Analysis Overview
SHA256
72a3cef4d5f806cc81a9585c58590bdebc9c08a8faecf0238756b15aa2d69e1f
Threat Level: Known bad
The file DiskGenius.exe was found to be: Known bad.
Malicious Activity Summary
PrivateLoader
VMProtect packed file
UPX packed file
Executes dropped EXE
Loads dropped DLL
Suspicious use of NtSetInformationThreadHideFromDebugger
Enumerates physical storage devices
Program crash
Unsigned PE
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-10 12:47
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-10 12:47
Reported
2024-05-10 12:50
Platform
win7-20240508-en
Max time kernel
122s
Max time network
126s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\~4988141023342866583~\sg.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\~2090722159602104039\ntleas.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\~2090722159602104039\diskgenius.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\DiskGenius.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\DiskGenius.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\~2090722159602104039\ntleas.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
VMProtect packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\DiskGenius.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\DiskGenius.exe
"C:\Users\Admin\AppData\Local\Temp\DiskGenius.exe"
C:\Windows\system32\cmd.exe
cmd.exe /c set
C:\Users\Admin\AppData\Local\Temp\~4988141023342866583~\sg.tmp
7zG_exe x "C:\Users\Admin\AppData\Local\Temp\DiskGenius.exe" -y -aoa -o"C:\Users\Admin\AppData\Local\Temp\~2090722159602104039"
C:\Users\Admin\AppData\Local\Temp\~2090722159602104039\ntleas.exe
"C:\Users\Admin\AppData\Local\Temp\~2090722159602104039\ntleas.exe" diskgenius.exe C
C:\Users\Admin\AppData\Local\Temp\~2090722159602104039\diskgenius.exe
"diskgenius.exe"
C:\Users\Admin\AppData\Local\Temp\DiskGenius.exe
PECMD**pecmd-cmd* EXEC -wd:C: -IDLE --hide cmd /c "C:\Users\Admin\AppData\Local\Temp\~1833828596621600744.cmd"
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\~1833828596621600744.cmd"
Network
Files
memory/1484-0-0x0000000000400000-0x000000000056E000-memory.dmp
\Users\Admin\AppData\Local\Temp\~4988141023342866583~\sg.tmp
| MD5 | 7c4718943bd3f66ebdb47ccca72c7b1e |
| SHA1 | f9edfaa7adb8fa528b2e61b2b251f18da10a6969 |
| SHA256 | 4cc32d00338fc7b206a7c052297acf9ac304ae7de9d61a2475a116959c1524fc |
| SHA512 | e18c40d646fa4948f90f7471da55489df431f255041ebb6dcef86346f91078c9b27894e27216a4b2fe2a1c5e501c7953c77893cf696930123d28a322d49e1516 |
\Users\Admin\AppData\Local\Temp\~2090722159602104039\ntleas.exe
| MD5 | 9a8f681b7d71ea0171bd1ff404a91916 |
| SHA1 | 5d610b7f135f21c63f686d460df890ad6a0fb02a |
| SHA256 | 8056c16b5fb104ea51359801a10083e425696e26014610af8a15b60fbbfac4a8 |
| SHA512 | 7ffc5ac803ab3b11cc508b4e9d7d087b6af864735462a23e6e21cca0693aa271c16d26773d4fddfe0b752503758221f701568b398cc937e2235a71797d5c1b3e |
C:\Users\Admin\AppData\Local\Temp\~2090722159602104039\diskgenius.exe
| MD5 | 2910ac89085a9457e9128bd81676dc96 |
| SHA1 | cee5e68568a3cdf5d84ccbba70f2160038459996 |
| SHA256 | 4a408834e693b658b96ecd1b7e96b3a9d5555c997f0642cd9f806fd03589801e |
| SHA512 | c4d4cbdad1a3f1d97486a875ab7d7aa5351fccafac646d965afb4cb186802981cf90f70ea942d998a35631b59d57e19a4248ec6cd86e3f9518ceea27c5e8d9a5 |
C:\Users\Admin\AppData\Local\Temp\~2090722159602104039\avcodec-57.dll
| MD5 | cbb6c78ba2446b030b06282776d81a0e |
| SHA1 | 38739809e1df319cfd7461366d5dbdebc644e89f |
| SHA256 | 98121397933acaf25240e2f2a0822f719f4c5b3b47efb5578f97f28dc019c6db |
| SHA512 | 2f63ad3f26a2a3cf1d4a94d544e52eaa7aa27afeaf2621fced0b0c693cc6bf9ba9be8b360a9287d19b85adda794daf35121438accff44d23802a88409d4a8293 |
C:\Users\Admin\AppData\Local\Temp\~2090722159602104039\avutil-55.dll
| MD5 | 5e0757f2a34f71620ed11f110e062942 |
| SHA1 | 4fee170ac188f53ee5c9ddc6762a90aaa0aedb4b |
| SHA256 | cd40baac665cd1315cc9408dd4aeb1b7aa1d88bdca3860d93d305ee2a4fbc065 |
| SHA512 | cde625af587e21abc5cb1285faa475203b06fc55e8c0b14c62d87f12d68e1b487c471e1bec95c01cda6c40fc0708af22daaafc13621c535932b53729889ab1fb |
C:\Users\Admin\AppData\Local\Temp\~2090722159602104039\avformat-57.dll
| MD5 | ad8605903890285ece1ea1f5a72a9985 |
| SHA1 | 8320253c53ab004b4e82ce90299814a40cc4db79 |
| SHA256 | dea54220257a4cc46455b43295599b1c0a963f794e538fe3bf29ea9d246bb0ec |
| SHA512 | 42877f3d5e4392d9a41db6d212331c815fca650f574bee96c01fcdb5a50fbe9f2e9bef784d2690be5392ef43453bd585157ed49af40c1a52c08ee396a945d7e5 |
C:\Users\Admin\AppData\Local\Temp\~2090722159602104039\DGBCDX64.exe
| MD5 | 846b229c55dcecd9b1e3cf11e1585046 |
| SHA1 | 721621a5266d0c35629382922b62a9af1abad161 |
| SHA256 | 2a757fe83b2d115d5f2e715c15d917025d7cd7e04dd05cd8889dea90e17f0855 |
| SHA512 | a7157727a3d60504028add87699b0d35efb9e049ae4754e71a1aa882dcf0900779e79897a509c503acbdd350ab76f52fb348517d1453d06372ee7a39504d1b27 |
C:\Users\Admin\AppData\Local\Temp\~2090722159602104039\dos\command.com
| MD5 | f730339b0a5f461b530d93bd57050dff |
| SHA1 | 0733db7babadd73a1b98e8983c83b96eacef4e68 |
| SHA256 | bb27b9efbe08b4ad85e6d41663c8c6572acdd61c45e2731ec5a288ea21b3ef4c |
| SHA512 | 98b50b6012efa66af89b8acd5f84c4eb35bbf9dd14815643fd8ee99e92133ff5339c70ca4ea90c4460b7f2a95f0ed95193822a698fece43dc2d3f8a5ec9a772c |
C:\Users\Admin\AppData\Local\Temp\~2090722159602104039\dos\CTMOUSE.EXE
| MD5 | 8187bd2c296900d51c103c474776ffb8 |
| SHA1 | 7334471c7dfb5cd41362281032f5bc608560c051 |
| SHA256 | f4cef8579a1699045c37ac0ddf03fe0ca361de5c1003ba375c3e08f01a546d01 |
| SHA512 | 6b5b64d67d7d8fc08f127d5380633307295de72c19c63513779b9b21d9724014dac2ff7b59062bccf64b2b20bc4a0294db7906d5beff5947aaa284b60e1b2e31 |
C:\Users\Admin\AppData\Local\Temp\~2090722159602104039\dos\fdconfig.sys
| MD5 | 2e7aa3a1b81f958c554622284968cb7b |
| SHA1 | 48b6b4c632ea947000bd6de71a91202c5d328909 |
| SHA256 | b351c58eb75ed7e17c75e45d84534af7a84e2b68eddecc54204e16fa902368a9 |
| SHA512 | b99814f34e1defc1a640c896964118534189051a9885b4a806f7531c5865dfc91799a4baba16ddeae77af7f2a9e726683c9a37b239c9aa7e325eca9c239b48a2 |
C:\Users\Admin\AppData\Local\Temp\~2090722159602104039\dos\fdauto.bat
| MD5 | 9a4efad26e3907495b51b5ae92a6676c |
| SHA1 | d3d30e817a9d4babc0fb1e9800543fa9863f3a46 |
| SHA256 | 4bc47043780d40cf1bb09cc57439cdc91689d0725520f2542f47ad3e698fc181 |
| SHA512 | 84c0dd21cb059bc67f0c2a541baaa42df06aa82b9141c36a94261266cbd290ead45ff14e23b31c6e8301003144b2dd14127c7bf8a66e0846b02774fbe34e3159 |
C:\Users\Admin\AppData\Local\Temp\~2090722159602104039\dos\fdapm.com
| MD5 | d6b105b491cdd328788f568336ef774e |
| SHA1 | 202aca693f89d57a00584bb6d7c63d0a74448f36 |
| SHA256 | c986e326548d93220b6a6ae47decbf5bd19b6344fc89ca7128e2d477ebd6c0b8 |
| SHA512 | 17ccf627cbae4a460b543a6c973fa6165eda9055c0140fb83f32f7ff0c779fe7620cefe0a9e2958127aac78d935f824bff49c4a231db531d6df82c4fb0737de7 |
C:\Users\Admin\AppData\Local\Temp\~2090722159602104039\dos\diskgen.exe
| MD5 | a854b0cc4816cdcb88bbff94095bb67a |
| SHA1 | b32f84d4eca665dba48391f261ac28bdae9eb46e |
| SHA256 | d746deb5afb8441275cd1d639a333abfe2abf8cd632a0692223daa30ef4da366 |
| SHA512 | c5a600712de17ad99efbe5fca26349cd0e3f8d70b8ef6fe8f73e96c2a91c0e39a307e94b50ccf393cf1459868b60349219615c8871e0dfbe049b2dc2c0fe29f3 |
C:\Users\Admin\AppData\Local\Temp\~2090722159602104039\dos\himem.exe
| MD5 | 738c9970441873717e954baf4a9a97f9 |
| SHA1 | 1a16e559a85b6409c90239aab4c4dc9240ca8480 |
| SHA256 | 7b312ef953f1c6ac3ebf6098d18cb3a26d96e936e5e96a6c30b1837bd431ad6b |
| SHA512 | 8729037fdc29392ba26a090c7ae4892965827da29f68c9ba4b7889ce45f5b630ada1b54cb8955d3d0f26e542762f2c31c520158d6528184d0176c8af51644491 |
C:\Users\Admin\AppData\Local\Temp\~2090722159602104039\dos\kernel.sys
| MD5 | 18d296f40f06c8a26eda606c0031f677 |
| SHA1 | 42568b259ad201bbbc20602aff4139171fef0d10 |
| SHA256 | f0ee1605aad08dd327502af98374bc237f4aceb953f26ba5432ecf4db34aeebf |
| SHA512 | c00df3ec0b767a9597f8a64bd287e5602d458dbcd963d69c98ac77ee531956cc3afe41ef726d901bd2e1a831c1a27b26b26d92f70ce3b7f4c8678442d377f008 |
C:\Users\Admin\AppData\Local\Temp\~2090722159602104039\dos\license.txt
| MD5 | 613ba680f328db42a5969ca7f247b294 |
| SHA1 | ec84f2e0ba7749eacc21a4d734d37e6432058c79 |
| SHA256 | 705bf00192ba29c754c7c9964bc42219ec51d837a67087eeeb14fc943d04d2ba |
| SHA512 | def1f9df98071a5d61f2dfdcb3b5c7160ed6ae9497b9f4d8ad9272117db02ea620b7a7062216a2b2a6c6baad13af677215f224df2a22c101dff8b4334f3ba7e6 |
C:\Users\Admin\AppData\Local\Temp\~2090722159602104039\dos\shsucdx.com
| MD5 | 9135b1d3f92243170f243a677340444a |
| SHA1 | c5a9e50ca098fee83d3d09f5a716abf42561219f |
| SHA256 | 81872ee962d6143f52f97e32e10366dcd0177856b36cec978beb7132be65d6f8 |
| SHA512 | 04ca2cab3945f2092e7ead7224f4d7348eadb46cdc7581d45e6647fa701d56108562942b3f97f684837ebb1c524bbd5fe6bb067f0c79340da21ea4c314b0d960 |
C:\Users\Admin\AppData\Local\Temp\~2090722159602104039\dos\xcdrom.sys
| MD5 | ec7da94cb533155fc0ffa4e1e595811d |
| SHA1 | f8e7f70b75cac50e62fe8071678ceef245764370 |
| SHA256 | f6c3f3c048faf61e37793ddf789765d8cab315636be75073deb047d89e8bea31 |
| SHA512 | 685e8231692004dc1c3f877b67b3f5287ecc4eb57b9f4ed5e6543a8f39ced8e854c636149c1741014dac1eb3e4badb6619e207dea2b42ba2ce50d32907fcc7d1 |
C:\Users\Admin\AppData\Local\Temp\~2090722159602104039\Hdrwvdi.dll
| MD5 | 7a8170537afaf5460b19adffb0a1af30 |
| SHA1 | f551a902f74498dd4ce77dba5f7169487a513d90 |
| SHA256 | ef7889f59643cf96a01ae1ff33b4074a45567d987a1bd1afceae6542a265cc27 |
| SHA512 | 19ee1f4b63c95965ffbf9c50d87acea8b86a2732fa7239f60a8028eb151038e92bde238f9caac71e876440abe34e0b4c212321fd9a309d7971fc7183ac18d435 |
C:\Users\Admin\AppData\Local\Temp\~2090722159602104039\dsoframer.ocx
| MD5 | 3f4fa9fd2adc31923165465f893e1680 |
| SHA1 | 0a86bf87b7b30181690216e53957823426b76afa |
| SHA256 | d5019a52524c63cd1b2c1b84af706c023b98b4eec1c2afdbcfe9c1dcb570542a |
| SHA512 | bca51dd97c9a1c53debbd4e54a4d2900a45a577d493d29ebbf12ee92b539b8cbfd5e9505e9add6b96e7a74c7fc362fc1624c39ab656fb07ac967991c75f4f75b |
C:\Users\Admin\AppData\Local\Temp\~2090722159602104039\Hdrwvhd.dll
| MD5 | f2353d58b12e594f0a0db5b65b4495f6 |
| SHA1 | ffc8c55222749e8dc4bd947495d0ac2e88baf85c |
| SHA256 | d8d493aae45535abeda88f4b335b300310698dd0229b4814db892d76fba988dc |
| SHA512 | 4b831f701de794b07366fd4ec4a32bab8b5cf577e3ebd2ed4ee338241120c4971b2ad8c7d94209dc33c30aeff817797861ce9a5d4a6ecd2a3c20e58379605a55 |
C:\Users\Admin\AppData\Local\Temp\~2090722159602104039\Hdrwvhdx.dll
| MD5 | 07d225299fb30042f5aef71a3c8bcdc1 |
| SHA1 | 38fe70feb2772ddeac989c98d7bc2ae2d480e6f1 |
| SHA256 | 4c9471bdbeca5f946bec4009062bd369152ba11ff8cac07f83ffdfa2cd4a553c |
| SHA512 | ee7f55ca4bdbb12808f7bf5cad6a1070909cc9b688f359a9adec49b2db64ef03f5a0009c33e1c4bd9db74727b6f4c7908dc1d7d11b8223a64f6e3e802537550f |
C:\Users\Admin\AppData\Local\Temp\~2090722159602104039\Hdrwvm.dll
| MD5 | ecae9ad871291b0bb62790d7d9c6a2bb |
| SHA1 | c513b09c57cc8107d72942c8ce8c11f15171dcac |
| SHA256 | 2d4312bf3683f6b8c3bd15a7050f6f7264152a3242f11922b2d57a8273a2cff9 |
| SHA512 | 9f559f615cd29dd7c6c1320d826d8e6c7c7e310e565a9957d6c286855ce75d597fae90c73c2636e9dcb67cab03927cc25cab107e78379b13b0db462b0c564319 |
C:\Users\Admin\AppData\Local\Temp\~2090722159602104039\LangRes.dll
| MD5 | 408eac73c5ba6701c40e6555b437ee00 |
| SHA1 | d4f8e059befc0d77b5f49d357c28a97115a37c51 |
| SHA256 | edd04ed6d6f3f62eaac26f5ed81a0edff69ff35492a3d3e4e3dcd26d04036c0b |
| SHA512 | 5578c071ed4c746794f7ce4fc02cf7d097b72ddad75469f375da761f4d8d67c0b82e121c69c7b99016527420e31cfbc8096d9ce141e2f1a0b8fa08eadd68ff52 |
C:\Users\Admin\AppData\Local\Temp\~2090722159602104039\libwim.dll
| MD5 | 00861a8093810b20ec8f498e3d0d5eb8 |
| SHA1 | b2ada1ea262c87e8af62ee9a0ad8247f698ac375 |
| SHA256 | 43191ab5fdc7407303ac444b1e9629da0517135eae50066ce38ba26eb0204f3e |
| SHA512 | 198f556cffd6b9430b333cab915abb610a42099ca1aff353bd0b32e0e34778b10eee745f9830714f2e6686d61e240a187e98d05fc3613fddeeba3b3cdd9a2e37 |
C:\Users\Admin\AppData\Local\Temp\~2090722159602104039\OfflineReg.exe
| MD5 | 7ec196b27c92f196bd24f5cd472094e4 |
| SHA1 | 69971396293af487c9a8195cb6e8057ef237d297 |
| SHA256 | c48ce0d50ab8989bac1ef0b8dfcdbcaf9be4999448623efa9343d8b38c04108d |
| SHA512 | 9f6906b7746b91f9251fd45b27854364ff17e4992517f0593ffc1d4bbc939a6ca43284c5a11ee7595f6d373a893e8bf6755ad086a98cd0d20b459dad88445150 |
C:\Users\Admin\AppData\Local\Temp\~2090722159602104039\ntleai.dll
| MD5 | afdc8d5b38bc5d297429970776fa27ea |
| SHA1 | 8654fb2247651a34887815c4813b8aa98267443a |
| SHA256 | cc68f8c3311bca56150f8c1bfe2b9621d8b7f47341969b62263803f05f135984 |
| SHA512 | 02b3a36c4d29044526381ce2c22c5d92ee063e9c6f5e1d8bc7b522829f70cc89edd1b7f9a3461abb4551336c473e4601531bed8beaf55268a99a0ed9f7063766 |
C:\Users\Admin\AppData\Local\Temp\~2090722159602104039\msimg32.dll
| MD5 | 7408d34293f617b6a4c35bca100d03dc |
| SHA1 | f2d959173e271487c50ece0ea56d03d7476a2052 |
| SHA256 | 494acdb350a1a8e95efe431d00643df442b7127108108005f88dac24d7afb114 |
| SHA512 | c6536dcb7648854d424aa0a0d59d4eb04520b8519211948ef509f45ff1e5ca6c18a000be6c6312f5ba371a9d7d7a313434cb91f6ccd4e7a8abe0cee9c927edbd |
C:\Users\Admin\AppData\Local\Temp\~2090722159602104039\license_DG_Jp.txt
| MD5 | d84ff72308265da4649346b7a231c863 |
| SHA1 | 1583b103020ef770a355e5f4e497d9d8310c9575 |
| SHA256 | 2c8a4227906a7c1ed6ebd61c63429c5a830de3b93b5fb6086e8032e07e7f307e |
| SHA512 | 1aaed6421498dfd42488654b495e8f3022277362ea84a37befc6dbdc82290383e6db677e087c0e583c29e08910a03c634e6969b8db46df39581d743dce9f9d17 |
C:\Users\Admin\AppData\Local\Temp\~2090722159602104039\Options.ini
| MD5 | e5f1807dddbcda8c89dbeef919aeecb9 |
| SHA1 | 1177db3d54a71ea91fb9f4e84ec448abc30fbd7f |
| SHA256 | bdae4915bed21a7968824865c4024c371fe46a80795b46be8ffe7bf2e3089235 |
| SHA512 | a6e88cbb5cc3a63f58afdfa4dbd6d5f16e7b3afdcb9534ead055180f68a517d91cc9fe9665d097663a0948032bdd1a8f4081092b652861efee6449efe2d740b5 |
C:\Users\Admin\AppData\Local\Temp\~2090722159602104039\releasenote.txt
| MD5 | 81e42cd8ad8979723e1ed4867a441fc5 |
| SHA1 | 87f2411b2013677b5fa6aade3066e8a1617c0cd0 |
| SHA256 | 608bc97cb57f685c272e5913eceb1069160e698a53704e0d93c77d131c03d757 |
| SHA512 | 6a733495b6226c64de8fe5012dfcb72485c7fae50e0b34ea3b207f0eec5e2ce732ae466a164abd30c662fb7b92ebd4624751f7d074728fdd58a95b4c69485f89 |
C:\Users\Admin\AppData\Local\Temp\~2090722159602104039\VPreview.dll
| MD5 | 9d8a94ea7e162a7b89d07d5599112662 |
| SHA1 | bc145819f6e6d63e8d80393089bf18ca3e51729f |
| SHA256 | e73b4fccc9213d5dec7af154aa22f3abe0cdb23818d217bf143424170fbb350b |
| SHA512 | 999db99a234e3ec60010bca72f29c01ec6703c3227fad324a09c471be9dfc5ec7314608986957c25e594b8142130e0fd697ee8a92b83e842da0028ec0a25aeca |
C:\Users\Admin\AppData\Local\Temp\~2090722159602104039\swscale-4.dll
| MD5 | 47390b142be15d2114f555e1aecdd98f |
| SHA1 | 1a05ade05a95774676ca16311a5975013f2bf57e |
| SHA256 | 416e4edf961fe5f26ee43894cce28b7dd1e4c86413f79262bfd69e26283d51f5 |
| SHA512 | fe5f4101dd7e55889a6a48f9f9d4e022505b54843d23b52bdfa9760194611ef0b367668451b6a114c3dfb7976034eca8cabdc0a3b638aa6f99df9dc32914fcb0 |
C:\Users\Admin\AppData\Local\Temp\~2090722159602104039\swresample-2.dll
| MD5 | 262200460e7fa06d8eda710d44ceee52 |
| SHA1 | 39b0fd571148eb095d77588eedf59f0470d30dc7 |
| SHA256 | 10f14d69832f35bd8be64bb1fe5b7f181298c0c037633b9af69664fd836ff4b2 |
| SHA512 | 48028e2f38e23382506f3db950275dba15d59f9e8fc8db81f3a418eb441eeebc6e140e1c171115999731c04f5f759fc046053395eaa994e40f18bdbe7ee7ad18 |
C:\Users\Admin\AppData\Local\Temp\~2090722159602104039\SDL2.dll
| MD5 | 0c83d629d47895ec130cd791f33e3c90 |
| SHA1 | 08364418ee9c81cd7f82305aa3dae9e2e37b5c66 |
| SHA256 | 149781bbcbd38dfe6a0b71200adf7593a4af7bfa3e44975abc7144da494c1fe5 |
| SHA512 | 05003534f7b363b7db45f0b5d713b500e7b7a44855bb3288769edd190c6bbcce308685d4360af3a60e7323a158b242ab39330925c05275c6cb98c08947629a20 |
C:\Users\Admin\AppData\Local\Temp\~1833828596621600744.cmd
| MD5 | 908e359e2fa343f32f41df30c9f1e3f8 |
| SHA1 | 59c4c331002ccdadf3a484c4d90a66e9e2ec9401 |
| SHA256 | 844ea4e33f62a41e8d8c079c7b8b89958e4f2b66e08287907283f9ec0b5c8d37 |
| SHA512 | 221ec968ce74f3235d2afe37c12c3d08b44f0a214557f3d2d1ef8848b896e251dd43a7ef4a85ad4853337081622ca24175acff153f42b5c57be939596993e83d |
memory/1484-132-0x0000000003770000-0x00000000038DE000-memory.dmp
memory/2024-134-0x0000000000400000-0x000000000056E000-memory.dmp
memory/1484-133-0x0000000000400000-0x000000000056E000-memory.dmp
memory/2024-136-0x0000000000400000-0x000000000056E000-memory.dmp
memory/1484-138-0x0000000000400000-0x000000000056E000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-10 12:47
Reported
2024-05-10 12:50
Platform
win10v2004-20240508-en
Max time kernel
95s
Max time network
103s
Command Line
Signatures
PrivateLoader
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\~2974638325276524434~\sg.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\~5302922757353172526\ntleas.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\~5302922757353172526\diskgenius.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\~5302922757353172526\diskgenius.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\~5302922757353172526\diskgenius.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\~5302922757353172526\diskgenius.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\~5302922757353172526\diskgenius.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
VMProtect packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\~5302922757353172526\diskgenius.exe | N/A |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\~5302922757353172526\diskgenius.exe |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\~5302922757353172526\diskgenius.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\DiskGenius.exe
"C:\Users\Admin\AppData\Local\Temp\DiskGenius.exe"
C:\Windows\SYSTEM32\cmd.exe
cmd.exe /c set
C:\Users\Admin\AppData\Local\Temp\~2974638325276524434~\sg.tmp
7zG_exe x "C:\Users\Admin\AppData\Local\Temp\DiskGenius.exe" -y -aoa -o"C:\Users\Admin\AppData\Local\Temp\~5302922757353172526"
C:\Users\Admin\AppData\Local\Temp\~5302922757353172526\ntleas.exe
"C:\Users\Admin\AppData\Local\Temp\~5302922757353172526\ntleas.exe" diskgenius.exe C
C:\Users\Admin\AppData\Local\Temp\~5302922757353172526\diskgenius.exe
"diskgenius.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 3136 -ip 3136
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3136 -s 1016
C:\Users\Admin\AppData\Local\Temp\DiskGenius.exe
PECMD**pecmd-cmd* EXEC -wd:C: -IDLE --hide cmd /c "C:\Users\Admin\AppData\Local\Temp\~6319743501780032208.cmd"
C:\Windows\SYSTEM32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\~6319743501780032208.cmd"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| BE | 88.221.83.248:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 248.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| BE | 88.221.83.248:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 52.111.229.43:443 | tcp | |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
Files
memory/2700-0-0x0000000000400000-0x000000000056E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\~2974638325276524434~\sg.tmp
| MD5 | 7c4718943bd3f66ebdb47ccca72c7b1e |
| SHA1 | f9edfaa7adb8fa528b2e61b2b251f18da10a6969 |
| SHA256 | 4cc32d00338fc7b206a7c052297acf9ac304ae7de9d61a2475a116959c1524fc |
| SHA512 | e18c40d646fa4948f90f7471da55489df431f255041ebb6dcef86346f91078c9b27894e27216a4b2fe2a1c5e501c7953c77893cf696930123d28a322d49e1516 |
C:\Users\Admin\AppData\Local\Temp\~5302922757353172526\ntleas.exe
| MD5 | 9a8f681b7d71ea0171bd1ff404a91916 |
| SHA1 | 5d610b7f135f21c63f686d460df890ad6a0fb02a |
| SHA256 | 8056c16b5fb104ea51359801a10083e425696e26014610af8a15b60fbbfac4a8 |
| SHA512 | 7ffc5ac803ab3b11cc508b4e9d7d087b6af864735462a23e6e21cca0693aa271c16d26773d4fddfe0b752503758221f701568b398cc937e2235a71797d5c1b3e |
C:\Users\Admin\AppData\Local\Temp\~5302922757353172526\diskgenius.exe
| MD5 | 2910ac89085a9457e9128bd81676dc96 |
| SHA1 | cee5e68568a3cdf5d84ccbba70f2160038459996 |
| SHA256 | 4a408834e693b658b96ecd1b7e96b3a9d5555c997f0642cd9f806fd03589801e |
| SHA512 | c4d4cbdad1a3f1d97486a875ab7d7aa5351fccafac646d965afb4cb186802981cf90f70ea942d998a35631b59d57e19a4248ec6cd86e3f9518ceea27c5e8d9a5 |
C:\Users\Admin\AppData\Local\Temp\~5302922757353172526\msimg32.dll
| MD5 | 7408d34293f617b6a4c35bca100d03dc |
| SHA1 | f2d959173e271487c50ece0ea56d03d7476a2052 |
| SHA256 | 494acdb350a1a8e95efe431d00643df442b7127108108005f88dac24d7afb114 |
| SHA512 | c6536dcb7648854d424aa0a0d59d4eb04520b8519211948ef509f45ff1e5ca6c18a000be6c6312f5ba371a9d7d7a313434cb91f6ccd4e7a8abe0cee9c927edbd |
C:\Users\Admin\AppData\Local\Temp\~5302922757353172526\ntleai.dll
| MD5 | afdc8d5b38bc5d297429970776fa27ea |
| SHA1 | 8654fb2247651a34887815c4813b8aa98267443a |
| SHA256 | cc68f8c3311bca56150f8c1bfe2b9621d8b7f47341969b62263803f05f135984 |
| SHA512 | 02b3a36c4d29044526381ce2c22c5d92ee063e9c6f5e1d8bc7b522829f70cc89edd1b7f9a3461abb4551336c473e4601531bed8beaf55268a99a0ed9f7063766 |
memory/3136-88-0x00000000035B0000-0x00000000035B1000-memory.dmp
memory/3136-89-0x00000000035D0000-0x00000000035D1000-memory.dmp
memory/3136-90-0x00000000035E0000-0x00000000035E1000-memory.dmp
memory/3136-91-0x0000000003600000-0x0000000003601000-memory.dmp
memory/3136-92-0x0000000003610000-0x0000000003611000-memory.dmp
memory/3136-93-0x0000000003620000-0x0000000003621000-memory.dmp
memory/3136-94-0x0000000005210000-0x0000000005211000-memory.dmp
memory/3136-95-0x0000000005220000-0x0000000005221000-memory.dmp
memory/3136-96-0x0000000005230000-0x0000000005231000-memory.dmp
memory/3136-97-0x0000000005240000-0x0000000005241000-memory.dmp
memory/3136-98-0x0000000005250000-0x0000000005251000-memory.dmp
memory/3136-99-0x0000000005260000-0x0000000005261000-memory.dmp
memory/3136-100-0x0000000005270000-0x0000000005271000-memory.dmp
memory/3136-101-0x0000000005280000-0x0000000005281000-memory.dmp
memory/3136-102-0x0000000005290000-0x0000000005291000-memory.dmp
memory/3136-103-0x00000000053C0000-0x00000000053C1000-memory.dmp
memory/3136-104-0x00000000053D0000-0x00000000053D1000-memory.dmp
memory/3136-105-0x00000000053E0000-0x00000000053E1000-memory.dmp
memory/3136-106-0x00000000053F0000-0x00000000053F1000-memory.dmp
memory/3136-107-0x0000000005400000-0x0000000005401000-memory.dmp
memory/3136-108-0x0000000005410000-0x0000000005411000-memory.dmp
memory/3136-109-0x0000000005420000-0x0000000005421000-memory.dmp
memory/3136-110-0x0000000005430000-0x0000000005431000-memory.dmp
memory/3136-111-0x0000000005440000-0x0000000005441000-memory.dmp
memory/3136-112-0x0000000005450000-0x0000000005451000-memory.dmp
memory/3136-113-0x0000000005460000-0x0000000005461000-memory.dmp
memory/3136-115-0x0000000005480000-0x0000000005481000-memory.dmp
memory/3136-114-0x0000000005470000-0x0000000005471000-memory.dmp
memory/3136-116-0x0000000005490000-0x0000000005491000-memory.dmp
memory/3136-117-0x00000000054A0000-0x00000000054A1000-memory.dmp
memory/3136-118-0x00000000054B0000-0x00000000054B1000-memory.dmp
memory/3136-119-0x00000000054C0000-0x00000000054C1000-memory.dmp
memory/3136-120-0x00000000054D0000-0x00000000054D1000-memory.dmp
memory/3136-121-0x00000000054E0000-0x00000000054E1000-memory.dmp
memory/3136-122-0x00000000054F0000-0x00000000054F1000-memory.dmp
memory/3136-123-0x0000000005500000-0x0000000005501000-memory.dmp
memory/3136-124-0x0000000005510000-0x0000000005511000-memory.dmp
memory/3136-125-0x0000000005520000-0x0000000005521000-memory.dmp
memory/3136-126-0x0000000005530000-0x0000000005531000-memory.dmp
memory/3136-127-0x0000000005540000-0x0000000005541000-memory.dmp
memory/3136-128-0x0000000005550000-0x0000000005551000-memory.dmp
memory/3136-129-0x0000000005560000-0x0000000005561000-memory.dmp
memory/3136-130-0x0000000005570000-0x0000000005571000-memory.dmp
memory/3136-131-0x0000000005580000-0x0000000005581000-memory.dmp
memory/3136-132-0x0000000005590000-0x0000000005591000-memory.dmp
memory/3136-133-0x00000000055A0000-0x00000000055A1000-memory.dmp
memory/3136-134-0x00000000055B0000-0x00000000055B1000-memory.dmp
memory/3136-135-0x00000000055C0000-0x00000000055C1000-memory.dmp
memory/3136-136-0x00000000055D0000-0x00000000055D1000-memory.dmp
memory/3136-137-0x00000000055E0000-0x00000000055E1000-memory.dmp
memory/3136-138-0x00000000055F0000-0x00000000055F1000-memory.dmp
memory/3136-139-0x0000000005600000-0x0000000005601000-memory.dmp
memory/3136-140-0x0000000005610000-0x0000000005611000-memory.dmp
memory/3136-141-0x0000000005620000-0x0000000005621000-memory.dmp
memory/3136-142-0x0000000005630000-0x0000000005631000-memory.dmp
memory/3136-143-0x0000000005640000-0x0000000005641000-memory.dmp
memory/3136-144-0x0000000005650000-0x0000000005651000-memory.dmp
memory/3136-145-0x0000000005660000-0x0000000005661000-memory.dmp
memory/3136-146-0x0000000005670000-0x0000000005671000-memory.dmp
memory/3136-147-0x00000000051D0000-0x00000000051D1000-memory.dmp
memory/3136-148-0x00000000051E0000-0x00000000051E1000-memory.dmp
memory/3136-149-0x0000000000400000-0x00000000033E7000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\~5302922757353172526\LangRes.dll
| MD5 | 408eac73c5ba6701c40e6555b437ee00 |
| SHA1 | d4f8e059befc0d77b5f49d357c28a97115a37c51 |
| SHA256 | edd04ed6d6f3f62eaac26f5ed81a0edff69ff35492a3d3e4e3dcd26d04036c0b |
| SHA512 | 5578c071ed4c746794f7ce4fc02cf7d097b72ddad75469f375da761f4d8d67c0b82e121c69c7b99016527420e31cfbc8096d9ce141e2f1a0b8fa08eadd68ff52 |
C:\Users\Admin\AppData\Local\Temp\~5302922757353172526\Options.ini
| MD5 | e5f1807dddbcda8c89dbeef919aeecb9 |
| SHA1 | 1177db3d54a71ea91fb9f4e84ec448abc30fbd7f |
| SHA256 | bdae4915bed21a7968824865c4024c371fe46a80795b46be8ffe7bf2e3089235 |
| SHA512 | a6e88cbb5cc3a63f58afdfa4dbd6d5f16e7b3afdcb9534ead055180f68a517d91cc9fe9665d097663a0948032bdd1a8f4081092b652861efee6449efe2d740b5 |
C:\Users\Admin\AppData\Local\Temp\~5302922757353172526\avcodec-57.dll
| MD5 | cbb6c78ba2446b030b06282776d81a0e |
| SHA1 | 38739809e1df319cfd7461366d5dbdebc644e89f |
| SHA256 | 98121397933acaf25240e2f2a0822f719f4c5b3b47efb5578f97f28dc019c6db |
| SHA512 | 2f63ad3f26a2a3cf1d4a94d544e52eaa7aa27afeaf2621fced0b0c693cc6bf9ba9be8b360a9287d19b85adda794daf35121438accff44d23802a88409d4a8293 |
C:\Users\Admin\AppData\Local\Temp\~5302922757353172526\avformat-57.dll
| MD5 | ad8605903890285ece1ea1f5a72a9985 |
| SHA1 | 8320253c53ab004b4e82ce90299814a40cc4db79 |
| SHA256 | dea54220257a4cc46455b43295599b1c0a963f794e538fe3bf29ea9d246bb0ec |
| SHA512 | 42877f3d5e4392d9a41db6d212331c815fca650f574bee96c01fcdb5a50fbe9f2e9bef784d2690be5392ef43453bd585157ed49af40c1a52c08ee396a945d7e5 |
C:\Users\Admin\AppData\Local\Temp\~5302922757353172526\avutil-55.dll
| MD5 | 5e0757f2a34f71620ed11f110e062942 |
| SHA1 | 4fee170ac188f53ee5c9ddc6762a90aaa0aedb4b |
| SHA256 | cd40baac665cd1315cc9408dd4aeb1b7aa1d88bdca3860d93d305ee2a4fbc065 |
| SHA512 | cde625af587e21abc5cb1285faa475203b06fc55e8c0b14c62d87f12d68e1b487c471e1bec95c01cda6c40fc0708af22daaafc13621c535932b53729889ab1fb |
C:\Users\Admin\AppData\Local\Temp\~5302922757353172526\DGBCDX64.exe
| MD5 | 846b229c55dcecd9b1e3cf11e1585046 |
| SHA1 | 721621a5266d0c35629382922b62a9af1abad161 |
| SHA256 | 2a757fe83b2d115d5f2e715c15d917025d7cd7e04dd05cd8889dea90e17f0855 |
| SHA512 | a7157727a3d60504028add87699b0d35efb9e049ae4754e71a1aa882dcf0900779e79897a509c503acbdd350ab76f52fb348517d1453d06372ee7a39504d1b27 |
C:\Users\Admin\AppData\Local\Temp\~5302922757353172526\dos\command.com
| MD5 | f730339b0a5f461b530d93bd57050dff |
| SHA1 | 0733db7babadd73a1b98e8983c83b96eacef4e68 |
| SHA256 | bb27b9efbe08b4ad85e6d41663c8c6572acdd61c45e2731ec5a288ea21b3ef4c |
| SHA512 | 98b50b6012efa66af89b8acd5f84c4eb35bbf9dd14815643fd8ee99e92133ff5339c70ca4ea90c4460b7f2a95f0ed95193822a698fece43dc2d3f8a5ec9a772c |
C:\Users\Admin\AppData\Local\Temp\~5302922757353172526\dos\CTMOUSE.EXE
| MD5 | 8187bd2c296900d51c103c474776ffb8 |
| SHA1 | 7334471c7dfb5cd41362281032f5bc608560c051 |
| SHA256 | f4cef8579a1699045c37ac0ddf03fe0ca361de5c1003ba375c3e08f01a546d01 |
| SHA512 | 6b5b64d67d7d8fc08f127d5380633307295de72c19c63513779b9b21d9724014dac2ff7b59062bccf64b2b20bc4a0294db7906d5beff5947aaa284b60e1b2e31 |
C:\Users\Admin\AppData\Local\Temp\~5302922757353172526\dos\diskgen.exe
| MD5 | a854b0cc4816cdcb88bbff94095bb67a |
| SHA1 | b32f84d4eca665dba48391f261ac28bdae9eb46e |
| SHA256 | d746deb5afb8441275cd1d639a333abfe2abf8cd632a0692223daa30ef4da366 |
| SHA512 | c5a600712de17ad99efbe5fca26349cd0e3f8d70b8ef6fe8f73e96c2a91c0e39a307e94b50ccf393cf1459868b60349219615c8871e0dfbe049b2dc2c0fe29f3 |
C:\Users\Admin\AppData\Local\Temp\~5302922757353172526\dos\fdapm.com
| MD5 | d6b105b491cdd328788f568336ef774e |
| SHA1 | 202aca693f89d57a00584bb6d7c63d0a74448f36 |
| SHA256 | c986e326548d93220b6a6ae47decbf5bd19b6344fc89ca7128e2d477ebd6c0b8 |
| SHA512 | 17ccf627cbae4a460b543a6c973fa6165eda9055c0140fb83f32f7ff0c779fe7620cefe0a9e2958127aac78d935f824bff49c4a231db531d6df82c4fb0737de7 |
C:\Users\Admin\AppData\Local\Temp\~5302922757353172526\dos\fdauto.bat
| MD5 | 9a4efad26e3907495b51b5ae92a6676c |
| SHA1 | d3d30e817a9d4babc0fb1e9800543fa9863f3a46 |
| SHA256 | 4bc47043780d40cf1bb09cc57439cdc91689d0725520f2542f47ad3e698fc181 |
| SHA512 | 84c0dd21cb059bc67f0c2a541baaa42df06aa82b9141c36a94261266cbd290ead45ff14e23b31c6e8301003144b2dd14127c7bf8a66e0846b02774fbe34e3159 |
C:\Users\Admin\AppData\Local\Temp\~5302922757353172526\dos\fdconfig.sys
| MD5 | 2e7aa3a1b81f958c554622284968cb7b |
| SHA1 | 48b6b4c632ea947000bd6de71a91202c5d328909 |
| SHA256 | b351c58eb75ed7e17c75e45d84534af7a84e2b68eddecc54204e16fa902368a9 |
| SHA512 | b99814f34e1defc1a640c896964118534189051a9885b4a806f7531c5865dfc91799a4baba16ddeae77af7f2a9e726683c9a37b239c9aa7e325eca9c239b48a2 |
C:\Users\Admin\AppData\Local\Temp\~5302922757353172526\dos\himem.exe
| MD5 | 738c9970441873717e954baf4a9a97f9 |
| SHA1 | 1a16e559a85b6409c90239aab4c4dc9240ca8480 |
| SHA256 | 7b312ef953f1c6ac3ebf6098d18cb3a26d96e936e5e96a6c30b1837bd431ad6b |
| SHA512 | 8729037fdc29392ba26a090c7ae4892965827da29f68c9ba4b7889ce45f5b630ada1b54cb8955d3d0f26e542762f2c31c520158d6528184d0176c8af51644491 |
C:\Users\Admin\AppData\Local\Temp\~5302922757353172526\dos\kernel.sys
| MD5 | 18d296f40f06c8a26eda606c0031f677 |
| SHA1 | 42568b259ad201bbbc20602aff4139171fef0d10 |
| SHA256 | f0ee1605aad08dd327502af98374bc237f4aceb953f26ba5432ecf4db34aeebf |
| SHA512 | c00df3ec0b767a9597f8a64bd287e5602d458dbcd963d69c98ac77ee531956cc3afe41ef726d901bd2e1a831c1a27b26b26d92f70ce3b7f4c8678442d377f008 |
C:\Users\Admin\AppData\Local\Temp\~5302922757353172526\dos\license.txt
| MD5 | 613ba680f328db42a5969ca7f247b294 |
| SHA1 | ec84f2e0ba7749eacc21a4d734d37e6432058c79 |
| SHA256 | 705bf00192ba29c754c7c9964bc42219ec51d837a67087eeeb14fc943d04d2ba |
| SHA512 | def1f9df98071a5d61f2dfdcb3b5c7160ed6ae9497b9f4d8ad9272117db02ea620b7a7062216a2b2a6c6baad13af677215f224df2a22c101dff8b4334f3ba7e6 |
C:\Users\Admin\AppData\Local\Temp\~5302922757353172526\dos\shsucdx.com
| MD5 | 9135b1d3f92243170f243a677340444a |
| SHA1 | c5a9e50ca098fee83d3d09f5a716abf42561219f |
| SHA256 | 81872ee962d6143f52f97e32e10366dcd0177856b36cec978beb7132be65d6f8 |
| SHA512 | 04ca2cab3945f2092e7ead7224f4d7348eadb46cdc7581d45e6647fa701d56108562942b3f97f684837ebb1c524bbd5fe6bb067f0c79340da21ea4c314b0d960 |
C:\Users\Admin\AppData\Local\Temp\~5302922757353172526\dos\xcdrom.sys
| MD5 | ec7da94cb533155fc0ffa4e1e595811d |
| SHA1 | f8e7f70b75cac50e62fe8071678ceef245764370 |
| SHA256 | f6c3f3c048faf61e37793ddf789765d8cab315636be75073deb047d89e8bea31 |
| SHA512 | 685e8231692004dc1c3f877b67b3f5287ecc4eb57b9f4ed5e6543a8f39ced8e854c636149c1741014dac1eb3e4badb6619e207dea2b42ba2ce50d32907fcc7d1 |
C:\Users\Admin\AppData\Local\Temp\~5302922757353172526\dsoframer.ocx
| MD5 | 3f4fa9fd2adc31923165465f893e1680 |
| SHA1 | 0a86bf87b7b30181690216e53957823426b76afa |
| SHA256 | d5019a52524c63cd1b2c1b84af706c023b98b4eec1c2afdbcfe9c1dcb570542a |
| SHA512 | bca51dd97c9a1c53debbd4e54a4d2900a45a577d493d29ebbf12ee92b539b8cbfd5e9505e9add6b96e7a74c7fc362fc1624c39ab656fb07ac967991c75f4f75b |
C:\Users\Admin\AppData\Local\Temp\~5302922757353172526\Hdrwvdi.dll
| MD5 | 7a8170537afaf5460b19adffb0a1af30 |
| SHA1 | f551a902f74498dd4ce77dba5f7169487a513d90 |
| SHA256 | ef7889f59643cf96a01ae1ff33b4074a45567d987a1bd1afceae6542a265cc27 |
| SHA512 | 19ee1f4b63c95965ffbf9c50d87acea8b86a2732fa7239f60a8028eb151038e92bde238f9caac71e876440abe34e0b4c212321fd9a309d7971fc7183ac18d435 |
C:\Users\Admin\AppData\Local\Temp\~5302922757353172526\Hdrwvhd.dll
| MD5 | f2353d58b12e594f0a0db5b65b4495f6 |
| SHA1 | ffc8c55222749e8dc4bd947495d0ac2e88baf85c |
| SHA256 | d8d493aae45535abeda88f4b335b300310698dd0229b4814db892d76fba988dc |
| SHA512 | 4b831f701de794b07366fd4ec4a32bab8b5cf577e3ebd2ed4ee338241120c4971b2ad8c7d94209dc33c30aeff817797861ce9a5d4a6ecd2a3c20e58379605a55 |
C:\Users\Admin\AppData\Local\Temp\~5302922757353172526\Hdrwvhdx.dll
| MD5 | 07d225299fb30042f5aef71a3c8bcdc1 |
| SHA1 | 38fe70feb2772ddeac989c98d7bc2ae2d480e6f1 |
| SHA256 | 4c9471bdbeca5f946bec4009062bd369152ba11ff8cac07f83ffdfa2cd4a553c |
| SHA512 | ee7f55ca4bdbb12808f7bf5cad6a1070909cc9b688f359a9adec49b2db64ef03f5a0009c33e1c4bd9db74727b6f4c7908dc1d7d11b8223a64f6e3e802537550f |
C:\Users\Admin\AppData\Local\Temp\~5302922757353172526\Hdrwvm.dll
| MD5 | ecae9ad871291b0bb62790d7d9c6a2bb |
| SHA1 | c513b09c57cc8107d72942c8ce8c11f15171dcac |
| SHA256 | 2d4312bf3683f6b8c3bd15a7050f6f7264152a3242f11922b2d57a8273a2cff9 |
| SHA512 | 9f559f615cd29dd7c6c1320d826d8e6c7c7e310e565a9957d6c286855ce75d597fae90c73c2636e9dcb67cab03927cc25cab107e78379b13b0db462b0c564319 |
C:\Users\Admin\AppData\Local\Temp\~5302922757353172526\libwim.dll
| MD5 | 00861a8093810b20ec8f498e3d0d5eb8 |
| SHA1 | b2ada1ea262c87e8af62ee9a0ad8247f698ac375 |
| SHA256 | 43191ab5fdc7407303ac444b1e9629da0517135eae50066ce38ba26eb0204f3e |
| SHA512 | 198f556cffd6b9430b333cab915abb610a42099ca1aff353bd0b32e0e34778b10eee745f9830714f2e6686d61e240a187e98d05fc3613fddeeba3b3cdd9a2e37 |
C:\Users\Admin\AppData\Local\Temp\~5302922757353172526\license_DG_Jp.txt
| MD5 | d84ff72308265da4649346b7a231c863 |
| SHA1 | 1583b103020ef770a355e5f4e497d9d8310c9575 |
| SHA256 | 2c8a4227906a7c1ed6ebd61c63429c5a830de3b93b5fb6086e8032e07e7f307e |
| SHA512 | 1aaed6421498dfd42488654b495e8f3022277362ea84a37befc6dbdc82290383e6db677e087c0e583c29e08910a03c634e6969b8db46df39581d743dce9f9d17 |
C:\Users\Admin\AppData\Local\Temp\~5302922757353172526\OfflineReg.exe
| MD5 | 7ec196b27c92f196bd24f5cd472094e4 |
| SHA1 | 69971396293af487c9a8195cb6e8057ef237d297 |
| SHA256 | c48ce0d50ab8989bac1ef0b8dfcdbcaf9be4999448623efa9343d8b38c04108d |
| SHA512 | 9f6906b7746b91f9251fd45b27854364ff17e4992517f0593ffc1d4bbc939a6ca43284c5a11ee7595f6d373a893e8bf6755ad086a98cd0d20b459dad88445150 |
C:\Users\Admin\AppData\Local\Temp\~5302922757353172526\releasenote.txt
| MD5 | 81e42cd8ad8979723e1ed4867a441fc5 |
| SHA1 | 87f2411b2013677b5fa6aade3066e8a1617c0cd0 |
| SHA256 | 608bc97cb57f685c272e5913eceb1069160e698a53704e0d93c77d131c03d757 |
| SHA512 | 6a733495b6226c64de8fe5012dfcb72485c7fae50e0b34ea3b207f0eec5e2ce732ae466a164abd30c662fb7b92ebd4624751f7d074728fdd58a95b4c69485f89 |
C:\Users\Admin\AppData\Local\Temp\~5302922757353172526\SDL2.dll
| MD5 | 0c83d629d47895ec130cd791f33e3c90 |
| SHA1 | 08364418ee9c81cd7f82305aa3dae9e2e37b5c66 |
| SHA256 | 149781bbcbd38dfe6a0b71200adf7593a4af7bfa3e44975abc7144da494c1fe5 |
| SHA512 | 05003534f7b363b7db45f0b5d713b500e7b7a44855bb3288769edd190c6bbcce308685d4360af3a60e7323a158b242ab39330925c05275c6cb98c08947629a20 |
C:\Users\Admin\AppData\Local\Temp\~5302922757353172526\swresample-2.dll
| MD5 | 262200460e7fa06d8eda710d44ceee52 |
| SHA1 | 39b0fd571148eb095d77588eedf59f0470d30dc7 |
| SHA256 | 10f14d69832f35bd8be64bb1fe5b7f181298c0c037633b9af69664fd836ff4b2 |
| SHA512 | 48028e2f38e23382506f3db950275dba15d59f9e8fc8db81f3a418eb441eeebc6e140e1c171115999731c04f5f759fc046053395eaa994e40f18bdbe7ee7ad18 |
C:\Users\Admin\AppData\Local\Temp\~5302922757353172526\swscale-4.dll
| MD5 | 47390b142be15d2114f555e1aecdd98f |
| SHA1 | 1a05ade05a95774676ca16311a5975013f2bf57e |
| SHA256 | 416e4edf961fe5f26ee43894cce28b7dd1e4c86413f79262bfd69e26283d51f5 |
| SHA512 | fe5f4101dd7e55889a6a48f9f9d4e022505b54843d23b52bdfa9760194611ef0b367668451b6a114c3dfb7976034eca8cabdc0a3b638aa6f99df9dc32914fcb0 |
C:\Users\Admin\AppData\Local\Temp\~5302922757353172526\VPreview.dll
| MD5 | 9d8a94ea7e162a7b89d07d5599112662 |
| SHA1 | bc145819f6e6d63e8d80393089bf18ca3e51729f |
| SHA256 | e73b4fccc9213d5dec7af154aa22f3abe0cdb23818d217bf143424170fbb350b |
| SHA512 | 999db99a234e3ec60010bca72f29c01ec6703c3227fad324a09c471be9dfc5ec7314608986957c25e594b8142130e0fd697ee8a92b83e842da0028ec0a25aeca |
C:\Users\Admin\AppData\Local\Temp\~6319743501780032208.cmd
| MD5 | 14ee7d2144d8120e0cb1443510cabd0c |
| SHA1 | 9fdabfe5de77cda6e97773d5f7e05535214ac6cf |
| SHA256 | a4b76dd197ca3b68b5b6779a4454a2994b06487b72d86e6628c649cf131af642 |
| SHA512 | 94aafadb77911b51bd14db63a8128d610321ce05a0161e890a92d0e8e0256acad509c4ddbca2e91fd39a79a2825e241862982a97be1866c87755bb3aac716050 |
memory/2700-197-0x0000000000400000-0x000000000056E000-memory.dmp
memory/1460-198-0x0000000000400000-0x000000000056E000-memory.dmp
memory/1460-200-0x0000000000400000-0x000000000056E000-memory.dmp