blackguard | 5b4e091f4ff55c2d426ca3ab68714562387fb615b820bb32dd696a150f3330cd

Resubmissions

10-07-2024 23:05

240710-223vfsvemm 10

Sharing

Copy URL

Twitter E-mail

General

Target

ScanGuard_Setup.exe
Size

54.8MB
Sample

240710-223vfsvemm
MD5

6a341a3120a8e9140076e7f07a14ac00
SHA1

93c3ef60132b89cecd1418efbfc396c7ea6ed513
SHA256

5b4e091f4ff55c2d426ca3ab68714562387fb615b820bb32dd696a150f3330cd
SHA512

e19de3685d2bd55ed67bf35044889eed56b0e02ae408d834df13b72d59b345162166bdc8348f4c01c7d850c14cc1b0b771cf5f92bb3ecd4adef427d860a93a48
SSDEEP

1572864:N4kqcnVXU29JlWMOVqvvIw7ZbN7vF6P0EVAWZZLdwa:bnVXV/lW3Vq3Ikf7vF9Bi9Sa

Score

10^/10

Malware Config

Targets

- Target
  
  ScanGuard_Setup.exe
- Size
  
  54.8MB
- MD5
  
  6a341a3120a8e9140076e7f07a14ac00
- SHA1
  
  93c3ef60132b89cecd1418efbfc396c7ea6ed513
- SHA256
  
  5b4e091f4ff55c2d426ca3ab68714562387fb615b820bb32dd696a150f3330cd
- SHA512
  
  e19de3685d2bd55ed67bf35044889eed56b0e02ae408d834df13b72d59b345162166bdc8348f4c01c7d850c14cc1b0b771cf5f92bb3ecd4adef427d860a93a48
- SSDEEP
  
  1572864:N4kqcnVXU29JlWMOVqvvIw7ZbN7vF6P0EVAWZZLdwa:bnVXV/lW3Vq3Ikf7vF9Bi9Sa
Score

8^/10

bootkit discovery execution persistence privilege_escalation spyware stealer upx
- Creates new service(s)
  persistence execution
- Drops file in Drivers directory
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Checks for any installed AV software in registry
- Legitimate hosting services abused for malware hosting/C2
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Drops file in System32 directory
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
behavioral1
- Target
  
  $APPDATA/ScanGuard/updates/SAVAPI 11.0.1/avupdate.exe
- Size
  
  2.8MB
- MD5
  
  e0947f2084e589a4d7f1c0f541b54321
- SHA1
  
  3ca9be3bc2678b85e36b9823a617376a268ab889
- SHA256
  
  afb45b8ae7d78085d95122ae01f6bac1515a89e7e2c87c55596670e2b5e922e1
- SHA512
  
  316a214436031a498de8b2b6ca33cb9f73cacc3ee19f22f86d90583f817e35f0b93bd44e3af8e47baf1c7e44fc66b9c2031995cc4ce69a1bdbe980de93e5938f
- SSDEEP
  
  49152:JevEk9Vcz8AGAIaaQ2ldCPGwdYbO9ZMzYuWP011w99oUQ8Pbto:JevUsAz8ld+ubO9Ssur1a8
Score

1^/10
behavioral2
- Target
  
  $APPDATA/ScanGuard/updates/SAVAPI 11.0.1/on_access/win32/win7/avgio.dll
- Size
  
  153KB
- MD5
  
  49e51045f2951fd248318ac9f1ccb18e
- SHA1
  
  7a09bfa925fb2703bba5b26ddeae1ec7e3a481fb
- SHA256
  
  73b563935d96d328d5e13d05ddc35f24b69237e4c4b7b183ee66aeeb3ccd9c16
- SHA512
  
  df00015514bbcdd6d0ff9c38485ee65d7700fb7cadd4327d12230d63f078da5e9aa5fd11aec9f8c741bdf7c84c84c38543af1f71ebc12a4477415e2c5ab9deda
- SSDEEP
  
  3072:kBWuZL07xXI4ZUgZ/aAD4uQWh3C56jn/KutS8t/6aqDDNYt0c:Sw9Y4GVAD40h3f/KutSgGk
Score

3^/10
behavioral3
- Target
  
  $APPDATA/ScanGuard/updates/SAVAPI 11.0.1/on_access/win32/win7/avgntflt.sys
- Size
  
  152KB
- MD5
  
  6b60c0a7fdbabe955a183ae3b524d543
- SHA1
  
  be68e043fb0f6e0ca745b8361924ad0869bf2bb9
- SHA256
  
  33d6cc050cefb737b70431c7e493a0d7b7f5ae7546d36fd24a5d4b1ebf29d307
- SHA512
  
  040ecbb33bbba5bba6206cee7717cff01fc8d3436762a4f2af6647cd9f02b31d48538ebc0d91b627fd0f9324375544905c2e09e4040c55b3642480e683f73df9
- SSDEEP
  
  3072:3dxo0Wbd5kOx92/nQdp2kRaZE/I+j8CR/ehwdwTe6vuypGe08Uxb24lOPy:3dxo0Wbd5pJ/I88CR/p6vAnA4e
Score

1^/10
behavioral4
- Target
  
  $APPDATA/ScanGuard/updates/SAVAPI 11.0.1/on_access/win32/win7/avipbb.sys
- Size
  
  169KB
- MD5
  
  a17862525867081a577923e210604a64
- SHA1
  
  9b6f498bbda86fc464d6e5094bc8529ecd3e7579
- SHA256
  
  2bf4e12f41f8d78737592b7f29b55206b2df15411cc2943e678f52096289d06f
- SHA512
  
  e33c701cad149844913e5853187e4bbf43f6bc230fccaec21c847b373da7299849f2f3d93e6a07dc2c3c774f5119a31f0f44ed77821cc1e8dda93661e620b2ca
- SSDEEP
  
  3072:E6zDMkFB5rqrDX7r5E2wnyKVxqxJNxBIRxUcx5VEv3QuhznmZmopCn7:3zDMU5cHq2wn/EJNIRxXx5KB1Omo07
Score

1^/10
behavioral5
- Target
  
  $APPDATA/ScanGuard/updates/SAVAPI 11.0.1/on_access/win32/win7/avkmgr.sys
- Size
  
  35KB
- MD5
  
  20894c53c0b9db8f86993d9ecb78f9d5
- SHA1
  
  7c18c5b571c906535d393a5165379f6316143107
- SHA256
  
  d5e35a021e2a8e676b9034a2c712907f170d3f5b7315d516f317f51cd03ddd06
- SHA512
  
  7fbd637c64a3ed5ce202864197ee26e0d97f84be8bb0bfd5bdbfcf500f370764545489de8d83c347e5f15a414bf5d614377a60983803924935453266f8af5d24
- SSDEEP
  
  384:pSxWv2ZhZ4mAjuPUEA1aVrFiFdWeFuu9BTQe7r/nYPLvdJUHeMPP:gS8ZIuPwoz4dWeFuubQEr/KdkP
Score

1^/10
behavioral6
- Target
  
  $APPDATA/ScanGuard/updates/SAVAPI 11.0.1/on_access/win32/win8/avgio.dll
- Size
  
  153KB
- MD5
  
  49e51045f2951fd248318ac9f1ccb18e
- SHA1
  
  7a09bfa925fb2703bba5b26ddeae1ec7e3a481fb
- SHA256
  
  73b563935d96d328d5e13d05ddc35f24b69237e4c4b7b183ee66aeeb3ccd9c16
- SHA512
  
  df00015514bbcdd6d0ff9c38485ee65d7700fb7cadd4327d12230d63f078da5e9aa5fd11aec9f8c741bdf7c84c84c38543af1f71ebc12a4477415e2c5ab9deda
- SSDEEP
  
  3072:kBWuZL07xXI4ZUgZ/aAD4uQWh3C56jn/KutS8t/6aqDDNYt0c:Sw9Y4GVAD40h3f/KutSgGk
Score

3^/10
behavioral7
- Target
  
  $APPDATA/ScanGuard/updates/SAVAPI 11.0.1/on_access/win32/win8/avgntflt.sys
- Size
  
  172KB
- MD5
  
  f16335a9102ffc99a8c8e07e1b2d57d4
- SHA1
  
  32ddb4251591e40db352661be4721c5c6402b90a
- SHA256
  
  33c6b1d49ab13d6ae9f22e05d77b70123de63c802363da0daf1be958b7d3d532
- SHA512
  
  57746307cab7e82e9e7ef5f033628810997954a40cf57f34650cbc9ac77fc2fa3465f1206f87e0082edc4121114dd71f2f816a628872fde26136012766a5cc52
- SSDEEP
  
  3072:mPhzNgtyTnwf3UCPID5tfaElzgbSvTR7VHhoxM732FrBT5t3BMXv8DBf:qhGtyTHC2tDcSvTZ9+Oarf9BMMd
Score

1^/10
behavioral8
- Target
  
  $APPDATA/ScanGuard/updates/SAVAPI 11.0.1/on_access/win32/win8/avipbb.sys
- Size
  
  196KB
- MD5
  
  18ed8302d083dad602823988a304a4f6
- SHA1
  
  01014fd10d7babd6d81bb7e9511ffa7e13c890fa
- SHA256
  
  629da28ac97f5b17b1603059242088727e1552d68fe350f97fcd0b67d412ab25
- SHA512
  
  de9ea04221fb1270db37d35fcc1acdf7265103e079fd31566b0a043a1fa3b2267a034b720a3070538f289fd3847171d3d54277417ba0f67aede86f1b78db220d
- SSDEEP
  
  3072:FiRnqR7d4wgBQIFnh/Lpx211rrYQwKiYB+Qua7KjoLxkAAFP:Fiq4PbL/2THYQwK7B+Bau0S
Score

1^/10
behavioral9
- Target
  
  $APPDATA/ScanGuard/updates/SAVAPI 11.0.1/on_access/win32/win8/avkmgr.sys
- Size
  
  53KB
- MD5
  
  e3ab0eeb7613ddbacc0388b96048ff5d
- SHA1
  
  f6e382597081451d6546339948edd3e854b7dfae
- SHA256
  
  5fdde96d05b4284fa7ee985a7777739c46040ad89b3b8217a729da9695e3e542
- SHA512
  
  40c0c7ac884297350a40d58a6a870796381ccb82ade22d69ca3cb9be0c3251b8768f95ab4b0f28f209ed65aed23894a7e77529316250ace7e5da8a99d0bb81a1
- SSDEEP
  
  768:ginpYN85Ry72IqbyReYU6uPwoz4djHIEoF+NdKduH1Qk8AI24o3whJ:BpsK64yRGwospoJFsEuH+k8AH1ghJ
Score

10^/10

evasion persistence ransomware trojan
- Modifies WinLogon for persistence
  persistence
- UAC bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Drops desktop.ini file(s)
- Sets desktop wallpaper using registry
  ransomware
behavioral10
- Target
  
  $APPDATA/ScanGuard/updates/SAVAPI 11.0.1/on_access/win64/win7/avgio.dll
- Size
  
  153KB
- MD5
  
  49e51045f2951fd248318ac9f1ccb18e
- SHA1
  
  7a09bfa925fb2703bba5b26ddeae1ec7e3a481fb
- SHA256
  
  73b563935d96d328d5e13d05ddc35f24b69237e4c4b7b183ee66aeeb3ccd9c16
- SHA512
  
  df00015514bbcdd6d0ff9c38485ee65d7700fb7cadd4327d12230d63f078da5e9aa5fd11aec9f8c741bdf7c84c84c38543af1f71ebc12a4477415e2c5ab9deda
- SSDEEP
  
  3072:kBWuZL07xXI4ZUgZ/aAD4uQWh3C56jn/KutS8t/6aqDDNYt0c:Sw9Y4GVAD40h3f/KutSgGk
Score

3^/10
behavioral11
- Target
  
  $APPDATA/ScanGuard/updates/SAVAPI 11.0.1/on_access/win64/win7/avgntflt.sys
- Size
  
  216KB
- MD5
  
  d9f90202659f8ce4d5db6e83d24b46dd
- SHA1
  
  29a7b1068a5090ee59db422364b42d2c8f072a46
- SHA256
  
  31a3f5c4b19040eb20bc15b4609068128fb6028e137e98f2b2c6c679d0311c4d
- SHA512
  
  b0a9a0c0f18446e6a2b9ad3200dbd2cb94acae5df553beb971b41220304941219d12d3e94ed91dec254e6b907dac6fcb1aa72a822a09a8e523cc76071b221c31
- SSDEEP
  
  3072:vMPogiYZ1dqoWYYCGxbceUW8bUDsQWBsMPelkz4IQ9RLNM/qIn20aqB:vooQZ1ddW5VUWvDTMGls4IQ9ZN
Score

1^/10
behavioral12
- Target
  
  $APPDATA/ScanGuard/updates/SAVAPI 11.0.1/on_access/win64/win7/avipbb.sys
- Size
  
  172KB
- MD5
  
  b49a44df6fe77ccb861985f5a5dd7ba5
- SHA1
  
  6e5163e191dd789f8cc33a531ce9ddd9bed2a842
- SHA256
  
  e442e66d3e24d54696c8687d1bd1a9ab41ed34b723d2b25af195589d11c4fcde
- SHA512
  
  d53f56966c8750edc513c86c8e9b47fa1f0445a86a1d92621f1aa5fc9b9400a4a7f65b9ae0d2e537c9dde1b23b16fbd56af8ab74d62a8a777106e9b16e58be89
- SSDEEP
  
  3072:sUnNOdMrlqdSL3W3TRjWLKcudx0TzBrt6Ozv7druQuxAmP9FrN:PnQurlLLmxQu/0SOzZSBxDX
Score

1^/10
behavioral13
- Target
  
  $APPDATA/ScanGuard/updates/SAVAPI 11.0.1/on_access/win64/win7/avkmgr.sys
- Size
  
  35KB
- MD5
  
  eb5c2402e2f402a19504bf6ca9c3e06a
- SHA1
  
  63aa9690c36d743951558422d841276c25cde77d
- SHA256
  
  f8d33bbf769786163105c0fa794970054bad34cc5985416af553df1d9a64039b
- SHA512
  
  9b6b7c06e904cf36aefc17e14a108e9636c3a8920a34960dcb26fa520326c7ff47f03c24bacaec6ba91440237fb16afde0df01c299cdd7a89c40cc489a3f0151
- SSDEEP
  
  768:p5UbgvCkoe+nuPwoz4dC2xfDKKdqe0nKUbZ:88axeLwos42xfDpqevq
Score

1^/10
behavioral14
- Target
  
  $APPDATA/ScanGuard/updates/SAVAPI 11.0.1/on_access/win64/win8/avgio.dll
- Size
  
  153KB
- MD5
  
  49e51045f2951fd248318ac9f1ccb18e
- SHA1
  
  7a09bfa925fb2703bba5b26ddeae1ec7e3a481fb
- SHA256
  
  73b563935d96d328d5e13d05ddc35f24b69237e4c4b7b183ee66aeeb3ccd9c16
- SHA512
  
  df00015514bbcdd6d0ff9c38485ee65d7700fb7cadd4327d12230d63f078da5e9aa5fd11aec9f8c741bdf7c84c84c38543af1f71ebc12a4477415e2c5ab9deda
- SSDEEP
  
  3072:kBWuZL07xXI4ZUgZ/aAD4uQWh3C56jn/KutS8t/6aqDDNYt0c:Sw9Y4GVAD40h3f/KutSgGk
Score

3^/10
behavioral15
- Target
  
  $APPDATA/ScanGuard/updates/SAVAPI 11.0.1/on_access/win64/win8/avgntflt.sys
- Size
  
  204KB
- MD5
  
  ec059af10524644bddcc073916e78375
- SHA1
  
  93a9466afee21f61f643f540b2ab82ac7db60b62
- SHA256
  
  868ecdf543865035a3703e8837869441683b8ab396eaadf6aaa0e455e8393c5e
- SHA512
  
  88310251e07eb6edda3eb28d057a18fd7d1ea7a9adc5f861fa7ad127561bfb035468974fd11685b66654fc37dc3577d7d720e2e9e4f4fc38d116c1089ee9afe7
- SSDEEP
  
  6144:S2M8JRGRI16YO/HqUU2miFjq5K3vPRTh9EsRbmN6:S25ERI16htvo5K3vPRr+
Score

1^/10
behavioral16
- Target
  
  Microsoft.AppCenter.Analytics.dll
- Size
  
  13KB
- MD5
  
  d4041b4e6cef641e52922aae24358e67
- SHA1
  
  03cd00c2094e6747b0bc489f1927d29dae39b5ea
- SHA256
  
  ac8b2f3785163b38c4473f1aa25616a4616e2fbb29332fe3dd8da9574fc3c4cf
- SHA512
  
  728dcee4a9e3909f760edbd6a6e582c6c40162f37cf0c5e61bb092679ef91e47e8e5bdba468c40f24010ae795f6e277ff1c60b9e46bee2dbc94b3d9c6491570a
- SSDEEP
  
  384:FHusqPUYyBiwwu9sXZsQb+Jx4veT6pzBcwyWUVMW:FOsqsYb9w7UBcH
Score

1^/10
behavioral17
- Target
  
  Microsoft.AppCenter.Crashes.dll
- Size
  
  41KB
- MD5
  
  389e880efe79f750488feed7fa52b1d2
- SHA1
  
  b0a58209ddd87d4ec1240bc1b556889850965148
- SHA256
  
  1ac20df009a8879ff946388741b781b37f8209ac93260ff8a00573376def08be
- SHA512
  
  ce378858dd67c8ff7972036db1b558603c0c7bf74b82c0c965fcd039138be3eee08fb729b879a1c66b41d8fab7c70c0a9ad1c8e5c9490c4967cec87b2f62b436
- SSDEEP
  
  768:qs8Fis/HebQPbM9z9iDk+gGCHeHGoSMwdevPf:qr1bMvHXlemtde3f
Score

1^/10
behavioral18
- Target
  
  Microsoft.AppCenter.dll
- Size
  
  129KB
- MD5
  
  395ca70f6def000f67ae3334682c3a73
- SHA1
  
  5b32bb4f106e490044f8cb95b1da24605e66ffd0
- SHA256
  
  c7ddc86b6500a27783071abb2a0769a1f47a7cb78d039642c2126ad1b879cefe
- SHA512
  
  a47cde27ec3af919d68f6bba485b24c31b681b3572cc9af9c8df8e46af6d1441d4c5836303c4901f531fdc6e2092c6ecbd28a17b42616e42a0f9a2a9dd46dbec
- SSDEEP
  
  3072:O/6mN7KWjKL7gHdJWRYhvoiJVIAQlHvIRQ0OzbXq:cN7PjKL7gHdJWRYD5UHv3ZT
Score

1^/10
behavioral19
- Target
  
  Microsoft.CSharp.dll
- Size
  
  287KB
- MD5
  
  550c3defa28f7da52cfeb896254d5446
- SHA1
  
  9769ad55aee4cfbc94053e885d229ca98d953254
- SHA256
  
  d5ce9323fc09281f1f8d86d741a594e29f7a9797de0284e1b168b1043c6c9a02
- SHA512
  
  264181da5f80966f2b0a76912d496ad55b403f99d31097b258c9ab87d39b41435015b8e702bfceed5f333fac9367f542dd397778504c8ed2a4b4ff4bb3a82370
- SSDEEP
  
  6144:3MsCfqudVKjZSkSNw1oxu0LhdkjVsZBwRnIfPk9eG3u9yHcohyz:csCfidSkSNw1otkcG3u9yHc
Score

1^/10
behavioral20
- Target
  
  Microsoft.DiaSymReader.Native.x86.dll
- Size
  
  1.1MB
- MD5
  
  4ff7094e3edfda47ced912012044296b
- SHA1
  
  c6f3c9d81713687dc3820d8cabf14c2a32208d27
- SHA256
  
  f21da9fb831ac943736135b6ee109a4b352511b8d6c07cb03c66b61996d1ddc9
- SHA512
  
  372867bbae96c51ee11b413f552a67a53992b16dbfa44105381db3813e3c2f9a3dc9d16fc6bd6366514d4e1b4bf1eeccce5261bc3df837bf3e3eb5a04446c551
- SSDEEP
  
  24576:7Xg0Ff/wSOM0TJuCD0Kbyk3dIf//LXpWhIHWLRDAcc17QXk0:7HHFRKbhdIf/TcIIhk/0
Score

1^/10
behavioral21
- Target
  
  Microsoft.Extensions.Configuration.Abstractions.dll
- Size
  
  12KB
- MD5
  
  542b6ef0d8d600f43cecdaa5fe6a99a5
- SHA1
  
  3e5626ab326b8e0a08d48f1347c09eb3a8b1b882
- SHA256
  
  e9e4bf73dfed3d5aa9ff25780e87109a985cb6e2feab30bea42689cf7d1d4ed1
- SHA512
  
  4ba7499c2b5cab18d185f63f857f8e94785642b5d0909d2c978b039d8920aadc0401f57ab7603f2ddae396c4c8edff5f56b31de36d24620733c9847f5b3152cd
- SSDEEP
  
  192:DMt6XYVhN6y0mb+dXM+4POdTJ6V2fGtbn/PTG/AxXEzRjz6P+M/FbSZbWsKTWM:D+V/6PI+1z8bXTG/ABEzRjz6P+M/Fbk
Score

1^/10
behavioral22
- Target
  
  Microsoft.Extensions.Configuration.Binder.dll
- Size
  
  15KB
- MD5
  
  99ed54569b703e903f674ea4eda6c662
- SHA1
  
  5c59e3c564b4c057ebc1455cf7bc219b825aa11c
- SHA256
  
  4950a8400717903c28cd5b9562cff761afe5ac3470ab699855a898b29fe8a2e3
- SHA512
  
  fe4937471fee583ee73411eac6e256a622c2f8a10d885e2096546bbc93e393435fbc20d40b3f885f48f48767bfdde906209890e9088318505b10d84a7d4ae7e7
- SSDEEP
  
  384:dqnWO8HPEfXZ5PAxmLKRTuVWU28UJjyFygZ7gYU8ud/WiaGWM:dSWO86zgm0qfUTMuY
Score

1^/10
behavioral23
- Target
  
  Microsoft.Extensions.Configuration.dll
- Size
  
  17KB
- MD5
  
  d29ef3e603946cdd964ded903c205d62
- SHA1
  
  959896475fe1dd758adf857b72bea25cdcd405cd
- SHA256
  
  91be5d8e169d4e809d077108827c041988018f37924c312dcf3c3c77264eaa7c
- SHA512
  
  3f82b58932bbe771fd102065399e36822f061c769a211b85661d4b0575cbca90cd18ae92d76101e2219f22bc247a163ba95718a4303a6d43784723437f7b88cc
- SSDEEP
  
  384:/dfVJtVnucJYXVJig3xLm+NMsTks7WK4WJeVWWM:FtluT31Ugi
Score

1^/10
behavioral24
- Target
  
  Microsoft.Extensions.DependencyInjection.Abstractions.dll
- Size
  
  27KB
- MD5
  
  1cca6bb1ef856aed16e29b17b92ea225
- SHA1
  
  59bcdfef44880db1daf87951619cbc776a22746d
- SHA256
  
  1663be664cb7a7afa5786dc9f071fca8aeac3737fe8e29153f29223c8ab1608f
- SHA512
  
  6daea2c19e873594e8486ee09ab0cb9d30e4f76a1ba51fd3c2a40ac5c27c870e1e7b533247c17b8386c9016103d1423cd886efbf1256e89ca2a8b99f0d2d57fd
- SSDEEP
  
  768:jwd02Ew1NODPOlwlwlwlwlNm/ST5T1yEf:jwd02EacZ/mJz
Score

1^/10
behavioral25
- Target
  
  Microsoft.Extensions.DependencyInjection.dll
- Size
  
  61KB
- MD5
  
  692c5f999645b4e9babc2e830a2534e5
- SHA1
  
  da1ce989d55ef32809a4c0471be5ae9e5614e483
- SHA256
  
  21d64f47e3d226854b93ec5b1f94d3b8ecabb0000a5b759decd96507789c307c
- SHA512
  
  ee6da0eeb5617b6b0ddb754cdced46a68a4aa95e5127ed94090f3640d4d0df3f003135ca84e5b4870679b0972e3c4f6b8059bd8a9c870ce8c5237cb0930235d7
- SSDEEP
  
  1536:CPkLGoLSeeeJHlFDj4aQsxYZiKdD4Zfg+:Q+XHzjeN4ZfD
Score

1^/10
behavioral26
- Target
  
  Microsoft.Extensions.Logging.Abstractions.dll
- Size
  
  38KB
- MD5
  
  613442a0e2cd90d79c3401554b8fba9e
- SHA1
  
  380df211e2bada028536a6c55bc8f33495bce1a2
- SHA256
  
  971a367da28ccca459fe2f7d755f0cea978310fdd064f6368fb8c8af814d74fd
- SHA512
  
  ef9a5696774f111a7ec99a6cc96d976e761faee4e128510f278a6f606de3f898413808f4c53cd19d27e83a46a1adef945c60d4bdc41f2aef70f710027c6bac87
- SSDEEP
  
  768:qwHqGdhpezbPK/QN8jmN8CduUNxYci62wyq/:T3dv6eAuUocywyi
Score

1^/10
behavioral27
- Target
  
  Microsoft.Extensions.Logging.dll
- Size
  
  24KB
- MD5
  
  1649856f9ae8ea8aa53b5aaa04da894d
- SHA1
  
  03574a2e9baf4edab20375bbf968228ca717ce8b
- SHA256
  
  30f4630b82b19f77abf33c8287cf4a00e8285aa71df1bb3fc05b7abf9026841b
- SHA512
  
  20dda82a3c9501c7de052c86c09dafe4251042011305a7224bdd7bbf99f7b705cf6f5992f9fc27fdd5526dcbb3fd6caf6fe2128631c769c59fbbd5c639dbfc17
- SSDEEP
  
  384:uUNoqS641Wkrb90zrAj1+dOECTEPC5nnAKacrWYrqpWraVWM:uS/SkkrbqxdOEQ3AFchr+
Score

1^/10
behavioral28
- Target
  
  Microsoft.Extensions.Options.dll
- Size
  
  40KB
- MD5
  
  e80731180d3f61c207d1e759b5e422fd
- SHA1
  
  c9a8989cdb44ae95f6f6404a6618bd001ddf95fe
- SHA256
  
  1332dfbef2bb538faed7c85ae6f6c26d64333eed95486e3f81c9f2c1af5b9f33
- SHA512
  
  da74e650dbe60705e02882e7877cf0f5e7f08c1a17b3da5cd892b9a66fc06dfc7be8e324c13d8df17f7bc9898f22b399e0e81808c76e1274f70b6b1f58564a82
- SSDEEP
  
  768:JmOSgq1fwDct4Ipp8nV485AoX5R9iV+Wml9lblyMbWndaM:O1fwDct4+YJA0R9I+X5bo8M
Score

1^/10
behavioral29
- Target
  
  Microsoft.Extensions.Primitives.dll
- Size
  
  39KB
- MD5
  
  a5658cc4878088965ef9f46850739a17
- SHA1
  
  ae66d1f7ce17650a72adf2f59b80cceda2360a74
- SHA256
  
  4b6ee44d0555b3b49a5bea3cec1ccff14944bc947cf2e119a8670dee84c7ad78
- SHA512
  
  1e9be8af61815f87000971fc5624f95d0fd18483dc9b5c32470ab7840ab08236cf7da918ab02e3ae89d35cfccf23966305169e8a93502f3d31f313891fa99750
- SSDEEP
  
  768:o3/GX+hgQVTGdJS6CPIUqOF0vWusFQaui4m1/LcfJOVwAMxkEg:m/GX+BVTGbfi9qOF0v3sqauiJkJOEx0
Score

1^/10
behavioral30
- Target
  
  Microsoft.Toolkit.Uwp.Notifications.dll
- Size
  
  111KB
- MD5
  
  71829de02b099241bad4ef0efba785cf
- SHA1
  
  625aca08f1b7020456303794543cc669853003a3
- SHA256
  
  b14999bfdbb2a55f335ed3e9da022a73e9ff6e96ba341ffef22637a6f1826188
- SHA512
  
  dc5248ec12ff04db6722d6640ce2eab8dbf154ceaecbcb5f473e4ca869f60ada4bd136d849db82524743c652f2bb27d08870d28e2d54977c717b73fc853d6557
- SSDEEP
  
  1536:I3FYVCl7jqFaTsU6+QFBwkGKXX/3+fibJ+zGgr6j0tdISOUpUfZ:ooClnxsU6+QFtxXX/3+2+3r/c
Score

1^/10
behavioral31
- Target
  
  Microsoft.VisualBasic.Core.dll
- Size
  
  1.1MB
- MD5
  
  4ca0c139b698ff4b1a4fbaf653d8b607
- SHA1
  
  4881028e15d3fe3e52a6e0e8a10a3d926f3400d3
- SHA256
  
  e0864f46e0f0ca66143b43c12a4b37dbe2fbe8fd138d5da59326fd632d6a3571
- SHA512
  
  db0e1eea47f75bde5427234888d88829fb184e31be0aefcf687e2dd4e351d9daa7cd5fdc5457ac445f17c5f784f4602f48fa8f49faa2c22c511729c5f550b93f
- SSDEEP
  
  24576:92o6FIAG8DgwIB0RLQh71gPOpxEDoQt7g8m:f6FjDgwAps2Itto
Score

1^/10
behavioral32