Analysis

  • max time kernel
    1562s
  • max time network
    1568s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    03-06-2024 09:32

General

  • Target

    deskfxsetup.exe

  • Size

    1.6MB

  • MD5

    01cf2fe2f0ad74d388a1a116f16fe263

  • SHA1

    e97b427921b1b24eb8527da7ecf17feb8b336bb1

  • SHA256

    1a02ce49082eecd5e5616b4628cd5b63ff58944acbac06b551a46f9ca0cff36c

  • SHA512

    9d7154ddf25ace799fbbe1792690468f270ca185e5d0bd41a516dec2ef0b17142aaac469c498acd84426a591c21be552f416627a8831404d7fb09880683dc681

  • SSDEEP

    49152:1dW2oWXTUNWtoHStzYeUgSQaqF5AGspqrvxI:rWBWXTUe/UgSsR0ovxI

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Drops file in Program Files directory 18 IoCs
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 28 IoCs
  • Registers COM server for autorun 1 TTPs 5 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 29 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\deskfxsetup.exe
    "C:\Users\Admin\AppData\Local\Temp\deskfxsetup.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1488
    • C:\Users\Admin\AppData\Local\Temp\n1s\nchsetup.exe
      "C:\Users\Admin\AppData\Local\Temp\n1s\nchsetup.exe" -installer "C:\Users\Admin\AppData\Local\Temp\deskfxsetup.exe" -instdata "C:\Users\Admin\AppData\Local\Temp\n1s\nchdata.dat"
      2⤵
      • Adds Run key to start application
      • Drops file in Program Files directory
      • Executes dropped EXE
      • Loads dropped DLL
      • Registers COM server for autorun
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:3000
      • C:\Windows\SysWOW64\regsvr32.exe
        regsvr32 /s "C:\ProgramData\NCH Software\DeskFX\loadeddll\deskfxapox64.dll"
        3⤵
        • Loads dropped DLL
        • Suspicious use of WriteProcessMemory
        PID:1420
        • C:\Windows\system32\regsvr32.exe
          /s "C:\ProgramData\NCH Software\DeskFX\loadeddll\deskfxapox64.dll"
          4⤵
          • Loads dropped DLL
          • Registers COM server for autorun
          PID:2524
      • C:\Program Files (x86)\NCH Software\DeskFX\deskfx.exe
        "C:\Program Files (x86)\NCH Software\DeskFX\deskfx.exe"
        3⤵
        • Executes dropped EXE
        • Enumerates system info in registry
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2944
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe" https://www.nchsoftware.com/software/thanks.html?software=DeskFX&appname=DeskFX&version=6.15&appbits=32&base=deskfx&domain=nchsoftware&buyoffer=deskfx&pclass=plus&rgst=0&antivirus=expired&instby=dl&iid=T3ZH1f2hWHo&help=0&ostype=1&osver=6.1&svar=LLIBInstquickonLLIBControloffDESKFXSplashv2offZt7nRS5eMJugMCIhFEpxNIbdVwzmZP4wDESKFXSuitetaboffTsduUEupPuygLLIBFrdispkclroffKYMvUEjtDESKFXOrangestatusoffLLIBViewsoundeffectresetoffRztbYs8nQOIaYD4uKCOwFZtuW8bwCa7pEqjvDESKFXStartuploadpresetoffACKsRr2mXklwUFFd&usechoice=llinad%281%29&daysusedprogram=1&usedsubstpct=0&secsfr=244&active10s=0
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:1500
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1500 CREDAT:275457 /prefetch:2
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:1032
      • C:\Program Files (x86)\NCH Software\DeskFX\deskfx.exe
        "C:\Program Files (x86)\NCH Software\DeskFX\deskfx.exe" -installsched
        3⤵
        • Executes dropped EXE
        PID:2236
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x30c
    1⤵
      PID:2180
    • C:\Windows\system32\AUDIODG.EXE
      C:\Windows\system32\AUDIODG.EXE 0x544
      1⤵
        PID:2640

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\ProgramData\NCH Software\DeskFX\loadeddll\deskfxapox64.dll

        Filesize

        109KB

        MD5

        e2dbf5f0f9ab34c3fa48cf4aab9482d6

        SHA1

        55f350fc460d873c267adfbb791f16d46a4390da

        SHA256

        cd5f6ad031697f93988400155002c9e7e4c598a3f2152fc92c315ad1cb45cd71

        SHA512

        0cbc6f18f6f00aa99d58e4ab949b65736b8e2a5f28d9fd5c8c0095e8a86c8814e6513560897973233e9034c0ab05ff997627be0b87abfd31b48e58205be7dbe1

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

        Filesize

        70KB

        MD5

        49aebf8cbd62d92ac215b2923fb1b9f5

        SHA1

        1723be06719828dda65ad804298d0431f6aff976

        SHA256

        b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

        SHA512

        bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

        Filesize

        342B

        MD5

        6b5bddd1daf2a4d9c61846beeb11396a

        SHA1

        bd1ee26764bbb58363142f6d3bc5f3b90be68129

        SHA256

        f9f66b760a2bf550c963a906e9b6d134e2624a0c7b5ea0c8102234ac11d577a3

        SHA512

        6718e63f7bdb44eab00ecf86d64deae5f6d9e8921fed5866713b302ded807fc78487af6ea66d2c7573a70bb86afc0fbda118cb7137ce44fe818c3d516e34c979

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

        Filesize

        342B

        MD5

        f4d48044e975ef3be629086a5a5d0363

        SHA1

        f0531c604680908c095c1ee37ac8134bcb13a2e4

        SHA256

        7a12fcd9cd96eb772e102dc425b6085505f911ca8d0fa09666ff21547c93c601

        SHA512

        9544bd532e8f2633b2685338849978e8796532cd61fde45d4b3389488d175d013d44ae1bfa43fd3572c75d5f15847586ea67c721adb47bf2c61712c904b472f6

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

        Filesize

        342B

        MD5

        6cbd583c039b476163db9d56b8350bdd

        SHA1

        2ff92a05d08adb73952521457beab166f7f811f9

        SHA256

        071642ef54beae2931aed1c8f3868563cb3f389fc9f5a7c7d01504a652bc3ba5

        SHA512

        52f171e79b3f5888b6775f05149c6e8e0135573a3c9ba415cedddb877ad890c5e6fc840edbcf8e81eb7cb972935b52366b5dc496722260c40635c90e036c7140

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

        Filesize

        342B

        MD5

        00a3fbdf1a8ad772f6c72df9f955eb6e

        SHA1

        314cbde939b84e777112e15c8bb7a077c1e95ed7

        SHA256

        0240c5cb631a80f5d89c0de6389696dbd3d9897111f2b0872c2fed1ca49c9cbd

        SHA512

        848fc97c0bf283aa3a2bfbce9732448704348e48705d53f5d16260677f781ea42ccf377a9e15aecefd348079ea6c2d8c210c2d192a0a76e46c6c2c8939d514cb

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

        Filesize

        342B

        MD5

        0077f1e39a635bf3d5a69b0c5c7b27d6

        SHA1

        b113d74b6ad8edae2c85bd14a736a84aa4e3bf1d

        SHA256

        b8d005b2affd71977b2f43690d35fea4111035338ee403ebb9ad5cb7d0215d0d

        SHA512

        131ff4eb5f36ac9d50105f4504f0bdd60f40697762f88cb8f8bb86f4bb89e1eb21e4673b8e475748417d3bdca84f0fdcbd2429266b8b7d7e0eafe6683f204866

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

        Filesize

        342B

        MD5

        ff6d1537530a6f9434ba59f1a6f67f8d

        SHA1

        ea65a963df3de0922515c66ead97575f371f4c4c

        SHA256

        dab8a2b3dab704cf2398e8509eb6f72077433592db99edcdc7ead979fa9b2632

        SHA512

        b97cc172c48d8531cb2a97008b9c57e99177bd1f9a79d2ed9c1bbba65416116c914721824092d29e23da6965811b5ec17e3f2269a7bde86976e455f577b7ea15

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

        Filesize

        342B

        MD5

        69cb689f00d7c6bb39e94070816d82c7

        SHA1

        b202ce8484e9023d1d7fd6318f3ce781f2a7c9e0

        SHA256

        a773f22b88980782b1991c43ed8eb229ef2fc73c48f4effa71b09b6c3f469821

        SHA512

        31c4b0d5d2560b1f53731159087970c899ec3342b029b8ed10accf14c00804c96ddda14b051db470774b3e4733b529abb5887871e5e5fe27815e63d426c83d5b

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

        Filesize

        342B

        MD5

        f1ce920a1d9f7c9ab28dd0ed15b8db72

        SHA1

        6bc200de4536e42fd093989bf3aeec4009db1698

        SHA256

        ad4ad47b2cd335478da96b7a23cc8ba265d6f92fafa6ee4b182c21909da607c0

        SHA512

        cf6425bba7b5df059faf987a61384b05abff70fef651963ab05ec2d5e135605aa2df71fd285f658f3e3cbd17a4867c48174cb29176347caf2e47cb3d36c9fa0c

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

        Filesize

        342B

        MD5

        a4fc0b94e45fe35abc067f7457a7ade7

        SHA1

        eb2b115754b83e7ca1eb7629ce4e69780a2edc2c

        SHA256

        927abd2f2134f5b357bb55282d4d668e6faa3f534306cfdb2a32b7f3414257b9

        SHA512

        27c1a5e8674d4e68ff84f8b2e9ef865d8096019ed4f1ffde56293b3fef7c79d307b42d4bb4fccc8cafda4a593db5715faa5a335d781b986b21cf8db0c938b332

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

        Filesize

        342B

        MD5

        9b36ddc6a5a7303f7ec9a98f8d1421b3

        SHA1

        d3403e631ebd9b238ad1759f7193a9c1afb55e11

        SHA256

        73f73da54b84e3b98075585d91236d851e1adba42f03dbfc75f5210b7caed951

        SHA512

        c1209945ba629a37be5d8c3751f27ec2c65e1cfb012995447f88db9b16f84961b7fca333e84161c59e8fabc3a59faa6882a75143a49938a4fcdf48a1d7bd9bde

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

        Filesize

        342B

        MD5

        fbce370c7b6581c2b10dc15a696def45

        SHA1

        e832da70e7c94055a41ff46f7be0d389aa93ccc5

        SHA256

        d318e76e0a52da9445dda90096cc971b71beb40bb9de42cc933b0b32e6f420e0

        SHA512

        0790d0fe86a03453b862c42e78789fb2bd262dc4920d3d1fcec00b423531134ab7b7ffa647d77d79d902382e336071eec470451662a0478d39a081a0314ddaf8

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

        Filesize

        342B

        MD5

        4c34e2ab7846ffd9748268c79efa3843

        SHA1

        8de6cf95a5d579c3853777db078f4d439e06161f

        SHA256

        751e069fa92dac27e99e0d21cfdf712ef3e733b539ff51561919c3f3601478d1

        SHA512

        44039d30b73299a738a1643929f21d02f00daa7e01e0c778cc1005be379c8469a1d71b4bca32750b5e80dfcbe30fdcb1ff5e5a8dc46a3ee8c0bf80961178c53c

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

        Filesize

        342B

        MD5

        5cac38a1c6a5f3c91da589f38707aab6

        SHA1

        68b4d88573d376ff8b2ddf61c644767d8b9e0b29

        SHA256

        e01f41e508bacf374da34f01caf7a8cbf925185eb819f66fb0f5e4e122500ad0

        SHA512

        f58eb70d0c316fd71a5e3ca25b75770cb759ac413e934213d0d0d34cf505fd431f03acf19f055b97c4e30760102e5462da9af28345103259a42a1b11f88aca1c

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

        Filesize

        342B

        MD5

        6441ae7fa5312089ce761e40aee72c3d

        SHA1

        d1f96b21ea136a2fcf11d326bed8281cd129d826

        SHA256

        a6fe0f0c554f8c02853d77c9a20036b5ac657fe82e85bcee069dbb27e6399fcb

        SHA512

        f999c456d2c4b4667f1345b97d4f6186fed85ba8f33413613dac62e1ea237328f4bb107fa761af95d5617d1dec05586f69104be810fa82d9bf430cb74527a8ed

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

        Filesize

        342B

        MD5

        a7ef3e1f9da098c5df07625341320e4b

        SHA1

        f16f4a2eed204f5ed36d4f217256f3a65bc300c2

        SHA256

        ee97272ff69edb336b7a986f7458a8da67aa68d057fa78f88ea753eaede013dd

        SHA512

        604692f2a05cf18147467003b6978f0ea8199ab0aa95dd43f4197713d1b609d2709af160ee5c3e0318b3ff5f3d47334959585fb2826a1fa758ed0af0c3727e3e

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

        Filesize

        342B

        MD5

        3c064808efcd94e35d0b41eeea4d8e01

        SHA1

        6a40625bcee4ef381d9b0bb398aa4d4eebe653b1

        SHA256

        29c9c9da2a579e4a358beb2b68e2927f64a7745f2e5fea80c0753f2d27941c84

        SHA512

        28843aa12c875d97282162429221379593e87a7f2c032db8a0938a18706c3a375044934b7125c03a7c84a6b6d321e1e5159671fe376662b57637ae14c173f67f

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

        Filesize

        342B

        MD5

        b629b9c0a256bb059b847a070ee564cd

        SHA1

        2a5521c386381b6916283176cb4e428d4d710c68

        SHA256

        1f113912a4da97bfaaf7a259db89f14c02beadfefb44b11af2b01ec4fd435e80

        SHA512

        07ecfadcc038c293b271485817bfda44ee12e333a3ba1d06543e654b1b92b255e37d222fe01fa2e66d840e1993dbd3f8bb71518ad1eb97e7fdc9aa1c7edd30fe

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

        Filesize

        342B

        MD5

        2d3710da7492edbd2173a02905fe6454

        SHA1

        642dc413bb69e49c8698643892a29b67e1fdb98d

        SHA256

        7de3ccd79a4af6daf4228cf114eb67f36666085f41a5c9ef92cd9fb767c05420

        SHA512

        293a36d4de64668297c6d72dfed6fe0bb12e15517d887dfc79f29dce7f2320ecf8270a99638b51b7b48679f14408d30773911ede4c318223fbe75be0860a8514

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

        Filesize

        342B

        MD5

        a6b483de44a087875954ea43f28faa52

        SHA1

        97b53fc940813418026f238ce06df7ecda7ea966

        SHA256

        5dd2dc92456ea5ea84eab324d3dd43e3eeee92624578cd95e1a592488fd18a91

        SHA512

        1eedfa9e3682b3c594ea6d3361483b03bc10e416b24c7d6183647eb21ad7131e98fe66bd821bc6f3e50650c6c79a895d0a1a144cd4c9087eb631abc55de66e1c

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

        Filesize

        342B

        MD5

        f7130b4f7380cd24e18ca11af16ead66

        SHA1

        2945510f65ad169abc73d9e09daf7b9b76d31eb6

        SHA256

        69a0ad5cbcb46b15442609862b82288bb27fa6d4b0043a8c52f32def51bed8a5

        SHA512

        84321256ec0f2ef08f144e883956507ef5be9b0ea1f3b967b3e7920be51768c5aac0a56edf8b05e1f3cdf5a1bd8541dae91dc6f24602dd6c39ef9dd251c0aad3

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

        Filesize

        342B

        MD5

        89d07281c554bfadcbaf843211ed49fa

        SHA1

        901872de97987754fe6225cba225bd37d0161f47

        SHA256

        c996af5bcb491921802483bae73aff758c3f89d3b1ff658750f146744438813e

        SHA512

        27e8d74967792dd8da079ebf29679e11fce1ef86189f10d4b817e70bf3bdabcbf4e42d465cb5ec04da4a744e6079930b95947470728fc0b0a2aebdddf86137fd

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

        Filesize

        342B

        MD5

        0aae790d14976ed49f3d4b78baa78c4e

        SHA1

        6783f75ee52b0ba6869ecbd69c23e185b46cbd7c

        SHA256

        f8c17d7764b6f4a70bc57cdd758390bdceea72760c6a93b9ad593f306a095afd

        SHA512

        170a25f5c79a2d2981f6775db3fd38ba63db29516f346814607675911e8ed42233034293f677d3d52a992e78b3ae3e5aa5c7e25bcac30efb0ad9311dd3a35ca8

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

        Filesize

        342B

        MD5

        c02b609736b05931dcb0b3110b1de65e

        SHA1

        978cfa92a7f36b86cd67cd4468c9b7a938daa4cf

        SHA256

        b8f1a3b53f1ee4a02c237a39d4c4e5184bfc640092b9b4214f08127c5536e403

        SHA512

        ae20044d1838899b04493450cb5ab283bc2e177abdd1f5d5ab957a097ce0b29c236e977a0532bf71bd79a8b4fe47faec1407209f7963f60c0040d15813700ea8

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

        Filesize

        342B

        MD5

        66a16e9967820ba72b21a25f68d699a8

        SHA1

        9532581c2a53bdb1ea8c022a376b4da8b14d2a4b

        SHA256

        019e1c48503b59706d0b0297ae97f6ce2259fda7877c812a1b80a1c48d6ee015

        SHA512

        86b508fd3ce2442fd0bf5d8b5dcf063032d2e8194a03827b5201e1ca9072ec566c99adcc54c54e4b064107924df8780f30bfde02d0969e553696a8327d079f84

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

        Filesize

        342B

        MD5

        df5402569a617cd1aa9ece84cf8fd428

        SHA1

        ef0ad51e00d426bbebd145fdaa9d13d62e3af91b

        SHA256

        cf7c2ffc8227dbe6ebf7bbaafd57b021639a7b3273b5019c74c0e66dd64b1e16

        SHA512

        4cff559205659e75411c5c5e85d985b099b4e3e2c1e8a5effad22e8f06db472b621140e5bccd6d69f8f6d0e49344301e6e7f548ef249306144d61b1a33499349

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

        Filesize

        342B

        MD5

        f01ef1605cf7ea904955d8981c2bdc15

        SHA1

        d1fbe72ff8f41a85d604802b2de7b9beb6d8572f

        SHA256

        6dc6696beec70a0b997104e378792efe54c9e1fdb1f58577e291be94d955263a

        SHA512

        899915835c925388620788a3dbeeeb997d147b4e09698798f052ed98e456c1e3d75e79c147c0be7f83d6b1768433d6874c3f0c2a57bbdee51236b3265e8e0135

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

        Filesize

        342B

        MD5

        318ab0b97008f0b9b6bf9482c05b12bb

        SHA1

        3555383fb27ef2cd329bcf41b2e8b6af522211b8

        SHA256

        513f90cc6dce31a9bac2a98db9aacda8eed5136117ad10b8c898cd7cab6e3260

        SHA512

        c773af128ac0ae6e0b030430767c821d3040dfb567111a955aa0acbd4ed416100cacfedcddcac4eed08609eabfcafe18af71fbd2a4fd636641553bf6e3f0ae04

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

        Filesize

        342B

        MD5

        c0b901f458a360d3939256a763b39126

        SHA1

        e4ec3bf8b7878ca2b62b797162636d48cecd8ecf

        SHA256

        e824e5cdd314552a0beb3720da0a49ce78e9e53697042496bcfe4a936631a596

        SHA512

        ec1957e32a3c86b17877e4d4dc87573a403ea304151799cf1a2d53405608de461a3e2c8d4b9f24a5be590942ae2d912e97a369444ad1ada40c0723b5ecdd5ad8

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

        Filesize

        342B

        MD5

        0a8fbe179893931469eef9262462bf2f

        SHA1

        a6c4d4d6227d6dbf17d3a5e6a1e2287268142b88

        SHA256

        15b5a5978acab78b01192da17a969469f0a41e0d3de95e974a27c1eab8539022

        SHA512

        e437ece8c57863f136b15bea5b8b56cd0291f8e6e8de11f89f653311be4cf835015f89b73da5a60cdd231a8f320f723ded4520e76a57fe543e8c1cea20275a27

      • C:\Users\Admin\AppData\Local\Temp\CabDB8.tmp

        Filesize

        68KB

        MD5

        29f65ba8e88c063813cc50a4ea544e93

        SHA1

        05a7040d5c127e68c25d81cc51271ffb8bef3568

        SHA256

        1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

        SHA512

        e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      • C:\Users\Admin\AppData\Local\Temp\TarE7B.tmp

        Filesize

        181KB

        MD5

        4ea6026cf93ec6338144661bf1202cd1

        SHA1

        a1dec9044f750ad887935a01430bf49322fbdcb7

        SHA256

        8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

        SHA512

        6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      • C:\Users\Admin\AppData\Local\Temp\n1s\nchdata.dat

        Filesize

        812KB

        MD5

        005d5b97295ac96859292adde20c0015

        SHA1

        d7e50a9d2dc2fb58494eab1e310a74e338fea4e9

        SHA256

        eb6351e3117b06a4676695e0f2dd9fcb6c6300230e8129004c7272b4661e2e87

        SHA512

        7f9e485f6e844168221663987d23b789d8ff1bfaf55fe3f7cb570f63a50ccffa4bd1a987e6519100d2ff9eee59fb016841f4aa26f0642c9c637ef49abd1e45ca

      • \Users\Admin\AppData\Local\Temp\n1s\nchsetup.exe

        Filesize

        3.3MB

        MD5

        280ebae987571740b6fcff4efc4954e1

        SHA1

        e2ff8f1114a6f124c8a0648c743d328300233df1

        SHA256

        08880eaf945a256fd568cceac581c1845ddfe11c5daf07aad8969a6069912124

        SHA512

        68f00509ada6f834b9061e8fbf62a252e0cd9b03583e681bfd5c965842c43889f5d76602b6e6501234ec40266ec37b786fd499f75ac2848ada99d230d4d51f9e

      • memory/3000-22-0x0000000000260000-0x0000000000261000-memory.dmp

        Filesize

        4KB