Analysis Overview
SHA256
dadaac83ffb6674a48a5e0a434716da9120da968e25e2393faec61c68c80b346
Threat Level: Shows suspicious behavior
The file dadaac83ffb6674a48a5e0a434716da9120da968e25e2393faec61c68c80b346 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Executes dropped EXE
Checks computer location settings
Loads dropped DLL
Writes to the Master Boot Record (MBR)
Enumerates physical storage devices
Program crash
Unsigned PE
Suspicious use of SetWindowsHookEx
Suspicious behavior: LoadsDriver
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 23:36
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 23:36
Reported
2024-06-03 23:39
Platform
win7-20231129-en
Max time kernel
119s
Max time network
120s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SD_F20\SDExtClient.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\dadaac83ffb6674a48a5e0a434716da9120da968e25e2393faec61c68c80b346.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\dadaac83ffb6674a48a5e0a434716da9120da968e25e2393faec61c68c80b346.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SD_F20\SDExtClient.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SD_F20\SDExtClient.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SD_F20\SDExtClient.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SD_F20\SDExtClient.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SD_F20\SDExtClient.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SD_F20\SDExtClient.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SD_F20\SDExtClient.exe | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\dadaac83ffb6674a48a5e0a434716da9120da968e25e2393faec61c68c80b346.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SD_F20\SDExtClient.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SD_F20\SDExtClient.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1660 wrote to memory of 3024 | N/A | C:\Users\Admin\AppData\Local\Temp\dadaac83ffb6674a48a5e0a434716da9120da968e25e2393faec61c68c80b346.exe | C:\Users\Admin\AppData\Local\Temp\SD_F20\SDExtClient.exe |
| PID 1660 wrote to memory of 3024 | N/A | C:\Users\Admin\AppData\Local\Temp\dadaac83ffb6674a48a5e0a434716da9120da968e25e2393faec61c68c80b346.exe | C:\Users\Admin\AppData\Local\Temp\SD_F20\SDExtClient.exe |
| PID 1660 wrote to memory of 3024 | N/A | C:\Users\Admin\AppData\Local\Temp\dadaac83ffb6674a48a5e0a434716da9120da968e25e2393faec61c68c80b346.exe | C:\Users\Admin\AppData\Local\Temp\SD_F20\SDExtClient.exe |
| PID 1660 wrote to memory of 3024 | N/A | C:\Users\Admin\AppData\Local\Temp\dadaac83ffb6674a48a5e0a434716da9120da968e25e2393faec61c68c80b346.exe | C:\Users\Admin\AppData\Local\Temp\SD_F20\SDExtClient.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\dadaac83ffb6674a48a5e0a434716da9120da968e25e2393faec61c68c80b346.exe
"C:\Users\Admin\AppData\Local\Temp\dadaac83ffb6674a48a5e0a434716da9120da968e25e2393faec61c68c80b346.exe"
C:\Users\Admin\AppData\Local\Temp\SD_F20\SDExtClient.exe
"C:\Users\Admin\AppData\Local\Temp\SD_F20\SDExtClient.exe"
Network
Files
memory/1660-0-0x0000000000400000-0x0000000000475000-memory.dmp
memory/1660-1-0x0000000076EF0000-0x0000000076EF1000-memory.dmp
memory/1660-4-0x0000000010000000-0x0000000010038000-memory.dmp
memory/1660-6-0x0000000010000000-0x0000000010038000-memory.dmp
\Users\Admin\AppData\Local\Temp\SD_F20\SDExtClient.exe
| MD5 | c2b721bf5ba2e41588304d553bfa3466 |
| SHA1 | b6a09708706112871d795a2b4d8ba8f85f667fab |
| SHA256 | bdaff354d371b36595e2007fdbb8e2bce270a581a2bb2fec9d5b7bd02491e103 |
| SHA512 | b37344c1a24eee2c1e5971e26a735bc430db62783485f494b9d7147ac9855d36613a4c511f4d26d5d5c03fe0b8ddc8156f66892b982298b3b7b722f4d558d3a4 |
memory/1660-73-0x0000000010000000-0x0000000010038000-memory.dmp
memory/1660-72-0x0000000000400000-0x0000000000475000-memory.dmp
\Users\Admin\AppData\Local\Temp\SD_F20\SDCommon.dll
| MD5 | e21b7c64b236181645ea7e3d26e7a928 |
| SHA1 | c73c82ce09f10e3604c0c12fe5e13f0a51c921b5 |
| SHA256 | 37d14827cf93ba1cad060c8c5c0d2576d96d9230efb1201b7cc19f98d6020b0c |
| SHA512 | 55e2440c968593e6bcc5586c81bff9a2a6516b0a99ddec3ef2e07afc03a384ec5a00dd1d48106f881ebeb1a1a418cb3d255ba665ddc27d80026a66c936e0a94f |
C:\Users\Admin\AppData\Local\Temp\SD_F20\Fsp_Notice.dll
| MD5 | 16ddd1e7aec3b76b06ad46c34c869ef5 |
| SHA1 | c65d196c9d310f9e3733d7d726a5cbbefd4404d0 |
| SHA256 | 3e7a3c2d7483fbbb93eae2c87feb5dd7e25f73edd31612aaa7966ad364a6be4d |
| SHA512 | d06d7a975535b7ec8062fd8a9a5e6524c01f31fe4161ada02182f21e3a6c6711f3e4ea23d5930758527ef3db4f23f1d6170f2bd664542887db14b336a3acbc34 |
\Users\Admin\AppData\Local\Temp\SD_F20\csp_crypto_dll.dll
| MD5 | c644949671ca7e0c5055207a0a4c45ab |
| SHA1 | 523705caa026c77b082c25d6c5b64d0e3fd6d2ee |
| SHA256 | 30d763349c73cd39411406fa2f4aab5edda2394b9d8e200a7df86d1e39cecc0f |
| SHA512 | 7260574b09a059e45c06f62c9166858a42d37d1ca54a2f7cda2de2d6dafad44923bbf7649cb213e026ea3f6f74479514c0badb6f954e1e534c1dfd465608ccd4 |
\Users\Admin\AppData\Local\Temp\SD_F20\FSPFileOut.dll
| MD5 | 0310cfe97fafd9392c8926241a54002a |
| SHA1 | 35adc58c9c6c897a6f5d4c3b805324d970ff98dc |
| SHA256 | e9c27d7e6585626bff5f021a88ae295e78bbbbef573ba6787dd241457acf9c6c |
| SHA512 | ba37f45676fea851e2af585c884f942d030d2e97fee63b05bfc3820b7612fd7c10f77b2018a11ab6eb985160c04104a842a7021ed43115e46d79194e4321537b |
C:\Users\Admin\AppData\Local\Temp\SD_F20\SD_AssistP.dll
| MD5 | b3f3758a563104345e37498579f91e39 |
| SHA1 | e4130c49b342dd6aa8bba85ba89d6d519ed1a194 |
| SHA256 | 05bd3f7342b60405a37da0ad0f7f68a6a7cc9ab5482747fad08e8fdfb2f7a9b9 |
| SHA512 | 67e104d1e99b31b601c69354e4b2f562e01e7ac37305043c93f85b852a9befd6ccd2aef9736f2c1509ef823ccd78361cff0612236ea7a27a4daf9ead9e731ad1 |
C:\Users\Admin\AppData\Local\Temp\SD_F20\LoaderInterface.dll
| MD5 | f5f001ca8cdac172286ffaeaf1ab4e13 |
| SHA1 | e89b2b326084a286ea57aa76ed0138baf9d6c9a6 |
| SHA256 | cd85db8ae064cc14c38892ca632073a7d9d1880abc08c5854bfb3d89f83f7eef |
| SHA512 | f98446e039e6f788dc2bc8b24cecb40c53fded01d6a08aec12f18977df0fde566cafaeec3db26c1b5c4d23de28194656985e958b14c1b02bb91c969f104e7a59 |
\Users\Admin\AppData\Local\Temp\SD_F20\SDCommonEx.dll
| MD5 | 534ebb974cabdb64b5503b4727877024 |
| SHA1 | bc571ac14dadbf43770d68facca2b0953cd9ed05 |
| SHA256 | 748aa576deffe0b93a5e446d01e53cddf52d38bf6a6ea6252d636326e7a4340b |
| SHA512 | 51a6a2d0b2b283faeffeaf3879d84ab37b72916b951eb41f9439a2486fef135c0c91f539541d158e63e2393a1ba5370075bf8e586ee38d82e9a4b1d7b2ec0207 |
C:\Users\Admin\AppData\Local\Temp\SD_F20\ExePath\ExePath.ini
| MD5 | 6dd2aa18e2ebe2390a77cc0a4fe0280f |
| SHA1 | cefd8fb84fc7c071b221c49b607b1841c7e90f9f |
| SHA256 | 41988862188d5e35031843dcd26d10656a83a5062a4e38e2d1c18fb46a01980b |
| SHA512 | b2e385cc9d1cfa627a31a1ad5e6aba94c83ec6730156b8424715bcb87019d7d75adef43dc17376a8e367e2c8d30d7b2c3e7a06221133bdfab779ebeb77b527c8 |
C:\Users\Admin\AppData\Local\Temp\SD_F20\FSPFileOut64.sys
| MD5 | 281fa560240cded410a958faab4f3a81 |
| SHA1 | 73eefc8baa4cb8625fd177356607ca0a7539cbc5 |
| SHA256 | 4f795529d7b886b694e437c4793fbb20c2b039e8a8cd881f12b53755743e9f23 |
| SHA512 | 7ec626936e20f509e97defb61caeb5ff1f42e2c2a299c15af15f47107a078025d63fdd7310feba036ca1918dd0ae8359887dc8a0c83d5a25049a4b44fe95f410 |
C:\Users\Admin\AppData\Local\Temp\SD_F20\SDOutHook.dll
| MD5 | 1597f8b1850b7825ade925131c3b297a |
| SHA1 | a06ed3b96436435c19f953f2aadc325d8d98bf19 |
| SHA256 | 569dd83805efd18da118e14b81bd384fab5a5d257383302510f65787bfdc8f62 |
| SHA512 | a58a8f7205b4275d81e02bbd8dd84ded198c38a84c9e32352178220f7b7bcdc7d5326d64460089dc53b16d3e2bb1a918bf80755f4a7a4b0a467ac4aafe0f1730 |
C:\Users\Admin\AppData\Local\Temp\SD_F20\SelfExtract.exe
| MD5 | 8bdcb2c5a3eb175394deb0d90bcc8263 |
| SHA1 | e6f8aa5332a989e69c246ba78f6783c58ac4cfa4 |
| SHA256 | 859b923457c7c084008e2fcf75e6dd309f24d1b3f93514c08e73d9469fccddd6 |
| SHA512 | 94310458b6b165192b61dfd1cbdb9e87e05e2d704464b143a39773f9838a5db967954a7c0d2c03a0e258ecd62932875533b811bea5d1d99e57a2cc0d8e40832b |
C:\Users\Admin\AppData\Local\Temp\SD_F20\FileRedirectEx.dll
| MD5 | 5b0f4c573d35c3818e74305c93e3be29 |
| SHA1 | e3b8cac63edae3ada8e5e32eb64ac37c52c195b2 |
| SHA256 | 49f9135dddd740f8c21e30f81fbc8be7ca05df08304c4ef62b40da21f99a8bd7 |
| SHA512 | 8a67d5353ce1bc7666d1cb33034c6d28d4fd2efb01855af74d3cc1057bdb9b5e68496b35276012fa5616b49d38962b7a7f17a93d60e0ff4ee63f63d4597549ed |
C:\Users\Admin\AppData\Local\Temp\SD_F20\csp_soft.dll
| MD5 | a7c97559d7137d256c4df9725fbd30db |
| SHA1 | b66a0d1308d532bfa5b766a9aa7922c1d71a436f |
| SHA256 | fdac77981aa42256b881f29365079801385fce16d5a095e8321611cb22480eb5 |
| SHA512 | fdf7c804b139b88e80defd2fd6dd015acadecad267c9330ba23bdf0b47197cc6a1a185b4cc14eee6c45a942630036db736081e1db578dc6dcb454454811dc762 |
C:\Users\Admin\AppData\Local\Temp\SD_F20\SDExtPolicy.lst
| MD5 | 5fdb9a12bd3eab5cefc58a122f4aae05 |
| SHA1 | 8d3b101e23f705088ae15beb1e2858200967ff6a |
| SHA256 | 5d134463a3682e9c59b2865f431c73a8316829f77bce4f53c81ae681b69be2fc |
| SHA512 | 1e93c5bc3d32b84ae07eb982e92e1e72ea3b34007b35bf595562596fa2522d7b69bce0b73ac95301cc0d6cf03751754dbe2861cbbc274f574273ca50b82cc71f |
C:\Users\Admin\AppData\Local\Temp\SD_F20\FSPFileOut.sys
| MD5 | c7046e9d79dad56500c7f01ea9b50317 |
| SHA1 | dcac96f3327f0a6f42de883dfab4ae6f4c4ed4f6 |
| SHA256 | c99863b250e9308ff2ba47e88dd5caad9c2e119e9a17ace88bb2a7bc7153c43c |
| SHA512 | 26656cf83951da906fef954cb85919560888d5a4dc6fedff1a9876c654f2167a2851f85c203fb1da0bdab8d70d1e25194d26cb57031771d921ae606a480e3222 |
C:\Users\Admin\AppData\Local\Temp\SD_F20\FSP_PrintLimit64.dll
| MD5 | 8c0fe4eb0c0566dc6b578abf504c8e4f |
| SHA1 | f41f6e69101cb9e84835488dc3c4069db263d631 |
| SHA256 | 299f0fa7f59a7f3ca7ecbe08db3a9570d3d1cec95d4b787275ccd75c029ca2ab |
| SHA512 | 5d7ad2b666a666e9b7f5ce6c95dab1f811a957d0917597f353c00a830b65f2f1b0924eee170f06514b34e843b0b3b98f9857329fcdd4c7abf58298ef0b4708cd |
C:\Users\Admin\AppData\Local\Temp\SD_F20\FSP_PrintLimit.dll
| MD5 | d5b3279eb9b8058bcdd88a82d522979e |
| SHA1 | e90d0290ed8eed045db3b9c7cd1235bd2531e168 |
| SHA256 | 6f858a704d9840781e50e8b2af73e48a881fed3b67b88563026da90497f05e33 |
| SHA512 | d79f046319558d162a4fcab70737d7045ea0bececa88a19d074271144619f9237cbd0dc41b19e09c853fdab03817f20314c5330082a44d0cb8a09ef22a464a96 |
C:\Users\Admin\AppData\Local\Temp\SD_F20\DecresePrint.exe
| MD5 | b3603b9b5388f6ac61b54bf478b5c969 |
| SHA1 | 9746d6e5749ae45a0d50bb65bfb8b64645da55e3 |
| SHA256 | 428b983c0b0b12f8fb8422408b0e7094f01b7ce11b807d353bbd17bb68133f30 |
| SHA512 | bb5f14ec32e3a5b8c3d168c966f2a6f2bb5b66c50330cf4667316c38b4f2e856425dd48770a6c5e398cfe6b8d066db931fa4e6be120e988ed65273b0e1a06ced |
C:\Users\Admin\AppData\Local\Temp\SD_F20\ImpControl.dll
| MD5 | e88bfbe7e63480f1e69769384e918578 |
| SHA1 | 96ccd80e5d28acbb528da416ec7f30b4138306f9 |
| SHA256 | 226d470e7cfcd5e319a3c1a610f3c7e9b6d26377af902c9b73fc6f30097be634 |
| SHA512 | 90fc5327774c1e382793deb53fdf9ae58aa66186c4ed68723a38b0e4399c3d733ddb8aafcbbbc946e9a86ea82c6285201e2861300537cb4044de4b9cd31ffc06 |
C:\Users\Admin\AppData\Local\Temp\SD_F20\SDOutHookLoader64.exe
| MD5 | 9a9678b6a44ad0187bdf44482261cbfb |
| SHA1 | b349453262d332703c9036965f10fad9b49b2ce3 |
| SHA256 | 8e6a8424173c14a7b897f1af8385578c9c8ce1887c708a9999b37b82b1ae4ce7 |
| SHA512 | 8c7fd316d5361f4e5c0dadeea9b5f9d2aa554c319d8438852a20f59073d38386d92132dfada3365311fc13f31cd4f9f62ef1ce3436bb43e1e8194d854a5dee6c |
C:\Users\Admin\AppData\Local\Temp\SD_F20\SDOutHook64.dll
| MD5 | ee5d0fc12329b6b6b2d8b0edb6c56078 |
| SHA1 | a321cb9068180a419e535c1c6df25937d9514ffe |
| SHA256 | cc3d3baa9e5c6cd2d47ab8bfa96ebb79d48ee9386a202d2c672f81358cccc201 |
| SHA512 | 9d180aa04086279aeb83f0728f53b9ea65639220d0f365bab6c16e8f2706333f69fcf964db564cbe8b68569ad300a9f75966d32d10020a2241b898aeed6d38f2 |
C:\Users\Admin\AppData\Local\Temp\SD_F20\SDOutHookLoader.exe
| MD5 | 74fb536b7d928ab6baf698fb44922a9f |
| SHA1 | a597e9d4f1d66097e7e20dbe46207d255e6722af |
| SHA256 | 1fab3a8b8e043aa91c17316927396e647d757c7705a3ad724c68de5546793876 |
| SHA512 | 6ced3265556731748640332e7192bd18cfd5a78f363afc41bb30e283372173adef041c5dd4243c221f95eadf51864c1a63d9975394f2abedb46f470aa78f9bd5 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 23:36
Reported
2024-06-03 23:39
Platform
win10v2004-20240508-en
Max time kernel
135s
Max time network
130s
Command Line
Signatures
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\dadaac83ffb6674a48a5e0a434716da9120da968e25e2393faec61c68c80b346.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SD_EF53\SDExtClient.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\dadaac83ffb6674a48a5e0a434716da9120da968e25e2393faec61c68c80b346.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SD_EF53\SDExtClient.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SD_EF53\SDExtClient.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SD_EF53\SDExtClient.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SD_EF53\SDExtClient.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SD_EF53\SDExtClient.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SD_EF53\SDExtClient.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SD_EF53\SDExtClient.exe | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\dadaac83ffb6674a48a5e0a434716da9120da968e25e2393faec61c68c80b346.exe | N/A |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\dadaac83ffb6674a48a5e0a434716da9120da968e25e2393faec61c68c80b346.exe |
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SD_EF53\SDExtClient.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SD_EF53\SDExtClient.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 676 wrote to memory of 972 | N/A | C:\Users\Admin\AppData\Local\Temp\dadaac83ffb6674a48a5e0a434716da9120da968e25e2393faec61c68c80b346.exe | C:\Users\Admin\AppData\Local\Temp\SD_EF53\SDExtClient.exe |
| PID 676 wrote to memory of 972 | N/A | C:\Users\Admin\AppData\Local\Temp\dadaac83ffb6674a48a5e0a434716da9120da968e25e2393faec61c68c80b346.exe | C:\Users\Admin\AppData\Local\Temp\SD_EF53\SDExtClient.exe |
| PID 676 wrote to memory of 972 | N/A | C:\Users\Admin\AppData\Local\Temp\dadaac83ffb6674a48a5e0a434716da9120da968e25e2393faec61c68c80b346.exe | C:\Users\Admin\AppData\Local\Temp\SD_EF53\SDExtClient.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\dadaac83ffb6674a48a5e0a434716da9120da968e25e2393faec61c68c80b346.exe
"C:\Users\Admin\AppData\Local\Temp\dadaac83ffb6674a48a5e0a434716da9120da968e25e2393faec61c68c80b346.exe"
C:\Users\Admin\AppData\Local\Temp\SD_EF53\SDExtClient.exe
"C:\Users\Admin\AppData\Local\Temp\SD_EF53\SDExtClient.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 676 -ip 676
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 676 -s 1064
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4200,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=4028 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| NL | 23.62.61.129:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 201.201.50.20.in-addr.arpa | udp |
Files
memory/676-0-0x0000000000400000-0x0000000000475000-memory.dmp
memory/676-4-0x0000000010000000-0x0000000010038000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\evbEF52.tmp
| MD5 | 607f71634812be52285b38bf5e1045da |
| SHA1 | fc6c1be4daf417a58528441f9d8f4e3deef5a729 |
| SHA256 | 8473b73da507b05ce3bf000c831f9e4227a8efbae8df2ff774bebd4932ab2bb5 |
| SHA512 | dde318c9852827cc65079a2921d2bf47691d670421946426e59f98066f018266119b728da5bb77d311274e689004e99786e3edf1edb315178652eda161bc4b5f |
memory/676-11-0x0000000077523000-0x0000000077524000-memory.dmp
memory/676-10-0x0000000077522000-0x0000000077523000-memory.dmp
memory/676-14-0x0000000010000000-0x0000000010038000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\SD_EF53\ExePath.ini
| MD5 | 6dd2aa18e2ebe2390a77cc0a4fe0280f |
| SHA1 | cefd8fb84fc7c071b221c49b607b1841c7e90f9f |
| SHA256 | 41988862188d5e35031843dcd26d10656a83a5062a4e38e2d1c18fb46a01980b |
| SHA512 | b2e385cc9d1cfa627a31a1ad5e6aba94c83ec6730156b8424715bcb87019d7d75adef43dc17376a8e367e2c8d30d7b2c3e7a06221133bdfab779ebeb77b527c8 |
C:\Users\Admin\AppData\Local\Temp\SD_EF53\SDExtClient.exe
| MD5 | c2b721bf5ba2e41588304d553bfa3466 |
| SHA1 | b6a09708706112871d795a2b4d8ba8f85f667fab |
| SHA256 | bdaff354d371b36595e2007fdbb8e2bce270a581a2bb2fec9d5b7bd02491e103 |
| SHA512 | b37344c1a24eee2c1e5971e26a735bc430db62783485f494b9d7147ac9855d36613a4c511f4d26d5d5c03fe0b8ddc8156f66892b982298b3b7b722f4d558d3a4 |
C:\Users\Admin\AppData\Local\Temp\SD_EF53\SDCommon.dll
| MD5 | e21b7c64b236181645ea7e3d26e7a928 |
| SHA1 | c73c82ce09f10e3604c0c12fe5e13f0a51c921b5 |
| SHA256 | 37d14827cf93ba1cad060c8c5c0d2576d96d9230efb1201b7cc19f98d6020b0c |
| SHA512 | 55e2440c968593e6bcc5586c81bff9a2a6516b0a99ddec3ef2e07afc03a384ec5a00dd1d48106f881ebeb1a1a418cb3d255ba665ddc27d80026a66c936e0a94f |
C:\Users\Admin\AppData\Local\Temp\SD_EF53\csp_crypto_dll.dll
| MD5 | c644949671ca7e0c5055207a0a4c45ab |
| SHA1 | 523705caa026c77b082c25d6c5b64d0e3fd6d2ee |
| SHA256 | 30d763349c73cd39411406fa2f4aab5edda2394b9d8e200a7df86d1e39cecc0f |
| SHA512 | 7260574b09a059e45c06f62c9166858a42d37d1ca54a2f7cda2de2d6dafad44923bbf7649cb213e026ea3f6f74479514c0badb6f954e1e534c1dfd465608ccd4 |
C:\Users\Admin\AppData\Local\Temp\SD_EF53\SDCommonEx.dll
| MD5 | 534ebb974cabdb64b5503b4727877024 |
| SHA1 | bc571ac14dadbf43770d68facca2b0953cd9ed05 |
| SHA256 | 748aa576deffe0b93a5e446d01e53cddf52d38bf6a6ea6252d636326e7a4340b |
| SHA512 | 51a6a2d0b2b283faeffeaf3879d84ab37b72916b951eb41f9439a2486fef135c0c91f539541d158e63e2393a1ba5370075bf8e586ee38d82e9a4b1d7b2ec0207 |
C:\Users\Admin\AppData\Local\Temp\SD_EF53\FSPFileOut64.sys
| MD5 | 281fa560240cded410a958faab4f3a81 |
| SHA1 | 73eefc8baa4cb8625fd177356607ca0a7539cbc5 |
| SHA256 | 4f795529d7b886b694e437c4793fbb20c2b039e8a8cd881f12b53755743e9f23 |
| SHA512 | 7ec626936e20f509e97defb61caeb5ff1f42e2c2a299c15af15f47107a078025d63fdd7310feba036ca1918dd0ae8359887dc8a0c83d5a25049a4b44fe95f410 |
C:\Users\Admin\AppData\Local\Temp\SD_EF53\SelfExtract.exe
| MD5 | 8bdcb2c5a3eb175394deb0d90bcc8263 |
| SHA1 | e6f8aa5332a989e69c246ba78f6783c58ac4cfa4 |
| SHA256 | 859b923457c7c084008e2fcf75e6dd309f24d1b3f93514c08e73d9469fccddd6 |
| SHA512 | 94310458b6b165192b61dfd1cbdb9e87e05e2d704464b143a39773f9838a5db967954a7c0d2c03a0e258ecd62932875533b811bea5d1d99e57a2cc0d8e40832b |
C:\Users\Admin\AppData\Local\Temp\SD_EF53\FileRedirectEx.dll
| MD5 | 5b0f4c573d35c3818e74305c93e3be29 |
| SHA1 | e3b8cac63edae3ada8e5e32eb64ac37c52c195b2 |
| SHA256 | 49f9135dddd740f8c21e30f81fbc8be7ca05df08304c4ef62b40da21f99a8bd7 |
| SHA512 | 8a67d5353ce1bc7666d1cb33034c6d28d4fd2efb01855af74d3cc1057bdb9b5e68496b35276012fa5616b49d38962b7a7f17a93d60e0ff4ee63f63d4597549ed |
C:\Users\Admin\AppData\Local\Temp\SD_EF53\csp_soft.dll
| MD5 | a7c97559d7137d256c4df9725fbd30db |
| SHA1 | b66a0d1308d532bfa5b766a9aa7922c1d71a436f |
| SHA256 | fdac77981aa42256b881f29365079801385fce16d5a095e8321611cb22480eb5 |
| SHA512 | fdf7c804b139b88e80defd2fd6dd015acadecad267c9330ba23bdf0b47197cc6a1a185b4cc14eee6c45a942630036db736081e1db578dc6dcb454454811dc762 |
C:\Users\Admin\AppData\Local\Temp\SD_EF53\SDExtPolicy.lst
| MD5 | 5fdb9a12bd3eab5cefc58a122f4aae05 |
| SHA1 | 8d3b101e23f705088ae15beb1e2858200967ff6a |
| SHA256 | 5d134463a3682e9c59b2865f431c73a8316829f77bce4f53c81ae681b69be2fc |
| SHA512 | 1e93c5bc3d32b84ae07eb982e92e1e72ea3b34007b35bf595562596fa2522d7b69bce0b73ac95301cc0d6cf03751754dbe2861cbbc274f574273ca50b82cc71f |
C:\Users\Admin\AppData\Local\Temp\SD_EF53\FSPFileOut.sys
| MD5 | c7046e9d79dad56500c7f01ea9b50317 |
| SHA1 | dcac96f3327f0a6f42de883dfab4ae6f4c4ed4f6 |
| SHA256 | c99863b250e9308ff2ba47e88dd5caad9c2e119e9a17ace88bb2a7bc7153c43c |
| SHA512 | 26656cf83951da906fef954cb85919560888d5a4dc6fedff1a9876c654f2167a2851f85c203fb1da0bdab8d70d1e25194d26cb57031771d921ae606a480e3222 |
C:\Users\Admin\AppData\Local\Temp\SD_EF53\FSP_PrintLimit64.dll
| MD5 | 8c0fe4eb0c0566dc6b578abf504c8e4f |
| SHA1 | f41f6e69101cb9e84835488dc3c4069db263d631 |
| SHA256 | 299f0fa7f59a7f3ca7ecbe08db3a9570d3d1cec95d4b787275ccd75c029ca2ab |
| SHA512 | 5d7ad2b666a666e9b7f5ce6c95dab1f811a957d0917597f353c00a830b65f2f1b0924eee170f06514b34e843b0b3b98f9857329fcdd4c7abf58298ef0b4708cd |
C:\Users\Admin\AppData\Local\Temp\SD_EF53\FSP_PrintLimit.dll
| MD5 | d5b3279eb9b8058bcdd88a82d522979e |
| SHA1 | e90d0290ed8eed045db3b9c7cd1235bd2531e168 |
| SHA256 | 6f858a704d9840781e50e8b2af73e48a881fed3b67b88563026da90497f05e33 |
| SHA512 | d79f046319558d162a4fcab70737d7045ea0bececa88a19d074271144619f9237cbd0dc41b19e09c853fdab03817f20314c5330082a44d0cb8a09ef22a464a96 |
C:\Users\Admin\AppData\Local\Temp\SD_EF53\DecresePrint.exe
| MD5 | b3603b9b5388f6ac61b54bf478b5c969 |
| SHA1 | 9746d6e5749ae45a0d50bb65bfb8b64645da55e3 |
| SHA256 | 428b983c0b0b12f8fb8422408b0e7094f01b7ce11b807d353bbd17bb68133f30 |
| SHA512 | bb5f14ec32e3a5b8c3d168c966f2a6f2bb5b66c50330cf4667316c38b4f2e856425dd48770a6c5e398cfe6b8d066db931fa4e6be120e988ed65273b0e1a06ced |
C:\Users\Admin\AppData\Local\Temp\SD_EF53\ImpControl.dll
| MD5 | e88bfbe7e63480f1e69769384e918578 |
| SHA1 | 96ccd80e5d28acbb528da416ec7f30b4138306f9 |
| SHA256 | 226d470e7cfcd5e319a3c1a610f3c7e9b6d26377af902c9b73fc6f30097be634 |
| SHA512 | 90fc5327774c1e382793deb53fdf9ae58aa66186c4ed68723a38b0e4399c3d733ddb8aafcbbbc946e9a86ea82c6285201e2861300537cb4044de4b9cd31ffc06 |
C:\Users\Admin\AppData\Local\Temp\SD_EF53\SDOutHookLoader64.exe
| MD5 | 9a9678b6a44ad0187bdf44482261cbfb |
| SHA1 | b349453262d332703c9036965f10fad9b49b2ce3 |
| SHA256 | 8e6a8424173c14a7b897f1af8385578c9c8ce1887c708a9999b37b82b1ae4ce7 |
| SHA512 | 8c7fd316d5361f4e5c0dadeea9b5f9d2aa554c319d8438852a20f59073d38386d92132dfada3365311fc13f31cd4f9f62ef1ce3436bb43e1e8194d854a5dee6c |
C:\Users\Admin\AppData\Local\Temp\SD_EF53\SDOutHook64.dll
| MD5 | ee5d0fc12329b6b6b2d8b0edb6c56078 |
| SHA1 | a321cb9068180a419e535c1c6df25937d9514ffe |
| SHA256 | cc3d3baa9e5c6cd2d47ab8bfa96ebb79d48ee9386a202d2c672f81358cccc201 |
| SHA512 | 9d180aa04086279aeb83f0728f53b9ea65639220d0f365bab6c16e8f2706333f69fcf964db564cbe8b68569ad300a9f75966d32d10020a2241b898aeed6d38f2 |
C:\Users\Admin\AppData\Local\Temp\SD_EF53\SDOutHookLoader.exe
| MD5 | 74fb536b7d928ab6baf698fb44922a9f |
| SHA1 | a597e9d4f1d66097e7e20dbe46207d255e6722af |
| SHA256 | 1fab3a8b8e043aa91c17316927396e647d757c7705a3ad724c68de5546793876 |
| SHA512 | 6ced3265556731748640332e7192bd18cfd5a78f363afc41bb30e283372173adef041c5dd4243c221f95eadf51864c1a63d9975394f2abedb46f470aa78f9bd5 |
C:\Users\Admin\AppData\Local\Temp\SD_EF53\SDOutHook.dll
| MD5 | 1597f8b1850b7825ade925131c3b297a |
| SHA1 | a06ed3b96436435c19f953f2aadc325d8d98bf19 |
| SHA256 | 569dd83805efd18da118e14b81bd384fab5a5d257383302510f65787bfdc8f62 |
| SHA512 | a58a8f7205b4275d81e02bbd8dd84ded198c38a84c9e32352178220f7b7bcdc7d5326d64460089dc53b16d3e2bb1a918bf80755f4a7a4b0a467ac4aafe0f1730 |
C:\Users\Admin\AppData\Local\Temp\SD_EF53\LoaderInterface.dll
| MD5 | f5f001ca8cdac172286ffaeaf1ab4e13 |
| SHA1 | e89b2b326084a286ea57aa76ed0138baf9d6c9a6 |
| SHA256 | cd85db8ae064cc14c38892ca632073a7d9d1880abc08c5854bfb3d89f83f7eef |
| SHA512 | f98446e039e6f788dc2bc8b24cecb40c53fded01d6a08aec12f18977df0fde566cafaeec3db26c1b5c4d23de28194656985e958b14c1b02bb91c969f104e7a59 |
C:\Users\Admin\AppData\Local\Temp\SD_EF53\SD_AssistP.dll
| MD5 | b3f3758a563104345e37498579f91e39 |
| SHA1 | e4130c49b342dd6aa8bba85ba89d6d519ed1a194 |
| SHA256 | 05bd3f7342b60405a37da0ad0f7f68a6a7cc9ab5482747fad08e8fdfb2f7a9b9 |
| SHA512 | 67e104d1e99b31b601c69354e4b2f562e01e7ac37305043c93f85b852a9befd6ccd2aef9736f2c1509ef823ccd78361cff0612236ea7a27a4daf9ead9e731ad1 |
C:\Users\Admin\AppData\Local\Temp\SD_EF53\FSPFileOut.dll
| MD5 | 0310cfe97fafd9392c8926241a54002a |
| SHA1 | 35adc58c9c6c897a6f5d4c3b805324d970ff98dc |
| SHA256 | e9c27d7e6585626bff5f021a88ae295e78bbbbef573ba6787dd241457acf9c6c |
| SHA512 | ba37f45676fea851e2af585c884f942d030d2e97fee63b05bfc3820b7612fd7c10f77b2018a11ab6eb985160c04104a842a7021ed43115e46d79194e4321537b |
C:\Users\Admin\AppData\Local\Temp\SD_EF53\Fsp_Notice.dll
| MD5 | 16ddd1e7aec3b76b06ad46c34c869ef5 |
| SHA1 | c65d196c9d310f9e3733d7d726a5cbbefd4404d0 |
| SHA256 | 3e7a3c2d7483fbbb93eae2c87feb5dd7e25f73edd31612aaa7966ad364a6be4d |
| SHA512 | d06d7a975535b7ec8062fd8a9a5e6524c01f31fe4161ada02182f21e3a6c6711f3e4ea23d5930758527ef3db4f23f1d6170f2bd664542887db14b336a3acbc34 |
memory/676-107-0x0000000010000000-0x0000000010038000-memory.dmp
memory/676-106-0x0000000000400000-0x0000000000475000-memory.dmp