Malware Analysis Report

2024-11-30 05:51

Sample ID 241121-btc1ysybjr
Target fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe
SHA256 fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe
Tags
persistence privilege_escalation blackguard
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe

Threat Level: Known bad

The file fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe was found to be: Known bad.

Malicious Activity Summary

persistence privilege_escalation blackguard

Blackguard family

Loads dropped DLL

Checks computer location settings

Event Triggered Execution: Component Object Model Hijacking

Enumerates physical storage devices

Modifies registry class

NTFS ADS

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-21 01:25

Signatures

Blackguard family

blackguard

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-21 01:25

Reported

2024-11-21 01:28

Platform

win10v2004-20241007-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\CLSID\{BA85CAF4-A346-4224-A0EF-46233D82180D}\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Roaming\\hive-desktop\\HiveCloudBridge\\Icons\\Drive.ico" C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\CLSID\{BA85CAF4-A346-4224-A0EF-46233D82180D}\ShellFolder\FolderValueFlags = "552" C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\WOW6432Node\CLSID\{BA85CAF4-A346-4224-A0EF-46233D82180D}\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Roaming\\hive-desktop\\HiveCloudBridge\\Icons\\Drive.ico" C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\WOW6432Node\CLSID\{BA85CAF4-A346-4224-A0EF-46233D82180D}\ShellFolder\Attributes = "4034920525" C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\WOW6432Node\CLSID\{BA85CAF4-A346-4224-A0EF-46233D82180D} C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\WOW6432Node\CLSID\{BA85CAF4-A346-4224-A0EF-46233D82180D}\Instance\InitPropertyBag C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\CLSID\{BA85CAF4-A346-4224-A0EF-46233D82180D} C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\WOW6432Node\CLSID\{BA85CAF4-A346-4224-A0EF-46233D82180D}\SortOrderIndex = "66" C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\WOW6432Node\CLSID\{BA85CAF4-A346-4224-A0EF-46233D82180D}\InProcServer32 C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\WOW6432Node\CLSID\{BA85CAF4-A346-4224-A0EF-46233D82180D}\InProcServer32\ = "%SystemRoot%\\system32\\shell32.dll" C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\WOW6432Node\CLSID\{BA85CAF4-A346-4224-A0EF-46233D82180D}\Instance\InitPropertyBag\TargetFolderPath = "C:\\Users\\Admin\\hiveDisk" C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\CLSID\{BA85CAF4-A346-4224-A0EF-46233D82180D}\SortOrderIndex = "66" C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\CLSID\{BA85CAF4-A346-4224-A0EF-46233D82180D}\InProcServer32 C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\CLSID\{BA85CAF4-A346-4224-A0EF-46233D82180D}\InProcServer32\ = "%SystemRoot%\\system32\\shell32.dll" C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\WOW6432Node\CLSID\{BA85CAF4-A346-4224-A0EF-46233D82180D}\DefaultIcon C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\WOW6432Node\CLSID\{BA85CAF4-A346-4224-A0EF-46233D82180D}\System.IsPinnedToNamespaceTree = "1" C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\CLSID\{BA85CAF4-A346-4224-A0EF-46233D82180D}\Instance C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\WOW6432Node\CLSID\{BA85CAF4-A346-4224-A0EF-46233D82180D}\Instance\CLSID = "{0E5AAE11-A475-4c5b-AB00-C66DE400274E}" C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\CLSID\{BA85CAF4-A346-4224-A0EF-46233D82180D}\Instance\InitPropertyBag C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\CLSID\{BA85CAF4-A346-4224-A0EF-46233D82180D}\Instance\InitPropertyBag\Attributes = "17" C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\CLSID\{BA85CAF4-A346-4224-A0EF-46233D82180D}\ShellFolder C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\CLSID\{BA85CAF4-A346-4224-A0EF-46233D82180D}\ShellFolder\Attributes = "4034920525" C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\WOW6432Node\CLSID\{BA85CAF4-A346-4224-A0EF-46233D82180D}\ = "hiveDisk" C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\WOW6432Node\CLSID\{BA85CAF4-A346-4224-A0EF-46233D82180D}\Instance C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\WOW6432Node\CLSID\{BA85CAF4-A346-4224-A0EF-46233D82180D}\Instance\InitPropertyBag\Attributes = "17" C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\WOW6432Node\CLSID\{BA85CAF4-A346-4224-A0EF-46233D82180D}\ShellFolder C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\CLSID\{BA85CAF4-A346-4224-A0EF-46233D82180D}\ = "hiveDisk" C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\CLSID\{BA85CAF4-A346-4224-A0EF-46233D82180D}\DefaultIcon C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\CLSID\{BA85CAF4-A346-4224-A0EF-46233D82180D}\System.IsPinnedToNamespaceTree = "1" C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\CLSID\{BA85CAF4-A346-4224-A0EF-46233D82180D}\Instance\CLSID = "{0E5AAE11-A475-4c5b-AB00-C66DE400274E}" C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\CLSID\{BA85CAF4-A346-4224-A0EF-46233D82180D}\Instance\InitPropertyBag\TargetFolderPath = "C:\\Users\\Admin\\hiveDisk" C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\WOW6432Node\CLSID\{BA85CAF4-A346-4224-A0EF-46233D82180D}\ShellFolder\FolderValueFlags = "552" C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A

NTFS ADS

Description Indicator Process Target
File created C:\Users\Admin\AppData\Local\Hive CloudBridge\C\Users\Admin\hiveDisk\ServerDataV5\Storage\1970324837121299:LocationData C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
File created C:\Users\Admin\AppData\Local\Hive CloudBridge\C\Users\Admin\hiveDisk\ServerDataV5\Storage\1970324837121299:ItemIdentity C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe

"C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 24.73.42.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\.net\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe\JpSKFnikn0I5aOU4SkPPHSUGS_7BZvQ=\System.Private.CoreLib.dll

MD5 ec2802d5dd3be62a7c6f9d70c0819935
SHA1 7a9854a0a907d1e6f990f7dcdbae72ed3669379f
SHA256 33756286c2328fca01ad09130c61853a4b7afd13cb701e98f9f6787130f8b945
SHA512 3e16d0b2ae5865d0126bca045eda370b19a337cfe027980dcc6f0d4077c5f9b8610248a2d6ec49f13452e3e534fe1d25d2bbb09855ac8189a9c50fa414a3e3e2

memory/4812-148-0x00007FF60205F000-0x00007FF602060000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\.net\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe\JpSKFnikn0I5aOU4SkPPHSUGS_7BZvQ=\HiveCloudBridge.dll

MD5 9e79e718269a5ae49cc6a0bd471b0c34
SHA1 731ff627a12f66c6659d9ff1d0a4f8b9019568aa
SHA256 466bd10821b4a69deae4982e212d3700195f88319361f84c9572d8b18440adde
SHA512 6df654b5795bca9259bca316d6bc8a5b8ea0f8150d0d64fce02f3cc6bf2ac27d3595a2341b34d9ccaa3864ce7a34e5d797c75cd4cff68ad34c827d0722f7b7c2

C:\Users\Admin\AppData\Local\Temp\.net\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe\JpSKFnikn0I5aOU4SkPPHSUGS_7BZvQ=\System.Runtime.InteropServices.dll

MD5 bd3097ec3e7ebbca5115f256bf98987f
SHA1 42340a05d8779618bf79168a82b116b57435e169
SHA256 6e5dcb1cbc37713292bb81ca2c918b2d34de125a1414fbd3bff610945239d840
SHA512 4fb4f7355852fba4517747a9ced6a07da81d4f398a70c26b90dad4f8355d569d4e27ba138bff1739abaf00019ecefbf01bcce397327e00f814551a5ac65816fb

C:\Users\Admin\AppData\Local\Temp\.net\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe\JpSKFnikn0I5aOU4SkPPHSUGS_7BZvQ=\System.Collections.Concurrent.dll

MD5 bd71b8ba51736dbce66bfd7bb9f79094
SHA1 7cd3515a1dc9519581f8ec02c9e1e8907e35f7e6
SHA256 530ca2a4798df037615f3b644c9f5fd0d6000e88d3342231d9c110474ee78265
SHA512 f8d24710e3ee9ad3aa994c4bd8884bce5806047e017416b191f503107c828fa73b7a1146043c9ab442a1f7e1b83e075a45136eb74dc0e35b74d21c98c9975ec1

C:\Users\Admin\AppData\Local\Temp\.net\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe\JpSKFnikn0I5aOU4SkPPHSUGS_7BZvQ=\System.ComponentModel.dll

MD5 d35a97bdf2c5f73883848a5978f8688b
SHA1 39af2bf201d43e12053761520c9df14c6899f508
SHA256 779161a445e286e9448db4567b63987e82ecaedcf79951560f8e5a78e5b1278b
SHA512 287cfa7bf3120b81f13a090c3de6078a124611882247a92140458ae03ef7608ab647428d38716c16d5e463e8682b3539929495378faad210d178f4798ee092cd

C:\Users\Admin\AppData\Local\Temp\.net\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe\JpSKFnikn0I5aOU4SkPPHSUGS_7BZvQ=\System.Runtime.InteropServices.RuntimeInformation.dll

MD5 e3edc4a40b1c447dca4ba32affb0e381
SHA1 9a42c82a231942f60912ad259eab53cc61975780
SHA256 3b1acf7cb3b758833d4c21e6d7f4fcb7956fbc68cd7c81d4b1f4ef92b3674dec
SHA512 c3448f1c352cf52260e483102bd88a1582581362e7525ecd700df4ae5c644de03a62d2aa4cdfb931be35b68900881255e6cce7546fcb83758f5596c6764c7471

C:\Users\Admin\AppData\Local\Temp\.net\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe\JpSKFnikn0I5aOU4SkPPHSUGS_7BZvQ=\System.Linq.dll

MD5 02752e5577bbf528b3c70195f4352e2d
SHA1 75fcbe11a91603df88a694826628c61fe6ca38bc
SHA256 eb2a1c2f9237cf57a6649d106aed7ca17ed67cf6ee1014998745a384a127f67f
SHA512 01db744e07149628a9843c0cbe67c5fa31d8cb4ae3815de45e833f96eb5c4031ac8fd7f2c6fc1eb040fe61acf2f7c3da6eed7f8e0a86f28e57396ac33eb1311c

C:\Users\Admin\AppData\Local\Temp\.net\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe\JpSKFnikn0I5aOU4SkPPHSUGS_7BZvQ=\System.IO.FileSystem.Watcher.dll

MD5 3bb5e4012c8e0d0bd6f23300a9f786f1
SHA1 542a31fb9905effc006e76b3f2264b25c37e99ef
SHA256 f43af03ec7e6b1ba91d5e2886172012fbdcc536ab621954d7c8d70e31b642e49
SHA512 bc8fb41b63c0136409852d29d1df2da6ce83ffd5661214ca0b607b28ec246a02b99d44549070a20c930f8dadafce88f7d494a0f1d71d402072e81d9293d7f8da

C:\Users\Admin\AppData\Local\Temp\.net\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe\JpSKFnikn0I5aOU4SkPPHSUGS_7BZvQ=\System.ComponentModel.Primitives.dll

MD5 250c4a745ac95ff9d15d49ca04633eef
SHA1 6718544c3f727a1a5ddd20ff6f90ce0c012e7fc8
SHA256 05771701632ca2bb4eb626849eb5638d3d25d9dea61471d999caf3d2be36c7da
SHA512 3407efe347c4d54b1525d23fe08d3b75e69292aadba5eed053dbacf218d08a2c84959f4829e13366d0e9e2bee642a57beab9bbfe85b3b34ae66ea9660bb4e5be

C:\Users\Admin\AppData\Local\Temp\.net\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe\JpSKFnikn0I5aOU4SkPPHSUGS_7BZvQ=\Microsoft.Win32.Primitives.dll

MD5 ec22116bb6b8253e90a75af31a26f6fa
SHA1 472a6e1e6e1aeead1e8ceecbc69c5f66b588bd92
SHA256 ff52ca6ed675f8d4fef953dd08232a042cfd8d1d64af46829636a3e00cda732b
SHA512 c78f4be404ee98a7bcf08d4704b65f658fea9136a56f52f937055fec8b05b3456a6145406c05bc2032137fb42dc3fedf0d9cb3e0cb5dfd7c4812081a69406c47

C:\Users\Admin\AppData\Local\Temp\.net\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe\JpSKFnikn0I5aOU4SkPPHSUGS_7BZvQ=\System.Net.Primitives.dll

MD5 ef4b437984c2269b273199c6dea45ff7
SHA1 73232de760fb7243a3b1f2a79b1b7e309e6484d8
SHA256 3922c159343b9e66373b9b321a75943d3112e648328f9b56daf2c230a172e18a
SHA512 76afbc43bdc93a55466e4d09d77362d2210d4411c3d5365c0d26cf66a07f9d76b11c515f607b1a6b5351878083cf25c6d0ad1f837cf2c95ce2440938d2020026

C:\Users\Admin\AppData\Local\Temp\.net\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe\JpSKFnikn0I5aOU4SkPPHSUGS_7BZvQ=\System.Net.Mail.dll

MD5 98b711aff4836c8ba0438f79e2055885
SHA1 f479c497e438ba69ec42eb87422a5a47bae15a45
SHA256 bcf3170f3d594dd1ce380ee0069d0f3983ece3538d56a87165c644df58434741
SHA512 f8c0f34d4cb71da1ca4aa85c328f5e610eea22fb048770031dab3576e0ba3901e8c0237caa0a42e5a1986ca73c80f32d6fef738969ee64ab05d21b185178aa85

C:\Users\Admin\AppData\Local\Temp\.net\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe\JpSKFnikn0I5aOU4SkPPHSUGS_7BZvQ=\System.Private.Uri.dll

MD5 4792b31f63497084d7a6ecafd7152757
SHA1 a8ed980988a7d6cfe78b1b7299abcc0252b499d2
SHA256 21f9391aa7f981b44990f29c1abc61b0a936b2013ed2548e3c646e2d8cd8865c
SHA512 c2791ece62f6347d1fb9b6dc73470806950f30ecf622df77451f0d595aa2eb0c18fa48cfa58a98ccceaac650ab000fd34ba222f4655aec62aaf11218a553209f

C:\Users\Admin\AppData\Local\Temp\.net\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe\JpSKFnikn0I5aOU4SkPPHSUGS_7BZvQ=\System.Net.Http.dll

MD5 6bb418d6613af840fab7ba57e84c1f54
SHA1 fd35094c7bb6622494734c7994edc1e61323055d
SHA256 53409c2c85649e235d15c74caeb214880c6ea60287a8a042ec689fed0850265f
SHA512 b08aca369b1fa1063b7d3a100684ae0f37ff8f7f28466bb471cdf5064a79944b8c228939416f41cd2fca1a2140d2b8e49de370c48b465b9df04dd4575c11b703

C:\Users\Admin\AppData\Local\Temp\.net\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe\JpSKFnikn0I5aOU4SkPPHSUGS_7BZvQ=\System.Collections.dll

MD5 f0215416eeb9b810d404d07db4a07ba0
SHA1 8534e9365eb6c8f1d76a8e5f9210cccfe25abd95
SHA256 a095d1ca998658a81ebf6be1203862f08ce4cc41519dc1905b166d593ed3d56c
SHA512 01ce0c922b9c6d6fc489110c13511a2eb8e0fc876f3c2f388701857d70340b798630358a94e825ea9eef57d2756f8c586202176ca232fe762e3844d89cf5333e

C:\Users\Admin\AppData\Local\Temp\.net\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe\JpSKFnikn0I5aOU4SkPPHSUGS_7BZvQ=\System.ObjectModel.dll

MD5 a1d47d06111856bfa78427b3d9ecc5e7
SHA1 50c152e79a370e526c6f9dbaed4e7951265d8dc7
SHA256 ec013b3a5af1cf50f75000827aa983aac4c3dff1b550a042571c50f5988fc6c8
SHA512 ac010b7735e6f6061d446270bd851300a77a83bbbc8458484b7fdedf4ba24d917ccf3d63d5684941967c083212ed961154390e8077a5e17336d23cd95a28d5e0

C:\Users\Admin\AppData\Local\Temp\.net\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe\JpSKFnikn0I5aOU4SkPPHSUGS_7BZvQ=\System.IO.FileSystem.DriveInfo.dll

MD5 7b09783b2fff9c2d9ca999ddc60d341b
SHA1 8ec21b208c481e4cd384fc0af2c60b58b463a852
SHA256 5dfbcd4afd0664679dc733dcc53c223eb4956138b9146ca262c6cec3d72c5818
SHA512 247bfd904d91e0312473062aa24e62b22e51a743db0a50b65eef810387b558394177788c292840bfce9b721db33941210562c851a455cacc35b669949ea2347b

C:\Users\Admin\AppData\Local\Temp\.net\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe\JpSKFnikn0I5aOU4SkPPHSUGS_7BZvQ=\System.IO.FileSystem.AccessControl.dll

MD5 dda407df9f11c0833cb08812bc850e9f
SHA1 2b43cd925d16923079af5509549c18c11646569b
SHA256 9b39aa251223e03319b11709883471af3466d0723a621ac16e94e94da0db739b
SHA512 7b800209ecadf0d41d57e29768fa518939eb9ca266b33fe93564bee2cca2d35bfade941d5902a212a0843860932d9513442657c16aa5c62f4a6b9ff1846ae2b8

C:\Users\Admin\AppData\Local\Temp\.net\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe\JpSKFnikn0I5aOU4SkPPHSUGS_7BZvQ=\System.Security.Principal.Windows.dll

MD5 9ede72aa381f08403a0be4da080f52c0
SHA1 5321611e9085c374c5936e093ea2272c3c0d4a74
SHA256 76c55454b62ed961ce2cf7cd103957d06cc472dcf8ec31bf2ab9de99fb7d243a
SHA512 4688654f8da761934d4e6acbe53a68c1a815111532a32b7a705f8f4790f19e1c34e9c6d42cb78e61afc42981f0d6bdb101cf1fd2fb6fcec33b5bb41f6ffc1662

C:\Users\Admin\AppData\Local\Temp\.net\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe\JpSKFnikn0I5aOU4SkPPHSUGS_7BZvQ=\System.Security.Claims.dll

MD5 d469ebe36669707beb3c5a550d6c8080
SHA1 b3d291fd4182f3ad6058954eda9ba3e7143f3384
SHA256 aac18afdad796a6e6b56e36d33afb69cf69139f058df1c3e3c44ce27471d4389
SHA512 9543981199fc6ba2adab317645f59d407d84cdd85fc37059bcd28cfb554c04070914b38234391e45fba64a23a3202fc8e1fe19d1d613a0801ed039f6b9a5af1f

C:\Users\Admin\AppData\Local\Temp\.net\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe\JpSKFnikn0I5aOU4SkPPHSUGS_7BZvQ=\System.IO.Pipes.dll

MD5 cf9075d3f2a7a74cae0587cfca5ea7de
SHA1 5139ba927da317022aff612f0dffaa35686ab727
SHA256 763c363b58eb8e8d2bd1d31c9d667c11531b741060a6de6ebf7de291788c44e1
SHA512 180bfe9302a98c739b00dda3d9396905aa655b94be54490ab3b29b6218c0f6f60aacc1bb540215608f5eb18f821d4ebe6b434aa0b1a9a766a21b7bfbc388449c

C:\Users\Admin\AppData\Local\Temp\.net\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe\JpSKFnikn0I5aOU4SkPPHSUGS_7BZvQ=\System.Net.Security.dll

MD5 48a24f75f8716a03122367d68a61e9cf
SHA1 efe7e4ea6353ebe33afaf9e083f8c83a47066760
SHA256 36530fec40dce80370cb74d14d752a33747a7850553fc3d31f9d8aa5d4449c9a
SHA512 c4d12b60f389fc5e8f79ef2febad4832016f96989837c86a300a6b0818c83b122865f10749bb4d386af27e070c5515cfc2ac4be98558c05818195a365c274f5c

C:\Users\Admin\AppData\Local\Temp\.net\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe\JpSKFnikn0I5aOU4SkPPHSUGS_7BZvQ=\System.Security.Cryptography.X509Certificates.dll

MD5 87cd85e6e4918c09691a8a89d1ac37af
SHA1 e162721d1bc0ee94b1b5abdaa2f4432bb30fa1f2
SHA256 7b8f782800e81109bec9dcc9c36a4bd386c1b22dcb8f0498d0d9702998809372
SHA512 ac32c0315190253e516e212ac9a8e07dfd75b054ac5030dea54b2b43761a26fd3699153a17fd32abcad15d2a499f06daa1a4e70338515b33bc8abad30cc6a6b7

C:\Users\Admin\AppData\Local\Temp\.net\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe\JpSKFnikn0I5aOU4SkPPHSUGS_7BZvQ=\System.Net.Quic.dll

MD5 188a53db52afe7954cae39a7161caa28
SHA1 fa787dfb60278e8d34405f1243c26a3d289114c8
SHA256 ef24371b2680fd62ee8f1fd3345676b0401158f541af1dff655a122313279390
SHA512 1581c3df4eaa1980243c5f989cd6512f82249df3de6156e3383b4d11d4abc7d41cd6eed6aaa1f35bd5c7c281c3be5f840631de8ca534eb20501752d93967d0bf

C:\Users\Admin\AppData\Local\Temp\.net\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe\JpSKFnikn0I5aOU4SkPPHSUGS_7BZvQ=\System.Net.NetworkInformation.dll

MD5 84db62b39a1e0fee2f81fba95998313f
SHA1 61a674045ba85912832f659dd095d58305ec7973
SHA256 0d231e8d4004b4aae61fc8cab47230d547705f2926442e6db96d426480a8d5d6
SHA512 237c338be00a2d973b3332eec591784ab5e187503318f6d4ff70a9600255efc0787be21594b2e413a33c0f70bc43a8c776e8a6429fdd5f93e3b8377e3985d525

C:\Users\Admin\AppData\Local\Temp\.net\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe\JpSKFnikn0I5aOU4SkPPHSUGS_7BZvQ=\System.Net.NameResolution.dll

MD5 690dddf3363395c060db1ccf126dfc1d
SHA1 e353a293d710d8a356e5d2889a27b7cbd5bb6df8
SHA256 9bcc65104b44b1c513dd9266efb12723f9f3e8ced2899fdbb3631886e8d13ba9
SHA512 bbbd2857110cdff3c15c559fe1f6cb5a8e27e97711e3f27521cc71e0d667505535780df906f47420886ab8403d154932c62294fe5c92e0601bc594701d0f01f8

C:\Users\Admin\AppData\Local\Temp\.net\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe\JpSKFnikn0I5aOU4SkPPHSUGS_7BZvQ=\System.Threading.dll

MD5 75f6547a705f51c6de393c2f62768f9b
SHA1 71b9f15beaea14d6b201e940234c926ccdf85cbe
SHA256 5ac5ff5bbae5ba777944608b8ee457b6d44955be38e2bcba0e7e201f498166a1
SHA512 767b70c80be2d3b18f2b741e4f31a34e582bc579ec8aee7fcce014648299316f4df36da3b128911290c745c2b8c0b11e2b87bf1cbfd0ebbb38a18ccd54770e54

C:\Users\Admin\AppData\Local\Temp\.net\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe\JpSKFnikn0I5aOU4SkPPHSUGS_7BZvQ=\System.Runtime.CompilerServices.Unsafe.dll

MD5 6ea87825350834c28f44a718a339d486
SHA1 9beba5d530c529beda18de8a4f3b1fcf08f0ef1e
SHA256 b9d1237ff37b27d031095887461226c9a8e402527aaee21595cd8304413620ab
SHA512 a7effd59468de9e2ab783bb5a399ced1f9b46edfff1cc06437e6845f30198f9540a5b9c9d8e9a36b32b24a194cdf42a83c2f09f3dd1266f70420101cc3fa4855

C:\Users\Admin\AppData\Local\Temp\.net\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe\JpSKFnikn0I5aOU4SkPPHSUGS_7BZvQ=\System.Linq.Expressions.dll

MD5 14f3d1ae855a60497515e33828683ed6
SHA1 19f126a60fc757dcb720e94e47abca1512da4a88
SHA256 ec9010ee2b9a73e3795b6776ebf4b7af54f0bb91bae6cd13bf8b31a994e53129
SHA512 6a7e93f4ba04fb33073cef62d06b84b8df75c8e808d7075e194c5f08b8a73900fb0823f725ef030b1982da2ee33b9cfe4d55429f0f1e2138b48415a9cdd7d60f

C:\Users\Admin\AppData\Local\Temp\.net\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe\JpSKFnikn0I5aOU4SkPPHSUGS_7BZvQ=\System.Security.Cryptography.Primitives.dll

MD5 3bb2e46160ab81a6b3daf0ed2cc174eb
SHA1 cfc36a73857429bcf77740c39ae8304301465c7d
SHA256 c465938fe9efee14178c2276650e1e665bce2a067b78565f3da9fb2a2eab325b
SHA512 ea375c80fc99d8710e0b7d6fbf6efeb272d165fbb8cd4b26a2d95ab7759887373bef85ee8f30f04594605414d1324cdeb8fed07a47489a8cfedc0af6041dbf88

C:\Users\Admin\AppData\Local\Temp\.net\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe\JpSKFnikn0I5aOU4SkPPHSUGS_7BZvQ=\System.Security.Cryptography.Algorithms.dll

MD5 3ba8836b3c02e318a2a344cb714f4eb6
SHA1 2d4488a1b043d119580c3e42b079565059f21efa
SHA256 bfd607502a60119fe20fe2d29b0c4a4722a2f5f3d1dbd1401ef193f1b4c5f0a6
SHA512 1e3f8dea0f0ed8f0093455bd75b6f709def576bc8713f000212ece125067a7f105c3281bc3668b34b0772bb5710d411eb7c6ca891a70d8552769da5d588fe885

C:\Users\Admin\AppData\Local\Temp\.net\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe\JpSKFnikn0I5aOU4SkPPHSUGS_7BZvQ=\Microsoft.Win32.Registry.dll

MD5 3f9727023333873054bf35707ac727a8
SHA1 504dea7a53bdbddbe46d1e6b857aab105253f264
SHA256 007bc004a396d9654fde24035280d4ecaa4e76c2804f6962ad7f9e92c50890ce
SHA512 0d16777996cd5437c6102f88e77b151b9aad38eb67a1dc12eb4d12704128cb9d08475965b7bf46e704549d12e520938b86011183684afcaaec73a0a7c760c9d2

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-21 01:25

Reported

2024-11-21 01:28

Platform

win7-20240903-en

Max time kernel

121s

Max time network

126s

Command Line

"C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe"

Signatures

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe

"C:\Users\Admin\AppData\Local\Temp\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe.exe"

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 2092 -s 1228

Network

N/A

Files

\Users\Admin\AppData\Local\Temp\.net\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe\JpSKFnikn0I5aOU4SkPPHSUGS_7BZvQ=\System.Private.CoreLib.dll

MD5 ec2802d5dd3be62a7c6f9d70c0819935
SHA1 7a9854a0a907d1e6f990f7dcdbae72ed3669379f
SHA256 33756286c2328fca01ad09130c61853a4b7afd13cb701e98f9f6787130f8b945
SHA512 3e16d0b2ae5865d0126bca045eda370b19a337cfe027980dcc6f0d4077c5f9b8610248a2d6ec49f13452e3e534fe1d25d2bbb09855ac8189a9c50fa414a3e3e2

memory/2092-146-0x00000001400AF000-0x00000001400B0000-memory.dmp

\Users\Admin\AppData\Local\Temp\.net\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe\JpSKFnikn0I5aOU4SkPPHSUGS_7BZvQ=\HiveCloudBridge.dll

MD5 9e79e718269a5ae49cc6a0bd471b0c34
SHA1 731ff627a12f66c6659d9ff1d0a4f8b9019568aa
SHA256 466bd10821b4a69deae4982e212d3700195f88319361f84c9572d8b18440adde
SHA512 6df654b5795bca9259bca316d6bc8a5b8ea0f8150d0d64fce02f3cc6bf2ac27d3595a2341b34d9ccaa3864ce7a34e5d797c75cd4cff68ad34c827d0722f7b7c2

\Users\Admin\AppData\Local\Temp\.net\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe\JpSKFnikn0I5aOU4SkPPHSUGS_7BZvQ=\System.Runtime.InteropServices.dll

MD5 bd3097ec3e7ebbca5115f256bf98987f
SHA1 42340a05d8779618bf79168a82b116b57435e169
SHA256 6e5dcb1cbc37713292bb81ca2c918b2d34de125a1414fbd3bff610945239d840
SHA512 4fb4f7355852fba4517747a9ced6a07da81d4f398a70c26b90dad4f8355d569d4e27ba138bff1739abaf00019ecefbf01bcce397327e00f814551a5ac65816fb

\Users\Admin\AppData\Local\Temp\.net\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe\JpSKFnikn0I5aOU4SkPPHSUGS_7BZvQ=\System.Collections.Concurrent.dll

MD5 bd71b8ba51736dbce66bfd7bb9f79094
SHA1 7cd3515a1dc9519581f8ec02c9e1e8907e35f7e6
SHA256 530ca2a4798df037615f3b644c9f5fd0d6000e88d3342231d9c110474ee78265
SHA512 f8d24710e3ee9ad3aa994c4bd8884bce5806047e017416b191f503107c828fa73b7a1146043c9ab442a1f7e1b83e075a45136eb74dc0e35b74d21c98c9975ec1

\Users\Admin\AppData\Local\Temp\.net\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe\JpSKFnikn0I5aOU4SkPPHSUGS_7BZvQ=\System.ComponentModel.dll

MD5 d35a97bdf2c5f73883848a5978f8688b
SHA1 39af2bf201d43e12053761520c9df14c6899f508
SHA256 779161a445e286e9448db4567b63987e82ecaedcf79951560f8e5a78e5b1278b
SHA512 287cfa7bf3120b81f13a090c3de6078a124611882247a92140458ae03ef7608ab647428d38716c16d5e463e8682b3539929495378faad210d178f4798ee092cd

\Users\Admin\AppData\Local\Temp\.net\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe\JpSKFnikn0I5aOU4SkPPHSUGS_7BZvQ=\System.Runtime.InteropServices.RuntimeInformation.dll

MD5 e3edc4a40b1c447dca4ba32affb0e381
SHA1 9a42c82a231942f60912ad259eab53cc61975780
SHA256 3b1acf7cb3b758833d4c21e6d7f4fcb7956fbc68cd7c81d4b1f4ef92b3674dec
SHA512 c3448f1c352cf52260e483102bd88a1582581362e7525ecd700df4ae5c644de03a62d2aa4cdfb931be35b68900881255e6cce7546fcb83758f5596c6764c7471

\Users\Admin\AppData\Local\Temp\.net\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe\JpSKFnikn0I5aOU4SkPPHSUGS_7BZvQ=\System.Linq.dll

MD5 02752e5577bbf528b3c70195f4352e2d
SHA1 75fcbe11a91603df88a694826628c61fe6ca38bc
SHA256 eb2a1c2f9237cf57a6649d106aed7ca17ed67cf6ee1014998745a384a127f67f
SHA512 01db744e07149628a9843c0cbe67c5fa31d8cb4ae3815de45e833f96eb5c4031ac8fd7f2c6fc1eb040fe61acf2f7c3da6eed7f8e0a86f28e57396ac33eb1311c

\Users\Admin\AppData\Local\Temp\.net\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe\JpSKFnikn0I5aOU4SkPPHSUGS_7BZvQ=\System.IO.FileSystem.Watcher.dll

MD5 3bb5e4012c8e0d0bd6f23300a9f786f1
SHA1 542a31fb9905effc006e76b3f2264b25c37e99ef
SHA256 f43af03ec7e6b1ba91d5e2886172012fbdcc536ab621954d7c8d70e31b642e49
SHA512 bc8fb41b63c0136409852d29d1df2da6ce83ffd5661214ca0b607b28ec246a02b99d44549070a20c930f8dadafce88f7d494a0f1d71d402072e81d9293d7f8da

\Users\Admin\AppData\Local\Temp\.net\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe\JpSKFnikn0I5aOU4SkPPHSUGS_7BZvQ=\System.ComponentModel.Primitives.dll

MD5 250c4a745ac95ff9d15d49ca04633eef
SHA1 6718544c3f727a1a5ddd20ff6f90ce0c012e7fc8
SHA256 05771701632ca2bb4eb626849eb5638d3d25d9dea61471d999caf3d2be36c7da
SHA512 3407efe347c4d54b1525d23fe08d3b75e69292aadba5eed053dbacf218d08a2c84959f4829e13366d0e9e2bee642a57beab9bbfe85b3b34ae66ea9660bb4e5be

\Users\Admin\AppData\Local\Temp\.net\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe\JpSKFnikn0I5aOU4SkPPHSUGS_7BZvQ=\Microsoft.Win32.Primitives.dll

MD5 ec22116bb6b8253e90a75af31a26f6fa
SHA1 472a6e1e6e1aeead1e8ceecbc69c5f66b588bd92
SHA256 ff52ca6ed675f8d4fef953dd08232a042cfd8d1d64af46829636a3e00cda732b
SHA512 c78f4be404ee98a7bcf08d4704b65f658fea9136a56f52f937055fec8b05b3456a6145406c05bc2032137fb42dc3fedf0d9cb3e0cb5dfd7c4812081a69406c47

\Users\Admin\AppData\Local\Temp\.net\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe\JpSKFnikn0I5aOU4SkPPHSUGS_7BZvQ=\System.Net.Primitives.dll

MD5 ef4b437984c2269b273199c6dea45ff7
SHA1 73232de760fb7243a3b1f2a79b1b7e309e6484d8
SHA256 3922c159343b9e66373b9b321a75943d3112e648328f9b56daf2c230a172e18a
SHA512 76afbc43bdc93a55466e4d09d77362d2210d4411c3d5365c0d26cf66a07f9d76b11c515f607b1a6b5351878083cf25c6d0ad1f837cf2c95ce2440938d2020026

\Users\Admin\AppData\Local\Temp\.net\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe\JpSKFnikn0I5aOU4SkPPHSUGS_7BZvQ=\System.Net.Mail.dll

MD5 98b711aff4836c8ba0438f79e2055885
SHA1 f479c497e438ba69ec42eb87422a5a47bae15a45
SHA256 bcf3170f3d594dd1ce380ee0069d0f3983ece3538d56a87165c644df58434741
SHA512 f8c0f34d4cb71da1ca4aa85c328f5e610eea22fb048770031dab3576e0ba3901e8c0237caa0a42e5a1986ca73c80f32d6fef738969ee64ab05d21b185178aa85

\Users\Admin\AppData\Local\Temp\.net\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe\JpSKFnikn0I5aOU4SkPPHSUGS_7BZvQ=\System.Private.Uri.dll

MD5 4792b31f63497084d7a6ecafd7152757
SHA1 a8ed980988a7d6cfe78b1b7299abcc0252b499d2
SHA256 21f9391aa7f981b44990f29c1abc61b0a936b2013ed2548e3c646e2d8cd8865c
SHA512 c2791ece62f6347d1fb9b6dc73470806950f30ecf622df77451f0d595aa2eb0c18fa48cfa58a98ccceaac650ab000fd34ba222f4655aec62aaf11218a553209f

\Users\Admin\AppData\Local\Temp\.net\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe\JpSKFnikn0I5aOU4SkPPHSUGS_7BZvQ=\System.Net.Http.dll

MD5 6bb418d6613af840fab7ba57e84c1f54
SHA1 fd35094c7bb6622494734c7994edc1e61323055d
SHA256 53409c2c85649e235d15c74caeb214880c6ea60287a8a042ec689fed0850265f
SHA512 b08aca369b1fa1063b7d3a100684ae0f37ff8f7f28466bb471cdf5064a79944b8c228939416f41cd2fca1a2140d2b8e49de370c48b465b9df04dd4575c11b703

\Users\Admin\AppData\Local\Temp\.net\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe\JpSKFnikn0I5aOU4SkPPHSUGS_7BZvQ=\System.Collections.dll

MD5 f0215416eeb9b810d404d07db4a07ba0
SHA1 8534e9365eb6c8f1d76a8e5f9210cccfe25abd95
SHA256 a095d1ca998658a81ebf6be1203862f08ce4cc41519dc1905b166d593ed3d56c
SHA512 01ce0c922b9c6d6fc489110c13511a2eb8e0fc876f3c2f388701857d70340b798630358a94e825ea9eef57d2756f8c586202176ca232fe762e3844d89cf5333e

\Users\Admin\AppData\Local\Temp\.net\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe\JpSKFnikn0I5aOU4SkPPHSUGS_7BZvQ=\System.ObjectModel.dll

MD5 a1d47d06111856bfa78427b3d9ecc5e7
SHA1 50c152e79a370e526c6f9dbaed4e7951265d8dc7
SHA256 ec013b3a5af1cf50f75000827aa983aac4c3dff1b550a042571c50f5988fc6c8
SHA512 ac010b7735e6f6061d446270bd851300a77a83bbbc8458484b7fdedf4ba24d917ccf3d63d5684941967c083212ed961154390e8077a5e17336d23cd95a28d5e0

\Users\Admin\AppData\Local\Temp\.net\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe\JpSKFnikn0I5aOU4SkPPHSUGS_7BZvQ=\System.IO.FileSystem.DriveInfo.dll

MD5 7b09783b2fff9c2d9ca999ddc60d341b
SHA1 8ec21b208c481e4cd384fc0af2c60b58b463a852
SHA256 5dfbcd4afd0664679dc733dcc53c223eb4956138b9146ca262c6cec3d72c5818
SHA512 247bfd904d91e0312473062aa24e62b22e51a743db0a50b65eef810387b558394177788c292840bfce9b721db33941210562c851a455cacc35b669949ea2347b

\Users\Admin\AppData\Local\Temp\.net\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe\JpSKFnikn0I5aOU4SkPPHSUGS_7BZvQ=\System.IO.FileSystem.AccessControl.dll

MD5 dda407df9f11c0833cb08812bc850e9f
SHA1 2b43cd925d16923079af5509549c18c11646569b
SHA256 9b39aa251223e03319b11709883471af3466d0723a621ac16e94e94da0db739b
SHA512 7b800209ecadf0d41d57e29768fa518939eb9ca266b33fe93564bee2cca2d35bfade941d5902a212a0843860932d9513442657c16aa5c62f4a6b9ff1846ae2b8

\Users\Admin\AppData\Local\Temp\.net\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe\JpSKFnikn0I5aOU4SkPPHSUGS_7BZvQ=\System.Security.Principal.Windows.dll

MD5 9ede72aa381f08403a0be4da080f52c0
SHA1 5321611e9085c374c5936e093ea2272c3c0d4a74
SHA256 76c55454b62ed961ce2cf7cd103957d06cc472dcf8ec31bf2ab9de99fb7d243a
SHA512 4688654f8da761934d4e6acbe53a68c1a815111532a32b7a705f8f4790f19e1c34e9c6d42cb78e61afc42981f0d6bdb101cf1fd2fb6fcec33b5bb41f6ffc1662

\Users\Admin\AppData\Local\Temp\.net\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe\JpSKFnikn0I5aOU4SkPPHSUGS_7BZvQ=\System.Security.Claims.dll

MD5 d469ebe36669707beb3c5a550d6c8080
SHA1 b3d291fd4182f3ad6058954eda9ba3e7143f3384
SHA256 aac18afdad796a6e6b56e36d33afb69cf69139f058df1c3e3c44ce27471d4389
SHA512 9543981199fc6ba2adab317645f59d407d84cdd85fc37059bcd28cfb554c04070914b38234391e45fba64a23a3202fc8e1fe19d1d613a0801ed039f6b9a5af1f

\Users\Admin\AppData\Local\Temp\.net\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe\JpSKFnikn0I5aOU4SkPPHSUGS_7BZvQ=\System.IO.Pipes.dll

MD5 cf9075d3f2a7a74cae0587cfca5ea7de
SHA1 5139ba927da317022aff612f0dffaa35686ab727
SHA256 763c363b58eb8e8d2bd1d31c9d667c11531b741060a6de6ebf7de291788c44e1
SHA512 180bfe9302a98c739b00dda3d9396905aa655b94be54490ab3b29b6218c0f6f60aacc1bb540215608f5eb18f821d4ebe6b434aa0b1a9a766a21b7bfbc388449c

\Users\Admin\AppData\Local\Temp\.net\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe\JpSKFnikn0I5aOU4SkPPHSUGS_7BZvQ=\System.Net.Security.dll

MD5 48a24f75f8716a03122367d68a61e9cf
SHA1 efe7e4ea6353ebe33afaf9e083f8c83a47066760
SHA256 36530fec40dce80370cb74d14d752a33747a7850553fc3d31f9d8aa5d4449c9a
SHA512 c4d12b60f389fc5e8f79ef2febad4832016f96989837c86a300a6b0818c83b122865f10749bb4d386af27e070c5515cfc2ac4be98558c05818195a365c274f5c

\Users\Admin\AppData\Local\Temp\.net\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe\JpSKFnikn0I5aOU4SkPPHSUGS_7BZvQ=\System.Security.Cryptography.X509Certificates.dll

MD5 87cd85e6e4918c09691a8a89d1ac37af
SHA1 e162721d1bc0ee94b1b5abdaa2f4432bb30fa1f2
SHA256 7b8f782800e81109bec9dcc9c36a4bd386c1b22dcb8f0498d0d9702998809372
SHA512 ac32c0315190253e516e212ac9a8e07dfd75b054ac5030dea54b2b43761a26fd3699153a17fd32abcad15d2a499f06daa1a4e70338515b33bc8abad30cc6a6b7

\Users\Admin\AppData\Local\Temp\.net\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe\JpSKFnikn0I5aOU4SkPPHSUGS_7BZvQ=\System.Net.Quic.dll

MD5 188a53db52afe7954cae39a7161caa28
SHA1 fa787dfb60278e8d34405f1243c26a3d289114c8
SHA256 ef24371b2680fd62ee8f1fd3345676b0401158f541af1dff655a122313279390
SHA512 1581c3df4eaa1980243c5f989cd6512f82249df3de6156e3383b4d11d4abc7d41cd6eed6aaa1f35bd5c7c281c3be5f840631de8ca534eb20501752d93967d0bf

\Users\Admin\AppData\Local\Temp\.net\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe\JpSKFnikn0I5aOU4SkPPHSUGS_7BZvQ=\System.Net.NetworkInformation.dll

MD5 84db62b39a1e0fee2f81fba95998313f
SHA1 61a674045ba85912832f659dd095d58305ec7973
SHA256 0d231e8d4004b4aae61fc8cab47230d547705f2926442e6db96d426480a8d5d6
SHA512 237c338be00a2d973b3332eec591784ab5e187503318f6d4ff70a9600255efc0787be21594b2e413a33c0f70bc43a8c776e8a6429fdd5f93e3b8377e3985d525

\Users\Admin\AppData\Local\Temp\.net\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe\JpSKFnikn0I5aOU4SkPPHSUGS_7BZvQ=\System.Net.NameResolution.dll

MD5 690dddf3363395c060db1ccf126dfc1d
SHA1 e353a293d710d8a356e5d2889a27b7cbd5bb6df8
SHA256 9bcc65104b44b1c513dd9266efb12723f9f3e8ced2899fdbb3631886e8d13ba9
SHA512 bbbd2857110cdff3c15c559fe1f6cb5a8e27e97711e3f27521cc71e0d667505535780df906f47420886ab8403d154932c62294fe5c92e0601bc594701d0f01f8

\Users\Admin\AppData\Local\Temp\.net\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe\JpSKFnikn0I5aOU4SkPPHSUGS_7BZvQ=\System.Net.Sockets.dll

MD5 3e449335c627e03780870c805c96cf87
SHA1 6329a173d0c7b2599d95be9dfb9870135e2d1831
SHA256 e13a861d5f7cf36707a01a92f3516c435715c39a318a5c8d2685adee2eefbcbe
SHA512 b2cb9cb87e4bf41e7ec4084b687239982ade8a58fd42e48e905aacb4ba403885dcf85734c562001d89b54247549c6beb3cf42993d01a57b2ed680918174d686c

\Users\Admin\AppData\Local\Temp\.net\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe\JpSKFnikn0I5aOU4SkPPHSUGS_7BZvQ=\System.Threading.dll

MD5 75f6547a705f51c6de393c2f62768f9b
SHA1 71b9f15beaea14d6b201e940234c926ccdf85cbe
SHA256 5ac5ff5bbae5ba777944608b8ee457b6d44955be38e2bcba0e7e201f498166a1
SHA512 767b70c80be2d3b18f2b741e4f31a34e582bc579ec8aee7fcce014648299316f4df36da3b128911290c745c2b8c0b11e2b87bf1cbfd0ebbb38a18ccd54770e54

\Users\Admin\AppData\Local\Temp\.net\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe\JpSKFnikn0I5aOU4SkPPHSUGS_7BZvQ=\System.Diagnostics.StackTrace.dll

MD5 fd47acb529e6852f0d089ea02ac46ecc
SHA1 689c8887447ca5cc6d759c7a766c9d4ef9c12e4f
SHA256 9ec0b7b83168624d8b1891d45fe1ec79df3476afedaa3c0cba176b206be140a0
SHA512 862545b3d235bffd848820b237c33ee25571ab9acce9b0c7b13760f1379cdf953312064afdd1300922184a669933f8b38d8d19aa49d88e2f5085319629d5fe3f

\Users\Admin\AppData\Local\Temp\.net\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe\JpSKFnikn0I5aOU4SkPPHSUGS_7BZvQ=\System.Reflection.Metadata.dll

MD5 9e82dbded6bf5dda72e67c5c215db12f
SHA1 7ad5ee92eb605c69e9988a5a4abfdfcdb7f46eff
SHA256 8df939a45cd82e88280098e2f656fc1de5530bd302654f7014a26d97825f3494
SHA512 cd4cb9064ef7b6fa676c39bd0584b6bc80530ea135deda411d3d9cfae5c7d2a6f72f77b21978d8b14be4d4d84bd2fbd193799fcf89e1340b92b0029879e6bea5

\Users\Admin\AppData\Local\Temp\.net\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe\JpSKFnikn0I5aOU4SkPPHSUGS_7BZvQ=\System.Collections.Immutable.dll

MD5 0692a34322ce29f7a2724f49311d81b0
SHA1 081ad3d34a39b32a326fbbb9a09a3027e9bcae1e
SHA256 acf867a4305e6d143df5baa1410fbfbec7f1883ba3259b4c1f3b531318ca0ac9
SHA512 9202c1de07fb0369ae5ad7668266f5640e5962aa04520783339f83f80b9fa17a8a4ee50ed1dc8541b995055f5f5544850b5f0f6b0405154e2d1e7a4b6bb80d47

\Users\Admin\AppData\Local\Temp\.net\fc563bf38932194e09aff7f6c5f19ec02ea89c5a7cb6bb31e34c96abd6e074fe\JpSKFnikn0I5aOU4SkPPHSUGS_7BZvQ=\System.IO.Compression.dll

MD5 5d20f6d313d62dbfa925448f950c0d6e
SHA1 4ec79afe148053cbbcedb93e708fb7a7138c08e6
SHA256 bf5fc6cf489ebb32fe9e258ece7f2986c7a8c18e95987375d93788cdcc557da5
SHA512 b32639245745978bedff029855a35b3e5ed5b9e3326dc842a92aa8e1637ead33503936921e5fbeb46218b27a95ebaf60b2872426df0026c88cb0d1c4b3fdb9b5