

                                      • C:\Users\Admin\AppData\Local\New Technology Studio\Apps\OpenIV\Resources\Languages\zh_CN\EULA.rtf

                                        Filesize

                                        6KB

                                        MD5

                                        ba3630939222d99dcb853d54210514ab

                                        SHA1

                                        89d496d575863f0ceaf29a78c532a6a3d9e33ab3

                                        SHA256

                                        fbb06d0c6745ec7b1843edb80595f53a6669ee74282458321dc7bc170773b01a

                                        SHA512

                                        243b5dbac1ba3d5a3fd15de395c1033253aa5790a23257678f1d11463fb53d84fa91e4e15673d11deddab733465185cfb8cf51b8c7b5dceed53330cfb9a889c1

                                      • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dsetup.dll

                                        Filesize

                                        93KB

                                        MD5

                                        984cad22fa542a08c5d22941b888d8dc

                                        SHA1

                                        3e3522e7f3af329f2235b0f0850d664d5377b3cd

                                        SHA256

                                        57bc22850bb8e0bcc511a9b54cd3da18eec61f3088940c07d63b9b74e7fe2308

                                        SHA512

                                        8ef171218b331f0591a4b2a5e68dcbae98f5891518ce877f1d8d1769c59c0f4ddae43cc43da6606975078f889c832f0666484db9e047782e7a0ae4a2d41f5bef

                                      • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dsetup32.dll

                                        Filesize

                                        1.5MB

                                        MD5

                                        a5412a144f63d639b47fcc1ba68cb029

                                        SHA1

                                        81bd5f1c99b22c0266f3f59959dfb4ea023be47e

                                        SHA256

                                        8a011da043a4b81e2b3d41a332e0ff23a65d546bd7636e8bc74885e8746927d6

                                        SHA512

                                        2679a4cb690e8d709cb5e57b59315d22f69f91efa6c4ee841943751c882b0c0457fd4a3376ac3832c757c6dfaffb7d844909c5665b86a95339af586097ee0405

                                      • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.cif

                                        Filesize

                                        56KB

                                        MD5

                                        7b1fbe9f5f43b2261234b78fe115cf8e

                                        SHA1

                                        dd0f256ae38b4c4771e1d1ec001627017b7bb741

                                        SHA256

                                        762ff640013db2bd4109d7df43a867303093815751129bd1e33f16bf02e52cce

                                        SHA512

                                        d21935a9867c0f2f7084917c79fbb1da885a1bfd4793cf669ff4da8c777b3a201857250bfb7c2b616625a8d3573c68395d210446d2c284b41cf09cc7cbb07885

                                      • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.cif

                                        Filesize

                                        56KB

                                        MD5

                                        2c4d9e4773084f33092ced15678a2c46

                                        SHA1

                                        bad603d543470157effd4876a684b9cfd5075524

                                        SHA256

                                        ed710d035ccaab0914810becf2f5db2816dba3a351f3666a38a903c80c16997a

                                        SHA512

                                        d2e34cac195cfede8bc64bdc92721c574963ff522618eda4d7172f664aeb4c8675fd3d4f3658391ee5eaa398bcd2ce5d8f80deecf51af176f5c4bb2d2695e04e

                                      • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.inf

                                        Filesize

                                        477B

                                        MD5

                                        ad8982eaa02c7ad4d7cdcbc248caa941

                                        SHA1

                                        4ccd8e038d73a5361d754c7598ed238fc040d16b

                                        SHA256

                                        d63c35e9b43eb0f28ffc28f61c9c9a306da9c9de3386770a7eb19faa44dbfc00

                                        SHA512

                                        5c805d78bafff06c36b5df6286709ddf2d36808280f92e62dc4c285edd9176195a764d5cf0bb000da53ca8bbf66ddd61d852e4259e3113f6529e2d7bdbdd6e28

                                      • C:\Users\Admin\AppData\Local\Temp\OpenIV_Setup_Install.log

                                        Filesize

                                        4KB

                                        MD5

                                        dbbb592f187a7a5e4b796fe90cc24298

                                        SHA1

                                        0f47f3bbb8f888ccb0248e63eddf5eecdbece404

                                        SHA256

                                        c838bb0e1091e04e4b40a174524f304be5f4565ef39efcd53b5f2047b7b20fea

                                        SHA512

                                        2b744097195ec403d640c94efa8688d5c67b582c6cbbb1e5168e5ebe8128c68d410c74c9657ac7fdd2aaf5270fca4ce965d53012c8342276804cb24726c89df4

                                      • C:\Users\Admin\AppData\Local\Temp\OpenIV_Setup_Install.log

                                        Filesize

                                        10KB

                                        MD5

                                        487a239eacee993486617446499e898a

                                        SHA1

                                        cbae28266ca1eb02c21aabf0752881a490982702

                                        SHA256

                                        dc9f7c0db1ab7d8f6ff892c4e46d4be81add06a822b1765e9f32df45188af007

                                        SHA512

                                        e17d7302b190b421d10b43c98ef8647c73f3f2fa0b6fbcac31164291380b2a11faabf41c0cf6cd7b56e3c92f7b83203e7d31ce8fdab0a61069316a79b28a37b3

                                      • C:\Users\Admin\AppData\Local\Temp\OpenIV_Setup_Install.log

                                        Filesize

                                        309B

                                        MD5

                                        4a12b32503f13ef911e620e2a0d026ca

                                        SHA1

                                        225c9e82f373b5dd81cbfb7ea0e93c2a3a78e9b9

                                        SHA256

                                        407069061c937033935519778f6bb5ef94898814c65418e504ef54336375953d

                                        SHA512

                                        6aa6ac22bae5181f53d2d78a85c7f4045082320966e764acf53024744ddb9c584077dc5f8f874854fc64094810216aff5e27d64e502fc906629be11a633d05a1

                                      • C:\Users\Admin\AppData\Local\Temp\OpenIV_Setup_Install.log

                                        Filesize

                                        4KB

                                        MD5

                                        1f2b7f4956d1954db7555a5d9e765767

                                        SHA1

                                        945dd0f8e63dc126ecc82c06480c972fa7eb4a5f

                                        SHA256

                                        85ac3769d0ca3b0f2489cbfb23cb4eabcb438eb5984bbe6fd554513d4c6abc82

                                        SHA512

                                        5a60ac7a401fc35a11362765715f3f3010828e2f0db2a31fd119b9bfda6b16487ae8437585488c4e9db784dc0aca7aba4aa9e765d7758cd0aa4bbea3ed98616f

                                      • C:\Users\Admin\AppData\Local\Temp\Tar5049.tmp

                                        Filesize

                                        175KB

                                        MD5

                                        dd73cead4b93366cf3465c8cd32e2796

                                        SHA1

                                        74546226dfe9ceb8184651e920d1dbfb432b314e

                                        SHA256

                                        a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

                                        SHA512

                                        ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

                                      • C:\Windows\Logs\DirectX.log

                                        Filesize

                                        2KB

                                        MD5

                                        3269bd190339f00b75c108ea7d27ac83

                                        SHA1

                                        413f79a17fb5d0f5a2bf93c06478bac94a8c6b44

                                        SHA256

                                        50c59b673ac04246af6c158ea50a5119689c7b23cab76fe547186e472d46fa0a

                                        SHA512

                                        b6bc79c5672a18798f969fd09f662f48cce17cdd1c6ef918757456dacac7d1ab10891028492b2c80167c47e0e5284968305e8c97db12495216e48623b13a6740

                                      • C:\Windows\SysWOW64\directx\websetup\filelist.dat

                                        Filesize

                                        111B

                                        MD5

                                        d6f81567baaf05b557d9bc6c348cb5f1

                                        SHA1

                                        0c840165fcd34d996c85b6b44b00c7206bf772b6

                                        SHA256

                                        e60413bec64775bf1933ef4f9673c8bcfbe0ce71e950fd589bbd14c0f9a00359

                                        SHA512

                                        09b84cc9199592821d7de38cbe24332097b276bb25b6d09f7dcdc3a6b17369ee944a6f8120f13ea6a5c15eb759a90d7ce29cc845a5c0680ff2fa53e2623171e2

                                      • \Users\Admin\AppData\Local\New Technology Studio\Apps\OpenIV\OpenIV.exe

                                        Filesize

                                        5.9MB

                                        MD5

                                        bb097c6974168f61110c561ad603a10b

                                        SHA1

                                        064835546c1fb19bd956d21207063092f39ba106

                                        SHA256

                                        09cab56f16c0f28ad1ce7add649b361cdb9d4a949be4245b5b539bb5b9dbe677

                                        SHA512

                                        270fb32673dddb8694da0d5bd93413bcbaeb783f9f746c1a194650ea146b3c58021b3bdffe38101ed1773888daddd90f8c89d8f9767cfdc74d6667b20b238b1d

                                      • \Users\Admin\AppData\Local\New Technology Studio\Apps\OpenIV\OpenIV.exe

                                        Filesize

                                        10.9MB

                                        MD5

                                        fcde498ff832ed6a6ffc880aa1a911b5

                                        SHA1

                                        90f3a200905db2790823ffb488dd604693b735bb

                                        SHA256

                                        a702133147f6472bc476cdde68694b8ddd03d8b66b2da8a4cb3f227ded90490a

                                        SHA512

                                        c1a28b84ad42a0ad151b3f957009a79fb95a362d2e5e0561552047f46d38a2070469ab9ff1221ff35abd5d027c818787cb7b8f4e3a5ad7745ba20ccbeae1b21b

                                      • \Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe

                                        Filesize

                                        515KB

                                        MD5

                                        ac3a5f7be8cd13a863b50ab5fe00b71c

                                        SHA1

                                        eee417cd92e263b84dd3b5dcc2b4b463fe6e84d9

                                        SHA256

                                        8f5e89298e3dc2e22d47515900c37cca4ee121c5ba06a6d962d40ad6e1a595da

                                        SHA512

                                        c8bbe791373dad681f0ac9f5ab538119bde685d4f901f5db085c73163fc2e868972b2de60e72ccd44f745f1fd88fcde2e27f32302d8cbd3c1f43e6e657c79fba

                                      • \Users\Admin\AppData\Local\Temp\OpenIV Setup_0F762250\dxwebsetup.exe

                                        Filesize

                                        285KB

                                        MD5

                                        bcbb7c0cd9696068988953990ec5bd11

                                        SHA1

                                        3c8243734cf43dd7bb2332ba05b58ccacfa4377c

                                        SHA256

                                        34f64699d4830145cae69bd40115b1f326e70fc6a98456cb3df996d947dddca4

                                        SHA512

                                        551a2e3aa5fc7c0e79c3bd7c5333df5f1920ea83fe35b99adbbe865ea926fa772d72709bde2ea8f2685f4914cd96ff7b5b6f894f9b99f1120c2abe89c390a786

                                      • \Users\Admin\AppData\Local\Temp\oivsetup-02032024164434.exe

                                        Filesize

                                        4.4MB

                                        MD5

                                        1692aec61ddcdda471defa199c62d25a

                                        SHA1

                                        484af221468ddb534b74e12970de80d5dfee2b28

                                        SHA256

                                        84bde632c5bfd2a7ff84e579e6f7561543ca0aad6d8e7275dae5926ba4f561c1

                                        SHA512

                                        19155d0770fc0931ab8ac1bf35f56b32c8c122379adac6866b07cebec28932f92be124638cd7bb9fdaff5edd091f3af0c1fbd0757a99de44e24f11214f13329a

                                      • memory/2228-1-0x0000000000400000-0x000000000259D000-memory.dmp

                                        Filesize

                                        33.6MB

                                      • memory/2228-90-0x0000000000400000-0x000000000259D000-memory.dmp

                                        Filesize

                                        33.6MB

                                      • memory/2228-0-0x0000000000240000-0x0000000000241000-memory.dmp

                                        Filesize

                                        4KB

                                      • memory/2264-265-0x0000000000400000-0x0000000000907000-memory.dmp

                                        Filesize

                                        5.0MB

                                      • memory/2264-3090-0x0000000000400000-0x0000000000907000-memory.dmp

                                        Filesize

                                        5.0MB

                                      • memory/2264-93-0x0000000000400000-0x0000000000907000-memory.dmp

                                        Filesize

                                        5.0MB

                                      • memory/2264-91-0x0000000000240000-0x0000000000241000-memory.dmp

                                        Filesize

                                        4KB

                                      • memory/2264-2192-0x0000000000400000-0x0000000000907000-memory.dmp

                                        Filesize

                                        5.0MB

                                      • memory/2264-1018-0x0000000000400000-0x0000000000907000-memory.dmp

                                        Filesize

                                        5.0MB

                                      • memory/2264-3956-0x0000000000400000-0x0000000000907000-memory.dmp

                                        Filesize

                                        5.0MB

                                      • memory/2264-1077-0x0000000000240000-0x0000000000241000-memory.dmp

                                        Filesize

                                        4KB

                                      • memory/3552-3958-0x0000000000400000-0x0000000002428000-memory.dmp

                                        Filesize

                                        32.2MB