Malware Analysis Report

2025-01-02 07:31

Sample ID 240816-amrp4atgje
Target 51ba0ccfbacf26ec1d4f443e06ce0310N.exe
SHA256 2140aecd73e0539070ebf5a9578f149367a4839b38de2587bb67de00623177a9
Tags
upx floxif backdoor discovery persistence privilege_escalation trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

2140aecd73e0539070ebf5a9578f149367a4839b38de2587bb67de00623177a9

Threat Level: Known bad

The file 51ba0ccfbacf26ec1d4f443e06ce0310N.exe was found to be: Known bad.

Malicious Activity Summary

upx floxif backdoor discovery persistence privilege_escalation trojan

Floxif, Floodfix

Detects Floxif payload

Event Triggered Execution: AppInit DLLs

UPX packed file

Executes dropped EXE

ACProtect 1.3x - 1.4x DLL software

Loads dropped DLL

Checks computer location settings

Enumerates connected drives

Drops file in Program Files directory

Unsigned PE

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Suspicious use of FindShellTrayWindow

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-16 00:20

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-16 00:20

Reported

2024-08-16 00:22

Platform

win7-20240729-en

Max time kernel

16s

Max time network

17s

Command Line

"C:\Users\Admin\AppData\Local\Temp\51ba0ccfbacf26ec1d4f443e06ce0310N.exe"

Signatures

Floxif, Floodfix

backdoor trojan floxif

Detects Floxif payload

backdoor
Description Indicator Process Target
N/A N/A N/A N/A

Event Triggered Execution: AppInit DLLs

persistence privilege_escalation

ACProtect 1.3x - 1.4x DLL software

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\e: C:\Users\Admin\AppData\Local\Temp\51ba0ccfbacf26ec1d4f443e06ce0310N.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\System\symsrv.dll C:\Users\Admin\AppData\Local\Temp\51ba0ccfbacf26ec1d4f443e06ce0310N.exe N/A
File created \??\c:\program files\common files\system\symsrv.dll.000 C:\Users\Admin\AppData\Local\Temp\51ba0ccfbacf26ec1d4f443e06ce0310N.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\51ba0ccfbacf26ec1d4f443e06ce0310N.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\51ba0ccfbacf26ec1d4f443e06ce0310N.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\51ba0ccfbacf26ec1d4f443e06ce0310N.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\51ba0ccfbacf26ec1d4f443e06ce0310N.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\51ba0ccfbacf26ec1d4f443e06ce0310N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\51ba0ccfbacf26ec1d4f443e06ce0310N.exe

"C:\Users\Admin\AppData\Local\Temp\51ba0ccfbacf26ec1d4f443e06ce0310N.exe"

C:\Users\Admin\AppData\Local\Temp\51ba0ccfbacf26ec1d4f443e06ce0310N.exe

"C:\Users\Admin\AppData\Local\Temp\51ba0ccfbacf26ec1d4f443e06ce0310N.exe" -sfxwaitall:0 "QTranslate.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 5isohu.com udp
US 8.8.8.8:53 www.aieov.com udp
US 173.255.194.134:80 www.aieov.com tcp

Files

memory/1820-1-0x0000000000400000-0x0000000000420000-memory.dmp

memory/1820-4-0x0000000010000000-0x0000000010030000-memory.dmp

\Program Files\Common Files\System\symsrv.dll

MD5 7574cf2c64f35161ab1292e2f532aabf
SHA1 14ba3fa927a06224dfe587014299e834def4644f
SHA256 de055a89de246e629a8694bde18af2b1605e4b9b493c7e4aef669dd67acf5085
SHA512 4db19f2d8d5bc1c7bbb812d3fa9c43b80fa22140b346d2760f090b73aed8a5177edb4bddc647a6ebd5a2db8565be5a1a36a602b0d759e38540d9a584ba5896ab

memory/1820-263-0x00000000003D0000-0x00000000003F0000-memory.dmp

memory/2156-266-0x0000000010000000-0x0000000010030000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\QTranslate.exe

MD5 ca9b0e43f8b4a7dbfb67f844b2e914de
SHA1 183600f0d4bcd97d1f55431352759a50faf7bf13
SHA256 f956581507c340d1d9049062984571c308566d937391b7f8bd19d500407ecbd2
SHA512 757a7534f4e725f7852b965de236abc3f8eca00aa477eaffecbff705c091e2daf98473dfbd9bdfb13ee61f1476853a4033ef4317bd1c7db6ef9dce4de446c1c0

\??\c:\users\admin\appdata\local\temp\7zipsfx.000\bass.dll

MD5 c5b3059004e2c7631915ec044f4e6c63
SHA1 dbcdc0aba1d9cf3396ba8ae00bb3671c85047fb2
SHA256 3cd00f456f51829eda119e0e133acc1e45a5930d61fc335a2e9aa688a836a24d
SHA512 3ed914fbfa4ff78fe98ade848e79c3e1e3b66eae83159b45725bf946f2b3cb9d4f805f719901928d9b52c20bc121b0552645fa6aba11ac0fcd5ade672f14f5ee

\Users\Admin\AppData\Local\Temp\7ZipSfx.000\QTranslate.exe.tmp

MD5 b13484ed5cc4e991a26e988ca2862be5
SHA1 f992ec8b24374fa3711dc29f11d6f7dfc13e19e8
SHA256 eaf83d587fbb66ce636d384e8787d1708a3b58e59db6426371e8d6ed45a10fcb
SHA512 fb2b523152d2aa16bb2dceafad18676c3f69e7568337a1217604bad1f940edfbb3de630173c76ad1c3f14372ea1535a6210107705e85ca88f4aad47f8d6fa05c

memory/2156-276-0x0000000010000000-0x0000000010030000-memory.dmp

memory/2156-275-0x0000000000400000-0x0000000000420000-memory.dmp

memory/1820-278-0x0000000000400000-0x0000000000420000-memory.dmp

memory/1820-279-0x0000000010000000-0x0000000010030000-memory.dmp

memory/1820-287-0x0000000010000000-0x0000000010030000-memory.dmp

memory/1820-285-0x0000000000400000-0x0000000000420000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-08-16 00:20

Reported

2024-08-16 00:22

Platform

win10v2004-20240802-en

Max time kernel

116s

Max time network

114s

Command Line

"C:\Users\Admin\AppData\Local\Temp\51ba0ccfbacf26ec1d4f443e06ce0310N.exe"

Signatures

Floxif, Floodfix

backdoor trojan floxif

Detects Floxif payload

backdoor
Description Indicator Process Target
N/A N/A N/A N/A

Event Triggered Execution: AppInit DLLs

persistence privilege_escalation

ACProtect 1.3x - 1.4x DLL software

Description Indicator Process Target
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\51ba0ccfbacf26ec1d4f443e06ce0310N.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\QTranslate.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\e: C:\Users\Admin\AppData\Local\Temp\51ba0ccfbacf26ec1d4f443e06ce0310N.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\System\symsrv.dll C:\Users\Admin\AppData\Local\Temp\51ba0ccfbacf26ec1d4f443e06ce0310N.exe N/A
File created \??\c:\program files\common files\system\symsrv.dll.000 C:\Users\Admin\AppData\Local\Temp\51ba0ccfbacf26ec1d4f443e06ce0310N.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\51ba0ccfbacf26ec1d4f443e06ce0310N.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\QTranslate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\51ba0ccfbacf26ec1d4f443e06ce0310N.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\51ba0ccfbacf26ec1d4f443e06ce0310N.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\51ba0ccfbacf26ec1d4f443e06ce0310N.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\QTranslate.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\QTranslate.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\QTranslate.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\QTranslate.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\QTranslate.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\51ba0ccfbacf26ec1d4f443e06ce0310N.exe

"C:\Users\Admin\AppData\Local\Temp\51ba0ccfbacf26ec1d4f443e06ce0310N.exe"

C:\Users\Admin\AppData\Local\Temp\51ba0ccfbacf26ec1d4f443e06ce0310N.exe

"C:\Users\Admin\AppData\Local\Temp\51ba0ccfbacf26ec1d4f443e06ce0310N.exe" -sfxwaitall:0 "QTranslate.exe"

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\QTranslate.exe

"C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\QTranslate.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 240.143.123.92.in-addr.arpa udp
US 8.8.8.8:53 5isohu.com udp
US 8.8.8.8:53 www.aieov.com udp
US 173.255.194.134:80 www.aieov.com tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 134.194.255.173.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 5isohu.com udp
US 173.255.194.134:80 www.aieov.com tcp
US 173.255.194.134:80 www.aieov.com tcp
US 8.8.8.8:53 5isohu.com udp
US 173.255.194.134:80 www.aieov.com tcp
US 8.8.8.8:53 5isohu.com udp
US 173.255.194.134:80 www.aieov.com tcp
US 8.8.8.8:53 5isohu.com udp
US 173.255.194.134:80 www.aieov.com tcp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 147.142.123.92.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp

Files

memory/3176-0-0x0000000000400000-0x0000000000420000-memory.dmp

C:\Program Files\Common Files\System\symsrv.dll

MD5 7574cf2c64f35161ab1292e2f532aabf
SHA1 14ba3fa927a06224dfe587014299e834def4644f
SHA256 de055a89de246e629a8694bde18af2b1605e4b9b493c7e4aef669dd67acf5085
SHA512 4db19f2d8d5bc1c7bbb812d3fa9c43b80fa22140b346d2760f090b73aed8a5177edb4bddc647a6ebd5a2db8565be5a1a36a602b0d759e38540d9a584ba5896ab

memory/3176-4-0x0000000010000000-0x0000000010030000-memory.dmp

memory/3432-265-0x0000000010000000-0x0000000010030000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\QTranslate.exe

MD5 ca9b0e43f8b4a7dbfb67f844b2e914de
SHA1 183600f0d4bcd97d1f55431352759a50faf7bf13
SHA256 f956581507c340d1d9049062984571c308566d937391b7f8bd19d500407ecbd2
SHA512 757a7534f4e725f7852b965de236abc3f8eca00aa477eaffecbff705c091e2daf98473dfbd9bdfb13ee61f1476853a4033ef4317bd1c7db6ef9dce4de446c1c0

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\bass.dll

MD5 c5b3059004e2c7631915ec044f4e6c63
SHA1 dbcdc0aba1d9cf3396ba8ae00bb3671c85047fb2
SHA256 3cd00f456f51829eda119e0e133acc1e45a5930d61fc335a2e9aa688a836a24d
SHA512 3ed914fbfa4ff78fe98ade848e79c3e1e3b66eae83159b45725bf946f2b3cb9d4f805f719901928d9b52c20bc121b0552645fa6aba11ac0fcd5ade672f14f5ee

memory/4432-271-0x0000000010000000-0x0000000010030000-memory.dmp

memory/4432-275-0x0000000001100000-0x000000000111C000-memory.dmp

memory/4432-272-0x0000000073D90000-0x0000000073DE7000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Locales\Korean\lang.json

MD5 a689990ae47194abba5bee4fe616ce04
SHA1 861191acf7f9a1d32aa0996fbcbc2f36d4fed04d
SHA256 e37498cf20d3d23a2b6f936e32d82037bae3a62c54ce2aa5c16430112bb0900e
SHA512 4a4353ea791145d994b2eec20c84d35a57c37ee4261bb68901e80bb8359bdf17d54df38a62aaad4bc1c301bc0fc0f283573f9c13a0ae727eddcdbb81aa1ea59d

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Data\History.json

MD5 4c5719a7e96761b804cfd99165106c4b
SHA1 32a975c7d85e193488366850fac8cd563e45ecf7
SHA256 1b7a6afb58ce9d1ab0dd41e566d637dbc98647399002c198af5943c6f362a794
SHA512 f28d1cccdc4e723e2db034332837e39e04a183c3fdfd618036b909cc38fcb76b58464c8d7600929b34c33bef3e42ee89b53871d03c34933c2265ea2d290b27a4

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Data\Options.json

MD5 a6879173971f88f8bc03c77162d4c58c
SHA1 7b9b5f0d2a07dc61945a288146d2fc04c131f492
SHA256 0aff833484e8dd7f896eb7839d7c29d33012adeb7d784252c2b4c00cbabde42a
SHA512 7254464a11cabf7d396d280b3d7df44fe9e4cb04434fad7b56bc512b1f7ad00b9b2549d78b0cf65536a21f333f098cb2449573dae1774359b13062e8abe82ede

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Services\ABBYY Lingvo Live\Service.js

MD5 cad24ab28ff0a3050dd1b2f664562c4f
SHA1 8a0847956da3cd0c34e58dc2c08443dd27ac484b
SHA256 4c0ef8506ff322ce78a29488b90e04f3dd16e55a5bf93e5ddee0282f637d04e0
SHA512 4fe1f26ea2d8ec88f8ec12bca30d6ab1858650a958d6cd226a431d3a707f4c5e3822bb61df7cf5aaa29981503b8f7ff69feed354f980234bacd44fdd365a9806

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Services\Common.js

MD5 ac2a7401c01685c15b626963c7415687
SHA1 8cee687c8dfc0526ef76cfaac212e22011650c28
SHA256 a03d677a8b3788b5d97b31a33874d96719dc25e0f53087883964d20a878f8b93
SHA512 43903aacf7f1122f70697f279c6689e778015505f7779e0f93aae686ffea77be6fea1d59d8aac3abfbcc5eb5025a454b3ebb9ef022fc3dbf12c4722e6e98ac9f

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Services\ABBYY Lingvo Live\Service.ico

MD5 199e649a59a9582a1efe8d50def9ccb2
SHA1 05d14b1e311b5bfb1bd8b227e0f648111315a535
SHA256 56d583d80adac1307b023e01e2b61fe06874511315e3618826dbc7694cd1a6ae
SHA512 91e137af8b456e8fa3491efad3cc2ab3ba8d169ad42ca94d7a1147f02986f79418ce416bcaa976fb7dce34db4f895b1d2e1342c5742b068e65ba2d7836df0f79

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Services\Babylon\Service.js

MD5 8595f4def5fb61f7d36eae11568df1b4
SHA1 b412e18c93ad25ab1ec3facd52d6ade1642cae81
SHA256 c12e825d73cbf78ce3be414a3bbbd2cdf7ff9bb4ae1fa2cda33c1bbf4947c324
SHA512 61b42b0d19c41b55ccd4fa5273ff7b90905d74550fa7afa00c62f96128758ef5fc5c7cd4bf6277f89f136e1d341319e3d9ce6520ecf8d8f65558be30349ff9b9

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Services\DeepL\Service.js

MD5 1b361c3056bc6335220164f629ca5f70
SHA1 ed68551a4d08668c63f8bb1d27c022eb00482831
SHA256 0abf802669004dd0966a1939d065f17d733529d66d8f553c92d0c9febc56e78a
SHA512 fdb4e22870fa506be195640d82eff1ce18cca52ac3789844a51d42113eb83959a40d37e9b2d6a860afb891ab86a79bc48b24cc64c052fc82ce6de1b7b269b9cd

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Services\Baidu\Service.ico

MD5 5b4cc3021a48fcea2bf090284c96cdd8
SHA1 83e1039ce5f47a78d50e51bc517a557ca2d0b2a3
SHA256 1b58896134a1af56ec2ddbd4e1f68b64d31ebd3dc0351bc7fe5c17120833d5eb
SHA512 503c1d1a7b82f5903836d112ce833e7fcc76c12cfe0be8c4eeb84afc64610206d052fbfbd876808b1a74700d08f68913e25347a4b941afd55df2e1c95b2b73a4

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Services\Google Translate\Service.js

MD5 3bd72027f837b48ed1930cbf516c3df1
SHA1 b54aa3506adfadc5438f0b6756ce13a8ae81ebfd
SHA256 c82be05b3063a5240cb5378f54a8809281f0acc0ff285db95108cdc5009fa5a4
SHA512 4fdfebd53b7ae1477210ed82fe9ea90fb929528a6930dadb3cc012126bb99ff9f0b703a4311bf96a8d42517f8236cafc2d2d3a0e297a7ed6e39cb857484ad45f

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Services\Google Search\Service.ico

MD5 1e7f652c531c17cc60bc6703458dc881
SHA1 fae5e9e4ef237af8c42e872bf341db462224ee0d
SHA256 e5efb0b5c0bc1e9e5b258fbd482709cb303ac7638e38b000c0887aeb3fd1a026
SHA512 375ba8fa3fc2806ce7c13e03a849049fbd20a7aba293d462ee3ccf6a8d7be33b621696b40dc299c332216ac384e3eaf32a96d1783baf248ff0368ba99d9f1e26

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Services\Google Search\Service.js

MD5 f80fb8fa08517f3a69c054ab4b9ea713
SHA1 42f8890c53810fcaaaceff55af1b6e8f96d8ba62
SHA256 a987d3e86857b64b22b8e15d57329bc58db16dcc6ba7c29cd9a5e0d7bd94cb1b
SHA512 af935cba48392392b6e42436306a3603f3e06d6fc23a06dbb8aa47ad4f52300a989088fa1b63f1ad830d9155e2d6c71d02333f07a3139db768998e435b013bf4

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Services\DeepL\Service.ico

MD5 d4654fea980660f5066fe65439b4f1c9
SHA1 cc0c8a23d0eceeb2d9d5284717cc6cbe167bdc20
SHA256 eda24cd69bce1571adf865471cf2251ddd727ae5e5a11840c403666778a21612
SHA512 5d4c26181763926e4c6d3cda5c70a24a0547698acf4c21061016aa80d9f97e09faf324e6b6ae08394406d7216295876c828fca1caf07cd8e844e095eeb9071da

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Services\Baidu\Service.js

MD5 f2925941bd95f5a98eccfe87741e8e0c
SHA1 6354c00a847cbbf4d100cbc65dbe6576b3b9b78b
SHA256 910dfe9adcd7994c1fe0f9f12fb24d598ee121e302e823f912c811b9a3bda92b
SHA512 52cf5e9c023b9dcfaed921b86892a6be301156b0bbea97f88f421458642ec4791eaf7ca329e9a28a7728cc990ab2a4b6cd7f7ba3b3f83ea6248340f6123f6c64

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Services\Babylon Dictionary\Service.ico

MD5 e3128633e94a0c352375d0fffc497052
SHA1 84b6f05655dc490971a65efe4e5d58269004bab8
SHA256 47068c0e950f0ee240e38f2f0c3dcf305633b423d4d81fc522f5f2af8a6ac79b
SHA512 eb15114563df99bd6ce7b372f98171ef94bbce3cacf4169ee1ee3c22698dd4e50e3cd75e9d7dbb4eee34d32eaf82fdf3fddaaeada9574a583925d39bea8df1dc

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Services\Babylon Dictionary\Service.js

MD5 474f5269eafcec35b00f232cff92dacd
SHA1 d729521ffdb4c9bed8e7d79e0f549ba36910e046
SHA256 f406c6fb359820dc24ba74c60ccbda85f191211320c3a62d2460a18e8220b900
SHA512 0efbef3c6742f2c5058b1cd8068fbd1e9a4de3032e3106347b33d429d4ebda994df2a1bbb7338d19eac26a36718ceb0964e7a42bf038b453f477af104e206338

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Services\Microsoft Translator\Service.js

MD5 65d6d347f8c2658944d414d68c81681f
SHA1 947d7691da1b3dcd61ac03b25b98c520396109df
SHA256 b1c12a050eda6d7f644b2cff83345a677c15a3374d1f84058b7bd534e7d8b009
SHA512 e24bb42543f30ff72e11714ee9791968db89c7fc20c654fd8db5f769e93a40ac15a5ae0984ca5d820880f9e925d56109fdf44e88695506e3153b214e06da5585

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Services\ImTranslator\Service.ico

MD5 d723854c3700e43193a7c24f2680e68c
SHA1 7f5bd86dc9e4370907c5c68ac8dda17797f8818a
SHA256 627357769cd625d5ccafd3671c5bad2882b47ec3cb031ed6e2fd2b979dcd2b89
SHA512 6f60cb1c2206c7ee4ff98759cb483dc2824e474593de71e806631c17bb3ca3181f25e632478cdf95e0ac9a2af856cb57eb03df942c259ad67001d548a5452f78

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Services\ImTranslator\Service.js

MD5 f49657bf79681744f084ba50dde620d1
SHA1 1e18525c5f3d3c95539014e5de5fd6dc3cab5cff
SHA256 76a9612fe84bac2f8e58680e2768d12ace22f9189450235b44d5130ee24fcd42
SHA512 f9ffc8e1691d248b93c37a8d07e41533f867a4f280b69ecc7b644f654597988323b61f8306e4733e9b28ae0487b4fa0dc8f362555542136cf8d0e2cbb567d9c1

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Services\Google Translate\Service.ico

MD5 ca83b97f2111121426e5c537c4a4f508
SHA1 2cac73e7e466875ea60ff9f05a4c5f8711be28f7
SHA256 0845651091537dac8f0f09f5592120be8d3b449454eccabdbae4000767227548
SHA512 0c125d966716935cca489926af8c6bbc19d8e80b46c0786cbcfa8d5538372e41d71197b743db8570ac4a36c2be17e8f40be16c91fb9ea35ef31a03e618843c8f

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Services\Naver\Service.js

MD5 240e96037047501fe13ebf49aaa97ed7
SHA1 1b4f375516799bec84791b85ec5b91fe260d91e0
SHA256 97192fc4ee6103805ad983d41db133305e047012200339597faed00b0f957319
SHA512 a06b432ad69e8b4178d8660ce0ec9354009991dd82a388d753163b7f0c4377206e6f3f0873c210e19b788f045341bfe5c3a621d65d33cc0cf53ad83fe70ed2ab

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Services\Multitran\Service.ico

MD5 0ec7718e4f8032d5a94530438d4909c0
SHA1 84e66fa70973a10865679349cf2c8b59cbfc701b
SHA256 89880ee50436f5bfcc98ddbdf9bd2b44388c5cce4a769ce90272b355a6357c71
SHA512 58f87f702b7dc8472dbbca6a4ca7fcf8cd93dc71deba671cd605983623f875d403d5173c3f125589d8d27ccb1b97a2630c4ca6c6aad1696e13cd48260bc4487d

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Services\Multitran\Service.js

MD5 41d0b0999bff2b1254899caaa7267293
SHA1 922c70b43680f73392f766b8e4426df12b4b78a7
SHA256 b9a6da58fe67c6f4b720e0573776150b74ccd81aaa7cddcbf3723a71698be771
SHA512 efcdbbc2b607f5e266bf37d6bd2a4f57ca79b7ad96f922022f54dc47fef0a3dbd2bc2e8002f11f091fff18dd297c9b189b74d9966f6f6025a17ae5c6cefa6146

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Services\Microsoft Translator\Service.ico

MD5 64ad26b9b9d8e4da8cd564fe4843e65f
SHA1 9d1d05134f36eba77ed18f725bc0ca2121fa2686
SHA256 e5dccc694e7f34daf334b3a48b68da450d5b34fe8a4e06842d864e99f400770a
SHA512 5f77bf6ec0d46c99e02a268e63587c9cd552b61fdb55ece3955b50cc470ec103b06b2360eda86bd49aa45458e1885f7a4e8256da7b47dc8b8b343bcef5cdcea1

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Services\Naver\Service.ico

MD5 6ff822a939f62a2de5146e7c537fc501
SHA1 b3d1cefaa52d52926f4dd8270be8cf1bb62d68b4
SHA256 7fa3eb3e35a6f119a9e483f9fb87b6f2704288c30a9b2a7f53d99159ace36ff8
SHA512 8a3ccc615de63936263c4e22bf9dd332964e2c87a29babfb0031be4e995b28fed6485a3cfc7e8918c5a0b07871c85e4acae4252a6615cf187c04fdc5d15ae3b5

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Services\Oxford Learner Dictionary\Service.js

MD5 1e981d7b89fd9c9858aba29bfb0e05d8
SHA1 06a9cb82711de007ce52a919f7c90053d8529816
SHA256 15cc4ef1b88db0da91317d04e77dbb9d0eda01ae7c22acd3a195a48811b6627f
SHA512 4bc082d47a1df3c4246b53c05a3f5db111704a4cccbe19dd768cfb8ba9e89d71e3cc0841f3554c7f2290fe383ead36ebf97c9f4b797d8e97e70d3d22774e96ef

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Services\Promt\Service.js

MD5 d652acfd2c141ab8699f2b1eeb4bfeb9
SHA1 84a2ec475b57587d8fa1f98f0745c79bda83eeed
SHA256 d98b857ba0563cf3ad5c13a805d280149725377df96061964fe1bee895ecf9d1
SHA512 2db9f680a8817555471c6905d5e33b03df4a9604e16b930795bd815fc7611cb83660b569a4e9371e04f09ae99b5383dc9751306e07baf0fb445e8352d0023fd2

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Services\Oxford Learner Dictionary\Service.ico

MD5 3cd82b9e70c59989a33da1bf7ad74d7e
SHA1 6e1c80a83894c9a887876e5bf9fab95970d3b0c6
SHA256 ac0a0ba8f6c19fafb0038cfb46fd4bf7e60b3d2138194a212f22860748a45db3
SHA512 94f370a920cbeb2c7dc8dbb28c37d4ee7ec2fd419b43e1585ed4b0fa2e50d0714cfa0c3d7b121df2810db20fea0a1c2117aa0b3799a08585f539f1e45543bb6c

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Services\Promt\Service.ico

MD5 e223d7474d5569b7270ca1401973a9db
SHA1 84480098226fef56aadae62c30a527236675cad3
SHA256 4f0d1160b581b5454fb24b301e202f94c4c88affbfd29e935445529892d685d3
SHA512 4872be3a0e1dce9388aa9e4b7240b8ddf2507d5bc2ef98e76140fa118f6ec5523ceed40bc4bb32bd3f3a07d4fd7900a496f9939db3670083b82e8f77913f407b

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Services\Reverso\Service.js

MD5 1b32e9c45033b1c4fa3c58fdfe8abe67
SHA1 0c1a065079cfe35f3c39ec3ee20cb514ef9bca5f
SHA256 c9f069e3ddd8bb0b6870d764fafcb4457aa35796e1e8630766c06a7976be0897
SHA512 2b4cfb48f37462a2ad2b067015e844a0e594359ef2e5f57873814bc08b845120f0965fe8bdc06bfa0dbd236f8b7af0ed70f826d69ac042354a7430d9c6a3109e

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Services\Reverso\Service.ico

MD5 5508e9e2d91db0f8cf3dfeff0a71c075
SHA1 b87f23eb57b81afd96912eec06740829306f6a97
SHA256 e6ca90a09f5c4c1a239871823156a5c3ede870de497676ac0a8aed780387e765
SHA512 03c563d6bab82b3d8c839fd5d21af382f0c94a13c74aa7652af434bc33d956c7046a96fd9ae5832d8a7940eea817d8bd4b822dfc8f592b5134ed5c8c246dd0e3

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Services\Urban Dictionary\Service.js

MD5 c2ab60ab70f60f1d4e048a9560fd84ff
SHA1 f56a79e8184d8ee657224c10272268e0596facb6
SHA256 42f1baddc2e82e7b899d506e060c7aa001cfc2462e62e3a50683a4c87023dd7c
SHA512 b1b5b0c2990b030e5ab152f4ed6d50bb2b29c78ce2709e3ed6bc155dd16ebbdc421b005f62759b6070872026946970f7458798d62af98b2e759e6f0045eb3acd

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Services\Urban Dictionary\Service.ico

MD5 7c5abaf68ffd0cb59ca9a53443df6ac8
SHA1 1a121ddadae891c923a0e753514e4154cb11bc05
SHA256 f3facdd2a1edd363ef516d87ff40e270c7cbb346ec08dc3646fd5f07c911c6c0
SHA512 8d2e965da912120bedb09e81284a83d481a944049137aa36638d9a955adb6fc13df4c0b369ca164a7ae2a7d1504b0b93f4cefe9ce84bd68fd03fa0771fdf30bd

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Services\Wikipedia\Service.js

MD5 ae801090df854a4bdd6997bfaecae62c
SHA1 0b024aeb1d2596f7b7edf03e00f5a5aa029f3664
SHA256 b2dd1f2f396698e0ddf91e23e247c2f7062056e132ded0575814818a4a188658
SHA512 fa29c62048492312986a5ddca34c99be5505ac73dc17725e9d12e5f1938c5b93c39ef0870aa750a1306f4dc45fb8119d7997253d47c481bd1cd873b061ac5e40

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Services\Wikipedia\Service.ico

MD5 d04712159fabf20d31fc905b9bda350c
SHA1 77e6b14f04c0baf7f5199462d50b1b20672d0072
SHA256 5d53ef1866a08cc29011f5f2a9ce99bbf37cf42e80de7f0e8cc30d13337e8187
SHA512 4bf864a0ed81c138908860aeafcc7c7f6bf53228e36246afa9a1f56024ce7a6e351bcbf39d9fca2a94646ce6a6e262fa4fb1ef2eaf24bde1af5cfa4e1a299348

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Services\youdao\Service.ico

MD5 88fdc9739107c647a51896b49e9969db
SHA1 f4b91cb7c5379830a17d7b02d44ad599d112af09
SHA256 0c2364c71226fa91ab1a77685014223df665bfd5221737b1eed35adfa64b27b7
SHA512 f176c6233d547ef93258b6ed2c766f091a68a2f4cf284f57ec5abaa58ed7ffe6457955ae76c8db95f293c5fdcdda73d1a042fb5a33a53bf50b0db34171153404

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Services\Yandex\Service.ico

MD5 bbb23859c3d9d1ab9f028c9e9fd7aa1d
SHA1 cdc54261e0dd0d4a59ed58d9ed8763d3174e2b3b
SHA256 97c29ac266b4f89e34180cdfe43b6f3385789ea21f03ed38832742d77a540fbe
SHA512 5fb31a3ec37ae6c628859d5a8b51826cce2a8d86924f9848b8f4238ee005614478085ec608073a1cd403fa8393bee89d6d061c8f0cc43e6e72b73631a4648a70

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Services\Yandex\Service.js

MD5 20730810c2c75471baf3a9031af22a08
SHA1 d9fee658ee3934ea551c8a0869a35028756667f2
SHA256 80718420bd575dafd347cb23313865da6770d0ea3fc15e6b6395c4b6e29a70e7
SHA512 cef73b13d864e2d356edde70c8e3b633b4bf3cd69d47b30aabd191a07b99485e0dd7814eead4475d564b8f66a8305073a3baca984117c904edc92f03c08c7957

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Services\WordReference\Service.ico

MD5 497ce15e2f788dde188ada259c0bf561
SHA1 c1fbcf581a23cebf97419f14b6d59776698f49c1
SHA256 f4c536a641d6be3b51bdb8bf40aca0822a947f54f3999ec59189a71391c47bfc
SHA512 bec7b059c20f0b10d0c26cf8a354eebee12ae9ae87554202b73f9dccadf08eb6bc37a97adddf0ec11f50293897be5416e95b6e10036217a6fb4b956976cd28a4

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Services\WordReference\Service.js

MD5 73430960c8d7c7a1398324ebcc402a2e
SHA1 69df3571ad096a8f443eedd01f726c7b8ac5ff4b
SHA256 2ada261c54f054a0971a03e7f085933a3df0ffdacc545ac31970330718f054ef
SHA512 92e897eeb1787e56a438be1cc5255ebca89d3bcf3a333825e284f1fcf37f4a99cdc7c8eec816172f1700d7ccc795febeeb36a95e9f3a67ef0794b998982fa147

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Services\youdao\Service.js

MD5 dbf036e110b760c22c2341b14b410c9d
SHA1 392415e5205a675704ca33089a8dbc17b289d366
SHA256 0af545f13a140ace4a0f41a5b70b78a1bffd33587fa556b0500c642b726289ba
SHA512 594047dba1d2cf1649dc305510a4bf6bae72210645a4ff41cbe7e6d12b849310b9105c559710408a0c4e2c69d9c291237614b2c488e3fc6c5230a462e352c15e

memory/3176-319-0x0000000077545000-0x0000000077546000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\QTranslate.exe.tmp

MD5 418c506b27720c78f7a516bf897dbb10
SHA1 cb538d9a5fce672d82bf67207ad92e97e2ee9192
SHA256 150d34bb0606c38c8b2b190fba4fcd4f96bf9ab65d6246adcf25953325d5a60f
SHA512 91aac7f9d8ab7ce94296b4b4c0d789084dd466b5c5a15f1c6d92699bc8f933fabb737d75493e7c00feeb54a7bdd6d8119d42e994554166d052d82d62be26f823

memory/3176-325-0x0000000000400000-0x0000000000420000-memory.dmp

memory/3176-326-0x0000000077530000-0x0000000077593000-memory.dmp

memory/3176-329-0x0000000010000000-0x0000000010030000-memory.dmp

memory/3176-330-0x0000000077530000-0x0000000077593000-memory.dmp

memory/3432-331-0x0000000000400000-0x0000000000420000-memory.dmp

memory/3432-332-0x0000000010000000-0x0000000010030000-memory.dmp

memory/4432-333-0x0000000010000000-0x0000000010030000-memory.dmp

memory/3176-335-0x0000000010000000-0x0000000010030000-memory.dmp

memory/4432-336-0x0000000001100000-0x000000000111C000-memory.dmp

memory/3176-344-0x0000000077530000-0x0000000077593000-memory.dmp

memory/3176-343-0x0000000077545000-0x0000000077546000-memory.dmp

memory/4432-341-0x00000000008A0000-0x0000000000A48000-memory.dmp

memory/3176-348-0x0000000010000000-0x0000000010030000-memory.dmp

C:\Program Files\Common Files\System\symsrv.dll.000

MD5 1130c911bf5db4b8f7cf9b6f4b457623
SHA1 48e734c4bc1a8b5399bff4954e54b268bde9d54c
SHA256 eba08cc8182f379392a97f542b350ea0dbbe5e4009472f35af20e3d857eafdf1
SHA512 94e2511ef2c53494c2aff0960266491ffc0e54e75185427d1ccedae27c286992c754ca94cbb0c9ea36e3f04cd4eb7f032c551cf2d4b309f292906303f1a75fa0

memory/3176-359-0x0000000010000000-0x0000000010030000-memory.dmp

memory/3176-395-0x0000000010000000-0x0000000010030000-memory.dmp