7554ddb13cc50c4f95a64e655b0aec126a2a6d6073cdea6305efb00a52e4d4d1

Analysis

max time kernel
70s
max time network
80s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
06/09/2024, 02:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Hyperbeam Setup 0.22.3.exe
Size

64.8MB
MD5

ee818d25da7dc81da07de994c16e47eb
SHA1

530d4211ace147d5d4672768b480ef46a0a88294
SHA256

7554ddb13cc50c4f95a64e655b0aec126a2a6d6073cdea6305efb00a52e4d4d1
SHA512

f89066b6efdadf834e3aef32a7cb14bb4c032aba9811717215da61f8de1bbc114e01be98829e80b099ac794f63fab28cc479405d70311e2a3769298af10e99b7
SSDEEP

1572864:qWNtTIQ3bcG8yb5D/HVI05Op7rYzmumHX0kxZl:qWN6Q3QGXbYQK7hHkkjl

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 5 IoCs

pid	Process
2484	Hyperbeam.exe
2020	Hyperbeam.exe
4708	Hyperbeam.exe
5068	Hyperbeam.exe
2044	Hyperbeam.exe

Loads dropped DLL 17 IoCs

pid	Process
3272	Hyperbeam Setup 0.22.3.exe
3272	Hyperbeam Setup 0.22.3.exe
3272	Hyperbeam Setup 0.22.3.exe
3272	Hyperbeam Setup 0.22.3.exe
3272	Hyperbeam Setup 0.22.3.exe
3272	Hyperbeam Setup 0.22.3.exe
3272	Hyperbeam Setup 0.22.3.exe
2484	Hyperbeam.exe
2484	Hyperbeam.exe
2020	Hyperbeam.exe
4708	Hyperbeam.exe
2020	Hyperbeam.exe
2020	Hyperbeam.exe
2020	Hyperbeam.exe
2020	Hyperbeam.exe
5068	Hyperbeam.exe
2044	Hyperbeam.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates processes with tasklist 1 TTPs 1 IoCs

discovery

Process Discovery

T1057

pid	Process
2556	tasklist.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Hyperbeam Setup 0.22.3.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	find.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tasklist.exe

Modifies registry class 7 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\hyperbeam\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Hyperbeam\\Hyperbeam.exe\" \"%1\""	Hyperbeam.exe
Key created	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\hyperbeam	Hyperbeam.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\hyperbeam\URL Protocol	Hyperbeam.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\hyperbeam\ = "URL:hyperbeam"	Hyperbeam.exe
Key created	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\hyperbeam\shell\open\command	Hyperbeam.exe
Key created	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\hyperbeam\shell	Hyperbeam.exe
Key created	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\hyperbeam\shell\open	Hyperbeam.exe

Modifies system certificate store 2 TTPs 11 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 0f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f53000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b060105050703080b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c7f000000010000000c000000300a06082b060105050703097e000000010000000800000000c001b39667d601030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	Hyperbeam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 040000000100000010000000497904b0eb8719ac47b0bc11519b74d00f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	Hyperbeam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 19000000010000001000000068cb42b035ea773e52ef50ecf50ec529030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae4747e000000010000000800000000c001b39667d6017f000000010000000c000000300a06082b060105050703091d0000000100000010000000918ad43a9475f78bb5243de886d8103c140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb0b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b0601050507030853000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f20000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	Hyperbeam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349	Hyperbeam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	Hyperbeam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef453000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	Hyperbeam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474	Hyperbeam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 5c0000000100000004000000000800001900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef453000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286040000000100000010000000497904b0eb8719ac47b0bc11519b74d0200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	Hyperbeam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C	Hyperbeam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 0400000001000000100000003e455215095192e1b75d379fb187298a0f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b1d00000001000000100000006ee7f3b060d10e90a31ba3471b9992367f000000010000000c000000300a06082b060105050703097a000000010000000c000000300a06082b060105050703097e00000001000000080000000000042beb77d501030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c190000000100000010000000a823b4a20180beb460cab955c24d7e21200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0	Hyperbeam.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 5c000000010000000400000000080000190000000100000010000000a823b4a20180beb460cab955c24d7e21030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c7e00000001000000080000000000042beb77d5017a000000010000000c000000300a06082b060105050703097f000000010000000c000000300a06082b060105050703091d00000001000000100000006ee7f3b060d10e90a31ba3471b999236140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c990b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b060105050703080f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d0400000001000000100000003e455215095192e1b75d379fb187298a200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0	Hyperbeam.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3272	Hyperbeam Setup 0.22.3.exe
3272	Hyperbeam Setup 0.22.3.exe
2556	tasklist.exe
2556	tasklist.exe

Suspicious behavior: LoadsDriver 1 IoCs

pid	Process
652	Process not Found

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	2556	tasklist.exe
Token: SeSecurityPrivilege	3272	Hyperbeam Setup 0.22.3.exe
Token: SeShutdownPrivilege	2484	Hyperbeam.exe
Token: SeCreatePagefilePrivilege	2484	Hyperbeam.exe
Token: SeShutdownPrivilege	2484	Hyperbeam.exe
Token: SeCreatePagefilePrivilege	2484	Hyperbeam.exe
Token: SeShutdownPrivilege	2484	Hyperbeam.exe
Token: SeCreatePagefilePrivilege	2484	Hyperbeam.exe
Token: SeShutdownPrivilege	2484	Hyperbeam.exe
Token: SeCreatePagefilePrivilege	2484	Hyperbeam.exe
Token: SeShutdownPrivilege	2484	Hyperbeam.exe
Token: SeCreatePagefilePrivilege	2484	Hyperbeam.exe
Token: SeShutdownPrivilege	2484	Hyperbeam.exe
Token: SeCreatePagefilePrivilege	2484	Hyperbeam.exe
Token: SeShutdownPrivilege	2484	Hyperbeam.exe
Token: SeCreatePagefilePrivilege	2484	Hyperbeam.exe
Token: SeShutdownPrivilege	2484	Hyperbeam.exe
Token: SeCreatePagefilePrivilege	2484	Hyperbeam.exe
Token: SeShutdownPrivilege	2484	Hyperbeam.exe
Token: SeCreatePagefilePrivilege	2484	Hyperbeam.exe
Token: SeShutdownPrivilege	2484	Hyperbeam.exe
Token: SeCreatePagefilePrivilege	2484	Hyperbeam.exe
Token: SeShutdownPrivilege	2484	Hyperbeam.exe
Token: SeCreatePagefilePrivilege	2484	Hyperbeam.exe
Token: SeShutdownPrivilege	2484	Hyperbeam.exe
Token: SeCreatePagefilePrivilege	2484	Hyperbeam.exe
Token: SeShutdownPrivilege	2484	Hyperbeam.exe
Token: SeCreatePagefilePrivilege	2484	Hyperbeam.exe
Token: SeShutdownPrivilege	2484	Hyperbeam.exe
Token: SeCreatePagefilePrivilege	2484	Hyperbeam.exe
Token: SeShutdownPrivilege	2484	Hyperbeam.exe
Token: SeCreatePagefilePrivilege	2484	Hyperbeam.exe
Token: SeShutdownPrivilege	2484	Hyperbeam.exe
Token: SeCreatePagefilePrivilege	2484	Hyperbeam.exe
Token: SeShutdownPrivilege	2484	Hyperbeam.exe
Token: SeCreatePagefilePrivilege	2484	Hyperbeam.exe
Token: SeShutdownPrivilege	2484	Hyperbeam.exe
Token: SeCreatePagefilePrivilege	2484	Hyperbeam.exe
Token: SeShutdownPrivilege	2484	Hyperbeam.exe
Token: SeCreatePagefilePrivilege	2484	Hyperbeam.exe
Token: SeShutdownPrivilege	2484	Hyperbeam.exe
Token: SeCreatePagefilePrivilege	2484	Hyperbeam.exe
Token: SeShutdownPrivilege	2484	Hyperbeam.exe
Token: SeCreatePagefilePrivilege	2484	Hyperbeam.exe
Token: SeShutdownPrivilege	2484	Hyperbeam.exe
Token: SeCreatePagefilePrivilege	2484	Hyperbeam.exe
Token: SeShutdownPrivilege	2484	Hyperbeam.exe
Token: SeCreatePagefilePrivilege	2484	Hyperbeam.exe
Token: SeShutdownPrivilege	2484	Hyperbeam.exe
Token: SeCreatePagefilePrivilege	2484	Hyperbeam.exe
Token: SeShutdownPrivilege	2484	Hyperbeam.exe
Token: SeCreatePagefilePrivilege	2484	Hyperbeam.exe
Token: SeShutdownPrivilege	2484	Hyperbeam.exe
Token: SeCreatePagefilePrivilege	2484	Hyperbeam.exe
Token: SeShutdownPrivilege	2484	Hyperbeam.exe
Token: SeCreatePagefilePrivilege	2484	Hyperbeam.exe
Token: SeShutdownPrivilege	2484	Hyperbeam.exe
Token: SeCreatePagefilePrivilege	2484	Hyperbeam.exe
Token: SeShutdownPrivilege	2484	Hyperbeam.exe
Token: SeCreatePagefilePrivilege	2484	Hyperbeam.exe
Token: SeShutdownPrivilege	2484	Hyperbeam.exe
Token: SeCreatePagefilePrivilege	2484	Hyperbeam.exe
Token: SeShutdownPrivilege	2484	Hyperbeam.exe
Token: SeCreatePagefilePrivilege	2484	Hyperbeam.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
2484	Hyperbeam.exe
2484	Hyperbeam.exe
2484	Hyperbeam.exe
2484	Hyperbeam.exe

Suspicious use of SendNotifyMessage 5 IoCs

pid	Process
2484	Hyperbeam.exe
2484	Hyperbeam.exe
2484	Hyperbeam.exe
2484	Hyperbeam.exe
2484	Hyperbeam.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3272 wrote to memory of 2348	3272	Hyperbeam Setup 0.22.3.exe	78
PID 3272 wrote to memory of 2348	3272	Hyperbeam Setup 0.22.3.exe	78
PID 3272 wrote to memory of 2348	3272	Hyperbeam Setup 0.22.3.exe	78
PID 2348 wrote to memory of 2556	2348	cmd.exe	80
PID 2348 wrote to memory of 2556	2348	cmd.exe	80
PID 2348 wrote to memory of 2556	2348	cmd.exe	80
PID 2348 wrote to memory of 1392	2348	cmd.exe	81
PID 2348 wrote to memory of 1392	2348	cmd.exe	81
PID 2348 wrote to memory of 1392	2348	cmd.exe	81
PID 2484 wrote to memory of 2020	2484	Hyperbeam.exe	87
PID 2484 wrote to memory of 2020	2484	Hyperbeam.exe	87
PID 2484 wrote to memory of 2020	2484	Hyperbeam.exe	87
PID 2484 wrote to memory of 2020	2484	Hyperbeam.exe	87
PID 2484 wrote to memory of 2020	2484	Hyperbeam.exe	87
PID 2484 wrote to memory of 2020	2484	Hyperbeam.exe	87
PID 2484 wrote to memory of 2020	2484	Hyperbeam.exe	87
PID 2484 wrote to memory of 2020	2484	Hyperbeam.exe	87
PID 2484 wrote to memory of 2020	2484	Hyperbeam.exe	87
PID 2484 wrote to memory of 2020	2484	Hyperbeam.exe	87
PID 2484 wrote to memory of 2020	2484	Hyperbeam.exe	87
PID 2484 wrote to memory of 2020	2484	Hyperbeam.exe	87
PID 2484 wrote to memory of 2020	2484	Hyperbeam.exe	87
PID 2484 wrote to memory of 2020	2484	Hyperbeam.exe	87
PID 2484 wrote to memory of 2020	2484	Hyperbeam.exe	87
PID 2484 wrote to memory of 2020	2484	Hyperbeam.exe	87
PID 2484 wrote to memory of 2020	2484	Hyperbeam.exe	87
PID 2484 wrote to memory of 2020	2484	Hyperbeam.exe	87
PID 2484 wrote to memory of 2020	2484	Hyperbeam.exe	87
PID 2484 wrote to memory of 2020	2484	Hyperbeam.exe	87
PID 2484 wrote to memory of 2020	2484	Hyperbeam.exe	87
PID 2484 wrote to memory of 2020	2484	Hyperbeam.exe	87
PID 2484 wrote to memory of 2020	2484	Hyperbeam.exe	87
PID 2484 wrote to memory of 2020	2484	Hyperbeam.exe	87
PID 2484 wrote to memory of 2020	2484	Hyperbeam.exe	87
PID 2484 wrote to memory of 2020	2484	Hyperbeam.exe	87
PID 2484 wrote to memory of 2020	2484	Hyperbeam.exe	87
PID 2484 wrote to memory of 2020	2484	Hyperbeam.exe	87
PID 2484 wrote to memory of 2020	2484	Hyperbeam.exe	87
PID 2484 wrote to memory of 2020	2484	Hyperbeam.exe	87
PID 2484 wrote to memory of 2020	2484	Hyperbeam.exe	87
PID 2484 wrote to memory of 2020	2484	Hyperbeam.exe	87
PID 2484 wrote to memory of 2020	2484	Hyperbeam.exe	87
PID 2484 wrote to memory of 2020	2484	Hyperbeam.exe	87
PID 2484 wrote to memory of 2020	2484	Hyperbeam.exe	87
PID 2484 wrote to memory of 2020	2484	Hyperbeam.exe	87
PID 2484 wrote to memory of 2020	2484	Hyperbeam.exe	87
PID 2484 wrote to memory of 2020	2484	Hyperbeam.exe	87
PID 2484 wrote to memory of 4708	2484	Hyperbeam.exe	88
PID 2484 wrote to memory of 4708	2484	Hyperbeam.exe	88
PID 2484 wrote to memory of 5068	2484	Hyperbeam.exe	89
PID 2484 wrote to memory of 5068	2484	Hyperbeam.exe	89
PID 2484 wrote to memory of 5068	2484	Hyperbeam.exe	89
PID 2484 wrote to memory of 5068	2484	Hyperbeam.exe	89
PID 2484 wrote to memory of 5068	2484	Hyperbeam.exe	89
PID 2484 wrote to memory of 5068	2484	Hyperbeam.exe	89
PID 2484 wrote to memory of 5068	2484	Hyperbeam.exe	89
PID 2484 wrote to memory of 5068	2484	Hyperbeam.exe	89
PID 2484 wrote to memory of 5068	2484	Hyperbeam.exe	89
PID 2484 wrote to memory of 5068	2484	Hyperbeam.exe	89
PID 2484 wrote to memory of 5068	2484	Hyperbeam.exe	89
PID 2484 wrote to memory of 5068	2484	Hyperbeam.exe	89
PID 2484 wrote to memory of 5068	2484	Hyperbeam.exe	89
PID 2484 wrote to memory of 5068	2484	Hyperbeam.exe	89
PID 2484 wrote to memory of 5068	2484	Hyperbeam.exe	89

C:\Users\Admin\AppData\Local\Temp\Hyperbeam Setup 0.22.3.exe
"C:\Users\Admin\AppData\Local\Temp\Hyperbeam Setup 0.22.3.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3272
- C:\Windows\SysWOW64\cmd.exe
  cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq Hyperbeam.exe" | %SYSTEMROOT%\System32\find.exe "Hyperbeam.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2348
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq Hyperbeam.exe"
    3⤵
    - Enumerates processes with tasklist
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:2556
- - C:\Windows\SysWOW64\find.exe
    C:\Windows\System32\find.exe "Hyperbeam.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1392

C:\Users\Admin\AppData\Local\Programs\Hyperbeam\Hyperbeam.exe
"C:\Users\Admin\AppData\Local\Programs\Hyperbeam\Hyperbeam.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
- Modifies system certificate store
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2484
- C:\Users\Admin\AppData\Local\Programs\Hyperbeam\Hyperbeam.exe
  "C:\Users\Admin\AppData\Local\Programs\Hyperbeam\Hyperbeam.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\hyperbeam" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1452 --field-trial-handle=1672,i,13996238417352212321,17558967670048351402,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2020
- C:\Users\Admin\AppData\Local\Programs\Hyperbeam\Hyperbeam.exe
  "C:\Users\Admin\AppData\Local\Programs\Hyperbeam\Hyperbeam.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\hyperbeam" --mojo-platform-channel-handle=1980 --field-trial-handle=1672,i,13996238417352212321,17558967670048351402,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4708
- C:\Users\Admin\AppData\Local\Programs\Hyperbeam\Hyperbeam.exe
  "C:\Users\Admin\AppData\Local\Programs\Hyperbeam\Hyperbeam.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\hyperbeam" --app-path="C:\Users\Admin\AppData\Local\Programs\Hyperbeam\resources\app.asar" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2248 --field-trial-handle=1672,i,13996238417352212321,17558967670048351402,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5068
- C:\Users\Admin\AppData\Local\Programs\Hyperbeam\Hyperbeam.exe
  "C:\Users\Admin\AppData\Local\Programs\Hyperbeam\Hyperbeam.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --user-data-dir="C:\Users\Admin\AppData\Roaming\hyperbeam" --mojo-platform-channel-handle=3428 --field-trial-handle=1672,i,13996238417352212321,17558967670048351402,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2044

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D0 0x00000000000004D8
1⤵
PID:2240

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Programs\Hyperbeam\chrome_100_percent.pak

Filesize
126KB

MD5
a3d4515d3a33a407d313a62818e82a5d

SHA1
967ff9a6774a66f7b3299af4fd5d70961ed54d79

SHA256
662a9db6ef4197cb4b6c50648a2cafceb7fd903015828df3fee605a602370be0

SHA512
0c757e1beccbca1ae0791fa0c51a9e2019696bd0965c73de67b364fba6f317ea2cf20fa65e4fa7dd22519683528e5112dc8c530049170f4e702e0c8d4e065801

Download Submit
C:\Users\Admin\AppData\Local\Temp\206a27eb-1e33-4a39-bfab-4ea630870568.tmp.node

Filesize
495KB

MD5
2451dbaaa5c1b21da03be4fb0fb8c3fc

SHA1
900809bc256be20cbed09db625e2a67d623d18ed

SHA256
c19cc096eee9424ec00aaba8b2756613e9b5dc7f1559bc7141acbd18ce4cc79b

SHA512
9586e8fb84405450ebb5ce5bc909c70e0d9a79af8474029f225c0a987a3c18230b54feeb864016d56eeacd1ac496fa213f0ad621f0b78a2bc7990683cc4c67bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr9730.tmp\7z-out\LICENSE.electron.txt

Filesize
1KB

MD5
4d42118d35941e0f664dddbd83f633c5

SHA1
2b21ec5f20fe961d15f2b58efb1368e66d202e5c

SHA256
5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d

SHA512
3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr9730.tmp\7z-out\LICENSES.chromium.html

Filesize
6.2MB

MD5
53ef875136b19bef138829d5846208b0

SHA1
edfcf34901b7fc6a3e578d637266686673a30299

SHA256
d3bf6dd8892c6d77555e0b55efe98bfd18f08987ea39668bc5d0c419877aef1f

SHA512
b6f0e50ac1a2a2144d718eca60dd8a26ca48045fff9c05327e4e0e09a4d12ba69952f9feb9481497f9b1b1378a5c1d55845bee551f84e7a47f98f7a222c302ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr9730.tmp\7z-out\chrome_200_percent.pak

Filesize
175KB

MD5
3bab45c70f22646cf8452c30903810cb

SHA1
40b31d4c79b5a2b8d12f8cf8b6c49c962c31f766

SHA256
d4282ae977f23afe252e19e421c8d09696ea3b83a1e73a6aaebaaa5547c74cbc

SHA512
85eda055494f0233c963e821906cf69d94e664d8396e8b08e7a8f412e1c16af71252fef1bfe3ed43cfad157aa90c0dcbb375626e2ddf0e807c9b23ad27e61d9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr9730.tmp\7z-out\d3dcompiler_47.dll

Filesize
4.7MB

MD5
cb9807f6cf55ad799e920b7e0f97df99

SHA1
bb76012ded5acd103adad49436612d073d159b29

SHA256
5653bc7b0e2701561464ef36602ff6171c96bffe96e4c3597359cd7addcba88a

SHA512
f7c65bae4ede13616330ae46a197ebad106920dce6a31fd5a658da29ed1473234ca9e2b39cc9833ff903fb6b52ff19e39e6397fac02f005823ed366ca7a34f62

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr9730.tmp\7z-out\ffmpeg.dll

Filesize
2.7MB

MD5
c92829816a0f5e945f014a437e668b38

SHA1
5998ef0668a09345af83757eb58553f6e6cbf767

SHA256
b325226a9777eefe345d9736d4f1f98b6ccb464e4a3abccd35f10bf108518ae4

SHA512
2799cb0d806f03cc3b60874c89f20261a0ac8b43c30d7ebcdfb01c4543253f3f5f0991fcb3305cb4617245469a58d7aa8f0f66e946f8fd45231d9597e32384e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr9730.tmp\7z-out\icudtl.dat

Filesize
10.0MB

MD5
6690f2b2384e1bf8961fda96a4d07691

SHA1
111f6dd9833c653908431621fe8fbc87f1135632

SHA256
cb73d42d36839708013393ad0e4e932fdda9a1acda9275ecdbe74fe89eea8366

SHA512
6a5242fdc0ba09e339151feae1b3f7a9f00a09288b6f4ea9305d1a09d8bc3015c074ee91de35b8d6fc765c2fb55ec37dd91b8e66b7a7bb3148cbc305de19b088

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr9730.tmp\7z-out\libEGL.dll

Filesize
458KB

MD5
79d17646daac89413e76e5612353c94d

SHA1
cf648b96e89302f70b4deaa51499b7ea35d5f068

SHA256
cd79548789bd396bf81e5d5019ac4b802dadc82a22668c685fad2608c7d3f305

SHA512
acab8e90a9c872fc7fb25d7e5cecb0dd1dc18533b62511bd2baa74bc961c02c88ab8826c77d451deb1298528624d97d36c2cd53170a006b89ab8c7c0da97900c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr9730.tmp\7z-out\libGLESv2.dll

Filesize
7.1MB

MD5
fe9b0eae67c26a0e8214e4c8e9f64182

SHA1
48dbeb8410f73119e1bf5dc7da5fb59934320e1b

SHA256
8f1e9e29ffe97fdc7efe7e3ad7169a48787d8ad0ac44e17840d0deae391576cf

SHA512
82ff0224de8c5f68575ab186d102afe63c48ce90afa2553e179db0088b7ca8ec87d37506d711611c873bab4a6e75e65a2c8c9fe6bd3b611fed4260cfba1cc3af

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr9730.tmp\7z-out\locales\en-GB.pak

Filesize
293KB

MD5
0444defa8f211ac4eabcc760b14a5b8a

SHA1
f143e080ba73f83c77d6c095ab8be1f71f763532

SHA256
e252661d412a068610ac2e2a64609f21f71c64602c579a14d7e6ee59d08fdfc1

SHA512
ef4977e477c3c39c2915e82162bf44370a3e2242a2fe57b43a0c2342171d02278adcec9d602ad4d4021a6554ad85a55d4635ccf3cf97405bda30626379d875b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr9730.tmp\7z-out\locales\en-US.pak

Filesize
296KB

MD5
1e9b12891461eefd9db12e537965329c

SHA1
bf2346e045f79a70218890764b9318fa86886b36

SHA256
bd67fc968d75e77f2bae7ad552c398ccc4dad8635d74814c2046f813010c45e7

SHA512
3f01b9fc7e07bf6f3f8cda357debb83f73bb24179f6926d0b24114ac0078f42941a68842453bd7ee86cb759ef76e240b84278ebe1541cb659fb7caf3cf5b6820

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr9730.tmp\7z-out\locales\es-419.pak

Filesize
358KB

MD5
637dcfd56428fe96bb0a778b0cf8a660

SHA1
1bad857d600d00864edc3d31529cf4ef6a49b580

SHA256
45f136986a226b1385189997aad2f660d0f518cc9871862250736237e0b105cf

SHA512
66b5c92687e97326af47258d38ec523184ced00855ca385515c64bfb9a7e3eb8dd1f885c4db5891bad680c670714bf9e5574483e34265c1f7781c8a7e7af9301

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr9730.tmp\7z-out\locales\es.pak

Filesize
359KB

MD5
85e0afd9c09f97cecc025f31fdb6269c

SHA1
13b9ec632e465c31fe6e88b1e3c186a2eacf5de6

SHA256
e1a9180677d2989137e8dd381e6c847c47b385a6d3e965a047829479317736ae

SHA512
0371b816522bc43b124ab8dfba3ac55e63c435276031f7035075a0767a11f3d73b5991156ee6ea1770d0115c09cb653c9d3fbda4b2d9f1e00b068c9d7a2f8db4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr9730.tmp\7z-out\resources.pak

Filesize
5.1MB

MD5
3d984171bf7cd9766e2f21bde99b52b7

SHA1
010467ead02a904b669526c899d2ccf2a0831092

SHA256
a8703075c4f583483e728560096e440cc31697e0a5688393b7dab9615011adeb

SHA512
bf54b46f92ed91bada2fe76a14f13c8261e825595da6c67143eb04f79d6c407e61102d310ebabcd17111288b282882ac74c1d99962447fad3a5bafcee0a5ba1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr9730.tmp\7z-out\resources\app-update.yml

Filesize
138B

MD5
1f37c365ac4c1e90f397bca6b052a9b3

SHA1
4850dd8fca87c3b8f4769297832d243b12161eaa

SHA256
f78c2335bb27e27010214620baa998ec02fadf476c862ddd646c644ca337fe11

SHA512
2b6f9f665613665452d66f51ce3c670974e46391666919b73d41c343c40e1255a42b3ae94e3cde6eab66d171eb4685ef2a3e6ec11468453834d47a8da5b86a02

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr9730.tmp\7z-out\resources\app.asar

Filesize
15.2MB

MD5
fa8ff01ec7ce037fa1518652dc96d45f

SHA1
5f723ad249e2bccd372d00ae3c54e661d6a9397a

SHA256
470ea96a0a352792d1e2cf84d178e38cd571718c58fa1a9859cca7227a002da1

SHA512
3f6f8cc64407ec77bee4c3f2f6578099b0736ac66136d61a86f1631b3be6eac46541386f9d780c2ed5828c6c8b634e46e1bd2e318046df1366b849e75eeef1e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr9730.tmp\7z-out\resources\assets\icons\png\1024x1024.png

Filesize
39KB

MD5
c5fc8787181aca58c2b8fcbb5181949c

SHA1
f35847849b002cfb419bfa23d550decfa43a368c

SHA256
ac8f9f11f938eabd84027f3dadaf8ceeeacc353041bc7899fc86b24373f6deba

SHA512
a29ace0a48f8f0e7a478b01aa55abf353a0bef38401bffa6582726356326467f009022d5990e0b5eeaf88bd652d6fe80d0d05108ef70c6f96c646c4ff4915dd0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr9730.tmp\7z-out\resources\assets\icons\png\128x128.png

Filesize
4KB

MD5
c9bd7e5f3d4b776f65cd7e7a9f13d286

SHA1
85fa6e31d26e9671ae71905aa6003ceab293f1f7

SHA256
0276f44b39a1ee180a4208d0ce2d1e5b0f63ebe52730baf86eba82dd122d4749

SHA512
202be03e378f7d4e130504ec4feb5616bda1ee1b9cd7f8d98d36c47ac367119a286040c1a50a122b913a827b99f1ae570ce40e1732e41f3401fb1ebde1ffdb3a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr9730.tmp\7z-out\resources\assets\icons\png\16x16.png

Filesize
529B

MD5
e6ede0e8ab552a71ed81bca7acdb993d

SHA1
475e63479dfa87c0074be987ebea7d6544526787

SHA256
8cb6183bfa529d39c05d8df43a64f7bcab2f840f2d0304ebc23b9e3577c9a454

SHA512
536b0b6680bdbf57dbb056f9462f21d27f201e14b5499b50bb20293d9434a1c8f828f5f7a31ee419b3277daaf006abb3f48f765c0dcc4b737b1020e9c59130d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr9730.tmp\7z-out\resources\assets\icons\png\24x24.png

Filesize
863B

MD5
137ab36e995228ac323682de59f49e7a

SHA1
acec21708c01b22ff173912caa2f8eb821376934

SHA256
fd0c474ab205aa88add798d03c5240fdc5083b023f489a27893a7ae64253d67a

SHA512
0ab74cb5c9386f580a76b9fbe5236066930523d9e17d1dce2349f4d79efe1454fa3bb30b694c9befc8c939c4b1f66f7887fe4742eff1bc27d22936f88ec020b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr9730.tmp\7z-out\resources\assets\icons\png\256x256.png

Filesize
8KB

MD5
f4673c68db3fba5ffce6dfc02f7dae13

SHA1
453b0dde274557a558dbdf3f5a940dfac3e78de8

SHA256
bb0178eb2201bca2457fe92bac06e2075a00aad50a4a512828c6a9778f1bb404

SHA512
da19ddbb85cb325017f59f820071451517761ace24d69bcfa4687761a0878442b11f3236db60aac68254da756d0c39e80264f420c54f517c6d25f3e14cf43eaf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr9730.tmp\7z-out\resources\assets\icons\png\32x32.png

Filesize
1KB

MD5
8b3514c86725fd861a6c247387521c39

SHA1
902574eaac1992c3c4ff5a89dc7b1c38be13e87f

SHA256
25b2e06ed269dc9dd950fa7d9e8c6fe89c678f8a9a0866a0b28174c2bb9b66de

SHA512
40ac1267a85a00153d5d3e5e99c4b736958521577c3aa412a2cb393940a220e79216235edbcb89a0fa4e947cf5c67529666dc5ac1797582c500aceeafa143ca4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr9730.tmp\7z-out\resources\assets\icons\png\48x48.png

Filesize
1KB

MD5
5ed9466c3d01fb2d628a87d7ba9bca51

SHA1
be40c409fda8341c08bde7f416324ff0d07a87b9

SHA256
cd8c4c50b2e68fdb9c79d39f2b7b61a7e9e11fb07bcd8a97ad0030c56afe240d

SHA512
762edfe619a8b8e12ed9e319931af0c163cfd85dc1a764d3b1a4a4df477ace9d65ba1b5e7b8d9d46fe698891e6c3ccf2397af8d34fb7a4100ec127da6a236583

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr9730.tmp\7z-out\resources\assets\icons\png\512x512.png

Filesize
18KB

MD5
a1c4b83fff19c3d75a1edaacd72e0c76

SHA1
d57b8e0788833a8f1497f41110ab45aeb8f0f0ec

SHA256
2b876c77469c35fd587102b78a6bb971d35f54073592ed4699f7079c5624d0e1

SHA512
d367391543dfc2b5d0ffcfd06c74ef41b684eb73a9422ac4c5737406fb6897cc9d8398706d05b080aee3c6d64ad6be9b0d8059206c39958ba000e32b3582c7f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr9730.tmp\7z-out\resources\assets\icons\png\64x64.png

Filesize
2KB

MD5
05f58ff7147df767ddb8a4582f2df237

SHA1
5d23d2fb1c2e293ca1c84b15dc80c03d0dc93be1

SHA256
5d204653efc21d43a80a1d0944302bac8a00ada2a20e5191e059a06f1c1c6d1a

SHA512
c9a431969107e7ac8a19b1503ab2930ab28d999af09681594cb1bb7e841dabd865524568ff6cc72e0a42998286b2dad9f3e8e11aa6992b163b99aaadea693bec

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr9730.tmp\7z-out\resources\assets\icons\win\icon.ico

Filesize
352KB

MD5
199a597857932a3c3440ad88f9f8ec83

SHA1
3dabf8ed3411fca798b9f9e240cb7f9d297c3066

SHA256
a9798c50b6889fa60d83b00a65a4b7c55a72ee147147c8845145ccaab1260e0d

SHA512
824b1c0dcafd4cecf70d07a3e16f186df355cbfdb62dcf2b996106e9f3b1747071853ddf54ca6a2a4478fb45685963f1b83390ec4a817639a9751d5a16ceb9a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr9730.tmp\7z-out\resources\elevate.exe

Filesize
111KB

MD5
eb49ddad4aa07b44c3c931a505e36196

SHA1
9738231d45eac0bd2044824dc1aed632ed99ccac

SHA256
7c4236c66700d6eda63d02ad641b8ef34bc9e53015cb16086e9d86bbeabc77fc

SHA512
92cdf35be27b435810ade11e7f56e2b68cfe270f1f8418a51508c85ad7051ef2a1cc2368819872d1850ba734ac0357087abbbfa3aee449d51093a7c588a68561

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr9730.tmp\7z-out\snapshot_blob.bin

Filesize
401KB

MD5
17b5a28e6aa7ef49bea7555843937313

SHA1
8c740e68f009c3d03db74edc347cc5d1fac7b1b8

SHA256
2590aa136bc101f1075e42cd8939c7679ceb35b773c989be2ada49acaffd01a5

SHA512
af7efffed22246389d6a834cc8d8467e965849ffb8fbecd4d192c0596d1a026c6ddbe49cd2029163fd77bad22906e80446512bdb918875a7fa96c6ffef65cfc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr9730.tmp\7z-out\v8_context_snapshot.bin

Filesize
716KB

MD5
b978b7e83b574a43fe766af2b670c1c4

SHA1
ab0d1211740fefe3b8ddc8bcb2400e68cc88ba4d

SHA256
f59fa568139442c7f547fc8a5a0fd090ddc8427cc409e2fcef0518a9dcb47a96

SHA512
ac0f297b128e83d55788aadf5870849781d81cc61461117c5cf22f757e20089acb640b3ebc2f3bb2fbe1659e75da73a63cb884be4a791a90702758e6c52dc706

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr9730.tmp\7z-out\vk_swiftshader.dll

Filesize
4.6MB

MD5
09895152704e73f877090429a3f617a7

SHA1
6c9a5a4eec367bd020fb267545ff21c676c775ce

SHA256
a4ee0be900ba0afd24e94b86501b9aff169453fe0a930748a9839aba00aa3a49

SHA512
3e3c0d194a4476f0de279428e17fc96250ae8aa640094d8077ecbdda2f0661dfd253b503f6a69583f3983e230299f4c79e767c7824574ffd71b7904481bb9832

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr9730.tmp\7z-out\vk_swiftshader_icd.json

Filesize
106B

MD5
8642dd3a87e2de6e991fae08458e302b

SHA1
9c06735c31cec00600fd763a92f8112d085bd12a

SHA256
32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9

SHA512
f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr9730.tmp\7z-out\vulkan-1.dll

Filesize
849KB

MD5
6e5c112a19cadb33fdc55622218a7386

SHA1
b9b0395372967ddadb32d66481b26df4f0b9fefb

SHA256
a88440204e4a7bc48c5829375d1da3e37b675b5b0fdc5b073a50dd2869931cda

SHA512
4d1cda843a6081a2b76b2748e7db62069ae0fd539a6ef9177ee490dad93ec5bd8bf624645dd03ce0e3ea4357eb2973ec1005f78d8bc7481b592de4fab960edc8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr9730.tmp\SpiderBanner.dll

Filesize
9KB

MD5
17309e33b596ba3a5693b4d3e85cf8d7

SHA1
7d361836cf53df42021c7f2b148aec9458818c01

SHA256
996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93

SHA512
1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr9730.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr9730.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr9730.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr9730.tmp\nsExec.dll

Filesize
6KB

MD5
ec0504e6b8a11d5aad43b296beeb84b2

SHA1
91b5ce085130c8c7194d66b2439ec9e1c206497c

SHA256
5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962

SHA512
3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr9730.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\hyperbeam\00c63a86-c62f-4e3c-8f95-312fe7d53dbe.tmp

Filesize
57B

MD5
58127c59cb9e1da127904c341d15372b

SHA1
62445484661d8036ce9788baeaba31d204e9a5fc

SHA256
be4b8924ab38e8acf350e6e3b9f1f63a1a94952d8002759acd6946c4d5d0b5de

SHA512
8d1815b277a93ad590ff79b6f52c576cf920c38c4353c24193f707d66884c942f39ff3989530055d2fade540ade243b41b6eb03cd0cc361c3b5d514cca28b50a

Download Submit
C:\Users\Admin\AppData\Roaming\hyperbeam\Cache\Cache_Data\f_000004

Filesize
53KB

MD5
7601d7faa3b49a6e2032ce5c8232a7ef

SHA1
577415dfc9ee0720efb61107f47624ff46478f41

SHA256
a81dc86c4c91cba18ebdc35761a2826480611f1368134650e48de4dec04fffe5

SHA512
3672a0ff8a2cc697e263aa073725d4111933148d38ba5817c2f4348245d2bec0ae1e96b1fd9eb13874285350484d12b7964ac7fb72956876d6436dc2aecef956

Download Submit
C:\Users\Admin\AppData\Roaming\hyperbeam\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
0758c27077de79af4968fd58d9536c50

SHA1
0a34af32f8c7a4e1b137c827e561ee000cdb9e19

SHA256
59e9032ad797029404a5535b19793c800fe66d8434a1953746115be7b524e793

SHA512
b676edd2163df66fabf0ffd7099a1eab0b8a1bcf9ca8d0247bb7983fc6ce42e1d5b92175f75617b0afde190905a4845c5dfe4f24e252cbd45f6cc5d1cf766ff3

Download Submit
C:\Users\Admin\AppData\Roaming\hyperbeam\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
0720d670db3050f948340fc8fee41724

SHA1
497b00829fa56dbe84c4fc7930400aa4a2692e83

SHA256
f4a80d7a48384946e4e39a2d628601fb03dac8ccc511d99e21952e918615f5ca

SHA512
433b0e0a5e0cd7bde0702fee58020d631f40059d4de8ccf7a53b8c502342670428f83fe7ac7fd3725b351e58c2120fe99e4757de61dd7b51a5ca3a538b008b5e

Download Submit
C:\Users\Admin\AppData\Roaming\hyperbeam\Network\TransportSecurity

Filesize
370B

MD5
fa9f4eb4a7f9996a46ea0e6133abc924

SHA1
b3df927c4277f021b4fc5a0e04d9f4e01460630a

SHA256
80fbbb7346252e73db30ad2ab0c480eac4c7c6e9e93f1016c8921754b09b988f

SHA512
358f2643420be131e59c1b1a456035d8dbac3934b88b8eb681f98313b2eba1e9083146ddf2bec80f84487d148e952c6dc03923e0d21eca6641c02cdc8983301a

Download Submit
C:\Users\Admin\AppData\Roaming\hyperbeam\Network\TransportSecurity

Filesize
370B

MD5
c96a2d7b6a6a23427b3e9b1667cfe84a

SHA1
3170f413481669bec4576bd2c25bf03062739bf8

SHA256
9f3aa5150cafab317ba17078aabc3180eac0e9a1aaf68e6ef9345ec37699a24d

SHA512
538a997cad444817c000d6f56e3ba2581a014c2ecd26627c05d8b3e4a5b1036c43eb3a1eca66abdf1e36edf479f310a9e9d3e9813f3d1b3f7cf04263d0d5b8b9

Download Submit
C:\Users\Admin\AppData\Roaming\hyperbeam\Network\TransportSecurity~RFe582ae3.TMP

Filesize
370B

MD5
462cda84fc16c01734b6f70729884039

SHA1
e2e3103335cff14a134afedf9e983c882830e7eb

SHA256
a130e9714b4ddc7023b0157a7e5d152e8a615d892f135e12ba0348262294d93f

SHA512
7c239489f94c3b21f2e44db4ef99a7d817fba29410d23255abcab52acdcc2324094e289edd1311933e24f5bd29d131e4147ef950be9876f105c691df9fc458fd

Download Submit
C:\Users\Admin\AppData\Roaming\hyperbeam\Service Worker\CacheStorage\3a3ef770bfb7ff7305a15868ae01c49399715c03\39ea3a59-2412-40ee-b175-5ef465f0b7fa\index-dir\the-real-index

Filesize
1KB

MD5
1a19fe09d394be6ccdaa3c2f2e5811e7

SHA1
1220615b90a7a9f0bd2702488378acd0911563d6

SHA256
017a795d45844628fcfc54dee1eedf950216690dd4f773b43f04483f20a02333

SHA512
d81baafce21ce9323aa25232ed47cbe71a7581e5ce98cd672a912a9b131cdc0d5b97c15a16ddedf34f109dcadb97485738b2b14e1e097318bd6595e0ea47ce64

Download Submit
C:\Users\Admin\AppData\Roaming\hyperbeam\Service Worker\CacheStorage\3a3ef770bfb7ff7305a15868ae01c49399715c03\39ea3a59-2412-40ee-b175-5ef465f0b7fa\index-dir\the-real-index~RFe5818a4.TMP

Filesize
48B

MD5
177a2d6886ade0f33a5223fedc7e971b

SHA1
7e203642baea013ead0195eb4a58bf9ed7159d03

SHA256
26df2fa226bb1a9818a3395097e4b4a6ac492fb42de94e96d2289e9461573c71

SHA512
804e4c44505906ac1c322c2e5a4893ee8e631340cfde1fa072466ae84af690cbffe60d413ef5c63e62a30056bde6dc1f10f4bc5ee6b05598f95876941b1998b3

Download Submit
C:\Users\Admin\AppData\Roaming\hyperbeam\Service Worker\CacheStorage\3a3ef770bfb7ff7305a15868ae01c49399715c03\index.txt

Filesize
121B

MD5
1d495c836afbee0aa1950d01b20ebd23

SHA1
7196036aadd501b11ca9d193ca88e91af9cb23b4

SHA256
c2190abd058389a4dd97ee4b72522270e7e451757afe74ff75e0bfb0c9247730

SHA512
14868925b30397e80eed572b05ae1ab69d5d038190737aa7c2bec4b77c51b8dcee5dce746091525408f35752c81eb0336c4efa3cf39e834a75110a02d713b717

Download Submit
C:\Users\Admin\AppData\Roaming\hyperbeam\Service Worker\CacheStorage\3a3ef770bfb7ff7305a15868ae01c49399715c03\index.txt~RFe5818e2.TMP

Filesize
125B

MD5
05c96d098919f76c764ac9223edeb199

SHA1
87193c3d42b427801784a3b3a69dfacc067d4b12

SHA256
56c42861a27525bfa990234d1f0a7edb9d7d5e632103302953282fa5e429ba33

SHA512
cd8bf1db66c1e404b9d466d2cddd76f59605fac1aae3035d44c2d69dacf56fa2c338725e45f801e9ba60ec78dd28eec8bd011e4618adb44c2abeedf39cbdc07d

Download Submit
C:\Users\Admin\AppData\Roaming\hyperbeam\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Roaming\hyperbeam\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
2a0c7c8141573e405728980cf4d47ea4

SHA1
5aac15ee607f726b882259e38685d04b8f24d3d3

SHA256
c610d9f9acb28224a1984cf0f47a5f2dfda97da073cf0f8e78e335fb5ba1aa41

SHA512
21af782fe9de834c1bcd0fd5b775e69f58523ff35ff4bceb227c15c4bcf56829413069c9f660db1b9c41f9b960bbd14aa5d4d9d82cc7916cad8f5088e583a3d9

Download Submit
C:\Users\Admin\AppData\Roaming\hyperbeam\Service Worker\ScriptCache\index-dir\the-real-index~RFe580422.TMP

Filesize
48B

MD5
892fe459d262bfc24a342aaad44153cc

SHA1
f4f0446a8d30946a0135f6e92868ea6a583e2553

SHA256
10acc51deda6381c4a78882805f16216f33d6e314d24c86ef9272360d325451c

SHA512
715a72fe6e409c2fed9f992c71628da1f2560b194c45316441dcfdd40606fdf01032fc42d0992d62d1f613533f038ba29005810757117be1bbc9f1312f6e0def

Download Submit
C:\Users\Admin\AppData\Roaming\hyperbeam\Session Storage\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
memory/2020-295-0x00007FFF23B20000-0x00007FFF23B21000-memory.dmp

Filesize
4KB

Download
memory/5068-332-0x00007FFF24E40000-0x00007FFF24E41000-memory.dmp

Filesize
4KB

Download
memory/5068-331-0x00007FFF22D50000-0x00007FFF22D51000-memory.dmp

Filesize
4KB

Download