Malware Analysis Report

2024-10-16 06:09

Sample ID 240717-yxa24azfqh
Target MechvibesPlusPlus.Setup.2.4.0.exe
SHA256 b1091d37f3d5691e7bf8cbfc46970a9ed643075f07af750175d1a58e03029132
Tags
execution discovery antivm
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral31

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral26

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral25

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral27

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral17

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral19

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral23

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral24

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral21

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral29

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral30

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral18

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral20

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral22

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral28

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral32

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

b1091d37f3d5691e7bf8cbfc46970a9ed643075f07af750175d1a58e03029132

Threat Level: Likely malicious

The file MechvibesPlusPlus.Setup.2.4.0.exe was found to be: Likely malicious.

Malicious Activity Summary

execution discovery antivm

Downloads MZ/PE file

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Checks installed software on the system

Changes its process name

Checks CPU configuration

Reads CPU attributes

Unsigned PE

Reads runtime system information

Enumerates kernel/hardware configuration

Program crash

Enumerates physical storage devices

Command and Scripting Interpreter: JavaScript

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SetWindowsHookEx

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Modifies registry class

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-07-17 20:10

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral8

Detonation Overview

Submitted

2024-07-17 20:09

Reported

2024-07-17 20:13

Platform

win10v2004-20240704-en

Max time kernel

149s

Max time network

155s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1936 wrote to memory of 1748 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 1936 wrote to memory of 1748 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 1936 wrote to memory of 1748 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 1748 -ip 1748

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1748 -s 612

Network

Country Destination Domain Proto
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 147.142.123.92.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
US 8.8.8.8:53 89.65.42.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral11

Detonation Overview

Submitted

2024-07-17 20:09

Reported

2024-07-17 20:13

Platform

win7-20240705-en

Max time kernel

119s

Max time network

123s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1

Signatures

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 220

Network

N/A

Files

N/A

Analysis: behavioral13

Detonation Overview

Submitted

2024-07-17 20:09

Reported

2024-07-17 20:13

Platform

win7-20240708-en

Max time kernel

119s

Max time network

125s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app-64.7z

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000_Classes\Local Settings C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000_Classes\Local Settings C:\Windows\system32\rundll32.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app-64.7z

C:\Windows\system32\rundll32.exe

"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app-64.7z

C:\Windows\system32\rundll32.exe

"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app-64.7z

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe

"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app-64.7z"

Network

N/A

Files

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

MD5 31b19fc1bd16aeb5257893e7928d8d32
SHA1 08f400e950c0665725f77095d9dd57a221e270d6
SHA256 fa2a9f5945f8d3dea3e0bfebb911670add4f7a1ec03c20b1bb6b7043e307a4ea
SHA512 3f62aa28bb7ef671d90ce8fc0dc170bb71f07d557b16e6b5fe62676a864b7f5d2e031989f24dbcf2848c1b8bd67c7c113e921d87c39e60b01711c695399c23ff

Analysis: behavioral31

Detonation Overview

Submitted

2024-07-17 20:09

Reported

2024-07-17 20:14

Platform

debian9-mipsbe-20240611-en

Max time kernel

4294954s

Command Line

[/tmp/resources/app.asar.unpacked/node_modules/iohook/deploy-docs.sh]

Signatures

N/A

Processes

/tmp/resources/app.asar.unpacked/node_modules/iohook/deploy-docs.sh

[/tmp/resources/app.asar.unpacked/node_modules/iohook/deploy-docs.sh]

/usr/local/sbin/sh

[sh /tmp/resources/app.asar.unpacked/node_modules/iohook/deploy-docs.sh]

/usr/local/bin/sh

[sh /tmp/resources/app.asar.unpacked/node_modules/iohook/deploy-docs.sh]

/usr/sbin/sh

[sh /tmp/resources/app.asar.unpacked/node_modules/iohook/deploy-docs.sh]

/usr/bin/sh

[sh /tmp/resources/app.asar.unpacked/node_modules/iohook/deploy-docs.sh]

/sbin/sh

[sh /tmp/resources/app.asar.unpacked/node_modules/iohook/deploy-docs.sh]

/bin/sh

[sh /tmp/resources/app.asar.unpacked/node_modules/iohook/deploy-docs.sh]

Network

N/A

Files

N/A

Analysis: behavioral14

Detonation Overview

Submitted

2024-07-17 20:09

Reported

2024-07-17 20:13

Platform

win10v2004-20240709-en

Max time kernel

146s

Max time network

154s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app-64.7z

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A
Key created \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app-64.7z

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 58.99.105.20.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 98.58.20.217.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 94.65.42.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral15

Detonation Overview

Submitted

2024-07-17 20:09

Reported

2024-07-17 20:13

Platform

win7-20240705-en

Max time kernel

117s

Max time network

122s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\natives_blob.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\natives_blob.js

Network

N/A

Files

N/A

Analysis: behavioral26

Detonation Overview

Submitted

2024-07-17 20:09

Reported

2024-07-17 20:13

Platform

win10v2004-20240709-en

Max time kernel

149s

Max time network

155s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\iohook\builds\node-v64-win32-x64\build\Release\iohook.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\iohook\builds\node-v64-win32-x64\build\Release\iohook.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 192.142.123.92.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
US 8.8.8.8:53 25.140.123.92.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral25

Detonation Overview

Submitted

2024-07-17 20:09

Reported

2024-07-17 20:13

Platform

win7-20240705-en

Max time kernel

10s

Max time network

17s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\iohook\builds\node-v64-win32-x64\build\Release\iohook.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\iohook\builds\node-v64-win32-x64\build\Release\iohook.dll,#1

Network

N/A

Files

N/A

Analysis: behavioral27

Detonation Overview

Submitted

2024-07-17 20:09

Reported

2024-07-17 20:13

Platform

win7-20240704-en

Max time kernel

117s

Max time network

121s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\iohook\builds\node-v64-win32-x64\build\Release\uiohook.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\iohook\builds\node-v64-win32-x64\build\Release\uiohook.dll,#1

Network

N/A

Files

N/A

Analysis: behavioral12

Detonation Overview

Submitted

2024-07-17 20:09

Reported

2024-07-17 20:13

Platform

win10v2004-20240709-en

Max time kernel

148s

Max time network

151s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2988 wrote to memory of 2348 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2988 wrote to memory of 2348 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2988 wrote to memory of 2348 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2348 -ip 2348

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 612

Network

Country Destination Domain Proto
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 25.140.123.92.in-addr.arpa udp
US 8.8.8.8:53 58.99.105.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
US 8.8.8.8:53 23.173.189.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral17

Detonation Overview

Submitted

2024-07-17 20:09

Reported

2024-07-17 20:13

Platform

win7-20240705-en

Max time kernel

120s

Max time network

124s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\iohook\build.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\iohook\build.js

Network

N/A

Files

N/A

Analysis: behavioral19

Detonation Overview

Submitted

2024-07-17 20:09

Reported

2024-07-17 20:13

Platform

ubuntu2204-amd64-20240611-en

Max time kernel

0s

Max time network

135s

Command Line

[/tmp/resources/app.asar.unpacked/node_modules/iohook/builds/electron-v73-linux-x64/build/Release/iohook.node]

Signatures

N/A

Processes

/tmp/resources/app.asar.unpacked/node_modules/iohook/builds/electron-v73-linux-x64/build/Release/iohook.node

[/tmp/resources/app.asar.unpacked/node_modules/iohook/builds/electron-v73-linux-x64/build/Release/iohook.node]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral23

Detonation Overview

Submitted

2024-07-17 20:09

Reported

2024-07-17 20:13

Platform

win10v2004-20240709-en

Max time kernel

149s

Max time network

155s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v73-win32-x64\build\Release\uiohook.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v73-win32-x64\build\Release\uiohook.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 58.99.105.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 13.107.21.237:443 g.bing.com tcp
US 8.8.8.8:53 237.21.107.13.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 38.58.20.217.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp

Files

N/A

Analysis: behavioral24

Detonation Overview

Submitted

2024-07-17 20:09

Reported

2024-07-17 20:13

Platform

ubuntu1804-amd64-20240508-en

Max time kernel

0s

Max time network

130s

Command Line

[/tmp/resources/app.asar.unpacked/node_modules/iohook/builds/node-v64-linux-x64/build/Release/iohook.node]

Signatures

N/A

Processes

/tmp/resources/app.asar.unpacked/node_modules/iohook/builds/node-v64-linux-x64/build/Release/iohook.node

[/tmp/resources/app.asar.unpacked/node_modules/iohook/builds/node-v64-linux-x64/build/Release/iohook.node]

Network

Country Destination Domain Proto
GB 185.125.188.62:443 tcp
GB 185.125.188.61:443 tcp
US 151.101.129.91:443 tcp
US 151.101.129.91:443 tcp
N/A 224.0.0.251:5353 udp
GB 89.187.167.2:443 tcp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-07-17 20:09

Reported

2024-07-17 20:13

Platform

win10v2004-20240709-en

Max time kernel

146s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\MechvibesPlusPlus.Setup.2.4.0.exe"

Signatures

Downloads MZ/PE file

Checks installed software on the system

discovery

Enumerates physical storage devices

Processes

C:\Users\Admin\AppData\Local\Temp\MechvibesPlusPlus.Setup.2.4.0.exe

"C:\Users\Admin\AppData\Local\Temp\MechvibesPlusPlus.Setup.2.4.0.exe"

C:\Users\Admin\AppData\Local\Temp\mvpp-setup\vcppredist.exe

C:\Users\Admin\AppData\Local\Temp\mvpp-setup\vcppredist.exe

C:\Windows\Temp\{C58B51F2-D4A0-4FD7-9624-07C189DC7389}\.cr\vcppredist.exe

"C:\Windows\Temp\{C58B51F2-D4A0-4FD7-9624-07C189DC7389}\.cr\vcppredist.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\mvpp-setup\vcppredist.exe" -burn.filehandle.attached=540 -burn.filehandle.self=548

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 13.107.21.237:443 g.bing.com tcp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 25.140.123.92.in-addr.arpa udp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 237.21.107.13.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 aka.ms udp
GB 2.17.6.114:443 aka.ms tcp
US 8.8.8.8:53 download.visualstudio.microsoft.com udp
FR 68.232.34.200:443 download.visualstudio.microsoft.com tcp
US 8.8.8.8:53 114.6.17.2.in-addr.arpa udp
US 8.8.8.8:53 200.34.232.68.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 39.58.20.217.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
US 8.8.8.8:53 240.143.123.92.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 94.65.42.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\nsu9F1F.tmp\System.dll

MD5 75ed96254fbf894e42058062b4b4f0d1
SHA1 996503f1383b49021eb3427bc28d13b5bbd11977
SHA256 a632d74332b3f08f834c732a103dafeb09a540823a2217ca7f49159755e8f1d7
SHA512 58174896db81d481947b8745dafe3a02c150f3938bb4543256e8cce1145154e016d481df9fe68dac6d48407c62cbe20753320ebd5fe5e84806d07ce78e0eb0c4

C:\Users\Admin\AppData\Local\Temp\nsu9F1F.tmp\UAC.dll

MD5 adb29e6b186daa765dc750128649b63d
SHA1 160cbdc4cb0ac2c142d361df138c537aa7e708c9
SHA256 2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08
SHA512 b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada

C:\Users\Admin\AppData\Local\Temp\nsu9F1F.tmp\StdUtils.dll

MD5 c6a6e03f77c313b267498515488c5740
SHA1 3d49fc2784b9450962ed6b82b46e9c3c957d7c15
SHA256 b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
SHA512 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

C:\Users\Admin\AppData\Local\Temp\nsu9F1F.tmp\INetC.dll

MD5 38caa11a462b16538e0a3daeb2fc0eaf
SHA1 c22a190b83f4b6dc0d6a44b98eac1a89a78de55c
SHA256 ed04a4823f221e9197b8f3c3da1d6859ff5b176185bde2f1c923a442516c810a
SHA512 777135e05e908ac26bfce0a9c425b57f7132c1cdb0969bbb6ef625748c868860602bacc633c61cab36d0375b94b6bcfbd8bd8c7fa781495ef7332e362f8d44d1

C:\Users\Admin\AppData\Local\Temp\mvpp-setup\vcppredist.exe

MD5 e091e9e5ede4161b45b880ccd6e140b0
SHA1 1a18b960482c2a242df0e891de9e3a125e439122
SHA256 cee28f29f904524b7f645bcec3dfdfe38f8269b001144cd909f5d9232890d33b
SHA512 fa8627055bbeb641f634b56059e7b5173e7c64faaa663e050c20d01d708a64877e71cd0b974282c70cb448e877313b1cf0519cf6128c733129b045f2b961a09b

C:\Windows\Temp\{C58B51F2-D4A0-4FD7-9624-07C189DC7389}\.cr\vcppredist.exe

MD5 cb264f7d256b42a54b2129b7a02c1ce3
SHA1 d71459e24185f70b0c8647758663b1116a898412
SHA256 d6aaee30c9b7edeac6939f78f4a55683c6358d9cc03dac487880d01f18700e83
SHA512 4f623f5d21bc216f3dd040e6d0c663a8ea37efe5d0ce5f4aeb1ef5c1f7c873e19d1abc979d3e40d4dc70e2e4f0fc9a1b114b17d9eb852ea9a41d0f84356cd7cb

C:\Windows\Temp\{ABC8B3CA-55FE-4E7C-BDB6-55788835E66C}\.ba\wixstdba.dll

MD5 eab9caf4277829abdf6223ec1efa0edd
SHA1 74862ecf349a9bedd32699f2a7a4e00b4727543d
SHA256 a4efbdb2ce55788ffe92a244cb775efd475526ef5b61ad78de2bcdfaddac7041
SHA512 45b15ade68e0a90ea7300aeb6dca9bc9e347a63dba5ce72a635957564d1bdf0b1584a5e34191916498850fc7b3b7ecfbcbfcb246b39dbf59d47f66bc825c6fd2

C:\Windows\Temp\{ABC8B3CA-55FE-4E7C-BDB6-55788835E66C}\.ba\logo.png

MD5 d6bd210f227442b3362493d046cea233
SHA1 ff286ac8370fc655aea0ef35e9cf0bfcb6d698de
SHA256 335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef
SHA512 464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b

Analysis: behavioral16

Detonation Overview

Submitted

2024-07-17 20:09

Reported

2024-07-17 20:13

Platform

win10v2004-20240709-en

Max time kernel

149s

Max time network

154s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\natives_blob.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\natives_blob.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 25.140.123.92.in-addr.arpa udp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 58.99.105.20.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 192.142.123.92.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
US 8.8.8.8:53 4.173.189.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-07-17 20:09

Reported

2024-07-17 20:13

Platform

win10v2004-20240709-en

Max time kernel

140s

Max time network

125s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\INetC.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2324 wrote to memory of 4700 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2324 wrote to memory of 4700 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2324 wrote to memory of 4700 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\INetC.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\INetC.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4700 -ip 4700

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4700 -s 624

Network

Country Destination Domain Proto
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral21

Detonation Overview

Submitted

2024-07-17 20:09

Reported

2024-07-17 20:13

Platform

win10v2004-20240709-en

Max time kernel

146s

Max time network

151s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v73-win32-x64\build\Release\iohook.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v73-win32-x64\build\Release\iohook.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 192.142.123.92.in-addr.arpa udp
US 8.8.8.8:53 101.58.20.217.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 5.173.189.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral29

Detonation Overview

Submitted

2024-07-17 20:09

Reported

2024-07-17 20:13

Platform

ubuntu1804-amd64-20240508-en

Max time kernel

0s

Max time network

129s

Command Line

[/tmp/resources/app.asar.unpacked/node_modules/iohook/deploy-docs.sh]

Signatures

Changes its process name

Description Indicator Process Target
Changes the process name, possibly in an attempt to hide itself npm /usr/bin/node N/A

Enumerates kernel/hardware configuration

Description Indicator Process Target
File opened for reading /sys/fs/cgroup/memory/memory.limit_in_bytes /usr/bin/node N/A

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/meminfo /usr/bin/node N/A

Processes

/tmp/resources/app.asar.unpacked/node_modules/iohook/deploy-docs.sh

[/tmp/resources/app.asar.unpacked/node_modules/iohook/deploy-docs.sh]

/usr/local/sbin/sh

[sh /tmp/resources/app.asar.unpacked/node_modules/iohook/deploy-docs.sh]

/usr/local/bin/sh

[sh /tmp/resources/app.asar.unpacked/node_modules/iohook/deploy-docs.sh]

/usr/sbin/sh

[sh /tmp/resources/app.asar.unpacked/node_modules/iohook/deploy-docs.sh]

/usr/bin/sh

[sh /tmp/resources/app.asar.unpacked/node_modules/iohook/deploy-docs.sh]

/sbin/sh

[sh /tmp/resources/app.asar.unpacked/node_modules/iohook/deploy-docs.sh]

/bin/sh

[sh /tmp/resources/app.asar.unpacked/node_modules/iohook/deploy-docs.sh]

/usr/bin/npm

[npm run docs:build]

/usr/local/sbin/node

[node /usr/bin/npm run docs:build]

/usr/local/bin/node

[node /usr/bin/npm run docs:build]

/usr/sbin/node

[node /usr/bin/npm run docs:build]

/usr/bin/node

[node /usr/bin/npm run docs:build]

Network

Country Destination Domain Proto
US 151.101.193.91:443 tcp
GB 185.125.188.61:443 tcp
GB 185.125.188.61:443 tcp
US 151.101.193.91:443 tcp
GB 89.187.167.2:443 tcp
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral30

Detonation Overview

Submitted

2024-07-17 20:09

Reported

2024-07-17 20:15

Platform

debian9-armhf-20240611-en

Max time kernel

11s

Command Line

[/tmp/resources/app.asar.unpacked/node_modules/iohook/deploy-docs.sh]

Signatures

Changes its process name

Description Indicator Process Target
Changes the process name, possibly in an attempt to hide itself npm /usr/bin/node N/A

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo /usr/bin/node N/A

Reads CPU attributes

Description Indicator Process Target
File opened for reading /sys/devices/system/cpu/online /usr/bin/node N/A

Enumerates kernel/hardware configuration

Description Indicator Process Target
File opened for reading /sys/fs/cgroup/memory/memory.limit_in_bytes /usr/bin/node N/A

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/meminfo /usr/bin/node N/A
File opened for reading /proc/sys/vm/overcommit_memory /usr/bin/node N/A

Processes

/tmp/resources/app.asar.unpacked/node_modules/iohook/deploy-docs.sh

[/tmp/resources/app.asar.unpacked/node_modules/iohook/deploy-docs.sh]

/usr/local/sbin/sh

[sh /tmp/resources/app.asar.unpacked/node_modules/iohook/deploy-docs.sh]

/usr/local/bin/sh

[sh /tmp/resources/app.asar.unpacked/node_modules/iohook/deploy-docs.sh]

/usr/sbin/sh

[sh /tmp/resources/app.asar.unpacked/node_modules/iohook/deploy-docs.sh]

/usr/bin/sh

[sh /tmp/resources/app.asar.unpacked/node_modules/iohook/deploy-docs.sh]

/sbin/sh

[sh /tmp/resources/app.asar.unpacked/node_modules/iohook/deploy-docs.sh]

/bin/sh

[sh /tmp/resources/app.asar.unpacked/node_modules/iohook/deploy-docs.sh]

/usr/bin/npm

[npm run docs:build]

/usr/local/sbin/node

[node /usr/bin/npm run docs:build]

/usr/local/bin/node

[node /usr/bin/npm run docs:build]

/usr/sbin/node

[node /usr/bin/npm run docs:build]

/usr/bin/node

[node /usr/bin/npm run docs:build]

Network

N/A

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-07-17 20:09

Reported

2024-07-17 20:13

Platform

win7-20240705-en

Max time kernel

121s

Max time network

123s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

Signatures

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1480 -s 220

Network

N/A

Files

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2024-07-17 20:09

Reported

2024-07-17 20:13

Platform

win10v2004-20240709-en

Max time kernel

139s

Max time network

125s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\UAC.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2836 wrote to memory of 4956 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2836 wrote to memory of 4956 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2836 wrote to memory of 4956 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\UAC.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\UAC.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 4956 -ip 4956

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4956 -s 628

Network

Country Destination Domain Proto
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 240.143.123.92.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 13.107.21.237:443 g.bing.com tcp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 237.21.107.13.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 147.142.123.92.in-addr.arpa udp
US 8.8.8.8:53 25.140.123.92.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp

Files

N/A

Analysis: behavioral18

Detonation Overview

Submitted

2024-07-17 20:09

Reported

2024-07-17 20:13

Platform

win10v2004-20240709-en

Max time kernel

143s

Max time network

150s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\iohook\build.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\iohook\build.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 19.58.20.217.in-addr.arpa udp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 100.58.20.217.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 240.143.123.92.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-07-17 20:09

Reported

2024-07-17 20:13

Platform

win7-20240708-en

Max time kernel

117s

Max time network

119s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\INetC.dll,#1

Signatures

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\INetC.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\INetC.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 232

Network

N/A

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-07-17 20:09

Reported

2024-07-17 20:14

Platform

win7-20240704-en

Max time kernel

9s

Max time network

19s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

Signatures

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2908 -s 224

Network

N/A

Files

N/A

Analysis: behavioral9

Detonation Overview

Submitted

2024-07-17 20:09

Reported

2024-07-17 20:13

Platform

win7-20240708-en

Max time kernel

120s

Max time network

122s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\UAC.dll,#1

Signatures

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\UAC.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\UAC.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 224

Network

N/A

Files

N/A

Analysis: behavioral20

Detonation Overview

Submitted

2024-07-17 20:09

Reported

2024-07-17 20:13

Platform

win7-20240704-en

Max time kernel

117s

Max time network

121s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v73-win32-x64\build\Release\iohook.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v73-win32-x64\build\Release\iohook.dll,#1

Network

N/A

Files

N/A

Analysis: behavioral22

Detonation Overview

Submitted

2024-07-17 20:09

Reported

2024-07-17 20:13

Platform

win7-20240704-en

Max time kernel

118s

Max time network

127s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v73-win32-x64\build\Release\uiohook.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v73-win32-x64\build\Release\uiohook.dll,#1

Network

N/A

Files

N/A

Analysis: behavioral28

Detonation Overview

Submitted

2024-07-17 20:09

Reported

2024-07-17 20:13

Platform

win10v2004-20240709-en

Max time kernel

147s

Max time network

158s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\iohook\builds\node-v64-win32-x64\build\Release\uiohook.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\iohook\builds\node-v64-win32-x64\build\Release\uiohook.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 58.99.105.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 147.142.123.92.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-17 20:09

Reported

2024-07-17 20:14

Platform

win7-20240708-en

Max time kernel

171s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\MechvibesPlusPlus.Setup.2.4.0.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\MechvibesPlusPlus.Setup.2.4.0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MechvibesPlusPlus.Setup.2.4.0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MechvibesPlusPlus.Setup.2.4.0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MechvibesPlusPlus.Setup.2.4.0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MechvibesPlusPlus.Setup.2.4.0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MechvibesPlusPlus.Setup.2.4.0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MechvibesPlusPlus.Setup.2.4.0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MechvibesPlusPlus.Setup.2.4.0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MechvibesPlusPlus.Setup.2.4.0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MechvibesPlusPlus.Setup.2.4.0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MechvibesPlusPlus.Setup.2.4.0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MechvibesPlusPlus.Setup.2.4.0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MechvibesPlusPlus.Setup.2.4.0.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe N/A

Checks installed software on the system

discovery

Enumerates physical storage devices

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\MechvibesPlusPlus.Setup.2.4.0.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2168 wrote to memory of 876 N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe
PID 2168 wrote to memory of 876 N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe
PID 2168 wrote to memory of 876 N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe
PID 2168 wrote to memory of 876 N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe
PID 2168 wrote to memory of 876 N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe
PID 2168 wrote to memory of 876 N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe
PID 2168 wrote to memory of 876 N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe
PID 2168 wrote to memory of 876 N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe
PID 2168 wrote to memory of 876 N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe
PID 2168 wrote to memory of 876 N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe
PID 2168 wrote to memory of 876 N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe
PID 2168 wrote to memory of 876 N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe
PID 2168 wrote to memory of 876 N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe
PID 2168 wrote to memory of 876 N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe
PID 2168 wrote to memory of 876 N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe
PID 2168 wrote to memory of 876 N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe
PID 2168 wrote to memory of 876 N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe
PID 2168 wrote to memory of 876 N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe
PID 2168 wrote to memory of 876 N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe
PID 2168 wrote to memory of 876 N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe
PID 2168 wrote to memory of 876 N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe
PID 2168 wrote to memory of 876 N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe
PID 2168 wrote to memory of 876 N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe
PID 2168 wrote to memory of 876 N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe
PID 2168 wrote to memory of 876 N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe
PID 2168 wrote to memory of 876 N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe
PID 2168 wrote to memory of 876 N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe
PID 2168 wrote to memory of 876 N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe
PID 2168 wrote to memory of 876 N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe
PID 2168 wrote to memory of 876 N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe
PID 2168 wrote to memory of 876 N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe
PID 2168 wrote to memory of 876 N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe
PID 2168 wrote to memory of 876 N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe
PID 2168 wrote to memory of 876 N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe
PID 2168 wrote to memory of 876 N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe
PID 2168 wrote to memory of 876 N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe
PID 2168 wrote to memory of 876 N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe
PID 2168 wrote to memory of 876 N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe
PID 2168 wrote to memory of 876 N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe
PID 2168 wrote to memory of 876 N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe
PID 2168 wrote to memory of 876 N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe
PID 2168 wrote to memory of 2164 N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe
PID 2168 wrote to memory of 2164 N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe
PID 2168 wrote to memory of 2164 N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe
PID 2168 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe
PID 2168 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe
PID 2168 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe

Processes

C:\Users\Admin\AppData\Local\Temp\MechvibesPlusPlus.Setup.2.4.0.exe

"C:\Users\Admin\AppData\Local\Temp\MechvibesPlusPlus.Setup.2.4.0.exe"

C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe

"C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe"

C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe

"C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe" --type=gpu-process --field-trial-handle=1160,6457331825412860136,4840480992552568560,131072 --disable-features=LayoutNG,SpareRendererForSitePerProcess --gpu-preferences=IAAAAAAAAADgAAAgAAAAAAAAYAAAAAAACAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAABQAAABAAAAAAAAAAAAAAAAYAAAAQAAAAAAAAAAEAAAAFAAAAEAAAAAAAAAABAAAABgAAAA== --service-request-channel-token=11426423622075715578 --mojo-platform-channel-handle=1168 --ignored=" --type=renderer " /prefetch:2

C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe

"C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe" --type=renderer --autoplay-policy=no-user-gesture-required --field-trial-handle=1160,6457331825412860136,4840480992552568560,131072 --disable-features=LayoutNG,SpareRendererForSitePerProcess --lang=en-US --app-path="C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\resources\app.asar" --node-integration --no-sandbox --no-zygote --preload="C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\resources\app.asar\src\app.js" --background-color=#fff --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=15373046698402164326 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1496 /prefetch:1

C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe

"C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\MechvibesPlusPlus.exe" --type=gpu-process --field-trial-handle=1160,6457331825412860136,4840480992552568560,131072 --disable-features=LayoutNG,SpareRendererForSitePerProcess --disable-gpu-sandbox --use-gl=disabled --gpu-preferences=IAAAAAAAAADgAAAgAAAAAAAAYAAAAAAACAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAABQAAABAAAAAAAAAAAAAAAAYAAAAQAAAAAAAAAAEAAAAFAAAAEAAAAAAAAAABAAAABgAAAA== --service-request-channel-token=17083549013178330399 --mojo-platform-channel-handle=2060 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 aka.ms udp
IE 2.18.238.120:443 aka.ms tcp
IE 2.18.238.120:443 aka.ms tcp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
GB 20.26.156.210:443 api.github.com tcp

Files

\Users\Admin\AppData\Local\Temp\nsoDDB3.tmp\System.dll

MD5 75ed96254fbf894e42058062b4b4f0d1
SHA1 996503f1383b49021eb3427bc28d13b5bbd11977
SHA256 a632d74332b3f08f834c732a103dafeb09a540823a2217ca7f49159755e8f1d7
SHA512 58174896db81d481947b8745dafe3a02c150f3938bb4543256e8cce1145154e016d481df9fe68dac6d48407c62cbe20753320ebd5fe5e84806d07ce78e0eb0c4

\Users\Admin\AppData\Local\Temp\nsoDDB3.tmp\UAC.dll

MD5 adb29e6b186daa765dc750128649b63d
SHA1 160cbdc4cb0ac2c142d361df138c537aa7e708c9
SHA256 2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08
SHA512 b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada

\Users\Admin\AppData\Local\Temp\nsoDDB3.tmp\StdUtils.dll

MD5 c6a6e03f77c313b267498515488c5740
SHA1 3d49fc2784b9450962ed6b82b46e9c3c957d7c15
SHA256 b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
SHA512 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

\Users\Admin\AppData\Local\Temp\nsoDDB3.tmp\INetC.dll

MD5 38caa11a462b16538e0a3daeb2fc0eaf
SHA1 c22a190b83f4b6dc0d6a44b98eac1a89a78de55c
SHA256 ed04a4823f221e9197b8f3c3da1d6859ff5b176185bde2f1c923a442516c810a
SHA512 777135e05e908ac26bfce0a9c425b57f7132c1cdb0969bbb6ef625748c868860602bacc633c61cab36d0375b94b6bcfbd8bd8c7fa781495ef7332e362f8d44d1

C:\Users\Admin\AppData\Local\Temp\Cab217.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar239.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

\Users\Admin\AppData\Local\Temp\nsoDDB3.tmp\nsDialogs.dll

MD5 ca95c9da8cef7062813b989ab9486201
SHA1 c555af25df3de51aa18d487d47408d5245dba2d1
SHA256 feb6364375d0ab081e9cdf11271c40cb966af295c600903383b0730f0821c0be
SHA512 a30d94910204d1419c803dc12d90a9d22f63117e4709b1a131d8c4d5ead7e4121150e2c8b004a546b33c40c294df0a74567013001f55f37147d86bb847d7bbc9

C:\Users\Admin\AppData\Local\Temp\nsoDDB3.tmp\nsProcess.dll

MD5 f0438a894f3a7e01a4aae8d1b5dd0289
SHA1 b058e3fcfb7b550041da16bf10d8837024c38bf6
SHA256 30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11
SHA512 f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

\Users\Admin\AppData\Local\Temp\nsoDDB3.tmp\nsis7z.dll

MD5 80e44ce4895304c6a3a831310fbf8cd0
SHA1 36bd49ae21c460be5753a904b4501f1abca53508
SHA256 b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
SHA512 c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

\Users\Admin\AppData\Local\Temp\nsoDDB3.tmp\WinShell.dll

MD5 1cc7c37b7e0c8cd8bf04b6cc283e1e56
SHA1 0b9519763be6625bd5abce175dcc59c96d100d4c
SHA256 9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
SHA512 7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

memory/1488-379-0x0000000004560000-0x0000000004562000-memory.dmp

C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\ffmpeg.dll

MD5 3f0832d571173ea855f0ae74c74f8b5f
SHA1 ad758a1c183da21b3e6373087738644c6e01706f
SHA256 ba40eca32e8046c9648e56e58d5b56aea2644f8cb1021845524aaebd1df2f2f2
SHA512 69abba4c697d12cc1732f119c2961a79fd962b7cc934786231f40ad0c02b9ca4919a98a57ce1d695b24820f12ae7bf3d8b2ea1b68e6d1c2221aff79ce3eeca2c

C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\chrome_200_percent.pak

MD5 879f88cafa5714994744bde20e7bd2c2
SHA1 d63b55f9f7c0e40f9585cac8a5cb28c0ea9f32ee
SHA256 76126341d0dc2b4b6ddccf30559709e6a856cd47148107808bd18ceb16ed1df3
SHA512 4d70ae16c2656cf3a8aaad00e2ce0ddcc030bf1ad29bbb1d0e90c03f866c413f893b273b8b03aa12c9ea5ae01537ad1d2d1b2c52b35bf7773278121a09a3af9c

C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\resources.pak

MD5 978e8122033961585e14c65949d15e11
SHA1 3097d04bbcdfc6ff9e0bb52c2d38f6395e4bb631
SHA256 a435fa0e07a9124b0d457811de5e2245aeb225ad55ab99186cb665c6ec6e30ef
SHA512 5f6706116b7eaec70213f7343cac44eea2dc735de6262524b5508a659b150d8a5ad7f449fec984b45a2e5c170e1cb4feb927a19530c94841f3e6429a2fcaa1c0

C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\locales\en-US.pak

MD5 15e8556f737d17bd4d645513ee190990
SHA1 a24844d68fe3e9f4c57d14e6091a06f5e6b5f327
SHA256 12e4fd083a49e038578ea2993e6c88239083c8d098231527eee861299a4e1c99
SHA512 4e5c423b2b14def0e6ebb9c7844bdc050198064c9db69d3a880c1444314211995b1f0dec6fcbb12c6d5e59f690c3ffc893c2265bf7168d1ecbc8d83dfa5e1465

C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\chrome_100_percent.pak

MD5 8d56d44c318d122f7931d03ba435f00b
SHA1 387f530e06f79a2a9f7fbf4446c71c31db08e7e0
SHA256 fcb4faaa82d13d90c42dfa0669f67391b3124d30310d0f4c510f31412974cab2
SHA512 03bd2f56f73ad06fe22ebd94fb0de4e37d1771f8a9d82a47ea93002ba4696d906b59d0e25db63e98af10a169a8c3dc9d047cfcbca01030924bf93abe7bce1590

C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\natives_blob.bin

MD5 f8ac49858ca8739658ff44c296f8aba6
SHA1 427b4da3bd619d85381c36d61daf2ce392e07909
SHA256 354ff502a0e1ed73df4e5c7b52970356b04777461f6e169f72a8567ab5f4c317
SHA512 52e875aedbdc5dad21e01a42e333ff5aefed9ae6468a00e80f2bb373b871196f9a82bc3f43a6c72c9dd6be0e4fbc591d3ede41ca47b23a806b788db5aa9bf313

C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\v8_context_snapshot.bin

MD5 ca7cd9e8812bf3d3af627e2ce32ac9be
SHA1 ae584ef401ec7684128517812e9eebc824098151
SHA256 15135d0f1bf67e01601a01dac865ae49d59eae99bc8967da1b8f0d5c7ada7d84
SHA512 f15ce97f2fe8d1e2230c7754449313f8c5b9a850a1bf2700adf47e95fd93a27c6d41a3435a1cbaf76b99a4ed2465ff5c8c39138239bda07e97b25e4bf377a310

C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\icudtl.dat

MD5 4c8a9e9c260dc5a6fee2a3c37520f5bf
SHA1 5a9883dbeb5314a98e7ab5326f9868e78ba387dc
SHA256 8c2df1f6e2ea8df2e5fc5e4b016b0cddd64a7ce6985189ca45be3c0ec99472c2
SHA512 c0da0b08a0b0eaa898f96c6e6c6fb65bc7f773f5814fc0d612a40e2fcaea4049c67cd2812716a564dbc16d609677ee62eaa9f9747d2a7bc5c9bce43cd2208aa7

C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\resources\electron.asar

MD5 98ff67f9a24cfeb9e22abf267d526893
SHA1 c174492560b2ade98e660f5c0b7e23ff88cdfc84
SHA256 74c4276a97f49c3178c61ceb41eb25af0998bf99ed1020d5f5b47e14b53e7b35
SHA512 66001dce7708d36f6c168f9fbe864ca6ab67b2db7860ba4e432903b13a643b354cdb661ff9b0d0388711382dd8ef3ed3f5ee47e9a0f5a23b2674d1c6ecc3a96e

C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\resources\app.asar

MD5 faab0fa0379f4963062b184eff8f58bf
SHA1 6026cfd73bd12d924276a245b50ef455c1622a9a
SHA256 881dbb091241ea8184e18932042a9f91875576216dfd6c12ed4395eacb1dc813
SHA512 2bb7c3b6ef4d24dd011e8db16c56a98795219ad6cc458cd8f8fb6035f5105b38b614d3a192666ae1d51cf55579c435e4b2e220c6e61b2de3a7613789dbee64a2

memory/876-394-0x0000000000060000-0x0000000000061000-memory.dmp

memory/876-427-0x0000000076EE0000-0x0000000076EE1000-memory.dmp

\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\d3dcompiler_47.dll

MD5 57d829f7d174d1a8067612c09cf6566b
SHA1 79ed06500dcee028885b00301f7a9a9155c69b62
SHA256 dca0cd7272a56801dd74d0b253df33a8829bee61f5fa0c6d8e2ed5b62f440dff
SHA512 16936ce02b7445b56d67adf43d896d2dd9bf1f713d5a765fe97c73c72f22ef8915372dd7b04cfdcfad72447924b6e03d8ae0e0565927a2f862433b2860bcfd64

\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\swiftshader\libGLESv2.dll

MD5 9282eacd90a0979d8c1d234308ca52f5
SHA1 82ae1d6fbfb5a1015421991a31ad33138243f9bb
SHA256 df2e4d254703ab38a9be2dbbf90493ebe55723dac66b0347e2e21ce7293318cc
SHA512 48befdba812ceb968863e0cd54d6335adb6e8173b79bc9bc899122201ad551fb07bdfebe47360c7d6d487caa2148a18f609ba0e601ee4df89d40c8b3a951d5e8

\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\swiftshader\libEGL.dll

MD5 61eb55ca308ae053d6556d48bbcd2523
SHA1 039e1ba62b748f52a2864c184cafd9ac5ada5f4d
SHA256 3570a5d6b667cdf5e3e6e2cebc8b91f5668a85ddc418f9469f61fe9b57addbe4
SHA512 a678b836c148869a3723c493e3b04b23a0a5083328b0524d61393204da7ff6671f2a25b50e6d0993e8b206d8f14454c616554c5e1115983cbe211dea8b73ea8d

C:\Users\Admin\AppData\Roaming\MechvibesPlusPlus\config.json

MD5 e1799a6c025923914531d83c49925068
SHA1 6d4e875b2967f7652ecd31907573917b44047c4a
SHA256 0f042363c805bf07180499e560802c4aefaa1df046bc334b5e91c21481ac0c1e
SHA512 81fb7d1e1cac8a578a9d9adce3f2561e8b1817d8269bd17e65624b29b5830a3c7284f35d70e695424b3b49461cd523722501ec498d33f785840bb398b5d9c409

\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v73-win32-x64\build\Release\iohook.node

MD5 7d3309184c3fe31421ecf440b8f22bdc
SHA1 1cadaba47a7ad6cc6a48d666c71dd06125278a1d
SHA256 bcaba6a47a20d7f7e270a3106b7aa5b0452677b9bbb2c8658ff2ef5467f7ba5f
SHA512 1032800dc7755aba8a20da4f9cbad6cd4fe43fd970c0bca4857e4b4d9b1ecc1435a6c6cabccb7d2e78cab3bebd3737e068166ef05de7548fdcfb1fcdeafdda4c

C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\resources\app.asar.unpacked\node_modules\iohook\index.js

MD5 d5bd9499effb0aaf4cf743d7a3ff6c72
SHA1 e2692a2a210c97738571507d3339154bbf3e8610
SHA256 6a46e672296f2c2909064edef440ca5c47bf19256482c818261bddb95b7c3ed9
SHA512 3a26580c1120945d46c62837588e02675d80b11b181f56bda679d7113bedac00436b295b7333dcadfc8df318e78a42b8bcb3a265b8b5ccdd7328f8598c9e05c3

C:\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\resources\app.asar.unpacked\node_modules\iohook\package.json

MD5 abb2954ebff323667aa99b7d7fe20ad9
SHA1 825cf260ebb1928e2f5bcbb94c77fe5b4314b5c4
SHA256 af5d81d708b491beab411675265209916d72ccef27369d97b2ac5ebadc866a0e
SHA512 7eeab173a9dc6e5b6c0078bc2356683bc91d21afa2f44819c7f49978390acd660e36ca92e6d51275d178ab7b0aaf768958215c78bbc7e85315fdd4b8b7a54fcd

\Users\Admin\AppData\Local\Programs\MechvibesPlusPlus\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v73-win32-x64\build\Release\uiohook.dll

MD5 23bc8e664d518e9ae62d2071ed109a37
SHA1 247382dd6ee33146526b176cf31d0e4457771f3e
SHA256 55f23fa8941eda217857158c7430b0ed18cad0db2f9d73cd70cd9cd7a8594520
SHA512 dca29e89c59721be236a140e31b8c2597e748d70637cefccf0a6b17083ba791259d94e1f400d579f9f2d462d589eec2caa9067d09821a385c49b39e6777060d1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7a213e74b4550fb1b557a90b4a04fa1f
SHA1 3e231ef0eead8e0dd3e4493930a746f52ffdfbee
SHA256 12ee3d025490f2c3604ba555e6773e494e836a202e200f5aa54ee83b158c9f63
SHA512 0027166c74841895a301cf5a0075518d39e8137ec040ddb9b5b897da1fcd7feb99be535f58540be6303afcce1eed4bef0684797321c5615f4916018257744631

C:\Users\Admin\AppData\Roaming\MechvibesPlusPlus\config.json

MD5 ca753d78c3e7b5a85af9440e02535141
SHA1 31a8fa4f2ece7a7bb6ec9b053671efbf9a9ccdef
SHA256 68d2f47be8e4028ca304a67303b50e1eda489221202bdc4c246487cc9265f704
SHA512 ba47e7e88624a3b0471a1e1751c59447324fe0bd01fc4984188aff6766077005a5b4f7b4155040688825cad3a95ea46f07988b34c2eb2faaf3ccc7abb70759c8

C:\Users\Admin\AppData\Roaming\MechvibesPlusPlus\config.json

MD5 b9f623cdffc0656dfd2cfe77ebaab04b
SHA1 2946a3f3566352f8c90d1b5931703f037a7c38f5
SHA256 02dbb43902b3f11675a53b8e77c2216f03549c3a9b1c53b493f2938d67ab8e12
SHA512 b943dfa4ff280a6888291f917a5582fd692701e78aaf35a447f60bb23b78dd8f6f42190989209fda910641bf4c12237c57769c8a31912b2f71113ff12764a4bd

C:\Users\Admin\AppData\Roaming\MechvibesPlusPlus\config.json

MD5 784f0d4c1229953fba289e209cdb327b
SHA1 0213920a8e0ee75ad8c819a962ee8e7249edd798
SHA256 d0f65f3df4d2a5070aee0fcd6de9adf8edf126841623c04a371fadc37454f537
SHA512 3d8cd3368b1ae04f5626b63222e07ee5e6e6de109f75f6270e82f3b2c814d03b0990867de4b92e2828604fed0cbe6ebab5b8bfaa83be56bfb10d3a9d0715475f

C:\Users\Admin\AppData\Roaming\MechvibesPlusPlus\config.json

MD5 9e10f726f1f0776497fb88e0d1dfa622
SHA1 6a1ebbb3f8e9de82e6457bc46e7473e0fbc673f1
SHA256 81b0022d650ac6128ddac5e6665e49455f51b46a3737bb0710b6013bdbdaaa6e
SHA512 f1999bd5885ad71c39627856106b9a6584b05571046124c0698e767a558c358b5847e9f2d1fcdd7cd27b5b32cf4d68a2a2578e9ce9f96915b5eff2ebfc6a3fa8

C:\Users\Admin\AppData\Roaming\MechvibesPlusPlus\config.json

MD5 d58793f9b4c5c3ae3ddf608370fa93c0
SHA1 4a573f7addb5e66c7f0eea4ae80947f5bcb45b34
SHA256 a36dd89b202d4a77355e060cc198008885499f35699b873b53c18ebc99949a65
SHA512 cb4b801818fc61bcf65132c5bc21db818d6d1cf47e0849d4780b32a2ba3d010a0f9c9f2da85f1ec277f6059654702bd1685c7b600fb35eedd7e037583c306c91

C:\Users\Admin\AppData\Roaming\MechvibesPlusPlus\config.json

MD5 08f5b671cee05e3d3158fc8a9234048e
SHA1 6aa4432e26bf5129bd3dbd87528bed04078494df
SHA256 b36b37e9f4e92cd9f285c6506877b23a79d0f42fe2eeeecc00ff69b76d60da86
SHA512 7a38aae6905cd76166fc385236b5451a2651a102bcfcb6d29ceec6630f8d7e4f474bbb3eccafeac2d4d2f3e3f21488442c2e337cf80260e30901f039a0f68303

C:\Users\Admin\AppData\Roaming\MechvibesPlusPlus\config.json

MD5 438d2491268814939fe0d703b167575b
SHA1 73db243e42281d03bb509516e0bd19d43b747d75
SHA256 833fa2497f6d776f81253aa2f9055967de8ccdd8130d900b719838c95b0faba3
SHA512 3d4055e566eef8050be8f10c3cbf918f34f3fe566d6c2722084b04c7b3ccbf8793af26967e9fe215e13b84072acc62e5b9a97d8960add3d6a833c36bb230256f

C:\Users\Admin\AppData\Roaming\MechvibesPlusPlus\config.json

MD5 28748f223a4c40d772bcc96c130c7514
SHA1 e8906fea9d25a383e139295b7b1ae80bbb09ac5a
SHA256 7cba733586bd78354cb8dc6a96d80d0f1e63741e3f163ffd89506806876a691a
SHA512 55b0e472b3aa43c1a43d4b1b009f157008103c985abde28309f8c0baa300e110522be4676c59cca2e09bcd44b79749e45b4e07942f625bc57258ec6890ef92c6

C:\Users\Admin\AppData\Roaming\MechvibesPlusPlus\config.json

MD5 e18b2dbec036b353910973fe9a9faddb
SHA1 5d024ed00adaa136e0f20e066adf45814e8d7913
SHA256 2c1a093ecd3d45486394f374a18f7f62d05a8b4b10d6404320d05e757a49bfee
SHA512 ded5f47277b3da2ae2724dbc15bb90fdb3c15ad4c94b896e4ca1f420cef82fa81f7c7653323d3c0f3c3a65bb91bda36d993708765fda39a8567079720bd3c4da

C:\Users\Admin\AppData\Roaming\MechvibesPlusPlus\config.json

MD5 2cd5a744e3a1375e94ea35545b9a1502
SHA1 30fb4290a73aa1137fb5ca753961d4338c8d0928
SHA256 c2f1e28dce08e013d80a08af3dd6963ad4c9b4ddec8a686979324800e5f41f73
SHA512 2963cab85d16d881ec1f6932b3fd78bd66761076fe071ef635fe7e03e8105e0e1968db6dafbf0000d72a8c6f9ee4d049cf4c50aa5cb4ec6c4eb396ea9644e090

C:\Users\Admin\AppData\Roaming\MechvibesPlusPlus\config.json

MD5 cdebf96952d64c73d2b5eda409ee4da3
SHA1 7bb0930072e3e7797a1d18350407e8702e85b757
SHA256 2e8fd7e04d71af4c5c1822d96ab6b1be6b3a53df4532973d4e4e63a952eff5dc
SHA512 b735697c7162dc0eeb7a3f17d9e8a3a24853cbcefcd15c555a77b5c812c7ab0f0034999f3242f93eedd47ba5fc594e9271ad35b17b6a00c3e07d357dc32a4cd4

C:\Users\Admin\AppData\Roaming\MechvibesPlusPlus\config.json

MD5 99c50cc34e0e39537a29b80aad2e4274
SHA1 03b1e1dd49eff085ac4317aff785879aeae220df
SHA256 cd314a924aaec6d1601bbae58883d6b0484e0635e42c9b8e5f75975bbe31e954
SHA512 3c2df3bb7601a5436d99c70130c28b8d75bda583d9a2f8da51bb4b4a8c7b4fe7e97515c484eac8e919be3e0a6d9e46a3bf42ebeb114bfa8450b48fb772b76a71

C:\Users\Admin\AppData\Roaming\MechvibesPlusPlus\config.json

MD5 b4fbb0fe3c02043546b57ee2ad7b054f
SHA1 e6bd3e6367c69654e5e923d55057b78ce96a7776
SHA256 a143e2ab89d097b0261f254844cbdccd01b414c72acf3657929ce2f9727a7ffd
SHA512 982a8a2e285c0d32656cfe605cb8a14da0187e0b9d4940408d9b1e559a95a4e38f0b7a1a318b6151417eb5bf8819e91a0ece538305686ef744fb2a91775ff6da

C:\Users\Admin\AppData\Roaming\MechvibesPlusPlus\config.json

MD5 38549b4db09c1cf2f92d16f8d3562d2d
SHA1 e4adfc0d425225e1653c3753f43c8f05901b3f26
SHA256 12b0f837c91da1904fda4b4542cacc2c80cced18975768750c5e3e25e696e766
SHA512 41c09dde981f874f05c00207197c024fbb464ae859a55b1bf02e8d217310c3394cec296762237319bb05bcacceacc33a6cf84d2e79933488382b289743dddbc7

C:\Users\Admin\AppData\Roaming\MechvibesPlusPlus\config.json

MD5 62db523f8d38b57e9f511bc5cc50d9c9
SHA1 357f49529efbb62f62bec6eb50b6fdd8cf800384
SHA256 3019cd86469aa5a7733157f866436a3cede784ab32ba836c8235e87b7c30d43b
SHA512 68a8948bfc252f866460fa1e8e9acf406cbcccc6ac2cc9fb4cd6f8944d332799c4b35a1e3ccc7d63c891238821e404f1c31d48a5de8fbcee648f1af3d2d619db

C:\Users\Admin\AppData\Roaming\MechvibesPlusPlus\config.json

MD5 eec917e1e247de0c37cbe24ed8099cfa
SHA1 c2ed7869c99587868e6cab0f60fbe6f114661a52
SHA256 9ab702f8bfe8ab3a66fe630345019d917c50aa9c401534a9b1a25f3c0e8e8966
SHA512 efc5228bca82fec80bdf22c4827651ee5539a99f5f2f8d730a072231cd28ecc304a82483e4762025523db671f7fe91f61dfc1e0427531904cd536a63c1e2cc8e

C:\Users\Admin\AppData\Roaming\MechvibesPlusPlus\config.json

MD5 632c2c5468b6a0019208d0caa0d47049
SHA1 6773e9ee174a4226c4ed81a1c09a298541efa094
SHA256 20746fa1f5354eca8de6149f64e559a55ab1c77c6387416ec1d30b3156d6a9aa
SHA512 52447f3cb66ec83b52e6cfcf0e7fc5dceb0626baa9d155f09bbc150dc65ce06223e9f8ba33e8635dc5f14cdc1b4c7f870915156f528dcdc50bf92dd52412369c

C:\Users\Admin\AppData\Roaming\MechvibesPlusPlus\config.json

MD5 30d89a86c4abed0e617fc1648d8b5e18
SHA1 bb36fc99888fee3d8620461b27e2b4455db8927e
SHA256 b9499e59a74a8b48b1451f20b3f00d6f2bef71bed318b1959a6119e2466f43e7
SHA512 8298924b3798f95c153b9e5033fa3b00a39eb96c03e6c27fb1b1de9c8fb05bd956bdc6ce0711dda4bde4443f71853411ac88ea6bc8c6c45a2a52dcaddda1c6d7

C:\Users\Admin\AppData\Roaming\MechvibesPlusPlus\config.json

MD5 c0dcb7fa48c1b2abf7fd30700e7cf99a
SHA1 c50359d1db28718bc8ebb662e04dc96c0d54f011
SHA256 ae0e76af1627610bd92b1c3a5ea70bdff0fea9883cc4c9368a64abc116b297aa
SHA512 ca908975e19ba54acfb67a9685cdc66575c6eb5240744266fa7749b1c533a47210828370e875fb2d84fdfe7457e85604ad8aecd993bd212a674ec24bc25dd0a9

C:\Users\Admin\AppData\Roaming\MechvibesPlusPlus\config.json

MD5 fbf5df11c09a2a6df15b8f8f9ac1d6e5
SHA1 8229106005d77e2761152ef4642749efb2cf6819
SHA256 10c008a4c1915bc28787de3eb9ebfd3df3d561b3fea60f1b8b835c98feb14406
SHA512 a8969ddfd24763a0a58181f4d3fb425b374eac83259a8e60fca2880e33d868ea97db619c361639e2a5a3acd2f417ca9f84ed46893b7dba2516de0014382c74a6

C:\Users\Admin\AppData\Roaming\MechvibesPlusPlus\config.json

MD5 8ac02e5b57bad82dd6fcea049885b98c
SHA1 b54256f52bf9c0299e0f6a1af4d7f1af279bcc2a
SHA256 0f696a2ce49ecd2a76a2c3b15a7271e6611f55a18c45ca0d4b55ed58d7f8fe83
SHA512 4ed80d26325499265949080086dcfc19f67824f00c9069562ef60e2a70c0303f1752585f4ea34d5c287076e4a49e9ae69aaa41f7f7189e247f30de8532bb8675

C:\Users\Admin\AppData\Roaming\MechvibesPlusPlus\config.json

MD5 308a44a548d30f4462f76a3f7b58e33c
SHA1 efe9efcd91fba132e82ecb071a1b9aead9f47107
SHA256 19266f4c8ec4c52fe274140ad1187c1dcf74e8feb7426f8a849dd3089d15eb70
SHA512 05bd16bcc4074eac33e821c6669a7a512f2fc4ddc250e28cfcc17650edbb16f2e829eaf8bda22d7ee153a4d7a2067b1095fd2be8bb9452acc5797bb310f504db

C:\Users\Admin\AppData\Roaming\MechvibesPlusPlus\config.json

MD5 42e69a827c51037479e413fa0824bb48
SHA1 95f7312d332d44eef103ae051deaec384ff7c4b5
SHA256 745052828a00b653ff4aeee3109a9a20e7fbbcf801b4b30153e32060bbc2e022
SHA512 b1056f0f74acf44bc764d0c6a52f4d997367ae5ef95a7a6d6d92a948456e90e9cd7de79b39996bdc994f23deb06b719b29efd2aacb5b52d66e366cdf56645ed2

C:\Users\Admin\AppData\Roaming\MechvibesPlusPlus\config.json

MD5 d6cfbc88f04bbb129ff225799b1d03dd
SHA1 419a22e14a020e13102467dbeb81415604f385b4
SHA256 ad640f1842ae7a657a9e3aa1fc70613dae9a47eeacd7a5b41e31d2cbe32188ea
SHA512 986c856eb5d41adf3ea6c77812a6ea1e094307c856fdc472c39bc9364424963a5c217ad0de5bd54d9b293e1a5d0b51ec012efbd8d8aeeb387ad0d37385dc1437

C:\Users\Admin\AppData\Roaming\MechvibesPlusPlus\config.json

MD5 7b3b11400f720c7da6df564e4640e847
SHA1 8bbffa3d1d64d03e5a92dc0e8c73077ce1f2c977
SHA256 be34f5e477c3a8d4e3f8a7f82f4c726f8037c0efd62645e5b698531a028f80f8
SHA512 ad5c28c2461ce8858d4cff21323cfcac9d4526680688da6bd25d64e6ca333b3278b95a5fb598a8aad97141139870987391a2bb1b69dffadfab0a1bac0e7731fd

C:\Users\Admin\AppData\Roaming\MechvibesPlusPlus\config.json

MD5 b98f7378a96028c4e0d239e98eb9bbf5
SHA1 fa82a87c47f4493583219fe3513ba55472b1256a
SHA256 258c507207572a729cae946456c23b0d9732343138ba4bc2295457a2b1c9f78f
SHA512 940a9f81b69686f03c37627314bac099762f37fd4b738a5ad5c2cfe3547452a939f6b31a1a6b1e1b5a5182fa7adc4c077675ab2274245387e24e7ac42652766f

C:\Users\Admin\AppData\Roaming\MechvibesPlusPlus\config.json

MD5 a52afac7f1ee42d79dc4d055f4f19703
SHA1 a706192930590ecffaf8a3746ad0ea20b73a1680
SHA256 66ca29bf6d31a3d532115c24022b0e85d62cafeccbadfc0941368a0f81a1bfe3
SHA512 56ff2aed1bef6317e39c68b70ff0e90a1632247c075858be708d360570588d4e88c3d91736a2e6714038f42431c9be2ab7afd813d042b8022b51fcd166b4d4bc

C:\Users\Admin\AppData\Roaming\MechvibesPlusPlus\config.json

MD5 864b02aeeb9362ae2fa686048ab66cb1
SHA1 3bb4a7f8d7f9aae101e6b12bb6e4200341f65d36
SHA256 8b0fa76428883a176a2b1a96b07ddbbc4f2667737dfc4a854294b0ba6f230453
SHA512 217ba729e8856ec11fa754714ab445e92ef25040ad39674434f2948c8ea1ae35ea3dfe36ba8ad800e983a1d6c3b5506947a132c6238f86ab48cff37eaf1b3c4e

C:\Users\Admin\AppData\Roaming\MechvibesPlusPlus\config.json

MD5 8199aaab59a8cb8c50e0d9e220588bfe
SHA1 dabaf2860b644d7fa76159c50e06184718e6c13e
SHA256 ddd76a0e6d640ec64be8dceab4486bd4e9353979a3b57dbc52fe658ef78b7748
SHA512 8dba05b7c11585f7ed5a87fd82786220bec2e3f7b81cf9e96f65ffcc9ae6f8a76f0146ee05b1efa93e6de02cc8de7645fee6e2d854f885da26cdfc090a0fb3a4

C:\Users\Admin\AppData\Roaming\MechvibesPlusPlus\config.json

MD5 75e61ca1fbc3b733c089e98e937b78a5
SHA1 7f8bbeaf1a88db6ffd22983537ed1fa3f9256473
SHA256 eb6aa0a4bd9fa52d379a49c0622049e3850ad1e9561fa60cf5547c51fb6af11e
SHA512 87c1809a212941b4f3bd62153908e73e0ca0af34785d46dda7acf50a2ef7d8ea0a9e3012a9b500a0b8a421ec1a40c8a78b7a23d0f3cb2875af29ab6fe0d88441

C:\Users\Admin\AppData\Roaming\MechvibesPlusPlus\config.json

MD5 a5b16e209ad404dc51d2d497ef62390e
SHA1 0cfd7edbcc7edd0db4c5dee347089770a3f3471d
SHA256 880c0e7b8efa557d3a7b97949a5b6233b691309dba34a3db9cb2493e5d9d3a2a
SHA512 df7f98704de9dc8cc12126f485a9f452da61908ae5dda098870a1a60a6ca0d83cd782907b79e9a01053e995cbbf4ecc8c6cea374ba2a7219605eca7612226587

C:\Users\Admin\AppData\Roaming\MechvibesPlusPlus\config.json

MD5 2652d16d4210fad089d87bff19a2d77a
SHA1 b8d6bd4cca75e2de33b84ad2f4e1a7004e60b201
SHA256 caed7a716ad64514dbdf92e74ffb8165480ca29c0be4d451349d0fc076e2576f
SHA512 829c18ab8e9b5a4155e1aa03d5dcd99eb6c987f20984ac21b717cdff824a580e31a3dabef249fd5d50e8990e1e1a4d7bfe4f588568d233ac8199f7f99ae66537

C:\Users\Admin\AppData\Roaming\MechvibesPlusPlus\config.json

MD5 7d1be66e7b1ce67e3b42a8851fbd8513
SHA1 9be54e5413918b66202284b2ab3d499f1c97c02b
SHA256 39114959662623a4f77748dff5eddb8dc45c117d1b41b036da6ddc32dc779631
SHA512 6575510af30560545ae5f80b8cbdcb7bc773ba064ac614cdc8df0afa1f8058dab5c037c213b0745d8fd6a3ef73bfea59e0002c48726efe2289f19ea223fb8fc5

C:\Users\Admin\AppData\Roaming\MechvibesPlusPlus\config.json

MD5 11898e075857c27ae0a4b89913bbf116
SHA1 93783d7a318efc143391fa4f2b0ac0127e2d26d8
SHA256 69205cf288d1727b7827b95a51a6f9f719c4644b466810c54c02ff407def29fa
SHA512 59b5574a4ad522468dc54b14fe7056fd47f55b3837f4dfa40d34fb409d1afb4661097727bc5d24adccc08853c179b236419f2ba2faa5a4f3353fb34050b47894

C:\Users\Admin\AppData\Roaming\MechvibesPlusPlus\config.json

MD5 0a8fd2b08acad7a184895f69b132ef77
SHA1 9262295d1b8417809115ca43ed1ae912611fe699
SHA256 93647ea0728fba2f7e10877100f125efd3199df203277b00c9786b447560688d
SHA512 0ee934f7ebfec9776e6c220ffa411fa1378303560aa3a63b928b2a27c90628a04010f56dd0a96ff3329dec3dd8de691e79a4891014e0cd54814eed0818da4f48

C:\Users\Admin\AppData\Roaming\MechvibesPlusPlus\config.json

MD5 e1e8b91009f1b9123287e7473bd3ade5
SHA1 1b0412245cd65683363d97cc7764f9bcd500f797
SHA256 845f6d129dc840c47daa5e42278a21df48b00c0e3143a875292ea3666c32102e
SHA512 50fd9c94bae245fbc3c2264efd15273040882649d142c58b5c091161c9bc70a473b31a9f1d771ac5458f049722da7856508fb2e5827659cd2111a5ee52a3e2b6

C:\Users\Admin\AppData\Roaming\MechvibesPlusPlus\Network Persistent State

MD5 918d8a47c337b71516ff56de3b0ec306
SHA1 a5fa7a891440e6c5115f447f1809f8c1703dad13
SHA256 0e96ee778046578f90bdd722f36eb4c578a50e916d5f2fc63149aec743914fe6
SHA512 a3433d0be715c206e8328591720cf2f168bb12012c4d014eaeb13d22da9d38f3119cb2adb5db0839bef18f011bbe8af35f87770a16458d156ce2c4908701da19

Analysis: behavioral6

Detonation Overview

Submitted

2024-07-17 20:09

Reported

2024-07-17 20:13

Platform

win10v2004-20240709-en

Max time kernel

139s

Max time network

125s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1848 wrote to memory of 2052 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 1848 wrote to memory of 2052 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 1848 wrote to memory of 2052 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2052 -ip 2052

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 628

Network

Country Destination Domain Proto
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 100.58.20.217.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral32

Detonation Overview

Submitted

2024-07-17 20:09

Reported

2024-07-17 20:14

Platform

debian9-mipsel-20240418-en

Max time kernel

1s

Command Line

[/tmp/resources/app.asar.unpacked/node_modules/iohook/deploy-docs.sh]

Signatures

N/A

Processes

/tmp/resources/app.asar.unpacked/node_modules/iohook/deploy-docs.sh

[/tmp/resources/app.asar.unpacked/node_modules/iohook/deploy-docs.sh]

/usr/local/sbin/sh

[sh /tmp/resources/app.asar.unpacked/node_modules/iohook/deploy-docs.sh]

/usr/local/bin/sh

[sh /tmp/resources/app.asar.unpacked/node_modules/iohook/deploy-docs.sh]

/usr/sbin/sh

[sh /tmp/resources/app.asar.unpacked/node_modules/iohook/deploy-docs.sh]

/usr/bin/sh

[sh /tmp/resources/app.asar.unpacked/node_modules/iohook/deploy-docs.sh]

/sbin/sh

[sh /tmp/resources/app.asar.unpacked/node_modules/iohook/deploy-docs.sh]

/bin/sh

[sh /tmp/resources/app.asar.unpacked/node_modules/iohook/deploy-docs.sh]

Network

N/A

Files

N/A