Malware Analysis Report

2024-09-11 07:34

Sample ID 240613-zd66vstdll
Target 2ba5bd19469ecf2b18845bb4556f10e257f8334809482d99129bd1f3ba1283ea
SHA256 2ba5bd19469ecf2b18845bb4556f10e257f8334809482d99129bd1f3ba1283ea
Tags
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

2ba5bd19469ecf2b18845bb4556f10e257f8334809482d99129bd1f3ba1283ea

Threat Level: Shows suspicious behavior

The file 2ba5bd19469ecf2b18845bb4556f10e257f8334809482d99129bd1f3ba1283ea was found to be: Shows suspicious behavior.

Malicious Activity Summary


Checks computer location settings

Deletes itself

Executes dropped EXE

Loads dropped DLL

Enumerates connected drives

Drops file in Program Files directory

Drops file in Windows directory

Enumerates physical storage devices

Unsigned PE

Runs net.exe

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

MITRE ATT&CK Matrix V13

Initial Access
TA0001
Execution
TA0002
Persistence
TA0003
Privilege Escalation
TA0004
Defense Evasion
TA0005
Credential Access
TA0006
Discovery
TA0007
Query Registry
T1012
Peripheral Device Discovery
T1120
System Information Discovery
T1082
Lateral Movement
TA0008
Collection
TA0009
Exfiltration
TA0010
Command and Control
TA0011
Impact
TA0040
Resource Development
TA0042
Reconnaissance
TA0043

Analysis: static1

Detonation Overview

Reported

2024-06-13 20:37

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 20:37

Reported

2024-06-13 20:39

Platform

win7-20240419-en

Max time kernel

149s

Max time network

121s

Command Line

C:\Windows\Explorer.EXE

Signatures

Deletes itself

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ba5bd19469ecf2b18845bb4556f10e257f8334809482d99129bd1f3ba1283ea.exe N/A
N/A N/A C:\WCH.CN\CH35XDRV\PCISETUP.exe N/A
N/A N/A C:\WCH.CN\CH35XDRV\SETUPX64\PCISETUP64.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ba5bd19469ecf2b18845bb4556f10e257f8334809482d99129bd1f3ba1283ea.exe N/A
N/A N/A C:\WCH.CN\CH35XDRV\PCISETUP.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\T: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\Q: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\N: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\I: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\G: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\E: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\Y: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\X: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\U: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\O: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\W: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\P: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\L: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\H: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\Z: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\V: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\S: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\R: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\M: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\K: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\J: C:\Windows\Logo1_.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\DVD Maker\de-DE\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ms\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\TextConv\de-DE\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateOnDemand.exe C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\css\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\TextConv\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\Windows Photo Viewer\en-US\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\fr-FR\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\be\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\sk\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\gl\LC_MESSAGES\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\EQNEDT32.EXE C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\ielowutil.exe C:\Windows\Logo1_.exe N/A
File created C:\Program Files\Microsoft Games\Solitaire\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\pa\LC_MESSAGES\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\js\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\css\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ast\LC_MESSAGES\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\Windows Photo Viewer\de-DE\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\js\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Common Files\DESIGNER\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\include\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\sd\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Google\Temp\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\DVD Maker\Shared\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\css\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Microsoft Synchronization Services\ADO.NET\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\Help\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\excelcnv.exe C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Sync Framework\v1.0\Runtime\x86\resources\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\en-US\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ja\LC_MESSAGES\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\css\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\jmc.exe C:\Windows\Logo1_.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\bs\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\TextConv\WksConv\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Windows Portable Devices\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\css\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\Google\Chrome\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.zh_CN_5.5.0.165303\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\ps\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\sm\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\css\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\tnameserv.exe C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\plugin2\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\_desktop.ini C:\Windows\Logo1_.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\rundl132.exe C:\Users\Admin\AppData\Local\Temp\2ba5bd19469ecf2b18845bb4556f10e257f8334809482d99129bd1f3ba1283ea.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2ba5bd19469ecf2b18845bb4556f10e257f8334809482d99129bd1f3ba1283ea.exe N/A
File opened for modification C:\Windows\rundl132.exe C:\Windows\Logo1_.exe N/A
File created C:\Windows\vDll.dll C:\Windows\Logo1_.exe N/A

Enumerates physical storage devices

Runs net.exe

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2424 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Temp\2ba5bd19469ecf2b18845bb4556f10e257f8334809482d99129bd1f3ba1283ea.exe C:\Windows\SysWOW64\cmd.exe
PID 2424 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Temp\2ba5bd19469ecf2b18845bb4556f10e257f8334809482d99129bd1f3ba1283ea.exe C:\Windows\SysWOW64\cmd.exe
PID 2424 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Temp\2ba5bd19469ecf2b18845bb4556f10e257f8334809482d99129bd1f3ba1283ea.exe C:\Windows\SysWOW64\cmd.exe
PID 2424 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Temp\2ba5bd19469ecf2b18845bb4556f10e257f8334809482d99129bd1f3ba1283ea.exe C:\Windows\SysWOW64\cmd.exe
PID 2424 wrote to memory of 3056 N/A C:\Users\Admin\AppData\Local\Temp\2ba5bd19469ecf2b18845bb4556f10e257f8334809482d99129bd1f3ba1283ea.exe C:\Windows\Logo1_.exe
PID 2424 wrote to memory of 3056 N/A C:\Users\Admin\AppData\Local\Temp\2ba5bd19469ecf2b18845bb4556f10e257f8334809482d99129bd1f3ba1283ea.exe C:\Windows\Logo1_.exe
PID 2424 wrote to memory of 3056 N/A C:\Users\Admin\AppData\Local\Temp\2ba5bd19469ecf2b18845bb4556f10e257f8334809482d99129bd1f3ba1283ea.exe C:\Windows\Logo1_.exe
PID 2424 wrote to memory of 3056 N/A C:\Users\Admin\AppData\Local\Temp\2ba5bd19469ecf2b18845bb4556f10e257f8334809482d99129bd1f3ba1283ea.exe C:\Windows\Logo1_.exe
PID 1044 wrote to memory of 2756 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2ba5bd19469ecf2b18845bb4556f10e257f8334809482d99129bd1f3ba1283ea.exe
PID 1044 wrote to memory of 2756 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2ba5bd19469ecf2b18845bb4556f10e257f8334809482d99129bd1f3ba1283ea.exe
PID 1044 wrote to memory of 2756 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2ba5bd19469ecf2b18845bb4556f10e257f8334809482d99129bd1f3ba1283ea.exe
PID 1044 wrote to memory of 2756 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2ba5bd19469ecf2b18845bb4556f10e257f8334809482d99129bd1f3ba1283ea.exe
PID 3056 wrote to memory of 2616 N/A C:\Windows\Logo1_.exe C:\Windows\SysWOW64\net.exe
PID 3056 wrote to memory of 2616 N/A C:\Windows\Logo1_.exe C:\Windows\SysWOW64\net.exe
PID 3056 wrote to memory of 2616 N/A C:\Windows\Logo1_.exe C:\Windows\SysWOW64\net.exe
PID 3056 wrote to memory of 2616 N/A C:\Windows\Logo1_.exe C:\Windows\SysWOW64\net.exe
PID 2616 wrote to memory of 2752 N/A C:\Windows\SysWOW64\net.exe C:\Windows\SysWOW64\net1.exe
PID 2616 wrote to memory of 2752 N/A C:\Windows\SysWOW64\net.exe C:\Windows\SysWOW64\net1.exe
PID 2616 wrote to memory of 2752 N/A C:\Windows\SysWOW64\net.exe C:\Windows\SysWOW64\net1.exe
PID 2616 wrote to memory of 2752 N/A C:\Windows\SysWOW64\net.exe C:\Windows\SysWOW64\net1.exe
PID 2756 wrote to memory of 1144 N/A C:\Users\Admin\AppData\Local\Temp\2ba5bd19469ecf2b18845bb4556f10e257f8334809482d99129bd1f3ba1283ea.exe C:\WCH.CN\CH35XDRV\PCISETUP.exe
PID 2756 wrote to memory of 1144 N/A C:\Users\Admin\AppData\Local\Temp\2ba5bd19469ecf2b18845bb4556f10e257f8334809482d99129bd1f3ba1283ea.exe C:\WCH.CN\CH35XDRV\PCISETUP.exe
PID 2756 wrote to memory of 1144 N/A C:\Users\Admin\AppData\Local\Temp\2ba5bd19469ecf2b18845bb4556f10e257f8334809482d99129bd1f3ba1283ea.exe C:\WCH.CN\CH35XDRV\PCISETUP.exe
PID 2756 wrote to memory of 1144 N/A C:\Users\Admin\AppData\Local\Temp\2ba5bd19469ecf2b18845bb4556f10e257f8334809482d99129bd1f3ba1283ea.exe C:\WCH.CN\CH35XDRV\PCISETUP.exe
PID 2756 wrote to memory of 1144 N/A C:\Users\Admin\AppData\Local\Temp\2ba5bd19469ecf2b18845bb4556f10e257f8334809482d99129bd1f3ba1283ea.exe C:\WCH.CN\CH35XDRV\PCISETUP.exe
PID 2756 wrote to memory of 1144 N/A C:\Users\Admin\AppData\Local\Temp\2ba5bd19469ecf2b18845bb4556f10e257f8334809482d99129bd1f3ba1283ea.exe C:\WCH.CN\CH35XDRV\PCISETUP.exe
PID 2756 wrote to memory of 1144 N/A C:\Users\Admin\AppData\Local\Temp\2ba5bd19469ecf2b18845bb4556f10e257f8334809482d99129bd1f3ba1283ea.exe C:\WCH.CN\CH35XDRV\PCISETUP.exe
PID 1144 wrote to memory of 2668 N/A C:\WCH.CN\CH35XDRV\PCISETUP.exe C:\WCH.CN\CH35XDRV\SETUPX64\PCISETUP64.EXE
PID 1144 wrote to memory of 2668 N/A C:\WCH.CN\CH35XDRV\PCISETUP.exe C:\WCH.CN\CH35XDRV\SETUPX64\PCISETUP64.EXE
PID 1144 wrote to memory of 2668 N/A C:\WCH.CN\CH35XDRV\PCISETUP.exe C:\WCH.CN\CH35XDRV\SETUPX64\PCISETUP64.EXE
PID 1144 wrote to memory of 2668 N/A C:\WCH.CN\CH35XDRV\PCISETUP.exe C:\WCH.CN\CH35XDRV\SETUPX64\PCISETUP64.EXE
PID 3056 wrote to memory of 1188 N/A C:\Windows\Logo1_.exe C:\Windows\Explorer.EXE
PID 3056 wrote to memory of 1188 N/A C:\Windows\Logo1_.exe C:\Windows\Explorer.EXE

Processes

C:\Windows\Explorer.EXE

C:\Windows\Explorer.EXE

C:\Users\Admin\AppData\Local\Temp\2ba5bd19469ecf2b18845bb4556f10e257f8334809482d99129bd1f3ba1283ea.exe

"C:\Users\Admin\AppData\Local\Temp\2ba5bd19469ecf2b18845bb4556f10e257f8334809482d99129bd1f3ba1283ea.exe"

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\$$a1094.bat

C:\Windows\Logo1_.exe

C:\Windows\Logo1_.exe

C:\Windows\SysWOW64\net.exe

net stop "Kingsoft AntiVirus Service"

C:\Users\Admin\AppData\Local\Temp\2ba5bd19469ecf2b18845bb4556f10e257f8334809482d99129bd1f3ba1283ea.exe

"C:\Users\Admin\AppData\Local\Temp\2ba5bd19469ecf2b18845bb4556f10e257f8334809482d99129bd1f3ba1283ea.exe"

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"

C:\WCH.CN\CH35XDRV\PCISETUP.exe

"C:\WCH.CN\CH35XDRV\PCISETUP.exe"

C:\WCH.CN\CH35XDRV\SETUPX64\PCISETUP64.EXE

C:\WCH.CN\CH35XDRV\SETUPX64\PCISETUP64.EXE

Network

N/A

Files

memory/2424-0-0x0000000000400000-0x0000000000434000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$a1094.bat

MD5 90c5b64cf41b33d85c6282da9311d550
SHA1 60823d4b39a036c46fd825581bde4deb25033e7b
SHA256 926ebb4ed4df3ea47bd025c5c7969fede855342221a3254a2ed34a427744885b
SHA512 c10aa258c2a1a0d6b102319100d217ee4cccb4d4a0357881cdacb9e2b2ed8d94a2faa0bb22e0a7b5f9337351c0361f5d982c0aa1bdd765f4955d8033f38cf36d

C:\Windows\Logo1_.exe

MD5 3970b82194d39a25c2c7c3ebe60fedbf
SHA1 561083ce76e404179db9bb5cac33903826c8fa57
SHA256 03a9b73107ee5c40a948f0ba8d858d6218e4512e58185731f1597f5277ce6c6e
SHA512 95241c0f75267a9c308473274967f515179583bd46ccc404366f72dd9203611e27878060c66d7d5962fe27a33bfb6c37c176d5f244dc1c0e17543c9fdccfb9c8

memory/2424-18-0x0000000000400000-0x0000000000434000-memory.dmp

memory/2424-17-0x00000000003B0000-0x00000000003E4000-memory.dmp

memory/2424-16-0x00000000003B0000-0x00000000003E4000-memory.dmp

memory/3056-20-0x0000000000400000-0x0000000000434000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\2ba5bd19469ecf2b18845bb4556f10e257f8334809482d99129bd1f3ba1283ea.exe.exe

MD5 d80d575a6276df9481def2de49481ca9
SHA1 fcf09f99d54c6931cf1f3e1d77f902528c39fb53
SHA256 0965e9211f47953fede4d9d7c8b929fced504f7e0414b1974cae5865fbb589cd
SHA512 6210f6347519da1eb193456894ab6046687daacc3a806bada241fff4eb86a64bdac4d7ccbb856dd470d60435f5cc727b474fdf566e48442930c4677829d257c7

memory/2756-29-0x0000000000400000-0x0000000000422000-memory.dmp

memory/1044-28-0x0000000000400000-0x0000000000422000-memory.dmp

C:\WCH.CN\CH35XDRV\DRV_1S\LINUX\driver\Makefile

MD5 4000e89ad881618d5e37cafed258b160
SHA1 0ca2c559210a0a9882f245bfc0dbfaa9a4698d81
SHA256 51ca017fc0f8e82e1676b96cb49e20f9c043365b05606cb492c3e1472a327919
SHA512 9c5873921e49c656f7da4e21c8ba91011bac3a3c1c7b391b7d840eaae5c1756d55ab2dd3d7fd17f5ea5c475342984cfa9471c3a0c13e72797378f8a0ad0c2a6b

C:\WCH.CN\CH35XDRV\DRV_1S\LINUX\driver\wch_common.h

MD5 e517de7ae80aa821aa829618134a73a4
SHA1 1e1bb3f75c3c9419eacdb17f26f58c00fe086bfe
SHA256 eb60ecc7e88f391bc8b85ac4496621eda2d18e0ac63d623ff8fd54be912c6aed
SHA512 06fb0a7d87ff1ddf64020a93051f60f0681112e22c7d88e925b1ed7181d6d7f48eef7603980262c7052d93ab62f1a2e0f72df67693641b8d7c807a65be20c157

C:\WCH.CN\CH35XDRV\DRV_1S\LINUX\driver\wch_devtable.c

MD5 3ab1fd41d4c4e758804a755b83c37a75
SHA1 bf426ef76a1bb7e537cbabd608f2ef2e736cdebd
SHA256 4029308edef2854a22530978ff6c8d58db2486c944cb634cea3ccff13affdfee
SHA512 e2cfcbc0ebc355176dbaa82e3e841b0d67cd78d0d90d84b965b0293b3f6674685e20a6ea82581cb4f4577df94a5af2db20593141ff79bae9beccb4e40d574b8c

C:\WCH.CN\CH35XDRV\DRV_1S\LINUX\driver\wch_main.c

MD5 8cf4509f8ba9771e19653cf73e1f94ef
SHA1 cae3b245c110a64e9f0a5171505794ee0659129b
SHA256 a8514494e7ed68a681828deb85b8c3768895fcd32a254b3862fad68e28179d76
SHA512 5fb25643cebf1d126eaf910ce76351513737588117a54cc76d5094cad96dfefdb2b15a346b7b64e5b3aa9dff963e1fe86d3cfb6267f9b79b69ad8a45a18d95ac

C:\WCH.CN\CH35XDRV\DRV_1S\LINUX\driver\wch_serial.c

MD5 f0b32332193e085f591a2ff5e59b2149
SHA1 eff36228d7dc8e93d194d0504c86e6a5afb38e98
SHA256 8168d5c6dc15a7eac1feedee1e2670f4c3618fe20f19148a699f4fb280223885
SHA512 fdb89153211b8ba3ffa0cef0c7450a79fd6a5b0a09aec0b5ae5d8590f593db3f79e1832fa607f81877569b33ffa16fafb0fc88b6012bb8fe851644b4fb4f9bb4

C:\WCH.CN\CH35XDRV\DRV_1S\LINUX\wchdump\Makefile

MD5 a70f3ae3e831640d393704f1a27c129c
SHA1 374d428408f27c8a70c239a504b4aa82bca1c099
SHA256 82eb4b7cf01cef21acf5a5fd6ee01a9d36f7a34cfcbab160beca5e4635631edb
SHA512 2663eb796fd415ea8e3724ced065fc4747f814065f440b7d4cef329cb06a5c3aaf8b4ab90db4d08f86c4f5fde61199bed93e28fc64ece270abb6b5c3148a480f

C:\WCH.CN\CH35XDRV\DRV_1S\LINUX\wchdump\wchdump.c

MD5 21af2f821f93eb28a1c0fab5f12c6979
SHA1 9938dae45dbf1bbf665277d8370268f732782686
SHA256 98025085756932a1e3ad4e47ff5b8a263588c3e7e47789a861b6d62784eb7155
SHA512 1fff951bb97a6b73fa34c92114fa2237ff9e3db1e24f36872fcd6874385658ce4c626507660d305f47748eed62fc7a87809c04440814524f5db996724a4d66de

C:\WCH.CN\CH35XDRV\DRV_1S\LINUX\wchmknod\wchmknod

MD5 475e7de188dbd64839b9b0dbcbacf450
SHA1 7642935ac508d5bbe2887bff4d98c2e6b93e2cd0
SHA256 308a66416394124463dec29c138f24a57d7b0e2b79a59619dc4551b5ff52d0c3
SHA512 9db8654e538286e643e7cef5786f198b2c94a158e3789cfd4063b11d448e73475d55b9c2b587721a214d2e6633baf04c626c32167c6c9ff787e8265b1b7bb886

C:\WCH.CN\CH35XDRV\DRV_1S\LINUX\wchterm\Makefile

MD5 524540c7ce53746b7725a157fb54a07a
SHA1 2fb00d78be780a7aa7803379d2fcbf3bb261366d
SHA256 80368b581e178c46c2433e2104ada5055557512c6a52d5551d5d1289fad77cdc
SHA512 3f0d8c581c02e5616b86c559905363e41c38431972087870f51b4365a9399dd25625f648da9220378f56de9b68a560cfd979cf6631e9fad25a9e22d93a0ef333

C:\WCH.CN\CH35XDRV\DRV_1S\LINUX\wchterm\wchterm.c

MD5 99c11200c47af0abf9f144e0bb97d3a1
SHA1 21405cb4daa7a4fce306f2b87036527e18fda1f9
SHA256 50558006d260bdd4224977019617f02f05209ed0bfa70b4652f0d683592e670a
SHA512 41164dfc59eec11f2a2178553561279744ff7ef93e67b3fd11004ad0e0e47a1b1b1bbce8b630b28d928a3b3ab89eb214c68c128282761507356884335c105c9b

C:\WCH.CN\CH35XDRV\DRV_1S\LINUX\wchterm\wchterm.h

MD5 0b51548b16e322c0cdfb58a9b6a2d2e5
SHA1 acfdd51a3bca241ead35b00a73cda0b78edfc867
SHA256 106203829fe3a81daceda8d76df9f88aae3934e6802c672e28ba08ec176aa4fc
SHA512 63d24f7647c97d45c7d7edac7b8191682fd07f719271ae70796ea8b6877d9cd653e6289d898947d4bb34ef80073651569247a056967e68a8c1f5a19197266c7f

C:\WCH.CN\CH35XDRV\DRV_1S\LINUX\Makefile

MD5 b529ac382c29f9f654e067caee0753a8
SHA1 6ebe96bea5e1131adae535c5515ea03b363c4605
SHA256 cda1ad01c9be377a982ef2eab791fc0d15add3e2d7ceebf863b50e39b86d6c2d
SHA512 9ad7a6d2ac109f94d54d18396f25ef2918be6517e4039423cc21f26475dab3bdb06a9770dd1aa0466e20ce5783f96540b3f1f2c19b4624500ec6ef3ba4b6f044

C:\WCH.CN\CH35XDRV\DRV_1S\LINUX\README

MD5 8d09c1caedb43a235889033c6538d4eb
SHA1 4051702f4faf9e2ededca39686cbd30455140453
SHA256 9d90cf2794f5ce5ac1b73aafeef3d00789694d3126915bbdd61eb0a3e8803c1a
SHA512 c35ff01c594dbeb7f88174833910290f1ca80f690a7cc84004acaa814c2a26c57aaecf277fe831a9da76d94f340103d5fc06fade41d08dda65fd07dcf8bd573f

C:\WCH.CN\CH35XDRV\DRV_2S1P\DOS\readme.txt

MD5 15f3b645f38cdd8a5765e32c995eb063
SHA1 80cf7ad58a164fbcf2ecbe0e8c2b3aabe3b7aa1a
SHA256 f7d224d9c878cddd281fb52f0ea92d1e5fce2fe44d6f7495326d480cab798892
SHA512 722f26a41538986fe1ef46b7a571da93c4c5c167d6b5b7873c6221f781752c2493d22ff8f91fc32d02f820eacef8bb7dcdcd2c1b59fdbeea044464a1ebcb4cab

C:\WCH.CN\CH35XDRV\DRV_2S1P\DOS\CH35XDOS.EXE

MD5 f71825cca9835a562d3f13f616909725
SHA1 d3a72ef3cfec445dc1ea435e02bb6a0e8864bd82
SHA256 2e4ab626d94519bb9e9560fe450aa92904134174a8398691412be1032435e8a8
SHA512 8d0b25a2add238c65112e2bd44925c84559643bab9b54dfc6866edcff027dc5aab99724ed133acc467f72a5dcb4d6f7bf034aebbc4b4d24893e237a3d6579f10

C:\WCH.CN\CH35XDRV\DRV_2S1P\WIN 8\CH35XDRV.INF

MD5 ac1b0e19e1131a7e6dcc76cf68160839
SHA1 15d2c8eb81a28673b7da36e28449495e3890e374
SHA256 e6ce1b22607c95c16d46355318a5836427084f040b90030a1c84b995a78a4212
SHA512 63931191249c728ff3856102054e2f7eade5b99a43b46b1e559c3266a961e1d5d0133de1c25e30287a997a1dc7a5b6d255547112be012507c976e85bb8152c1b

C:\WCH.CN\CH35XDRV\DRV_2S1P\WIN 8\PORTS.INF

MD5 7ce9c774bf9ae1abb214f56ec26796a2
SHA1 3bf83e8a275b59a7134fe2aa76de2baaaa02256d
SHA256 a3afe7e991ab7c7c63fb545eabfe16bd973187fc0c7c89193f16d0abd881507b
SHA512 d827e853a30d3366d144a0d44b5397333df48eeb17e8fa2fdd881472e35333d32827d2566400e18741fddbf3766d01f639077f1ffa0ce1cd5550327724cb41a9

C:\WCH.CN\CH35XDRV\DRV_2S1P\WIN 8\ch35xdrv.cat

MD5 f48ef73640945dc1746c47380fa75b76
SHA1 330a060ff200b61cc852a3976dd9d2fb4a1b21ae
SHA256 c51328a5bd51435d4f301008dcb8e6249c563742b285f67d65b3f74bb15161ed
SHA512 35dd7314dcc195c933ba61de20286c7ba269c37f6fb69f16bfd0eba07026452052343113e2be67ddb7f2150c8673caa43d421b9f27531c6706f3a31b89a7fba3

C:\WCH.CN\CH35XDRV\DRV_2S1P\WIN 8\ports.cat

MD5 4877acf3848d7440270d7e4d013f45fa
SHA1 a7f83e3d5b3b62b6ab8df3de0083e2ff9b96a1be
SHA256 075060dbbc2fef8e90ab7b672fe1fe63fdf830730120e7e5cf17c4c6a0817e7a
SHA512 e842abdcc69bc5b84e6a78c3c9acbbbec608ddb50aafeedf3914cd4604788dc3ce31300c0ac7733b2239809ee3395637b034d369b933a49caae3dd18d05d7733

C:\WCH.CN\CH35XDRV\DRV_2S1P\WIN 98&NT40\PORTS.INF

MD5 ff0a808ce8768ca5f6e34b23815fb473
SHA1 47dbb9cd034ad18def073c3559fb43623a24df8b
SHA256 af8b6b060338638048eaec5cbb0ca7f0c5f2e41da03cdb2e9fb05217f95f6e4b
SHA512 a7d0c060fa34095a10a434e33b9c03cc2c872560d8799645ccf9ef16efa7d09d3380f49b6c4b0243ee01c35680d0c7e389d39e12417a6d14ae845e58bfd20401

C:\WCH.CN\CH35XDRV\DRV_2S1P_RA\WIN 98&NT40\CH35XDRV98.INF

MD5 deb11bf3b326d4c5093e8b3d949dede6
SHA1 c26e331921518bb9a8914ab77a11d9234eb83994
SHA256 3e95b42046ef6ca36c7bc002e998b472c8b4d5ab2757b8c9f4a4ade2005b9963
SHA512 7a9f44c2aedf836594d3225348bb435f8d72c751b6c70ddfe3c29a8538031cb408d704791e7609ee0c43003339ca32c28668faeef10dc866c1f498416a1b3a75

C:\WCH.CN\CH35XDRV\DRV_2S1P_RA\WIN 2000\CH35XDRV2K.INF

MD5 3695f2bb75858a74412237417bab86f4
SHA1 d298972743f2661d21b6a451ed93b60f456abdec
SHA256 1524ba82267ff873978902bc4d5e8611fceab2d299210eec9dbd6a94afe2b1d9
SHA512 ef61495db43398ba83e281c4fe2447a5e6ae98fd6a9fa3b4d5583ed8e4ff398d2eb52addd1db49aaf0e14f75d06db5e1222a1a201294899fa77bd78f880ad56c

C:\WCH.CN\CH35XDRV\DRV_2SA\WINDOWS\WCHPPar.sys

MD5 c776c697323d964d05ce0f012418238d
SHA1 8362771b77e79439091abea5bf80b1ec6be984f7
SHA256 412be5812440419596036573c91a4d610883296bd74dcaedc85fe8a2c513400a
SHA512 f978de5a5cd7fe0de09f44f8c3a826331552db0425f44464a60a64f2336c3ab0d6845322aae86b71640dae9ce154bb362e051d9fa159a6f4ac07172ae606e3de

C:\WCH.CN\CH35XDRV\DRV_2SA\WINDOWS\WCHPSER.sys

MD5 66371ea97695a8791ab85dee36cf498e
SHA1 ee54c93d3abe20ca6b1321e9c96c8d1ce06d0d64
SHA256 901b654ce4daa20057d2bd736d43fcc46ccfcdd3c288f030437c0cee9effad94
SHA512 db5cdb968c69da21300744ecf2ef27c7700282e095c5fa7e63d24a4f3f14b022a714889d3656de385a35fabe7003be43912974cce8455cb94f21445213719f21

C:\WCH.CN\CH35XDRV\DRV_4S1P\WIN 2003&XP&VISTA&2008&7\wchports.dll

MD5 a8d0ee74e2a2006364c71e3786f679ab
SHA1 20fe9b537cf78a16459a90c48fee9bde022294ad
SHA256 969a3930e8626c4c0d5c5b1343c797df02b24d8a72b4d53d4def28285efd9acd
SHA512 60aeecc24394ffa48dfe86e1ba92ec7d04f85550f4f508779404b9d173880a53ab2ead98e1134560055c0bf5d5505048953d6e02a9aae9b4a5f506a0eb3cb56f

C:\WCH.CN\CH35XDRV\DRV_4S1P\WIN 2003&XP&VISTA&2008&7\PCISER.sys

MD5 ecf1ffecb7943ee602febbcc2b49d2ca
SHA1 0960d5e5c23fb0047b8e623d9c3c89b6c1022c7b
SHA256 a9ef2e8bf93c61b627ad58c8f6386ed77eb4e9cd92013cb2d987d5fb3dbd3ebc
SHA512 9b43411336b37e63250c8c9eae65272d01212cacd259369fb5d0961bf74b0766b8e3370554e0e6635f75e0d1efd0b1bc5ace6c62092554b67d9385d950f4431d

C:\WCH.CN\CH35XDRV\DRV_4S128\WIN 8\MPORTS.INF

MD5 f734e23c3072fbeef413aff8df5cbf91
SHA1 3f2812653e78c156c4cd5547c54623436c6a2554
SHA256 ecf3b81e5333a14a54b9974887e843ee773220329a947e0aa2f8ea419baa1424
SHA512 045bf247e731d14f599e66e0a671a3250ea27af73deaf3dcbb4ebbe1b381ee06d9c912a7aeb26e8cdb876b6dd4cce5b59cbcf69c27d58ca33c47395e8b5b3e39

C:\WCH.CN\CH35XDRV\DRV_4S128\WIN 8\PCISA64.sys

MD5 54b4b1aeea5362e2a12ef833d7bea1cb
SHA1 f329d617fd837d129935cbf5d6b64b013bd1ba9e
SHA256 e45db49b5bcd3793c974c3d9665f985ba5d2062161cc9969870317bf086290be
SHA512 049f38ff3621d1abec0a5508071ccd434b9c1b981f993f9e9463e3edbba61c42c818016e03bad870d4cafbad40126e0cda174f7dbdce36c80a8281a7b57c49d3

C:\WCH.CN\CH35XDRV\DRV_4S128\WIN 8\wchports64.dll

MD5 f06c6675540498777a2bf974ade4efeb
SHA1 8e67b8f1952c2375cee66bbb109418f712504ce6
SHA256 510556577e28896f16363d90d11b3f21decc173c8e963e6d3171ea4f21a188cd
SHA512 7ef8817cbbab0160d333426439b25db2ddc4786063040360273dd63b0d94ce2d0208c8c3d97839261e6cedac1ce93c72658020872c4617a63f5fc2c066a28811

C:\WCH.CN\CH35XDRV\DRV_6S\WIN 98&NT40\PCIMF.VXD

MD5 33e7f2dfb324f5ded5e1b29c5248a9ea
SHA1 59283d2a37ee4f0dd51765ba1e0b2ecd20c41f28
SHA256 429caeb0b92b67e8d7dda6b374ed3ee18b2c263d376756e6779ef833a3cb1fe0
SHA512 c2390c2fec6e5e29be429e75e8680c02e5d5bf06354ef1d8670daada7745b0a0c23e7d7b48509da7ed69a940231f2c067e608c5ac2122c0a1fcfdf408cc24db7

C:\WCH.CN\CH35XDRV\DRV_6S\WIN 98&NT40\PCIPORTS.DLL

MD5 f92d1e09a5fabde503b4289091d739ff
SHA1 949c9db670ee977a971a6ad2168f675693139661
SHA256 0474082e9274089b11abf9671cae5c806446ad785c1d8a1491faf4d98bd7ad2d
SHA512 8cf49c99d005b8fad6907f6e24678d2916bdf28150dcc70c51ed670d0aedb9a4ed3d5fdd44e0b3dd0e2c036d1e711100040ee3587a59bcda1e6ad21d578430bf

C:\WCH.CN\CH35XDRV\DRV_6S\WIN 98&NT40\PCISER.VXD

MD5 40f7bd01cbe9e74154f68240a530ed7d
SHA1 7de548485c64ebbf2c3410baabac29de904cccb5
SHA256 067dc6004bf861f84219ffd5152b7b5ace7e9efdd765954bf4c910e5203a2e52
SHA512 8d2b9e16253f7ab0f92f4d9506ca5d76729ed56734c2f117f5ef203f8e528a8f47b0e212a45821e64f24434024b8228a38e58f4fd7039da1d517212a31c8639b

C:\WCH.CN\CH35XDRV\DRV_6S\WIN 98&NT40\MPORTS98.INF

MD5 35f26d74089c96ca9b6c12b42043a4ab
SHA1 037e8dbc5050e1434ef8f4b5fbd4a889577fd110
SHA256 67b9552b7352d8511f1fe299ff28c1ae3e55a3b5e79ac34ec76f944f52de377b
SHA512 b47783a4a5f23d4ddd046f8c146b8b1e7bd088b68e7c545de90e03a747d8fe8969922400b295de82fa802458d85e83c8f586b9237017cd4c3d70b19f648abd82

C:\WCH.CN\CH35XDRV\DRV_6S\WIN 2000\MPORTS2K.INF

MD5 09ae8ab3264b718228ccf35d8eb28604
SHA1 880c959c2ddd0a4ddbb886b395aca43dd0564db8
SHA256 390d70a64b0bc097d46407d13d2e05756337cee6563a3e4bdf263161c3c06a86
SHA512 806460b889ed8ab51810995b0c10c498ac692c45988f5eca038d9bf9dd1dd9517a664ccad121874be441172257da5a3f9297b41e47e9942e67bc3755eee153ce

C:\WCH.CN\CH35XDRV\DRV_6S\WIN 2000\PCIPAR.sys

MD5 9deb2d3ef76ef5e6724909e5dcecee86
SHA1 8aa0faa036bfcfddd15a5932bdced924c291ea90
SHA256 97a2391ba11678aa97464604fb10488115fdacd89c64c9c53e4b9d58ad6f154c
SHA512 ac1f7f69589a05706d40ecb41091eedc0979176284db76c910a286ea3833944499cb9038fc99fc9a429069d1f0bd9a4e33f56e4facb04a6f19dd1696080cb5ba

\WCH.CN\CH35XDRV\PCISETUP.exe

MD5 41e227f462e2290728951d604c50fbe3
SHA1 f833b3995083ba87bff9982029f1ab914e82caae
SHA256 1ad33b6a8c4cf9f9eab5247ba6a29a57a8819cc0d5c94d3f24795db11bddf005
SHA512 f215a7b6ac911ff910779afabae48d5641c153b63610e1ae04b42ad3b7f0500267cfe56f131d63d52e97d680ce27c929a2b8fd4e9a18bf239838bed01f0200ad

memory/2756-856-0x0000000000400000-0x0000000000422000-memory.dmp

\WCH.CN\CH35XDRV\SETUPX64\PCISETUP64.exe

MD5 c3c89a1d40d4065d9d1765aaf4cf272b
SHA1 83eec389b888ac4dca7c8209eb13cbb90978e16e
SHA256 abf69f1a32247db43a90bc42c1aa1adde393b07ccd136554342d038f9f895fea
SHA512 04957ec7c50e8c026d6b46138c9883af147b25452a5f75ae497a2f90fa7622962d7d5294790b40bfbabfe57b7b016f63e5aedce4ff207c52bdaff84878337ba6

memory/1188-862-0x0000000002580000-0x0000000002581000-memory.dmp

memory/3056-865-0x0000000000400000-0x0000000000434000-memory.dmp

F:\$RECYCLE.BIN\S-1-5-21-481678230-3773327859-3495911762-1000\_desktop.ini

MD5 4f2460b507685f7d7bfe6393f335f1c9
SHA1 378d42f114b1515872e58de6662373af31ab8c7b
SHA256 47a22297ce31d17b0f37251ce63cf2eb146700451caab6dd0aa710d2526c8e42
SHA512 75dcca6b81ac47511b847a5c35be4bddbee425436f7bfd1347115e18b84f52a16a5c517bda0a5f5d0a1f2541aab80d764932d8018538cb112fa3b6c9977e95eb

memory/3056-872-0x0000000000400000-0x0000000000434000-memory.dmp

memory/3056-878-0x0000000000400000-0x0000000000434000-memory.dmp

memory/3056-924-0x0000000000400000-0x0000000000434000-memory.dmp

memory/3056-930-0x0000000000400000-0x0000000000434000-memory.dmp

memory/3056-1487-0x0000000000400000-0x0000000000434000-memory.dmp

memory/3056-2707-0x0000000000400000-0x0000000000434000-memory.dmp

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

MD5 c40235c44f2e38e85b9d25338d156874
SHA1 427e8bdb6b58b0444247625e6f73e78e2956b0b7
SHA256 85e906ca9c2ad5e1213033ce4af9e98210dfdd6e81d7ff55efe279373725f8b2
SHA512 c6f16c24a7b72eca9962ca8c8f732470b4f33f858fb7234655a5f4556ba831715e5e9672ccce682edc80f9799052b825330a967e13000aa01bcabbc8b450fabc

memory/3056-3225-0x0000000000400000-0x0000000000434000-memory.dmp

memory/3056-4167-0x0000000000400000-0x0000000000434000-memory.dmp

C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe

MD5 4cfdb20b04aa239d6f9e83084d5d0a77
SHA1 f22863e04cc1fd4435f785993ede165bd8245ac6
SHA256 30ed17ca6ae530e8bf002bcef6048f94dba4b3b10252308147031f5c86ace1b9
SHA512 35b4c2f68a7caa45f2bb14b168947e06831f358e191478a6659b49f30ca6f538dc910fe6067448d5d8af4cb8558825d70f94d4bd67709aee414b2be37d49be86

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 20:37

Reported

2024-06-13 20:39

Platform

win10v2004-20240226-en

Max time kernel

153s

Max time network

157s

Command Line

C:\Windows\Explorer.EXE

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\2ba5bd19469ecf2b18845bb4556f10e257f8334809482d99129bd1f3ba1283ea.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ba5bd19469ecf2b18845bb4556f10e257f8334809482d99129bd1f3ba1283ea.exe N/A
N/A N/A C:\WCH.CN\CH35XDRV\PCISETUP.exe N/A
N/A N/A C:\WCH.CN\CH35XDRV\SETUPX64\PCISETUP64.EXE N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\V: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\T: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\N: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\H: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\E: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\W: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\S: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\Q: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\O: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\I: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\Y: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\P: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\M: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\L: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\K: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\J: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\Z: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\X: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\U: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\R: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\G: C:\Windows\Logo1_.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\Win10\Classic\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\fi-fi\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\eu-es\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\WidevineCdm\_platform_specific\win_x64\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\Installer\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\plugins\access_output\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\uk-ua\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\fr-fr\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\en-il\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\ro-ro\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\commerce\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\nb-no\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\WindowsPowerShell\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\hu-hu\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\ResiliencyLinks\identity_proxy\win10\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ru\LC_MESSAGES\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\mux\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\es-es\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\css\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\he-il\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\fr\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\ja-jp\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\de-de\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\ssvagent.exe C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\gd\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\uk\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\id-ID\View3d\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\node_modules\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\fr-ma\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\zh-tw\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example3.Diagnostics\2.0.1\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\fr\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_neutral_split.scale-150_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\LiveTile\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\nb-no\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\sl-si\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\ResiliencyLinks\Trust Protection Lists\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\ENU\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\zh-tw\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\js\nls\nl-nl\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\he-il\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\themes\dark\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_neutral_split.scale-200_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account-select\css\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\da-dk\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\da-dk\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\js\nls\es-es\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\uz\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\pt-br\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Common Files\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\typing\bubble\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files-select\css\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\hu-hu\_desktop.ini C:\Windows\Logo1_.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\rundl132.exe C:\Windows\Logo1_.exe N/A
File created C:\Windows\vDll.dll C:\Windows\Logo1_.exe N/A
File created C:\Windows\rundl132.exe C:\Users\Admin\AppData\Local\Temp\2ba5bd19469ecf2b18845bb4556f10e257f8334809482d99129bd1f3ba1283ea.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\2ba5bd19469ecf2b18845bb4556f10e257f8334809482d99129bd1f3ba1283ea.exe N/A

Enumerates physical storage devices

Runs net.exe

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2100 wrote to memory of 2236 N/A C:\Users\Admin\AppData\Local\Temp\2ba5bd19469ecf2b18845bb4556f10e257f8334809482d99129bd1f3ba1283ea.exe C:\Windows\SysWOW64\cmd.exe
PID 2100 wrote to memory of 2236 N/A C:\Users\Admin\AppData\Local\Temp\2ba5bd19469ecf2b18845bb4556f10e257f8334809482d99129bd1f3ba1283ea.exe C:\Windows\SysWOW64\cmd.exe
PID 2100 wrote to memory of 2236 N/A C:\Users\Admin\AppData\Local\Temp\2ba5bd19469ecf2b18845bb4556f10e257f8334809482d99129bd1f3ba1283ea.exe C:\Windows\SysWOW64\cmd.exe
PID 2100 wrote to memory of 5036 N/A C:\Users\Admin\AppData\Local\Temp\2ba5bd19469ecf2b18845bb4556f10e257f8334809482d99129bd1f3ba1283ea.exe C:\Windows\Logo1_.exe
PID 2100 wrote to memory of 5036 N/A C:\Users\Admin\AppData\Local\Temp\2ba5bd19469ecf2b18845bb4556f10e257f8334809482d99129bd1f3ba1283ea.exe C:\Windows\Logo1_.exe
PID 2100 wrote to memory of 5036 N/A C:\Users\Admin\AppData\Local\Temp\2ba5bd19469ecf2b18845bb4556f10e257f8334809482d99129bd1f3ba1283ea.exe C:\Windows\Logo1_.exe
PID 5036 wrote to memory of 4768 N/A C:\Windows\Logo1_.exe C:\Windows\SysWOW64\net.exe
PID 5036 wrote to memory of 4768 N/A C:\Windows\Logo1_.exe C:\Windows\SysWOW64\net.exe
PID 5036 wrote to memory of 4768 N/A C:\Windows\Logo1_.exe C:\Windows\SysWOW64\net.exe
PID 4768 wrote to memory of 5016 N/A C:\Windows\SysWOW64\net.exe C:\Windows\SysWOW64\net1.exe
PID 4768 wrote to memory of 5016 N/A C:\Windows\SysWOW64\net.exe C:\Windows\SysWOW64\net1.exe
PID 4768 wrote to memory of 5016 N/A C:\Windows\SysWOW64\net.exe C:\Windows\SysWOW64\net1.exe
PID 2236 wrote to memory of 2352 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2ba5bd19469ecf2b18845bb4556f10e257f8334809482d99129bd1f3ba1283ea.exe
PID 2236 wrote to memory of 2352 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2ba5bd19469ecf2b18845bb4556f10e257f8334809482d99129bd1f3ba1283ea.exe
PID 2236 wrote to memory of 2352 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\2ba5bd19469ecf2b18845bb4556f10e257f8334809482d99129bd1f3ba1283ea.exe
PID 5036 wrote to memory of 3188 N/A C:\Windows\Logo1_.exe C:\Windows\Explorer.EXE
PID 5036 wrote to memory of 3188 N/A C:\Windows\Logo1_.exe C:\Windows\Explorer.EXE
PID 2352 wrote to memory of 3872 N/A C:\Users\Admin\AppData\Local\Temp\2ba5bd19469ecf2b18845bb4556f10e257f8334809482d99129bd1f3ba1283ea.exe C:\WCH.CN\CH35XDRV\PCISETUP.exe
PID 2352 wrote to memory of 3872 N/A C:\Users\Admin\AppData\Local\Temp\2ba5bd19469ecf2b18845bb4556f10e257f8334809482d99129bd1f3ba1283ea.exe C:\WCH.CN\CH35XDRV\PCISETUP.exe
PID 2352 wrote to memory of 3872 N/A C:\Users\Admin\AppData\Local\Temp\2ba5bd19469ecf2b18845bb4556f10e257f8334809482d99129bd1f3ba1283ea.exe C:\WCH.CN\CH35XDRV\PCISETUP.exe
PID 3872 wrote to memory of 2788 N/A C:\WCH.CN\CH35XDRV\PCISETUP.exe C:\WCH.CN\CH35XDRV\SETUPX64\PCISETUP64.EXE
PID 3872 wrote to memory of 2788 N/A C:\WCH.CN\CH35XDRV\PCISETUP.exe C:\WCH.CN\CH35XDRV\SETUPX64\PCISETUP64.EXE

Processes

C:\Windows\Explorer.EXE

C:\Windows\Explorer.EXE

C:\Users\Admin\AppData\Local\Temp\2ba5bd19469ecf2b18845bb4556f10e257f8334809482d99129bd1f3ba1283ea.exe

"C:\Users\Admin\AppData\Local\Temp\2ba5bd19469ecf2b18845bb4556f10e257f8334809482d99129bd1f3ba1283ea.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aFBD5.bat

C:\Windows\Logo1_.exe

C:\Windows\Logo1_.exe

C:\Windows\SysWOW64\net.exe

net stop "Kingsoft AntiVirus Service"

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"

C:\Users\Admin\AppData\Local\Temp\2ba5bd19469ecf2b18845bb4556f10e257f8334809482d99129bd1f3ba1283ea.exe

"C:\Users\Admin\AppData\Local\Temp\2ba5bd19469ecf2b18845bb4556f10e257f8334809482d99129bd1f3ba1283ea.exe"

C:\WCH.CN\CH35XDRV\PCISETUP.exe

"C:\WCH.CN\CH35XDRV\PCISETUP.exe"

C:\WCH.CN\CH35XDRV\SETUPX64\PCISETUP64.EXE

C:\WCH.CN\CH35XDRV\SETUPX64\PCISETUP64.EXE

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4076 --field-trial-handle=2280,i,11703952675008463361,17436195144517971517,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
GB 23.44.234.16:80 tcp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 13.107.253.64:443 tcp
US 8.8.8.8:53 35.15.31.184.in-addr.arpa udp
US 8.8.8.8:53 164.189.21.2.in-addr.arpa udp
US 8.8.8.8:53 98.251.17.2.in-addr.arpa udp
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 88.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 23.173.189.20.in-addr.arpa udp

Files

memory/2100-0-0x0000000000400000-0x0000000000434000-memory.dmp

C:\Windows\Logo1_.exe

MD5 3970b82194d39a25c2c7c3ebe60fedbf
SHA1 561083ce76e404179db9bb5cac33903826c8fa57
SHA256 03a9b73107ee5c40a948f0ba8d858d6218e4512e58185731f1597f5277ce6c6e
SHA512 95241c0f75267a9c308473274967f515179583bd46ccc404366f72dd9203611e27878060c66d7d5962fe27a33bfb6c37c176d5f244dc1c0e17543c9fdccfb9c8

memory/5036-8-0x0000000000400000-0x0000000000434000-memory.dmp

memory/2100-10-0x0000000000400000-0x0000000000434000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$aFBD5.bat

MD5 b9b5c08c4483c492df3b6f33abfb3f6c
SHA1 7af350e023aa05a01e3e64ce9b239582c95a62b8
SHA256 792e6ad8b29393181a4fe690ccf667b47195794065732c60164aaa3d4fda7055
SHA512 58b9c401db7cdac1ef37db7b3f6470441a89ef7f54021563c771fd151dff49720a71b73e2a964af3594bc886fce7f0b73d5749082e358bdff14067d7de653e39

C:\Users\Admin\AppData\Local\Temp\2ba5bd19469ecf2b18845bb4556f10e257f8334809482d99129bd1f3ba1283ea.exe.exe

MD5 d80d575a6276df9481def2de49481ca9
SHA1 fcf09f99d54c6931cf1f3e1d77f902528c39fb53
SHA256 0965e9211f47953fede4d9d7c8b929fced504f7e0414b1974cae5865fbb589cd
SHA512 6210f6347519da1eb193456894ab6046687daacc3a806bada241fff4eb86a64bdac4d7ccbb856dd470d60435f5cc727b474fdf566e48442930c4677829d257c7

memory/2352-18-0x0000000000400000-0x0000000000422000-memory.dmp

C:\WCH.CN\CH35XDRV\DRV_1S\LINUX\driver\Makefile

MD5 4000e89ad881618d5e37cafed258b160
SHA1 0ca2c559210a0a9882f245bfc0dbfaa9a4698d81
SHA256 51ca017fc0f8e82e1676b96cb49e20f9c043365b05606cb492c3e1472a327919
SHA512 9c5873921e49c656f7da4e21c8ba91011bac3a3c1c7b391b7d840eaae5c1756d55ab2dd3d7fd17f5ea5c475342984cfa9471c3a0c13e72797378f8a0ad0c2a6b

C:\WCH.CN\CH35XDRV\DRV_1S\LINUX\driver\wch_common.h

MD5 e517de7ae80aa821aa829618134a73a4
SHA1 1e1bb3f75c3c9419eacdb17f26f58c00fe086bfe
SHA256 eb60ecc7e88f391bc8b85ac4496621eda2d18e0ac63d623ff8fd54be912c6aed
SHA512 06fb0a7d87ff1ddf64020a93051f60f0681112e22c7d88e925b1ed7181d6d7f48eef7603980262c7052d93ab62f1a2e0f72df67693641b8d7c807a65be20c157

C:\WCH.CN\CH35XDRV\DRV_1S\LINUX\driver\wch_devtable.c

MD5 3ab1fd41d4c4e758804a755b83c37a75
SHA1 bf426ef76a1bb7e537cbabd608f2ef2e736cdebd
SHA256 4029308edef2854a22530978ff6c8d58db2486c944cb634cea3ccff13affdfee
SHA512 e2cfcbc0ebc355176dbaa82e3e841b0d67cd78d0d90d84b965b0293b3f6674685e20a6ea82581cb4f4577df94a5af2db20593141ff79bae9beccb4e40d574b8c

C:\WCH.CN\CH35XDRV\DRV_1S\LINUX\driver\wch_main.c

MD5 8cf4509f8ba9771e19653cf73e1f94ef
SHA1 cae3b245c110a64e9f0a5171505794ee0659129b
SHA256 a8514494e7ed68a681828deb85b8c3768895fcd32a254b3862fad68e28179d76
SHA512 5fb25643cebf1d126eaf910ce76351513737588117a54cc76d5094cad96dfefdb2b15a346b7b64e5b3aa9dff963e1fe86d3cfb6267f9b79b69ad8a45a18d95ac

C:\WCH.CN\CH35XDRV\DRV_1S\LINUX\driver\wch_serial.c

MD5 f0b32332193e085f591a2ff5e59b2149
SHA1 eff36228d7dc8e93d194d0504c86e6a5afb38e98
SHA256 8168d5c6dc15a7eac1feedee1e2670f4c3618fe20f19148a699f4fb280223885
SHA512 fdb89153211b8ba3ffa0cef0c7450a79fd6a5b0a09aec0b5ae5d8590f593db3f79e1832fa607f81877569b33ffa16fafb0fc88b6012bb8fe851644b4fb4f9bb4

C:\WCH.CN\CH35XDRV\DRV_1S\LINUX\wchdump\Makefile

MD5 a70f3ae3e831640d393704f1a27c129c
SHA1 374d428408f27c8a70c239a504b4aa82bca1c099
SHA256 82eb4b7cf01cef21acf5a5fd6ee01a9d36f7a34cfcbab160beca5e4635631edb
SHA512 2663eb796fd415ea8e3724ced065fc4747f814065f440b7d4cef329cb06a5c3aaf8b4ab90db4d08f86c4f5fde61199bed93e28fc64ece270abb6b5c3148a480f

C:\WCH.CN\CH35XDRV\DRV_1S\LINUX\wchdump\wchdump.c

MD5 21af2f821f93eb28a1c0fab5f12c6979
SHA1 9938dae45dbf1bbf665277d8370268f732782686
SHA256 98025085756932a1e3ad4e47ff5b8a263588c3e7e47789a861b6d62784eb7155
SHA512 1fff951bb97a6b73fa34c92114fa2237ff9e3db1e24f36872fcd6874385658ce4c626507660d305f47748eed62fc7a87809c04440814524f5db996724a4d66de

C:\WCH.CN\CH35XDRV\DRV_1S\LINUX\wchmknod\wchmknod

MD5 475e7de188dbd64839b9b0dbcbacf450
SHA1 7642935ac508d5bbe2887bff4d98c2e6b93e2cd0
SHA256 308a66416394124463dec29c138f24a57d7b0e2b79a59619dc4551b5ff52d0c3
SHA512 9db8654e538286e643e7cef5786f198b2c94a158e3789cfd4063b11d448e73475d55b9c2b587721a214d2e6633baf04c626c32167c6c9ff787e8265b1b7bb886

C:\WCH.CN\CH35XDRV\DRV_1S\LINUX\wchterm\Makefile

MD5 524540c7ce53746b7725a157fb54a07a
SHA1 2fb00d78be780a7aa7803379d2fcbf3bb261366d
SHA256 80368b581e178c46c2433e2104ada5055557512c6a52d5551d5d1289fad77cdc
SHA512 3f0d8c581c02e5616b86c559905363e41c38431972087870f51b4365a9399dd25625f648da9220378f56de9b68a560cfd979cf6631e9fad25a9e22d93a0ef333

C:\WCH.CN\CH35XDRV\DRV_1S\LINUX\wchterm\wchterm.c

MD5 99c11200c47af0abf9f144e0bb97d3a1
SHA1 21405cb4daa7a4fce306f2b87036527e18fda1f9
SHA256 50558006d260bdd4224977019617f02f05209ed0bfa70b4652f0d683592e670a
SHA512 41164dfc59eec11f2a2178553561279744ff7ef93e67b3fd11004ad0e0e47a1b1b1bbce8b630b28d928a3b3ab89eb214c68c128282761507356884335c105c9b

C:\WCH.CN\CH35XDRV\DRV_1S\LINUX\wchterm\wchterm.h

MD5 0b51548b16e322c0cdfb58a9b6a2d2e5
SHA1 acfdd51a3bca241ead35b00a73cda0b78edfc867
SHA256 106203829fe3a81daceda8d76df9f88aae3934e6802c672e28ba08ec176aa4fc
SHA512 63d24f7647c97d45c7d7edac7b8191682fd07f719271ae70796ea8b6877d9cd653e6289d898947d4bb34ef80073651569247a056967e68a8c1f5a19197266c7f

C:\WCH.CN\CH35XDRV\DRV_1S\LINUX\Makefile

MD5 b529ac382c29f9f654e067caee0753a8
SHA1 6ebe96bea5e1131adae535c5515ea03b363c4605
SHA256 cda1ad01c9be377a982ef2eab791fc0d15add3e2d7ceebf863b50e39b86d6c2d
SHA512 9ad7a6d2ac109f94d54d18396f25ef2918be6517e4039423cc21f26475dab3bdb06a9770dd1aa0466e20ce5783f96540b3f1f2c19b4624500ec6ef3ba4b6f044

C:\WCH.CN\CH35XDRV\DRV_1S\LINUX\README

MD5 8d09c1caedb43a235889033c6538d4eb
SHA1 4051702f4faf9e2ededca39686cbd30455140453
SHA256 9d90cf2794f5ce5ac1b73aafeef3d00789694d3126915bbdd61eb0a3e8803c1a
SHA512 c35ff01c594dbeb7f88174833910290f1ca80f690a7cc84004acaa814c2a26c57aaecf277fe831a9da76d94f340103d5fc06fade41d08dda65fd07dcf8bd573f

C:\WCH.CN\CH35XDRV\DRV_2S1P\DOS\CH35XDOS.EXE

MD5 f71825cca9835a562d3f13f616909725
SHA1 d3a72ef3cfec445dc1ea435e02bb6a0e8864bd82
SHA256 2e4ab626d94519bb9e9560fe450aa92904134174a8398691412be1032435e8a8
SHA512 8d0b25a2add238c65112e2bd44925c84559643bab9b54dfc6866edcff027dc5aab99724ed133acc467f72a5dcb4d6f7bf034aebbc4b4d24893e237a3d6579f10

C:\WCH.CN\CH35XDRV\DRV_2S1P\DOS\readme.txt

MD5 15f3b645f38cdd8a5765e32c995eb063
SHA1 80cf7ad58a164fbcf2ecbe0e8c2b3aabe3b7aa1a
SHA256 f7d224d9c878cddd281fb52f0ea92d1e5fce2fe44d6f7495326d480cab798892
SHA512 722f26a41538986fe1ef46b7a571da93c4c5c167d6b5b7873c6221f781752c2493d22ff8f91fc32d02f820eacef8bb7dcdcd2c1b59fdbeea044464a1ebcb4cab

C:\WCH.CN\CH35XDRV\DRV_2S1P\WIN 8\CH35XDRV.INF

MD5 ac1b0e19e1131a7e6dcc76cf68160839
SHA1 15d2c8eb81a28673b7da36e28449495e3890e374
SHA256 e6ce1b22607c95c16d46355318a5836427084f040b90030a1c84b995a78a4212
SHA512 63931191249c728ff3856102054e2f7eade5b99a43b46b1e559c3266a961e1d5d0133de1c25e30287a997a1dc7a5b6d255547112be012507c976e85bb8152c1b

C:\WCH.CN\CH35XDRV\DRV_2S1P\WIN 8\PORTS.INF

MD5 7ce9c774bf9ae1abb214f56ec26796a2
SHA1 3bf83e8a275b59a7134fe2aa76de2baaaa02256d
SHA256 a3afe7e991ab7c7c63fb545eabfe16bd973187fc0c7c89193f16d0abd881507b
SHA512 d827e853a30d3366d144a0d44b5397333df48eeb17e8fa2fdd881472e35333d32827d2566400e18741fddbf3766d01f639077f1ffa0ce1cd5550327724cb41a9

C:\WCH.CN\CH35XDRV\DRV_2S1P\WIN 8\ch35xdrv.cat

MD5 f48ef73640945dc1746c47380fa75b76
SHA1 330a060ff200b61cc852a3976dd9d2fb4a1b21ae
SHA256 c51328a5bd51435d4f301008dcb8e6249c563742b285f67d65b3f74bb15161ed
SHA512 35dd7314dcc195c933ba61de20286c7ba269c37f6fb69f16bfd0eba07026452052343113e2be67ddb7f2150c8673caa43d421b9f27531c6706f3a31b89a7fba3

C:\WCH.CN\CH35XDRV\DRV_2S1P\WIN 8\ports.cat

MD5 4877acf3848d7440270d7e4d013f45fa
SHA1 a7f83e3d5b3b62b6ab8df3de0083e2ff9b96a1be
SHA256 075060dbbc2fef8e90ab7b672fe1fe63fdf830730120e7e5cf17c4c6a0817e7a
SHA512 e842abdcc69bc5b84e6a78c3c9acbbbec608ddb50aafeedf3914cd4604788dc3ce31300c0ac7733b2239809ee3395637b034d369b933a49caae3dd18d05d7733

C:\WCH.CN\CH35XDRV\DRV_2S1P\WIN 98&NT40\PORTS.INF

MD5 ff0a808ce8768ca5f6e34b23815fb473
SHA1 47dbb9cd034ad18def073c3559fb43623a24df8b
SHA256 af8b6b060338638048eaec5cbb0ca7f0c5f2e41da03cdb2e9fb05217f95f6e4b
SHA512 a7d0c060fa34095a10a434e33b9c03cc2c872560d8799645ccf9ef16efa7d09d3380f49b6c4b0243ee01c35680d0c7e389d39e12417a6d14ae845e58bfd20401

C:\WCH.CN\CH35XDRV\DRV_2S1P_RA\WIN 98&NT40\CH35XDRV98.INF

MD5 deb11bf3b326d4c5093e8b3d949dede6
SHA1 c26e331921518bb9a8914ab77a11d9234eb83994
SHA256 3e95b42046ef6ca36c7bc002e998b472c8b4d5ab2757b8c9f4a4ade2005b9963
SHA512 7a9f44c2aedf836594d3225348bb435f8d72c751b6c70ddfe3c29a8538031cb408d704791e7609ee0c43003339ca32c28668faeef10dc866c1f498416a1b3a75

C:\WCH.CN\CH35XDRV\DRV_2S1P_RA\WIN 2000\CH35XDRV2K.INF

MD5 3695f2bb75858a74412237417bab86f4
SHA1 d298972743f2661d21b6a451ed93b60f456abdec
SHA256 1524ba82267ff873978902bc4d5e8611fceab2d299210eec9dbd6a94afe2b1d9
SHA512 ef61495db43398ba83e281c4fe2447a5e6ae98fd6a9fa3b4d5583ed8e4ff398d2eb52addd1db49aaf0e14f75d06db5e1222a1a201294899fa77bd78f880ad56c

C:\WCH.CN\CH35XDRV\DRV_2SA\WINDOWS\WCHPPar.sys

MD5 c776c697323d964d05ce0f012418238d
SHA1 8362771b77e79439091abea5bf80b1ec6be984f7
SHA256 412be5812440419596036573c91a4d610883296bd74dcaedc85fe8a2c513400a
SHA512 f978de5a5cd7fe0de09f44f8c3a826331552db0425f44464a60a64f2336c3ab0d6845322aae86b71640dae9ce154bb362e051d9fa159a6f4ac07172ae606e3de

C:\WCH.CN\CH35XDRV\DRV_2SA\WINDOWS\WCHPSER.sys

MD5 66371ea97695a8791ab85dee36cf498e
SHA1 ee54c93d3abe20ca6b1321e9c96c8d1ce06d0d64
SHA256 901b654ce4daa20057d2bd736d43fcc46ccfcdd3c288f030437c0cee9effad94
SHA512 db5cdb968c69da21300744ecf2ef27c7700282e095c5fa7e63d24a4f3f14b022a714889d3656de385a35fabe7003be43912974cce8455cb94f21445213719f21

C:\WCH.CN\CH35XDRV\DRV_4S1P\WIN 2003&XP&VISTA&2008&7\wchports.dll

MD5 a8d0ee74e2a2006364c71e3786f679ab
SHA1 20fe9b537cf78a16459a90c48fee9bde022294ad
SHA256 969a3930e8626c4c0d5c5b1343c797df02b24d8a72b4d53d4def28285efd9acd
SHA512 60aeecc24394ffa48dfe86e1ba92ec7d04f85550f4f508779404b9d173880a53ab2ead98e1134560055c0bf5d5505048953d6e02a9aae9b4a5f506a0eb3cb56f

C:\WCH.CN\CH35XDRV\DRV_4S1P\WIN 2003&XP&VISTA&2008&7\PCISER.sys

MD5 ecf1ffecb7943ee602febbcc2b49d2ca
SHA1 0960d5e5c23fb0047b8e623d9c3c89b6c1022c7b
SHA256 a9ef2e8bf93c61b627ad58c8f6386ed77eb4e9cd92013cb2d987d5fb3dbd3ebc
SHA512 9b43411336b37e63250c8c9eae65272d01212cacd259369fb5d0961bf74b0766b8e3370554e0e6635f75e0d1efd0b1bc5ace6c62092554b67d9385d950f4431d

C:\WCH.CN\CH35XDRV\DRV_4S128\WIN 8\MPORTS.INF

MD5 f734e23c3072fbeef413aff8df5cbf91
SHA1 3f2812653e78c156c4cd5547c54623436c6a2554
SHA256 ecf3b81e5333a14a54b9974887e843ee773220329a947e0aa2f8ea419baa1424
SHA512 045bf247e731d14f599e66e0a671a3250ea27af73deaf3dcbb4ebbe1b381ee06d9c912a7aeb26e8cdb876b6dd4cce5b59cbcf69c27d58ca33c47395e8b5b3e39

C:\WCH.CN\CH35XDRV\DRV_4S128\WIN 8\PCISA64.sys

MD5 54b4b1aeea5362e2a12ef833d7bea1cb
SHA1 f329d617fd837d129935cbf5d6b64b013bd1ba9e
SHA256 e45db49b5bcd3793c974c3d9665f985ba5d2062161cc9969870317bf086290be
SHA512 049f38ff3621d1abec0a5508071ccd434b9c1b981f993f9e9463e3edbba61c42c818016e03bad870d4cafbad40126e0cda174f7dbdce36c80a8281a7b57c49d3

C:\WCH.CN\CH35XDRV\DRV_4S128\WIN 8\wchports64.dll

MD5 f06c6675540498777a2bf974ade4efeb
SHA1 8e67b8f1952c2375cee66bbb109418f712504ce6
SHA256 510556577e28896f16363d90d11b3f21decc173c8e963e6d3171ea4f21a188cd
SHA512 7ef8817cbbab0160d333426439b25db2ddc4786063040360273dd63b0d94ce2d0208c8c3d97839261e6cedac1ce93c72658020872c4617a63f5fc2c066a28811

C:\WCH.CN\CH35XDRV\DRV_6S\WIN 98&NT40\PCIMF.VXD

MD5 33e7f2dfb324f5ded5e1b29c5248a9ea
SHA1 59283d2a37ee4f0dd51765ba1e0b2ecd20c41f28
SHA256 429caeb0b92b67e8d7dda6b374ed3ee18b2c263d376756e6779ef833a3cb1fe0
SHA512 c2390c2fec6e5e29be429e75e8680c02e5d5bf06354ef1d8670daada7745b0a0c23e7d7b48509da7ed69a940231f2c067e608c5ac2122c0a1fcfdf408cc24db7

C:\WCH.CN\CH35XDRV\DRV_6S\WIN 98&NT40\PCIPORTS.DLL

MD5 f92d1e09a5fabde503b4289091d739ff
SHA1 949c9db670ee977a971a6ad2168f675693139661
SHA256 0474082e9274089b11abf9671cae5c806446ad785c1d8a1491faf4d98bd7ad2d
SHA512 8cf49c99d005b8fad6907f6e24678d2916bdf28150dcc70c51ed670d0aedb9a4ed3d5fdd44e0b3dd0e2c036d1e711100040ee3587a59bcda1e6ad21d578430bf

C:\WCH.CN\CH35XDRV\DRV_6S\WIN 98&NT40\PCISER.VXD

MD5 40f7bd01cbe9e74154f68240a530ed7d
SHA1 7de548485c64ebbf2c3410baabac29de904cccb5
SHA256 067dc6004bf861f84219ffd5152b7b5ace7e9efdd765954bf4c910e5203a2e52
SHA512 8d2b9e16253f7ab0f92f4d9506ca5d76729ed56734c2f117f5ef203f8e528a8f47b0e212a45821e64f24434024b8228a38e58f4fd7039da1d517212a31c8639b

C:\WCH.CN\CH35XDRV\DRV_6S\WIN 98&NT40\MPORTS98.INF

MD5 35f26d74089c96ca9b6c12b42043a4ab
SHA1 037e8dbc5050e1434ef8f4b5fbd4a889577fd110
SHA256 67b9552b7352d8511f1fe299ff28c1ae3e55a3b5e79ac34ec76f944f52de377b
SHA512 b47783a4a5f23d4ddd046f8c146b8b1e7bd088b68e7c545de90e03a747d8fe8969922400b295de82fa802458d85e83c8f586b9237017cd4c3d70b19f648abd82

C:\WCH.CN\CH35XDRV\DRV_6S\WIN 2000\MPORTS2K.INF

MD5 09ae8ab3264b718228ccf35d8eb28604
SHA1 880c959c2ddd0a4ddbb886b395aca43dd0564db8
SHA256 390d70a64b0bc097d46407d13d2e05756337cee6563a3e4bdf263161c3c06a86
SHA512 806460b889ed8ab51810995b0c10c498ac692c45988f5eca038d9bf9dd1dd9517a664ccad121874be441172257da5a3f9297b41e47e9942e67bc3755eee153ce

C:\WCH.CN\CH35XDRV\DRV_6S\WIN 2000\PCIPAR.sys

MD5 9deb2d3ef76ef5e6724909e5dcecee86
SHA1 8aa0faa036bfcfddd15a5932bdced924c291ea90
SHA256 97a2391ba11678aa97464604fb10488115fdacd89c64c9c53e4b9d58ad6f154c
SHA512 ac1f7f69589a05706d40ecb41091eedc0979176284db76c910a286ea3833944499cb9038fc99fc9a429069d1f0bd9a4e33f56e4facb04a6f19dd1696080cb5ba

memory/5036-838-0x0000000000400000-0x0000000000434000-memory.dmp

C:\WCH.CN\CH35XDRV\PCISETUP.exe

MD5 41e227f462e2290728951d604c50fbe3
SHA1 f833b3995083ba87bff9982029f1ab914e82caae
SHA256 1ad33b6a8c4cf9f9eab5247ba6a29a57a8819cc0d5c94d3f24795db11bddf005
SHA512 f215a7b6ac911ff910779afabae48d5641c153b63610e1ae04b42ad3b7f0500267cfe56f131d63d52e97d680ce27c929a2b8fd4e9a18bf239838bed01f0200ad

C:\WCH.CN\CH35XDRV\SETUPX64\PCISETUP64.exe

MD5 c3c89a1d40d4065d9d1765aaf4cf272b
SHA1 83eec389b888ac4dca7c8209eb13cbb90978e16e
SHA256 abf69f1a32247db43a90bc42c1aa1adde393b07ccd136554342d038f9f895fea
SHA512 04957ec7c50e8c026d6b46138c9883af147b25452a5f75ae497a2f90fa7622962d7d5294790b40bfbabfe57b7b016f63e5aedce4ff207c52bdaff84878337ba6

memory/2352-852-0x0000000000400000-0x0000000000422000-memory.dmp

F:\$RECYCLE.BIN\S-1-5-21-3808065738-1666277613-1125846146-1000\_desktop.ini

MD5 4f2460b507685f7d7bfe6393f335f1c9
SHA1 378d42f114b1515872e58de6662373af31ab8c7b
SHA256 47a22297ce31d17b0f37251ce63cf2eb146700451caab6dd0aa710d2526c8e42
SHA512 75dcca6b81ac47511b847a5c35be4bddbee425436f7bfd1347115e18b84f52a16a5c517bda0a5f5d0a1f2541aab80d764932d8018538cb112fa3b6c9977e95eb

memory/5036-859-0x0000000000400000-0x0000000000434000-memory.dmp

memory/5036-865-0x0000000000400000-0x0000000000434000-memory.dmp

memory/5036-870-0x0000000000400000-0x0000000000434000-memory.dmp

memory/5036-874-0x0000000000400000-0x0000000000434000-memory.dmp

C:\Program Files\7-Zip\7z.exe

MD5 e564b98a49ca9af6f06d5a2393dae0b7
SHA1 b13a0abf4148e0110f55675e5565a825fefeca8d
SHA256 97579a1a34ca9909877647b2ff664bddda8c445657fad42d5cffae518399d7f4
SHA512 1f08cb77c228f41da0b4b31fdf17f4805198dc3837b68cbd30f7c2fba17dd1f200509ea31e368ca7cad3d026a2c770ae8933ce529c587a0d66ddc6043eb44637

memory/5036-1210-0x0000000000400000-0x0000000000434000-memory.dmp

memory/5036-2014-0x0000000000400000-0x0000000000434000-memory.dmp

memory/5036-2593-0x0000000000400000-0x0000000000434000-memory.dmp

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

MD5 c40235c44f2e38e85b9d25338d156874
SHA1 427e8bdb6b58b0444247625e6f73e78e2956b0b7
SHA256 85e906ca9c2ad5e1213033ce4af9e98210dfdd6e81d7ff55efe279373725f8b2
SHA512 c6f16c24a7b72eca9962ca8c8f732470b4f33f858fb7234655a5f4556ba831715e5e9672ccce682edc80f9799052b825330a967e13000aa01bcabbc8b450fabc

memory/5036-5743-0x0000000000400000-0x0000000000434000-memory.dmp