Malware Analysis Report

2025-08-11 01:05

Sample ID 240302-t8sn3afa51
Target OpenIVSetup_offline.rar
SHA256 4b4e72a5e8915429c77cad16cea92c3e128895e50e308fbd21b8a75c750e2e1b
Tags
discovery evasion persistence trojan
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

4b4e72a5e8915429c77cad16cea92c3e128895e50e308fbd21b8a75c750e2e1b

Threat Level: Likely malicious

The file OpenIVSetup_offline.rar was found to be: Likely malicious.

Malicious Activity Summary

discovery evasion persistence trojan

Downloads MZ/PE file

Executes dropped EXE

Loads dropped DLL

Enumerates connected drives

Checks installed software on the system

Checks whether UAC is enabled

Adds Run key to start application

Drops file in System32 directory

Drops file in Windows directory

Enumerates physical storage devices

Unsigned PE

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious use of SendNotifyMessage

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-03-02 16:44

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-03-02 16:44

Reported

2024-03-02 16:47

Platform

win7-20240215-en

Max time kernel

119s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\OpenIVSetup.exe"

Signatures

Downloads MZ/PE file

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\OpenIV Setup_0F762250\dxwebsetup.exe N/A

Checks installed software on the system

discovery

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\OpenIVSetup.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\oivsetup-02032024164434.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\directx\websetup\SET4AC7.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\SysWOW64\directx\websetup\SET4AC7.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\SysWOW64\directx\websetup\dsetup32.dll C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\SysWOW64\DirectX\WebSetup C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\SysWOW64\DirectX\WebSetup\filelist.dat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\SysWOW64\directx\websetup\SET4AC6.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\SysWOW64\directx\websetup\SET4AC6.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\SysWOW64\directx\websetup\dsetup.dll C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\msdownld.tmp\AS765977.tmp\dxupdate.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS76CF51.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\msdownld.tmp\AS76D5D7.tmp\dxupdate.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\security\logs\scecomp.log C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\msdownld.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS76514C.tmp\dxupdate.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS766366.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS767724.tmp\dxupdate.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\msdownld.tmp\AS767E26.tmp\dxupdate.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS76B4A1.tmp\dxupdate.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS76D5D7.tmp\dxupdate.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\msdownld.tmp\AS76514C.tmp\dxupdate.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\msdownld.tmp\AS766366.tmp\dxupdate.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\msdownld.tmp\AS767724.tmp\dxupdate.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS767724.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS767E26.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\msdownld.tmp\AS7690BC.tmp\dxupdate.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS76B4A1.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS76514C.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS765977.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS76696E.tmp\dxupdate.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\msdownld.tmp\AS76B4A1.tmp\dxupdate.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\msdownld.tmp\AS76CF51.tmp\dxupdate.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS76CF51.tmp\dxupdate.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS76D5D7.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\Logs\DirectX.log C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS765977.tmp\dxupdate.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\msdownld.tmp\AS76696E.tmp\dxupdate.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS7690BC.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS769761.tmp\dxupdate.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS769761.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\msdownld.tmp\AS76AE0C.tmp\dxupdate.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS767E26.tmp\dxupdate.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\msdownld.tmp\AS769761.tmp\dxupdate.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS76AE0C.tmp\dxupdate.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS76AE0C.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\INF\setupapi.app.log C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS766366.tmp\dxupdate.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS76696E.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS7690BC.tmp\dxupdate.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\oivsetup-02032024164434.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\oivsetup-02032024164434.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\oivsetup-02032024164434.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\oivsetup-02032024164434.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\oivsetup-02032024164434.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\oivsetup-02032024164434.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\oivsetup-02032024164434.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\oivsetup-02032024164434.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\oivsetup-02032024164434.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\oivsetup-02032024164434.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\oivsetup-02032024164434.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\oivsetup-02032024164434.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\oivsetup-02032024164434.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\oivsetup-02032024164434.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\oivsetup-02032024164434.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\oivsetup-02032024164434.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\oivsetup-02032024164434.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\oivsetup-02032024164434.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\oivsetup-02032024164434.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\oivsetup-02032024164434.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\oivsetup-02032024164434.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\oivsetup-02032024164434.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\oivsetup-02032024164434.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\oivsetup-02032024164434.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\oivsetup-02032024164434.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\oivsetup-02032024164434.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\oivsetup-02032024164434.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\oivsetup-02032024164434.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\oivsetup-02032024164434.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\oivsetup-02032024164434.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\oivsetup-02032024164434.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\oivsetup-02032024164434.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\oivsetup-02032024164434.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\oivsetup-02032024164434.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\oivsetup-02032024164434.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\oivsetup-02032024164434.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\oivsetup-02032024164434.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\oivsetup-02032024164434.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\oivsetup-02032024164434.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\oivsetup-02032024164434.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\oivsetup-02032024164434.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\oivsetup-02032024164434.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\oivsetup-02032024164434.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\oivsetup-02032024164434.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\oivsetup-02032024164434.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\oivsetup-02032024164434.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\oivsetup-02032024164434.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\oivsetup-02032024164434.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\oivsetup-02032024164434.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\oivsetup-02032024164434.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\oivsetup-02032024164434.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\oivsetup-02032024164434.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\oivsetup-02032024164434.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\oivsetup-02032024164434.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\oivsetup-02032024164434.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\oivsetup-02032024164434.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\oivsetup-02032024164434.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\oivsetup-02032024164434.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\oivsetup-02032024164434.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\oivsetup-02032024164434.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\oivsetup-02032024164434.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\oivsetup-02032024164434.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\oivsetup-02032024164434.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\oivsetup-02032024164434.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2228 wrote to memory of 2264 N/A C:\Users\Admin\AppData\Local\Temp\OpenIVSetup.exe C:\Users\Admin\AppData\Local\Temp\oivsetup-02032024164434.exe
PID 2228 wrote to memory of 2264 N/A C:\Users\Admin\AppData\Local\Temp\OpenIVSetup.exe C:\Users\Admin\AppData\Local\Temp\oivsetup-02032024164434.exe
PID 2228 wrote to memory of 2264 N/A C:\Users\Admin\AppData\Local\Temp\OpenIVSetup.exe C:\Users\Admin\AppData\Local\Temp\oivsetup-02032024164434.exe
PID 2228 wrote to memory of 2264 N/A C:\Users\Admin\AppData\Local\Temp\OpenIVSetup.exe C:\Users\Admin\AppData\Local\Temp\oivsetup-02032024164434.exe
PID 2228 wrote to memory of 2264 N/A C:\Users\Admin\AppData\Local\Temp\OpenIVSetup.exe C:\Users\Admin\AppData\Local\Temp\oivsetup-02032024164434.exe
PID 2228 wrote to memory of 2264 N/A C:\Users\Admin\AppData\Local\Temp\OpenIVSetup.exe C:\Users\Admin\AppData\Local\Temp\oivsetup-02032024164434.exe
PID 2228 wrote to memory of 2264 N/A C:\Users\Admin\AppData\Local\Temp\OpenIVSetup.exe C:\Users\Admin\AppData\Local\Temp\oivsetup-02032024164434.exe
PID 2264 wrote to memory of 2280 N/A C:\Users\Admin\AppData\Local\Temp\oivsetup-02032024164434.exe C:\Users\Admin\AppData\Local\Temp\OpenIV Setup_0F762250\dxwebsetup.exe
PID 2264 wrote to memory of 2280 N/A C:\Users\Admin\AppData\Local\Temp\oivsetup-02032024164434.exe C:\Users\Admin\AppData\Local\Temp\OpenIV Setup_0F762250\dxwebsetup.exe
PID 2264 wrote to memory of 2280 N/A C:\Users\Admin\AppData\Local\Temp\oivsetup-02032024164434.exe C:\Users\Admin\AppData\Local\Temp\OpenIV Setup_0F762250\dxwebsetup.exe
PID 2264 wrote to memory of 2280 N/A C:\Users\Admin\AppData\Local\Temp\oivsetup-02032024164434.exe C:\Users\Admin\AppData\Local\Temp\OpenIV Setup_0F762250\dxwebsetup.exe
PID 2264 wrote to memory of 2280 N/A C:\Users\Admin\AppData\Local\Temp\oivsetup-02032024164434.exe C:\Users\Admin\AppData\Local\Temp\OpenIV Setup_0F762250\dxwebsetup.exe
PID 2264 wrote to memory of 2280 N/A C:\Users\Admin\AppData\Local\Temp\oivsetup-02032024164434.exe C:\Users\Admin\AppData\Local\Temp\OpenIV Setup_0F762250\dxwebsetup.exe
PID 2264 wrote to memory of 2280 N/A C:\Users\Admin\AppData\Local\Temp\oivsetup-02032024164434.exe C:\Users\Admin\AppData\Local\Temp\OpenIV Setup_0F762250\dxwebsetup.exe
PID 2280 wrote to memory of 2288 N/A C:\Users\Admin\AppData\Local\Temp\OpenIV Setup_0F762250\dxwebsetup.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
PID 2280 wrote to memory of 2288 N/A C:\Users\Admin\AppData\Local\Temp\OpenIV Setup_0F762250\dxwebsetup.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
PID 2280 wrote to memory of 2288 N/A C:\Users\Admin\AppData\Local\Temp\OpenIV Setup_0F762250\dxwebsetup.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
PID 2280 wrote to memory of 2288 N/A C:\Users\Admin\AppData\Local\Temp\OpenIV Setup_0F762250\dxwebsetup.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
PID 2280 wrote to memory of 2288 N/A C:\Users\Admin\AppData\Local\Temp\OpenIV Setup_0F762250\dxwebsetup.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
PID 2280 wrote to memory of 2288 N/A C:\Users\Admin\AppData\Local\Temp\OpenIV Setup_0F762250\dxwebsetup.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
PID 2280 wrote to memory of 2288 N/A C:\Users\Admin\AppData\Local\Temp\OpenIV Setup_0F762250\dxwebsetup.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
PID 2044 wrote to memory of 1896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2044 wrote to memory of 1896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2044 wrote to memory of 1896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2044 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2044 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2044 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2044 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2044 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2044 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2044 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2044 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2044 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2044 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2044 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2044 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2044 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2044 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2044 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2044 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2044 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2044 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2044 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2044 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2044 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2044 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2044 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2044 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2044 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2044 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2044 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2044 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2044 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2044 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2044 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2044 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2044 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2044 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2044 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2044 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2044 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2044 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2044 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2044 wrote to memory of 1160 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\OpenIVSetup.exe

"C:\Users\Admin\AppData\Local\Temp\OpenIVSetup.exe"

C:\Users\Admin\AppData\Local\Temp\oivsetup-02032024164434.exe

"C:\Users\Admin\AppData\Local\Temp\oivsetup-02032024164434.exe"

C:\Users\Admin\AppData\Local\Temp\OpenIV Setup_0F762250\dxwebsetup.exe

"C:\Users\Admin\AppData\Local\Temp\OpenIV Setup_0F762250\dxwebsetup.exe" /Q

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe /windowsupdate

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6f89758,0x7fef6f89768,0x7fef6f89778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1168 --field-trial-handle=1228,i,815600635775845285,16770462689557779490,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1516 --field-trial-handle=1228,i,815600635775845285,16770462689557779490,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1600 --field-trial-handle=1228,i,815600635775845285,16770462689557779490,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2296 --field-trial-handle=1228,i,815600635775845285,16770462689557779490,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2320 --field-trial-handle=1228,i,815600635775845285,16770462689557779490,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1168 --field-trial-handle=1228,i,815600635775845285,16770462689557779490,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1432 --field-trial-handle=1228,i,815600635775845285,16770462689557779490,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3636 --field-trial-handle=1228,i,815600635775845285,16770462689557779490,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3704 --field-trial-handle=1228,i,815600635775845285,16770462689557779490,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3840 --field-trial-handle=1228,i,815600635775845285,16770462689557779490,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3996 --field-trial-handle=1228,i,815600635775845285,16770462689557779490,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3456 --field-trial-handle=1228,i,815600635775845285,16770462689557779490,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3808 --field-trial-handle=1228,i,815600635775845285,16770462689557779490,131072 /prefetch:1

C:\Users\Admin\AppData\Local\New Technology Studio\Apps\OpenIV\OpenIV.exe

"C:\Users\Admin\AppData\Local\New Technology Studio\Apps\OpenIV\OpenIV.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 ntscorp.ru udp
US 188.114.97.2:443 ntscorp.ru tcp
US 188.114.97.2:443 ntscorp.ru tcp
US 8.8.8.8:53 download.microsoft.com udp
GB 23.44.234.47:80 download.microsoft.com tcp
GB 23.44.234.47:443 download.microsoft.com tcp
GB 23.44.234.47:443 download.microsoft.com tcp
GB 23.44.234.47:443 download.microsoft.com tcp
GB 23.44.234.47:443 download.microsoft.com tcp
GB 23.44.234.47:443 download.microsoft.com tcp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:443 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
GB 23.44.234.47:443 download.microsoft.com tcp
N/A 224.0.0.251:5353 udp
GB 23.44.234.47:443 download.microsoft.com tcp
GB 23.44.234.47:443 download.microsoft.com tcp
GB 23.44.234.47:443 download.microsoft.com tcp
GB 23.44.234.47:443 download.microsoft.com tcp
US 8.8.8.8:53 pornhub.com udp
US 66.254.114.41:443 pornhub.com tcp
US 66.254.114.41:443 pornhub.com tcp
US 66.254.114.41:80 pornhub.com tcp
US 66.254.114.41:80 pornhub.com tcp
US 66.254.114.41:443 pornhub.com tcp
GB 216.58.213.3:80 www.gstatic.com tcp
GB 23.44.234.47:443 download.microsoft.com tcp
GB 23.44.234.47:443 download.microsoft.com tcp

Files

memory/2228-0-0x0000000000240000-0x0000000000241000-memory.dmp

memory/2228-1-0x0000000000400000-0x000000000259D000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\OpenIV_Setup_Install.log

MD5 dbbb592f187a7a5e4b796fe90cc24298
SHA1 0f47f3bbb8f888ccb0248e63eddf5eecdbece404
SHA256 c838bb0e1091e04e4b40a174524f304be5f4565ef39efcd53b5f2047b7b20fea
SHA512 2b744097195ec403d640c94efa8688d5c67b582c6cbbb1e5168e5ebe8128c68d410c74c9657ac7fdd2aaf5270fca4ce965d53012c8342276804cb24726c89df4

\Users\Admin\AppData\Local\Temp\oivsetup-02032024164434.exe

MD5 1692aec61ddcdda471defa199c62d25a
SHA1 484af221468ddb534b74e12970de80d5dfee2b28
SHA256 84bde632c5bfd2a7ff84e579e6f7561543ca0aad6d8e7275dae5926ba4f561c1
SHA512 19155d0770fc0931ab8ac1bf35f56b32c8c122379adac6866b07cebec28932f92be124638cd7bb9fdaff5edd091f3af0c1fbd0757a99de44e24f11214f13329a

memory/2228-90-0x0000000000400000-0x000000000259D000-memory.dmp

memory/2264-91-0x0000000000240000-0x0000000000241000-memory.dmp

memory/2264-93-0x0000000000400000-0x0000000000907000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\OpenIV_Setup_Install.log

MD5 487a239eacee993486617446499e898a
SHA1 cbae28266ca1eb02c21aabf0752881a490982702
SHA256 dc9f7c0db1ab7d8f6ff892c4e46d4be81add06a822b1765e9f32df45188af007
SHA512 e17d7302b190b421d10b43c98ef8647c73f3f2fa0b6fbcac31164291380b2a11faabf41c0cf6cd7b56e3c92f7b83203e7d31ce8fdab0a61069316a79b28a37b3

C:\Users\Admin\AppData\Local\Temp\OpenIV_Setup_Install.log

MD5 4a12b32503f13ef911e620e2a0d026ca
SHA1 225c9e82f373b5dd81cbfb7ea0e93c2a3a78e9b9
SHA256 407069061c937033935519778f6bb5ef94898814c65418e504ef54336375953d
SHA512 6aa6ac22bae5181f53d2d78a85c7f4045082320966e764acf53024744ddb9c584077dc5f8f874854fc64094810216aff5e27d64e502fc906629be11a633d05a1

C:\Users\Admin\AppData\Local\Temp\OpenIV_Setup_Install.log

MD5 1f2b7f4956d1954db7555a5d9e765767
SHA1 945dd0f8e63dc126ecc82c06480c972fa7eb4a5f
SHA256 85ac3769d0ca3b0f2489cbfb23cb4eabcb438eb5984bbe6fd554513d4c6abc82
SHA512 5a60ac7a401fc35a11362765715f3f3010828e2f0db2a31fd119b9bfda6b16487ae8437585488c4e9db784dc0aca7aba4aa9e765d7758cd0aa4bbea3ed98616f

\Users\Admin\AppData\Local\Temp\OpenIV Setup_0F762250\dxwebsetup.exe

MD5 bcbb7c0cd9696068988953990ec5bd11
SHA1 3c8243734cf43dd7bb2332ba05b58ccacfa4377c
SHA256 34f64699d4830145cae69bd40115b1f326e70fc6a98456cb3df996d947dddca4
SHA512 551a2e3aa5fc7c0e79c3bd7c5333df5f1920ea83fe35b99adbbe865ea926fa772d72709bde2ea8f2685f4914cd96ff7b5b6f894f9b99f1120c2abe89c390a786

\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe

MD5 ac3a5f7be8cd13a863b50ab5fe00b71c
SHA1 eee417cd92e263b84dd3b5dcc2b4b463fe6e84d9
SHA256 8f5e89298e3dc2e22d47515900c37cca4ee121c5ba06a6d962d40ad6e1a595da
SHA512 c8bbe791373dad681f0ac9f5ab538119bde685d4f901f5db085c73163fc2e868972b2de60e72ccd44f745f1fd88fcde2e27f32302d8cbd3c1f43e6e657c79fba

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.inf

MD5 ad8982eaa02c7ad4d7cdcbc248caa941
SHA1 4ccd8e038d73a5361d754c7598ed238fc040d16b
SHA256 d63c35e9b43eb0f28ffc28f61c9c9a306da9c9de3386770a7eb19faa44dbfc00
SHA512 5c805d78bafff06c36b5df6286709ddf2d36808280f92e62dc4c285edd9176195a764d5cf0bb000da53ca8bbf66ddd61d852e4259e3113f6529e2d7bdbdd6e28

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dsetup.dll

MD5 984cad22fa542a08c5d22941b888d8dc
SHA1 3e3522e7f3af329f2235b0f0850d664d5377b3cd
SHA256 57bc22850bb8e0bcc511a9b54cd3da18eec61f3088940c07d63b9b74e7fe2308
SHA512 8ef171218b331f0591a4b2a5e68dcbae98f5891518ce877f1d8d1769c59c0f4ddae43cc43da6606975078f889c832f0666484db9e047782e7a0ae4a2d41f5bef

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dsetup32.dll

MD5 a5412a144f63d639b47fcc1ba68cb029
SHA1 81bd5f1c99b22c0266f3f59959dfb4ea023be47e
SHA256 8a011da043a4b81e2b3d41a332e0ff23a65d546bd7636e8bc74885e8746927d6
SHA512 2679a4cb690e8d709cb5e57b59315d22f69f91efa6c4ee841943751c882b0c0457fd4a3376ac3832c757c6dfaffb7d844909c5665b86a95339af586097ee0405

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.cif

MD5 7b1fbe9f5f43b2261234b78fe115cf8e
SHA1 dd0f256ae38b4c4771e1d1ec001627017b7bb741
SHA256 762ff640013db2bd4109d7df43a867303093815751129bd1e33f16bf02e52cce
SHA512 d21935a9867c0f2f7084917c79fbb1da885a1bfd4793cf669ff4da8c777b3a201857250bfb7c2b616625a8d3573c68395d210446d2c284b41cf09cc7cbb07885

C:\Windows\SysWOW64\directx\websetup\filelist.dat

MD5 d6f81567baaf05b557d9bc6c348cb5f1
SHA1 0c840165fcd34d996c85b6b44b00c7206bf772b6
SHA256 e60413bec64775bf1933ef4f9673c8bcfbe0ce71e950fd589bbd14c0f9a00359
SHA512 09b84cc9199592821d7de38cbe24332097b276bb25b6d09f7dcdc3a6b17369ee944a6f8120f13ea6a5c15eb759a90d7ce29cc845a5c0680ff2fa53e2623171e2

memory/2264-265-0x0000000000400000-0x0000000000907000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 753df6889fd7410a2e9fe333da83a429
SHA1 3c425f16e8267186061dd48ac1c77c122962456e
SHA256 b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78
SHA512 9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

C:\Users\Admin\AppData\Local\Temp\Tar5049.tmp

MD5 dd73cead4b93366cf3465c8cd32e2796
SHA1 74546226dfe9ceb8184651e920d1dbfb432b314e
SHA256 a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22
SHA512 ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

\??\pipe\crashpad_2044_YKGJUQEKWNKTEFLC

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

memory/2264-1018-0x0000000000400000-0x0000000000907000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

memory/2264-1077-0x0000000000240000-0x0000000000241000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 367ccf02be43b3237a4556e8ccb7df54
SHA1 f81098ce86166319bba6bef75d24b65dc144d792
SHA256 e9f5c2e2d23f57752c03d1f6f64afa9da9e1a7f6e35c0d923d44c91a1731845d
SHA512 56e6dd85bf9c91b7ea83d512b22b35512f8de03e39e59973e94e41acefcdb17fb3735ad2809b4b09f10774e8148cbe35ff03818de87d7634cbea0ffeaae5533d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e5ac7c20a5b55ef9fd48c9c5c842230d
SHA1 460b47b431a9cd91c35147e312d4c3f473836a16
SHA256 a431c8aa25ff6b58f633c191a932c974ad7fc0bce540f0f8d5fadb88165cdfa8
SHA512 64896d56f3e3fe0a8d20164d51e371005aef57262989d980c8067a5eba3e221e1a4940413320cfa054131998390cbd7ad89a8979b5e73a0e7d98812c566ee2ae

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e6dc452f068a5c923e27a880e07aca15
SHA1 95b40307a64b8a3f294afb179bbdc5221c876939
SHA256 f0ee94ea71e34e54ace4ab9573360d07125be7fb64583d53d7a4af76f78d7502
SHA512 38fb09fa6b40b6bbaa180182e4688a4646bdccac973659aebf132b906b106408afc9030a36fa055c09b2d111dbaed774a5094aa2f27388fc0953b61e4ad17038

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0623d79d08511c8aec635f70792444c2
SHA1 6f3088c1dc48c0f621fdd18767a908860443ffda
SHA256 0859b1c69a1fc48a87a1d8edf7360a41f21a38f476076ba57ca96236b329b470
SHA512 fd29574acc6f30a7c0e89e5085c5d42e565c6ec0e4c15b00b11c00506f511829dfa03ecce84a149d444724ae70e2e6473bed1761a215c612b4b2f2457664012e

memory/2264-2192-0x0000000000400000-0x0000000000907000-memory.dmp

C:\Windows\Logs\DirectX.log

MD5 3269bd190339f00b75c108ea7d27ac83
SHA1 413f79a17fb5d0f5a2bf93c06478bac94a8c6b44
SHA256 50c59b673ac04246af6c158ea50a5119689c7b23cab76fe547186e472d46fa0a
SHA512 b6bc79c5672a18798f969fd09f662f48cce17cdd1c6ef918757456dacac7d1ab10891028492b2c80167c47e0e5284968305e8c97db12495216e48623b13a6740

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.cif

MD5 2c4d9e4773084f33092ced15678a2c46
SHA1 bad603d543470157effd4876a684b9cfd5075524
SHA256 ed710d035ccaab0914810becf2f5db2816dba3a351f3666a38a903c80c16997a
SHA512 d2e34cac195cfede8bc64bdc92721c574963ff522618eda4d7172f664aeb4c8675fd3d4f3658391ee5eaa398bcd2ce5d8f80deecf51af176f5c4bb2d2695e04e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 126a4148a1d4e446dc3a7a245f2a4bef
SHA1 d5945ba904d1b7421187229c3169db0546f7f451
SHA256 5cfbccd31718fc27f4ea52cd8c4f6872a591334aaded78a8a7cc67fa0b4014b8
SHA512 8a2bf2a96a078e28352ab20c149ed9d09d15b1b418341ba8ae8845c87186f62afc31c2da9dcb6274f8be9f6a972a705760d179568bd74535b8b92a29ded4ea83

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 c734819938851a80346821391f5de93d
SHA1 87d93c01f299b00bd18851f8ddd22725a2142808
SHA256 de7761bceb4d0ff51b957a7b355fd10d663ff03cb5299cc0858ef2580bbcf37c
SHA512 02b0f853ab50cb4e0d3352fc35476763c05f1b115a09176a09f27f1de4c5c89f5556c2719857cc686ad3f46221ef29a0c0a5090f357c109ec4b690415583191f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9184c67f2c19112f7856a3906559b6a8
SHA1 3d3e61135dfffe617738eebc242303d1ce31f57a
SHA256 d11a0d54ef5cacfea22ea6314b8e028e21b011084af34a1ceeb34a1c2c761fec
SHA512 19455243c78327d9e346c446752cb2b3e595111c19a997cfa0c9b6552447c2ddffa6bf48811f35876627153c5d48dc82ae10f2ea1baa30b51368d313dd59d8e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\126571c8-4ee8-44d5-a4fe-376929a75c30.tmp

MD5 e6eeff10ad6ab162fb6d1170cae8618b
SHA1 fd614cbca3d38a30655b710ea37445bab735defc
SHA256 c5915e19505f4328109cd1be0c9721fcb155c0e682305da5da0265e1f0c15a4a
SHA512 32b870a87dbb211d1923ca7b136a01c028281ce3eebeb324284ef8d0a6fe0ad56e06d76ddea42ea47c1eb2e02c12ed4fd622e4ea5785705be32c9efe0b37d0f6

memory/2264-3090-0x0000000000400000-0x0000000000907000-memory.dmp

C:\Users\Admin\AppData\Local\New Technology Studio\Apps\OpenIV\Resources\Languages\zh_CN\EULA.rtf

MD5 ba3630939222d99dcb853d54210514ab
SHA1 89d496d575863f0ceaf29a78c532a6a3d9e33ab3
SHA256 fbb06d0c6745ec7b1843edb80595f53a6669ee74282458321dc7bc170773b01a
SHA512 243b5dbac1ba3d5a3fd15de395c1033253aa5790a23257678f1d11463fb53d84fa91e4e15673d11deddab733465185cfb8cf51b8c7b5dceed53330cfb9a889c1

\Users\Admin\AppData\Local\New Technology Studio\Apps\OpenIV\OpenIV.exe

MD5 bb097c6974168f61110c561ad603a10b
SHA1 064835546c1fb19bd956d21207063092f39ba106
SHA256 09cab56f16c0f28ad1ce7add649b361cdb9d4a949be4245b5b539bb5b9dbe677
SHA512 270fb32673dddb8694da0d5bd93413bcbaeb783f9f746c1a194650ea146b3c58021b3bdffe38101ed1773888daddd90f8c89d8f9767cfdc74d6667b20b238b1d

C:\Users\Admin\AppData\Local\New Technology Studio\Apps\OpenIV\OpenIV.exe

MD5 f0d4dc6dedb92543a85ddfdd88cc48df
SHA1 70275da00c15f02664e061025a2e0cdd0b758ba8
SHA256 e41c385d5bf0212672e96fe164f6e856a40dcaf4aabf6a7746fc3ad15e961f1c
SHA512 8a071a158a3c6307d65f2a4dbf0a06670cc813492d2736f8ec41e909435fa64624a66d4b20cdecb6885a2f1e54dec8de4f490162d4e21933e280aaee70dcde78

\Users\Admin\AppData\Local\New Technology Studio\Apps\OpenIV\OpenIV.exe

MD5 fcde498ff832ed6a6ffc880aa1a911b5
SHA1 90f3a200905db2790823ffb488dd604693b735bb
SHA256 a702133147f6472bc476cdde68694b8ddd03d8b66b2da8a4cb3f227ded90490a
SHA512 c1a28b84ad42a0ad151b3f957009a79fb95a362d2e5e0561552047f46d38a2070469ab9ff1221ff35abd5d027c818787cb7b8f4e3a5ad7745ba20ccbeae1b21b

memory/2264-3956-0x0000000000400000-0x0000000000907000-memory.dmp

C:\Users\Admin\AppData\Local\New Technology Studio\Apps\OpenIV\OpenIV.exe

MD5 9329cfae526eaceb4d736807ea49138b
SHA1 1e546fa9ff53532b68b4108174e17453a3287f1e
SHA256 51bad3dea5d533cf53779f852b106dacc356991e5ffd0878c3c7abe9cd6bd9d8
SHA512 10454741c8feedab1cf6fad290d1ec96f6822c63f20ebc827c70732ca861c0882ce2cfea8732f3137bd89fb9cddefa58fc9f299e47e2ff9eab604989f468f9ec

memory/3552-3958-0x0000000000400000-0x0000000002428000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-03-02 16:44

Reported

2024-03-02 16:47

Platform

win10v2004-20240226-en

Max time kernel

150s

Max time network

114s

Command Line

"C:\Users\Admin\AppData\Local\Temp\OpenIVSetup.exe"

Signatures

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\OpenIVSetup.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\OpenIVSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OpenIVSetup.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\OpenIVSetup.exe

"C:\Users\Admin\AppData\Local\Temp\OpenIVSetup.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 61.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 45.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp

Files

memory/2248-1-0x00000000028E0000-0x00000000028E1000-memory.dmp

memory/2248-0-0x0000000000400000-0x000000000259D000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\OpenIV_Setup_Install.log

MD5 1fe3e87405b2c9249cb4e67731501024
SHA1 332fbc3990ddc22c5198e01ee7c335f877f76464
SHA256 71d90b4811f6bee7b27739fbd7573726ca340323cfef9fafcfdd0f7a6d08fcf7
SHA512 afec8043c453649045d1a02a12c4f5b86d77f77d703fdffbaf9bc5eeb015a2955b4030aae192c294bd14d1bb41146ff07db59b6412e0578c56508fd3ccc7d958

C:\Users\Admin\AppData\Local\Temp\OpenIV_Setup_Install.log

MD5 daac4b53488ab320bc0fd6b07d0a4170
SHA1 79ed53233f1726dee0bfbf5f7f229f474fa11b18
SHA256 44c4a3df127af23e149c39a8239123dd69be081434cc38bdd7302f96c9e6a7b2
SHA512 629701432d0f271397e757e8cbf3437e3bd40cddd1113aa72a602fefa14b2dadff94db1ed101c0e2a73f40b88a8d3e90486be01ef8e0eea1710265f635409e28

C:\Users\Admin\AppData\Local\Temp\OpenIV_Setup_Install.log

MD5 0eaa995de5e49fe55c8918bd5ba849e5
SHA1 66cb36073029360158fcf5b42d57288f3c687037
SHA256 e7c99f0ba012c5b9ff817b2bd736a4d4e43c5adb5f027224cf7372f87827116f
SHA512 30237eedacd9d2860e189a0003502a4cab65d9cd958affa2fbba6bdf38f18915935f555083a9d2c01fad4d464eef68e82d1181a1661152cb14bf67c6549f7275

memory/2248-33-0x0000000000400000-0x000000000259D000-memory.dmp

memory/2248-35-0x00000000028E0000-0x00000000028E1000-memory.dmp