Malware Analysis Report

2025-01-03 03:00

Sample ID 241124-2c73wasrgx
Target 4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d
SHA256 4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d
Tags
babadeda cryptbot crypter discovery loader spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d

Threat Level: Known bad

The file 4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d was found to be: Known bad.

Malicious Activity Summary

babadeda cryptbot crypter discovery loader spyware stealer

Babadeda

Babadeda family

CryptBot

Babadeda Crypter

Cryptbot family

Executes dropped EXE

Reads user/profile data of web browsers

Loads dropped DLL

Checks installed software on the system

Accesses cryptocurrency files/wallets, possible credential harvesting

Blocklisted process makes network request

Enumerates connected drives

Drops file in Windows directory

System Location Discovery: System Language Discovery

Enumerates physical storage devices

Checks processor information in registry

Suspicious use of FindShellTrayWindow

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Modifies system certificate store

Delays execution with timeout.exe

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-24 22:27

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-24 22:27

Reported

2024-11-24 22:29

Platform

win7-20241010-en

Max time kernel

121s

Max time network

126s

Command Line

"C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe"

Signatures

Babadeda

loader crypter babadeda

Babadeda Crypter

Description Indicator Process Target
N/A N/A N/A N/A

Babadeda family

babadeda

CryptBot

spyware stealer cryptbot

Cryptbot family

cryptbot

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools\bsconsole.exe N/A

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
File opened (read-only) \??\B: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
File opened (read-only) \??\A: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Installer\f76f2d7.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIF664.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIF730.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIF8E7.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIF9B2.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI576.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f76f2d7.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\f76f2da.ipi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f76f2da.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIF7EC.tmp C:\Windows\system32\msiexec.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools\bsconsole.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\timeout.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\msiexec.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools\bsconsole.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools\bsconsole.exe N/A

Delays execution with timeout.exe

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeAuditPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeUndockPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeAuditPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeUndockPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2896 wrote to memory of 2652 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2896 wrote to memory of 2652 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2896 wrote to memory of 2652 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2896 wrote to memory of 2652 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2896 wrote to memory of 2652 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2896 wrote to memory of 2652 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2896 wrote to memory of 2652 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2268 wrote to memory of 2276 N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe C:\Windows\SysWOW64\msiexec.exe
PID 2268 wrote to memory of 2276 N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe C:\Windows\SysWOW64\msiexec.exe
PID 2268 wrote to memory of 2276 N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe C:\Windows\SysWOW64\msiexec.exe
PID 2268 wrote to memory of 2276 N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe C:\Windows\SysWOW64\msiexec.exe
PID 2268 wrote to memory of 2276 N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe C:\Windows\SysWOW64\msiexec.exe
PID 2268 wrote to memory of 2276 N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe C:\Windows\SysWOW64\msiexec.exe
PID 2268 wrote to memory of 2276 N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe C:\Windows\SysWOW64\msiexec.exe
PID 2896 wrote to memory of 1460 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2896 wrote to memory of 1460 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2896 wrote to memory of 1460 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2896 wrote to memory of 1460 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2896 wrote to memory of 1460 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2896 wrote to memory of 1460 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2896 wrote to memory of 1460 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2896 wrote to memory of 1532 N/A C:\Windows\system32\msiexec.exe C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools\bsconsole.exe
PID 2896 wrote to memory of 1532 N/A C:\Windows\system32\msiexec.exe C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools\bsconsole.exe
PID 2896 wrote to memory of 1532 N/A C:\Windows\system32\msiexec.exe C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools\bsconsole.exe
PID 2896 wrote to memory of 1532 N/A C:\Windows\system32\msiexec.exe C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools\bsconsole.exe
PID 1532 wrote to memory of 2904 N/A C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools\bsconsole.exe C:\Windows\SysWOW64\cmd.exe
PID 1532 wrote to memory of 2904 N/A C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools\bsconsole.exe C:\Windows\SysWOW64\cmd.exe
PID 1532 wrote to memory of 2904 N/A C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools\bsconsole.exe C:\Windows\SysWOW64\cmd.exe
PID 1532 wrote to memory of 2904 N/A C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools\bsconsole.exe C:\Windows\SysWOW64\cmd.exe
PID 2904 wrote to memory of 2716 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\timeout.exe
PID 2904 wrote to memory of 2716 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\timeout.exe
PID 2904 wrote to memory of 2716 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\timeout.exe
PID 2904 wrote to memory of 2716 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\timeout.exe

Processes

C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe

"C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe"

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 5CD731F58E1BDCDD56DFD4F1F3F496DB C

C:\Windows\SysWOW64\msiexec.exe

"C:\Windows\system32\msiexec.exe" /i "C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\adv1.msi" AI_SETUPEXEPATH=C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe SETUPEXEDIR=C:\Users\Admin\AppData\Local\Temp\ EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1732227795 " AI_EUIMSI=""

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding EA575724FC86290F47B7743DC017AA00

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools\bsconsole.exe

"C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools\bsconsole.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c rd /s /q C:\Users\Admin\AppData\Local\Temp\YaGqChoKrArn & timeout 4 & del /f /q "C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools\bsconsole.exe"

C:\Windows\SysWOW64\timeout.exe

timeout 4

Network

Files

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\decoder.dll

MD5 454418ebd68a4e905dc2b9b2e5e1b28c
SHA1 a54cb6a80d9b95451e2224b6d95de809c12c9957
SHA256 73d5f96a6a30bbd42752bffc7f20db61c8422579bf8a53741488be34b73e1409
SHA512 171f85d6f6c44acc90d80ba4e6220d747e1f4ff4c49a6e8121738e8260f4fceb01ff2c97172f8a3b20e40e6f6ed29a0397d0c6e5870a9ebff7b7fb6faf20c647

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\adv1.msi

MD5 68f6c681ccc9cefd9642fef8b5cd75b2
SHA1 d2002a07e362813e3866378f78b880cf168002da
SHA256 4ac28d03135f3f09894c9f5b32931df8d490159f9b4d9d9e68ff249d4f9be739
SHA512 39985b0c3d3350d576936b7d4f77d653ee93de68643e9dd27d40bef8d8a5aa545e8b9d7b839659206bcf0940436a3baa540a05a1281bc95dc56acf71193cbed5

C:\Users\Admin\AppData\Local\Temp\CabE707.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\TarE758.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

\Users\Admin\AppData\Local\Temp\MSIECAC.tmp

MD5 3d24a2af1fb93f9960a17d6394484802
SHA1 ee74a6ceea0853c47e12802961a7a8869f7f0d69
SHA256 8d23754e6b8bb933d79861540b50deca42e33ac4c3a6669c99fb368913b66d88
SHA512 f6a19d00896a63debb9ee7cdd71a92c0a3089b6f4c44976b9c30d97fcbaacd74a8d56150be518314fac74dd3ebea2001dc3859b0f3e4e467a01721b29f6227ba

\Users\Admin\AppData\Local\Temp\MSIEE33.tmp

MD5 0be6e02d01013e6140e38571a4da2545
SHA1 9149608d60ca5941010e33e01d4fdc7b6c791bea
SHA256 3c5db91ef77b947a0924675fc1ec647d6512287aa891040b6ade3663aa1fd3a3
SHA512 f419a5a95f7440623edb6400f9adbfb9ba987a65f3b47996a8bb374d89ff53e8638357285485142f76758bffcb9520771e38e193d89c82c3a9733ed98ae24fcb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d26918121699d2fb216612ee16d648b4
SHA1 8a0591e679e602232abb886433fa79abb1f3bfaf
SHA256 9f576c4fe7d1a38f0bff5e0f0d8786b320f8b34f579b3fd31925b9ed01e574a7
SHA512 f7f5b3420cec73734190aea06415f0aa18e669a1e7697595d19ce19bc385319553bb98ea39dd29bff5fd540db18999bfca77e88846a5b0d3d5930aed87e818d5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e6cdf930ab87c21e0a744e3805e48420
SHA1 8edff4776e53edfa0217fc0e6f2505d086c2fae8
SHA256 84b9e5d1a3cf6662bb0fa5128af7c229116ac081cf542973febc1a69277f0201
SHA512 ab047757c914a4833e2e11c32bf26ad04bac244496b353f3798c12242ffe54ece352ed4b40595750bfb698d62542ec3fa2cb7c1db1e7bd576881bac3f526f91a

C:\Windows\Installer\MSIF9B2.tmp

MD5 2a6c81882b2db41f634b48416c8c8450
SHA1 f36f3a30a43d4b6ee4be4ea3760587056428cac6
SHA256 245d57afb74796e0a0b0a68d6a81be407c7617ec6789840a50f080542dace805
SHA512 e9ef1154e856d45c5c37f08cf466a4b10dee6cf71da47dd740f2247a7eb8216524d5b37ff06bb2372c31f6b15c38101c19a1cf7185af12a17083207208c6ccbd

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\qwebpdV2.dll

MD5 9cd67695fcba8780d389442ff8ad43d2
SHA1 2cb7fee581066294516041bcaa3bd0bb9917210b
SHA256 c4a78c680a0df3be0a07fa45cdfe1cf1b632bf5b6b8772444174ad9ee41ce455
SHA512 0a8f47e5bad81bd0da064ee602a5ec162abdd537d6fa625bd6f4c52cb84224e86079ff1adb4133999b76356a9d185d4ad2ed906cf83134affca57cc71bd39aa1

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\bsconsole.exe

MD5 862bdeb6127c708986b3f35fbb3c0358
SHA1 9da8fb4ede3495782db44a3b66bf82caeaa95a2d
SHA256 dc0bea0732c39b709ae477630b359321bc46b6b039b9d47b79711c85230aea4d
SHA512 ff01cb7ac8e34766b05dc231a5b1d5c2ef05cdb91466638b443abd61be2a582e9c8319fad38f26a74e9baf773710eef3a9bdc81ff2afe2580e6ef5cb5b716950

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\ugof

MD5 f7974c955a850c79b7d051450bbde204
SHA1 c3e444061f92cda6ea172f1d16512dc6895d3d3c
SHA256 a09a6ee7aa2cb89841d2b6e7b8c616f72eae5ca410098638d690a56cc567c78e
SHA512 a9f512d26fd27337284f74b116e728096bf9348f65ee2658c6d7ff4ee08846b6619d879275c144dfc4dfffb6e587ea981ebc0c857172e4de3f68900f82110f61

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\logohelp.chm

MD5 4498d1584997d8ee7626b51f23bccdd1
SHA1 707c0b366848b51a16be5b858d021d1f687a4a6e
SHA256 1d8254bc535746478c18de7613731fbc87c5754126d260c40888d38c56007f81
SHA512 4cbb7f9191a39d5de8a8dedc054db71695fd54c292eb5a33657efd4483e6276427f076e9c9d49045282829dad57f04e07364532ed8bf96c3c55747ab66bc867f

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\README.TXT

MD5 2f271a2d2d92de5579f58b32f59993b2
SHA1 7582831fc25e3ce9c327706fd6d27f8a19e7abb0
SHA256 c3ffeaf3b4ee2c949c398e65dfeed95f8ef56da140b9a132c6d12d93d83dde2d
SHA512 7a0535c46553e39b507a994186b48c4d110296488306d6756fd42489dee5d317c238f725e44f167bb3f993d04fef996bad9956b40e86f42cd02b6de53b229681

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Qt5TextToSpeech.dll

MD5 99f5b275115a749309c0febb2c553a2a
SHA1 c3383e554c5c8d66ab1656603ff4f6d23568a520
SHA256 f4f008cec54534178cfd7164871adf4962c269e2b44d22491c580d2d589358ae
SHA512 f80ad1e94ae58ac5404e8a548200ec01e4941dd2460fa470fb6508c2d9a036d7d12f4547731999bd7dfa7ecd8b4bdf8a6ee4ad3d32ff07e39f6fb99ce1cb1f69

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\libEGL.dll

MD5 2874582e39562af961a6d1c59447459c
SHA1 3cf7d154637aac69913b1f549938a21c7c4b16ba
SHA256 b1070d55627c2899d5928eff2f2e3187537162e93e189458fadd7ccfd6a2ca3d
SHA512 eeca63a7020346bda9a399b83f4e57b6b54bbb222c4a3cf7191ab7fe0271f6473bcc58f0e60ce5f7d5cbd57298b858ffa042b62ed9a9be0806e08e4c6f5c7091

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\LICENSE.TXT

MD5 cab5d95bb20bd0f36241edd276851797
SHA1 31848479ee67d58a013f018bc165ce1674166c3f
SHA256 4cba25dfea9f5cf0454c4cfee27091740f8e556196330c010d1fbe35235dc59e
SHA512 c73db59553c69cf1d0cc1e945b2dfe38c59781c1d638bd8e044493732f255cb5f5b992a9db06086853608d81d7572f716922aa6a9042cf99ab1fc38c579ba478

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\turtle.bmp

MD5 8e5bc954263e6706359c06686159d143
SHA1 b5cdbfb8d0f200b580116404c6b6433b4df2c9d0
SHA256 bae9f06df713100360694f784164649e9595636e7a0ada30177152db0c1a584c
SHA512 66716ad105a16796ba27c40098e8bc2639107c858f97c743194a1a2b0076a3ab444547de1c2bd3b3f3923b1d9ce78364ed37a1af49adf297a1ecb33ac37c38dc

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\libgcc_s_seh-1.dll

MD5 534b365361004828059600f05b34006d
SHA1 d8ff411b0939a021f47c845c6a90f1240bab5268
SHA256 438ae82ffd621a2413199155574cc85681f8986f05420b1485aa4be936c3bc0b
SHA512 1ccb3732a82f2fedca85c27afdd48e65dde70d5b1620e436d457624a2cb796887c5e7dc2983a0794ebbbcade3e5b9f9fc9320b390894471993c7b1e85268592d

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\libwinpthread-1.dll

MD5 db18b7ec5f93127e6099744ea9568c1b
SHA1 e9143c76e308a816837e2f1a19dd0c5e2306ed08
SHA256 5bbef249a0d00e2d32c699d0bbe89f714ebeb872b3990a5cbeccb1d89f63e5e8
SHA512 ee1e645bed0bc3ad9e959d6342153e608ad21a7f5aef60b4cd8cc96fde7aeec4bbbb7474b59cab8ced8f28dc9f66cab32f4825333c891524901dcc40e70a1580

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\icuin30.dll

MD5 3204dadc26ec04db0fadfc9adf914513
SHA1 fc4bf25277ce523b235b09eead166b05081cc943
SHA256 195a654a1bcd29d42543c870b72861fe07558c347426931b0e9e18defb445406
SHA512 7c271459281bb6fe596431ce1f4e48d95e6d58dac286f475700bbe5e48feed53cb0bab387e66b827334f8672ac502dc77655e9020f2db174d6a62e1bfc738d96

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\3d\3DBITMAP.LGO

MD5 c7eb72cbf51334c39e297403a6e00e5c
SHA1 eb8e6b0b81888da182730c055ad228907c0e49b1
SHA256 f29fc7faf7d4bb8797367c5ab027c797c2af33edcf081efa9daa7a7e7bd9ee0f
SHA512 f6e79a3e723baeba11b21694d5177d8211510ac69e770f9f05553094c681e91613c2e6687da1b253a72d9e242c9975c25d62b3493fc070a1fdecd41cf3bd02f2

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\3d\3DJOY.LGO

MD5 1dfb4a0a7e6372acdb89c2a9817284ea
SHA1 d87b2a9d393c3515dc2712c93727db41d600ad80
SHA256 e10b673f954c12e31812afd7773dee18940fb46b2fdd9aa70ea9ec3d4df4b488
SHA512 f80b3215c8c7162be25c5897e5b2bf60461299eedb18d4217e73ca2607afa6dcbdf9c3ee929eeac8f7ed6761febebc068451131b9cbfb6c625c50a8e7ef0e96d

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\3d\3DMOVIE.LGO

MD5 85319eb1c4096384e18e71658148190e
SHA1 7cea0551747d67b4a08b6f78ced0567199f8e38f
SHA256 979982407f136490d2d2788055cc0feae741f584f8daed331f18cb5ae969c287
SHA512 2d20c9c509b929f6220bb62b047177db9fdf4dc6c891733733c1db0c3deb8a12a802cb17ba1567cea5b3b24b0f707ae75be0108dea2b23c7086abf931ab8db66

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\3d\3DSIMPLE.LGO

MD5 77eae74dd7bd2ca9982bd2f12adff615
SHA1 9c82d2fadc1ead2cd0848a261b1430b49f806e79
SHA256 4018202e5192fdf1e92a2d4784b884af3c9f27409cabe16a8f1b8803df599ccf
SHA512 0d2c268994584fa15c88e54f7c673349ee259f006a40b69098b673d28ecaca6042840b98198015b80cfd61b106b2585ff05f47e6c470b4e8a2aa6cd967a6ffe2

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\3d\3DSTEPS.LGO

MD5 8bb174bb497395b6d679af159b75e9b1
SHA1 6e286d495c5720c6c236f2d521e4baa7affd09ed
SHA256 520cb66f51f5822ab2c164fd23badf8879f3c22f63706a9875b4f3d87db0919c
SHA512 6ab2ec5c91442c6ba0412d6d66b65f274fee303a053f883ca934bb8791c18871c239347967c1ccaaf56724aa1115a39257deebfacf70abc7ce7d8c6ac715122c

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\3d\AXIS.LGO

MD5 3be7e79f251f5dee60215a123df636bb
SHA1 5fce52c40ad8d6054f77bb5e84cfee34b145c447
SHA256 288e25d6e2b5346eab20256bb581aadb6e3752076412d60934642f79478be20f
SHA512 02d9ff2aefd3e29786f5b674b6d3458bf25ec221d093f1f6ae3ed6828912a2e7cf421fa3166081cda2e9fa0deb6497ad767510d22d63bf702ca644a6a5c64c76

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\3d\CHECKER.LGO

MD5 829044c299c931e3773faa5340869b2d
SHA1 4a88dbf1901bba3b5d8b4cf2bb7c66998add9a58
SHA256 2cf7197f40b2cdb9b381975690f664a305696a1e84b56202364321b009e5eb54
SHA512 65bc42f88c69b1539ffac2d34a45efa98b8b684c3a35643f779a1176d3a0095ff15ce51d816b314b35c6ad73c3e59a47b9601947f0db96f772a1f7a405fa0c37

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\3d\fmslogo.bmp

MD5 074091f21cae34e830cac8ef5422b840
SHA1 2cf882243c45a7bb657cc74543850c07227ffa3d
SHA256 f8656e1e1ab41af29efa9550769e354e7e0f4476b802e32090e706880ec86603
SHA512 62ea398ffa3be0ad6c128bb51bb6d28d9dd2366420beb88a357d27f3a3d3951e69b822e23c6f4389d994408e647c4ee294a37f71615a4945b7d25ff851adcd81

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\3d\HILBERT.LGO

MD5 bf351f6bd2d7a44fcf9bcb99324d4b36
SHA1 52bc9e082584357fde1f4daffb840573cec864b7
SHA256 1e0bbb9ffdabe16183a87c789a4e737f2c46179b01c71c7b8a88ac62fffb2c11
SHA512 6d44570429ffe78645ae6fb659d1b528a05b1aba77213ca62668ab2144aa26e267fd8493b6214d9bde056d33c9824a50f76381b4b8ca2a0aa6f2b7fc24525d74

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\3d\ICOSAHED.LGO

MD5 1a52a14106fd3e659d3f960f7cf45ab5
SHA1 72e840e28848c0e0ea0c60eae20bfd775043c8e3
SHA256 9caf0a5e3ea51b7125a67fc6a8acfc21aecce0bb35746bb57c0abca8e9c801fa
SHA512 e2d81e0d9f9f9199296a097e859859227e31063110568221deae5a6651378a45920915a57b6c84c64e1ea497fa59621d0491133d05525b46796735f50bfc6a0a

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\3d\SHUTTLE.3DV

MD5 e00bbd821c702566c9d17e47bb00d665
SHA1 a9ba7176147341e1555b0c63592bc57d371063e6
SHA256 ca6769e5a8b34067878e96647027ed50dfde0402ca4371bf008589d9e53d188f
SHA512 1f16a7245945f4e70e0c8f44bce86537f01fd6f5d172c35f450894edcf51f9630822631bc4301bed44012282e7ea3f1ae0f7bd95311b6e97b0d9fbc7d6b0e95c

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\3d\SHUTTLE.LGO

MD5 ba4b027fb49d27471ee578dc93d5296b
SHA1 d9fdd8bed9931dcdb2d3f3056cbd5286d903c6ac
SHA256 0d4839f083cf2037256048560fb3979113f2948941d580158dde559429491ebd
SHA512 65bb4b4fe447c5c86bde7d4e85b524cee9e707c0ab10f07df189fdddb844a1fa83cc29aadd0c99028d71a17a6158ae6b3104ae1cd4a01cad60ae0daf84efff0c

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\3d\SOLAR.LGO

MD5 6c567d552d2fe350bcb0986273162253
SHA1 bb8fc18067bf1ebd8445ac22e2486a4ddf0d3242
SHA256 faf3487c2b65f41ed6b534280625a40f936d08ff225f9c5484bcd84655f8a53d
SHA512 bb31975f186281e4c357fa6e8d6fae13c0f83b07714f822bba78d790fd9c2bc3e486d4f3309c5e6c22f651469ca1dfd313159e9d5c5fbffd3378406f208d60fa

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\3d\SPHERE.LGO

MD5 7b7b9b7b4be184e7fabda2d590c93923
SHA1 4657b5a118948a309a9d1478aeab63ac8625efb8
SHA256 578342aa2c859a7e2930f4051169306178122c992595ac809f3a2f603d5cf73f
SHA512 bfbf1a2f68b1b9f2cdd218f2f8053ec1768f25a96ba31f879641ed24918cfcf5667b473396f3c87b8aebbc37a016fed02d65e883ec5c5b0e339baeae32024000

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\3d\STEREO.LGO

MD5 d62e05f8d0dfcec9216febad10e110ca
SHA1 25cec291197969161924b7219ceb6a8dfdc4b45c
SHA256 780eb93d0eb99cd2c75137be9e37205b220d44892c0ceaa0ae090d2cf7624b92
SHA512 371d62f09d5d5ebdb9970d7e37f90ed3d4b3ee5e5e9c8ecc3cd51ce0f9917b121d6ec666ae8d985c9e1c500cbb3116d3fe3135d315875a1d9df65bb91e1f3a20

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\3d\TORUS.LGO

MD5 362cada28e17ad2e41b5fafdb31f41fe
SHA1 1dac44fe205cfe218b0007560827b5631b937af2
SHA256 27be594b0236fc144ff7553084ed2a1473332038ca104006b0edcabc6723c7e4
SHA512 c3dc94584d63e10717e48c6a4fac17eabc9eb96fb3c8788937c344b6f7abe50d3166dc3453fe40d10ce658372bda63c6c246b261c131759cda96e5d5fff58e1a

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\index.html

MD5 6e86736d64a4522b490c716cde97a8bc
SHA1 e48de1ddecfc842bbb8924c1023029ec21f838f6
SHA256 26d4e150e3fcb0b881d9cadf4adfc1aa369ca96e16b46c6935b7903d3916c04e
SHA512 67fe43cacf04a4844c4b11580ca549f4cb7fff160f32be5cd8d8449a6c47775f91a78b6503802615a5fc7e450358bfc53d486a07d302099fc73f8d67fa2b9804

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\Misc\CAR.BMP

MD5 5fc366b3371bde5c769a8c5b9d0ff966
SHA1 124f3a48111e1adba8cbee101655d6bf438c9129
SHA256 4b0231a2577be467d7d37612b75e38d6e944b7ba757f7fe1c36b697e0fc5ee46
SHA512 e78445e2e70e7ffe3100ff91f5c388817b3cec3964e58ea3e5f415e221c88faf421712d363edcb954ec32d929f6c9e7e3da9e8fed0877e2516312afc5fa585b3

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\Misc\CARMASK.BMP

MD5 afe2ac27f1ae91549f64971d1ba81e1c
SHA1 a717af1a26506bf440d8ade244e12b9283b2b7bc
SHA256 c889fe2430b247aa02e7a101360002b88151cfef4df3a99116c22ee80040db0d
SHA512 15f45e1a6743fd2d6b2ae06840466e20efa3018e659f3af65bec14ae372f42adc9ac81e5745c38ad7ae40d6c033d087d82699975afc482d89e441b772ed4703a

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\Misc\CLOCK.LGO

MD5 c4acddb7dacd73b0a509fc54e9c607bb
SHA1 9f1e79be02b00a5eea5d615094eda6ffc4a45af0
SHA256 070086e62f194b7de43c7145508c1e68b8081d7c8393a43e4c49d6e5a147143d
SHA512 e21ec056a9952a441ba571db14d681274b1384e6dd10299d193223516f6ffea9bcc31c3bc114bc9cea8e71c9ce15fc483e7d51ca0295e8d3cd02aa81838ddb17

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\Misc\CURVES.LGO

MD5 a20a8a5480c82964f58b62ba8b29f932
SHA1 1d48183b50b6abb30323b70922175042fe573f18
SHA256 4ca29c112c6486054e71ddbe4c49b809e227c9e2e6760b4c36ee30afd7b255cb
SHA512 f561e9d53d2c6d896abf80bde1e1ed2adf2aeb5397e9b73723d0cbbb69129a084d570a412e5d409c3dcc154a37f6b106d6c704141effa6fef0363b9f20c67e5e

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\Misc\HANOI.LGO

MD5 a21687bf228a38528aa1963d2c8a78e3
SHA1 c816e2c99e20f2a79ec0ce9a8e0e9f3c05c9af13
SHA256 288699cdfee3880ca1ad2056e1cf4a2217a9d684005c5c690a6594f3d54709ae
SHA512 1802a7ab95a54fd17c11e2214da5c671618994fcba3efe2e4d366c59e8941a592f845c9f71826d266b15062554e6a32fd207ec09cea14e7bf12fa66966bff887

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\Misc\JOYSTICK.LGO

MD5 99dc857ce06ae8878881adb61e4f1a40
SHA1 1cd90a57c1fd3cccf4ba2bd5c4d6eecf1bca6a1b
SHA256 3a8f8507f77f89a00c45c50f1d98bbb4ec0da58706d8e3bcc2ffd2be9f5b89a9
SHA512 367887c6aa8bb4e23ffad02f0a1e8e6c1767765aee04ab1c1b11c0cc4519c2cd68f16cf26e8546d98031e8bcf121ec646b5b59b351cea8057557dd0fb3625a85

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\Misc\PLATE.LGO

MD5 8cea513a308679aefb4edba1375c4cd4
SHA1 0aa936e6cb1dbda47b22a4fd3c506002e84b4ffc
SHA256 924f989f6f9f54e97df021e22ebe002aa44ac8d69d44e289cdfa6644ad70bfad
SHA512 a8987e1bb9b06741b27800b34144ece709012d396b8501dbaef90b4686cc67ec0ff78d3084eb130f8553972dfb72a35f08e510f783c56890897ec406123f612a

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\Misc\ROAD.BMP

MD5 11836818b440d6cba5a3aef15393a5e0
SHA1 4c49a9d1bd3ece0e031d80e8746e55f0ad08f399
SHA256 8a64eef1ee52de71fcd074dd39ebeb408558da79a7dbf1ef4305e9a4a23ced58
SHA512 15fa97e739906957ecd9ae9f939d4dc3b6a4b211bc5dd23b68863e53c8df72a3bae7cfb5367d8780f0cf37ac322c88d981565f85d2da61deb8652db22a879476

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\Multimed\CDROM.LGO

MD5 b7e032a03eca04ab9a57cd9378c2daea
SHA1 9819866aa84e9f69ac1cf244306e4055c20376c2
SHA256 4dac6972d0437a91f0e8d122c2d5a3b3dbd7ea7cae44ba30a210b948b7bc8082
SHA512 1ce2cd639efb2ac6ad6dbff9ca895485fd67d27b0497973003957769c4a9167288816d21c61af047500caf7f16cc0822a3b7d6b6c44a76ca64fd12d95e0d1544

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\Misc\SPRITE.LGO

MD5 54085d51ffc8c72c37a70a0cfaf5354f
SHA1 7134793d8954f439284b5f76cce6095a97a4af81
SHA256 2e91c6dfb9317ed8a7e9e798bce808aedfd3dfb0b05daecffcc7d8ecbad0fcc6
SHA512 1921a7cd80b17b0bd2e98b74dde8f5a0884e0874b93869d732371760a3f087b56941dcbffba35b7a6924bea233336aec778d62c740dd92d4a6c0093afe27ad56

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\Multimed\ECHO.LGO

MD5 4ce0cb03e9b2e5707843f40f051c7e2a
SHA1 cf264b2656cb5515edd4728cbd3800aac335fa9d
SHA256 de0662b380865e9a1986d583c3279f1daa806db77d8a51061e9ceb9fa4c1dc04
SHA512 94d09dc730eba52110824cc46560172dde98bcd8cb8065637868baf9f9c11929ab7d847eaa4588f0f72c717d95d0bb9841eeca18c0ed06f1fef06bc12041e8bb

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\Multimed\frogs.wav

MD5 29ee1c1753fc1c9f203c19d848c63c24
SHA1 f50fe3bfecfa872cb47bd218ff7545b1a1d858f0
SHA256 12ac3386432759ccf45c9e531c351ec5a049af608233160f6d23978c58f00001
SHA512 2c2c954500df3c5de10dc05bd91b4cb77163440f58ed516cd01af0349114907595f1a9165db406bb25053ac206aa36753db7f1c23a119557f698419fe65bd087

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\Multimed\GROW.LGO

MD5 513bbfe7b10a230b9ccd71071132e60f
SHA1 7ae0d03ddcf3f07760009625b7a61724899285e7
SHA256 66dc1d10c8d6a022ba82a6d446786e894a540ef3a59673287ed33d00be9a1293
SHA512 c14dbf4c407c4918e5404a94d0e96e602ae8a731f668c792a64703c6c50410ce1dddcf4f0b97f5796e98a9f0abddb439e5a124783260ef8b815cbd43a3bcae3e

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\Multimed\MIDIFILE.LGO

MD5 6ea09ca25cdfa1ce3f1ce56fe71a9d6d
SHA1 e9056ee56f9b94271deabf6641186536a39b0953
SHA256 75a5dd57944dd55d6c3b3a99c14cce5b0e78701594dce3aef69c3fc5032c1520
SHA512 b9bc85a5ed091cc8661e438ce0aa420b23397be562ccd750f0c89cb2fce5cf7300feee5a8cc180ea2d1f132ddd70ba850cee4c088eac4aab7edd8ba19d244a17

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\Multimed\MIDI.LGO

MD5 c22e11b97c187b90cd5ef7301c4c4dfe
SHA1 c053efe04e861e77d34b2054163f9e22677deb65
SHA256 d0ec35bb6cdc36621db633dd61eaf296368c4046ee0d5d5d9b37c5a572581b17
SHA512 6d05655e153ce98f3aa1851b0cdeb664e08629daacde9638c28ba81b37046301c7acb239b174848a20bcf6b93e2acb95539d39a5ed8a1212af5d1b50a75e4afe

C:\Config.Msi\f76f2db.rbs

MD5 afc41ebcea1522f3caf1e45595d69925
SHA1 3fd4de9344a0d2dc9ec4431afe854c4bfb429fd2
SHA256 f8b80639467dcbcdbf24d8952dfd3baf429aade706f4aeedbc066c68c088472f
SHA512 cff16d4a26ec860c13432e71090d952127ba9cd7ceaafb5896c845ad7ffb2e2eb29ef60d944a11b1758c339f5a0512e5fc6a09e7b582729c0baa0bf58dc2e34b

memory/1532-567-0x0000000000D70000-0x000000000110B000-memory.dmp

memory/1532-572-0x0000000000D70000-0x000000000110B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-24 22:27

Reported

2024-11-24 22:29

Platform

win10v2004-20241007-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe"

Signatures

Babadeda

loader crypter babadeda

Babadeda Crypter

Description Indicator Process Target
N/A N/A N/A N/A

Babadeda family

babadeda

CryptBot

spyware stealer cryptbot

Cryptbot family

cryptbot

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools\bsconsole.exe N/A

Reads user/profile data of web browsers

spyware stealer

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Checks installed software on the system

discovery

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
File opened (read-only) \??\L: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
File opened (read-only) \??\B: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
File opened (read-only) \??\W: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\SysWOW64\msiexec.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Installer\e57bbfd.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIBD16.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIBD84.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIBDF3.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIBE72.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIBEB1.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIC1CF.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e57bbfd.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIBE42.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\inprogressinstallinfo.ipi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{CD23C16F-6841-4E3A-A1E5-0CD7B95502B3} C:\Windows\system32\msiexec.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\msiexec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools\bsconsole.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools\bsconsole.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools\bsconsole.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeAuditPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeUndockPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeAuditPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeUndockPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3060 wrote to memory of 2512 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 3060 wrote to memory of 2512 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 3060 wrote to memory of 2512 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 4420 wrote to memory of 4940 N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe C:\Windows\SysWOW64\msiexec.exe
PID 4420 wrote to memory of 4940 N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe C:\Windows\SysWOW64\msiexec.exe
PID 4420 wrote to memory of 4940 N/A C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe C:\Windows\SysWOW64\msiexec.exe
PID 3060 wrote to memory of 980 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 3060 wrote to memory of 980 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 3060 wrote to memory of 980 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 3060 wrote to memory of 2880 N/A C:\Windows\system32\msiexec.exe C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools\bsconsole.exe
PID 3060 wrote to memory of 2880 N/A C:\Windows\system32\msiexec.exe C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools\bsconsole.exe
PID 3060 wrote to memory of 2880 N/A C:\Windows\system32\msiexec.exe C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools\bsconsole.exe

Processes

C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe

"C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe"

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding D5F91CEDCDB62000476D95B08B83BD7B C

C:\Windows\SysWOW64\msiexec.exe

"C:\Windows\system32\msiexec.exe" /i "C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\adv1.msi" AI_SETUPEXEPATH=C:\Users\Admin\AppData\Local\Temp\4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d.exe SETUPEXEDIR=C:\Users\Admin\AppData\Local\Temp\ EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1732246615 " AI_EUIMSI=""

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 14D1AC76B6998213712E1AA0F997F684

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools\bsconsole.exe

"C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools\bsconsole.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 100.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 veoxjo24.top udp
US 8.8.8.8:53 veoxjo24.top udp
US 8.8.8.8:53 veoxjo24.top udp
US 8.8.8.8:53 veoxjo24.top udp
US 8.8.8.8:53 veoxjo24.top udp
US 8.8.8.8:53 veoxjo24.top udp
US 8.8.8.8:53 veoxjo24.top udp
US 8.8.8.8:53 veoxjo24.top udp
US 8.8.8.8:53 veoxjo24.top udp
US 8.8.8.8:53 veoxjo24.top udp
US 8.8.8.8:53 veoxjo24.top udp
US 8.8.8.8:53 veoxjo24.top udp
US 8.8.8.8:53 4.173.189.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\decoder.dll

MD5 454418ebd68a4e905dc2b9b2e5e1b28c
SHA1 a54cb6a80d9b95451e2224b6d95de809c12c9957
SHA256 73d5f96a6a30bbd42752bffc7f20db61c8422579bf8a53741488be34b73e1409
SHA512 171f85d6f6c44acc90d80ba4e6220d747e1f4ff4c49a6e8121738e8260f4fceb01ff2c97172f8a3b20e40e6f6ed29a0397d0c6e5870a9ebff7b7fb6faf20c647

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\adv1.msi

MD5 68f6c681ccc9cefd9642fef8b5cd75b2
SHA1 d2002a07e362813e3866378f78b880cf168002da
SHA256 4ac28d03135f3f09894c9f5b32931df8d490159f9b4d9d9e68ff249d4f9be739
SHA512 39985b0c3d3350d576936b7d4f77d653ee93de68643e9dd27d40bef8d8a5aa545e8b9d7b839659206bcf0940436a3baa540a05a1281bc95dc56acf71193cbed5

C:\Users\Admin\AppData\Local\Temp\MSIB9BC.tmp

MD5 3d24a2af1fb93f9960a17d6394484802
SHA1 ee74a6ceea0853c47e12802961a7a8869f7f0d69
SHA256 8d23754e6b8bb933d79861540b50deca42e33ac4c3a6669c99fb368913b66d88
SHA512 f6a19d00896a63debb9ee7cdd71a92c0a3089b6f4c44976b9c30d97fcbaacd74a8d56150be518314fac74dd3ebea2001dc3859b0f3e4e467a01721b29f6227ba

C:\Users\Admin\AppData\Local\Temp\MSIBA49.tmp

MD5 0be6e02d01013e6140e38571a4da2545
SHA1 9149608d60ca5941010e33e01d4fdc7b6c791bea
SHA256 3c5db91ef77b947a0924675fc1ec647d6512287aa891040b6ade3663aa1fd3a3
SHA512 f419a5a95f7440623edb6400f9adbfb9ba987a65f3b47996a8bb374d89ff53e8638357285485142f76758bffcb9520771e38e193d89c82c3a9733ed98ae24fcb

C:\Windows\Installer\MSIBEB1.tmp

MD5 2a6c81882b2db41f634b48416c8c8450
SHA1 f36f3a30a43d4b6ee4be4ea3760587056428cac6
SHA256 245d57afb74796e0a0b0a68d6a81be407c7617ec6789840a50f080542dace805
SHA512 e9ef1154e856d45c5c37f08cf466a4b10dee6cf71da47dd740f2247a7eb8216524d5b37ff06bb2372c31f6b15c38101c19a1cf7185af12a17083207208c6ccbd

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\qwebpdV2.dll

MD5 9cd67695fcba8780d389442ff8ad43d2
SHA1 2cb7fee581066294516041bcaa3bd0bb9917210b
SHA256 c4a78c680a0df3be0a07fa45cdfe1cf1b632bf5b6b8772444174ad9ee41ce455
SHA512 0a8f47e5bad81bd0da064ee602a5ec162abdd537d6fa625bd6f4c52cb84224e86079ff1adb4133999b76356a9d185d4ad2ed906cf83134affca57cc71bd39aa1

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\bsconsole.exe

MD5 862bdeb6127c708986b3f35fbb3c0358
SHA1 9da8fb4ede3495782db44a3b66bf82caeaa95a2d
SHA256 dc0bea0732c39b709ae477630b359321bc46b6b039b9d47b79711c85230aea4d
SHA512 ff01cb7ac8e34766b05dc231a5b1d5c2ef05cdb91466638b443abd61be2a582e9c8319fad38f26a74e9baf773710eef3a9bdc81ff2afe2580e6ef5cb5b716950

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\ugof

MD5 f7974c955a850c79b7d051450bbde204
SHA1 c3e444061f92cda6ea172f1d16512dc6895d3d3c
SHA256 a09a6ee7aa2cb89841d2b6e7b8c616f72eae5ca410098638d690a56cc567c78e
SHA512 a9f512d26fd27337284f74b116e728096bf9348f65ee2658c6d7ff4ee08846b6619d879275c144dfc4dfffb6e587ea981ebc0c857172e4de3f68900f82110f61

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\logohelp.chm

MD5 4498d1584997d8ee7626b51f23bccdd1
SHA1 707c0b366848b51a16be5b858d021d1f687a4a6e
SHA256 1d8254bc535746478c18de7613731fbc87c5754126d260c40888d38c56007f81
SHA512 4cbb7f9191a39d5de8a8dedc054db71695fd54c292eb5a33657efd4483e6276427f076e9c9d49045282829dad57f04e07364532ed8bf96c3c55747ab66bc867f

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Qt5TextToSpeech.dll

MD5 99f5b275115a749309c0febb2c553a2a
SHA1 c3383e554c5c8d66ab1656603ff4f6d23568a520
SHA256 f4f008cec54534178cfd7164871adf4962c269e2b44d22491c580d2d589358ae
SHA512 f80ad1e94ae58ac5404e8a548200ec01e4941dd2460fa470fb6508c2d9a036d7d12f4547731999bd7dfa7ecd8b4bdf8a6ee4ad3d32ff07e39f6fb99ce1cb1f69

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\logolib\for

MD5 5a85db59e054e34f5460cbdf9b57d3dd
SHA1 d56cd71b96f08a94b71844ed4c155f205077cc04
SHA256 84a2d29f34c06aaebaf99eb1ba408079657792f6996f07bcdffafe8ceb17336a
SHA512 890c70d61a10d1aea85e5e978d0fb6c18c8ff47223caaa28d0b8de4f4f40657a13009c8f664893d974a5be8e12a7337ed2a8dafffe5985d87bfe9daf4921c9ca

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\UCBLogo\DOCSETUP.LGO

MD5 af2338b665a5417db65558498a59040f
SHA1 63549951dab5a788a2878eeb7842f09101bbb264
SHA256 5fb8b83555b911685ad6893d5d292065b46964a9b4a9a662406b0c93f72e370d
SHA512 a3478490d40492d99a8895a06716140d40333cc2fdebd70c345d577fb26931d2c9bf4f1194062c660fd764573526d5aa6c69d6e2843edf9a93b49082a30a6bcb

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\3d\fmslogo.bmp

MD5 074091f21cae34e830cac8ef5422b840
SHA1 2cf882243c45a7bb657cc74543850c07227ffa3d
SHA256 f8656e1e1ab41af29efa9550769e354e7e0f4476b802e32090e706880ec86603
SHA512 62ea398ffa3be0ad6c128bb51bb6d28d9dd2366420beb88a357d27f3a3d3951e69b822e23c6f4389d994408e647c4ee294a37f71615a4945b7d25ff851adcd81

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\logolib\sort

MD5 cd20b9c3705eefa651bade693c6dac2c
SHA1 a6331b125bc04c8564f4bbdba15abc1a5f44e997
SHA256 7d7dea747b020fcedec8a09bcf698dd8e781fe9c976cfe47af340c17d301a55f
SHA512 d5d232c4f238cfbc0e7a1003edab19e72504df9e4644f20a5de8bfdacd656fa1932abb3f17155c4ab0a182ef49715fb4100dd0fd28f700c98e29256d05c7331c

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\Multimed\SOUNDS.LGO

MD5 f7057962212a95c144bcc6e60aef04dc
SHA1 abce5ff6866f17549efa4c236e337e8ab79a1087
SHA256 8199e3101e53dcba42657fc9a83aeed957e1df4dde0a9aa6cca7addb9a02883f
SHA512 b2e5521debecd8589d6dcd1a112d0f39c04d2d121bd2bdb821c7573aa6e91f7523361aecab58404edc90144c2563f84b2ba3fc3111c2aaf52b0d420a9e0e822e

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\logolib\edpls

MD5 2c26ed91698c48237926c26856896a33
SHA1 8fbfbcadb2f40547feb3f9ac8c00dfba047dcc9d
SHA256 e267a396ac8c3d5d7b397e6a3a11b5a7bb380456e34bfa6affa7dd7bc8197b82
SHA512 924bc31885ed0f11fa6f4e10890d942e02b8db4336b013f6cd578cdc0520ed9fa451f05c3ab44738fd3e1798d5fef5614c97922881f346376f4062fb20a04116

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\Multimed\SHAPES.LGO

MD5 0332b5c3611edd45f37327f77790bdb3
SHA1 2d7c75029ef8b90ab5967882477a359a75c3ed7e
SHA256 5ab5a634483c48e05ffa3ae23615cdc5aeef699e374c9cbd0e6a002b4fab80e1
SHA512 0ec71ac30c03dff87baf70808add8b15cb13de990f352eb50140ca78bca5b85dfc0b292cc527ce6f6f38595af7552c747dc5354a09aa1881058418e9c3cfb1fd

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\turtle.bmp

MD5 8e5bc954263e6706359c06686159d143
SHA1 b5cdbfb8d0f200b580116404c6b6433b4df2c9d0
SHA256 bae9f06df713100360694f784164649e9595636e7a0ada30177152db0c1a584c
SHA512 66716ad105a16796ba27c40098e8bc2639107c858f97c743194a1a2b0076a3ab444547de1c2bd3b3f3923b1d9ce78364ed37a1af49adf297a1ecb33ac37c38dc

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\3d\3DSTEPS.LGO

MD5 8bb174bb497395b6d679af159b75e9b1
SHA1 6e286d495c5720c6c236f2d521e4baa7affd09ed
SHA256 520cb66f51f5822ab2c164fd23badf8879f3c22f63706a9875b4f3d87db0919c
SHA512 6ab2ec5c91442c6ba0412d6d66b65f274fee303a053f883ca934bb8791c18871c239347967c1ccaaf56724aa1115a39257deebfacf70abc7ce7d8c6ac715122c

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\3d\SHUTTLE.LGO

MD5 ba4b027fb49d27471ee578dc93d5296b
SHA1 d9fdd8bed9931dcdb2d3f3056cbd5286d903c6ac
SHA256 0d4839f083cf2037256048560fb3979113f2948941d580158dde559429491ebd
SHA512 65bb4b4fe447c5c86bde7d4e85b524cee9e707c0ab10f07df189fdddb844a1fa83cc29aadd0c99028d71a17a6158ae6b3104ae1cd4a01cad60ae0daf84efff0c

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\Misc\CARMASK.BMP

MD5 afe2ac27f1ae91549f64971d1ba81e1c
SHA1 a717af1a26506bf440d8ade244e12b9283b2b7bc
SHA256 c889fe2430b247aa02e7a101360002b88151cfef4df3a99116c22ee80040db0d
SHA512 15f45e1a6743fd2d6b2ae06840466e20efa3018e659f3af65bec14ae372f42adc9ac81e5745c38ad7ae40d6c033d087d82699975afc482d89e441b772ed4703a

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\LICENSE.TXT

MD5 cab5d95bb20bd0f36241edd276851797
SHA1 31848479ee67d58a013f018bc165ce1674166c3f
SHA256 4cba25dfea9f5cf0454c4cfee27091740f8e556196330c010d1fbe35235dc59e
SHA512 c73db59553c69cf1d0cc1e945b2dfe38c59781c1d638bd8e044493732f255cb5f5b992a9db06086853608d81d7572f716922aa6a9042cf99ab1fc38c579ba478

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\README.TXT

MD5 2f271a2d2d92de5579f58b32f59993b2
SHA1 7582831fc25e3ce9c327706fd6d27f8a19e7abb0
SHA256 c3ffeaf3b4ee2c949c398e65dfeed95f8ef56da140b9a132c6d12d93d83dde2d
SHA512 7a0535c46553e39b507a994186b48c4d110296488306d6756fd42489dee5d317c238f725e44f167bb3f993d04fef996bad9956b40e86f42cd02b6de53b229681

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\logolib\erps

MD5 3a9773d3c628a26efb158de5db1ef67e
SHA1 61e7b83995bf00c0cb8a506f31be47f31b257ef7
SHA256 f19570aa8b73e09307ca290ae4c13d644ce3d2a64c72681b673901e189bd619f
SHA512 f2bd8130f987da979fafaa956cd4b42e62312014df8f363f7f1c229143f5e357b48e0798a8b592b506359f1c723ab37aa272a40debbe882c7741d96c5c12a6e1

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\3d\ICOSAHED.LGO

MD5 1a52a14106fd3e659d3f960f7cf45ab5
SHA1 72e840e28848c0e0ea0c60eae20bfd775043c8e3
SHA256 9caf0a5e3ea51b7125a67fc6a8acfc21aecce0bb35746bb57c0abca8e9c801fa
SHA512 e2d81e0d9f9f9199296a097e859859227e31063110568221deae5a6651378a45920915a57b6c84c64e1ea497fa59621d0491133d05525b46796735f50bfc6a0a

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\Misc\CLOCK.LGO

MD5 c4acddb7dacd73b0a509fc54e9c607bb
SHA1 9f1e79be02b00a5eea5d615094eda6ffc4a45af0
SHA256 070086e62f194b7de43c7145508c1e68b8081d7c8393a43e4c49d6e5a147143d
SHA512 e21ec056a9952a441ba571db14d681274b1384e6dd10299d193223516f6ffea9bcc31c3bc114bc9cea8e71c9ce15fc483e7d51ca0295e8d3cd02aa81838ddb17

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\logolib\popls

MD5 b2055b58a8ff5e036ef3c7a26294b6fe
SHA1 e7c23b4c2f5025ddd5da319a0c0d08f4cbc46709
SHA256 b17b51b97e24131d63315f1c7c07923ea698ec7609f023fa3d51f7a7aa2c0c64
SHA512 13ddb6c0d53107514b785141cd50d4baf9f928301f1b509f2e9c664948223c8f2c59157bddc107c41354f7711c26d8928e2fb23ca80719417ae3ad777261c997

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\Multimed\PAINT.LGO

MD5 ac8a45e9af464471cb24ae03f6a013eb
SHA1 7e5d6fbc7f8a2e602400d5b5cea72340604c26f9
SHA256 f6233aa2a13cd8a69a0121b10a4980263b697dde777db0019117d2f7d0ba5405
SHA512 6b2c9097af60cc08f54c783852a272eb29956a86b6e215f8d7d245054dc309126a49c5561aaa06e1ca439d2dd8461d516660f79381cfa15116feb80f89d07c1a

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\3d\3DSIMPLE.LGO

MD5 77eae74dd7bd2ca9982bd2f12adff615
SHA1 9c82d2fadc1ead2cd0848a261b1430b49f806e79
SHA256 4018202e5192fdf1e92a2d4784b884af3c9f27409cabe16a8f1b8803df599ccf
SHA512 0d2c268994584fa15c88e54f7c673349ee259f006a40b69098b673d28ecaca6042840b98198015b80cfd61b106b2585ff05f47e6c470b4e8a2aa6cd967a6ffe2

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\logolib\erpls

MD5 e2f61a3e179e96b2552d68472b157f98
SHA1 1502e4db6d4607e3bf01b7c4a5a40aa939bb83d7
SHA256 bf31c8a529c1109938b70ad0b2098f47b1a225eb09d76c0a83a4fd01ae0cad3e
SHA512 e255b2a8fed46adad6d50718606a647349de28c61655b256c038e7b524ecb9ade6f17afb6602f637e6fd8477d0ffe0921e50bed0f7db0203b9cba7794ddd5e49

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\Misc\HANOI.LGO

MD5 a21687bf228a38528aa1963d2c8a78e3
SHA1 c816e2c99e20f2a79ec0ce9a8e0e9f3c05c9af13
SHA256 288699cdfee3880ca1ad2056e1cf4a2217a9d684005c5c690a6594f3d54709ae
SHA512 1802a7ab95a54fd17c11e2214da5c671618994fcba3efe2e4d366c59e8941a592f845c9f71826d266b15062554e6a32fd207ec09cea14e7bf12fa66966bff887

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\3d\CHECKER.LGO

MD5 829044c299c931e3773faa5340869b2d
SHA1 4a88dbf1901bba3b5d8b4cf2bb7c66998add9a58
SHA256 2cf7197f40b2cdb9b381975690f664a305696a1e84b56202364321b009e5eb54
SHA512 65bc42f88c69b1539ffac2d34a45efa98b8b684c3a35643f779a1176d3a0095ff15ce51d816b314b35c6ad73c3e59a47b9601947f0db96f772a1f7a405fa0c37

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\logolib\demo

MD5 8d9a244c414e9b9ba1bfe71666f7ead8
SHA1 66a250b57064d290b0aa73e33e4e02acdd416b4e
SHA256 a17348301387f93f0b95f6adb5c38c44ffd46e57c82bab3aee08425bcf6b2e82
SHA512 001511a731a5997e50f9a847fef2a9a4ddd095a3872fb0f1aa66daaf546182e4f733377adeec421956d5378923570da016092a8cb3703c2c4e4953cacd02089e

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\logolib\gensym

MD5 77593a26b09d56f2a9df693179603e53
SHA1 d9fb47106caf05a1f670ebcf343bef0666b587b7
SHA256 0dc3a5b044985442823c861c934228121414bdf4d0bba640a6f4f7f16e6878ce
SHA512 c699fc79e198e4e589340f11c0e512e43c3b6666eebe799266eae98a297479a98d9b85ee68b92fb50e19c567950504e4b29266c6b9679697e573e29ebbe9c28f

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\Multimed\ECHO.LGO

MD5 4ce0cb03e9b2e5707843f40f051c7e2a
SHA1 cf264b2656cb5515edd4728cbd3800aac335fa9d
SHA256 de0662b380865e9a1986d583c3279f1daa806db77d8a51061e9ceb9fa4c1dc04
SHA512 94d09dc730eba52110824cc46560172dde98bcd8cb8065637868baf9f9c11929ab7d847eaa4588f0f72c717d95d0bb9841eeca18c0ed06f1fef06bc12041e8bb

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\Multimed\VIDEO.LGO

MD5 41e2e2486bed7aa9f30ba50886dc7091
SHA1 b30e92ef28ad24604eb52f8c3dcfb86e6a155285
SHA256 1d8bb0715855870c869995e6f118cc8cbca85e777491a8dc343707e1b85d1714
SHA512 ac1ce071612fe55a41c57ca0b26ecfd5db2f694be7c0ab0cf87a75b9696003717907c3c73cc66c1d60808182823f5c59cade7595b9f04d7f93c98ee407a84a0b

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\logolib\#

MD5 f0a82f611f562197355d1d8b19de1fcb
SHA1 6cc0f96476fa9cf1f92e8d6dbdc3932d2c65c3f3
SHA256 ec9546682cb6e9f0cd51acf4e40a21d7e37cc5bf511718bf77857d82839eda5c
SHA512 fd4a2e5319ff95712bb663095d3989a21d2291aab1a80fe6edebe3178e6ad919fe3b42005a476f50d823c2224ecfbf5e3a569d360d5f9328cca5d61a999a0ef4

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\Windows\CALC.LGO

MD5 038f7f7c01d85f43fb2db6e7fdd2f0aa
SHA1 96c34836eb5885f55808c52d4faf5c255d7d97a7
SHA256 4d5927b1336479d0c0fb6974e74574fc55fab91292d19ffe1ecc4fac490daf6d
SHA512 9b92d33e545f7a8d3e89b82483c8dd10c833e62bfd4c0986ce1542dd6376a3a1fa258863631d2921b80cbb955a596ced85c20fc838449961937a6638c9cffcac

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\UCBLogo\ALGS.LGO

MD5 6adc19d9f3ffdefd4853fcc2cb7a7b7d
SHA1 0f245efb8ba7286b63caccd559b602beda8957ae
SHA256 4299e80f6ad590041c422c0927200b3effd2bb0a1bd186b25c5277e93c5d1ca6
SHA512 fa941a5a93f34dacd4f624918041ccd9ee43f94ef51f4dc9d25b4165af33594e1fcd6dcd85426c207a8c97bf9916c5ff9976bf1f0988790c268cdb5ec221c7e4

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\Pascal\CARDS.PAS

MD5 b5e99669b838116e212ff4cdc97550ad
SHA1 2642129e6ca9263e465908ad3f2164442a5ec3b4
SHA256 9df2836c574e5597fde9decf6e626f3dfab36cb8e286a67ccc269a085f2263df
SHA512 465f0a13ec509c018894e2b0ce02bfe04c7458d4a4b398da8899a96fd02a61a5703764eafa4148d06b99263bdc8fa190d5fbf30b333be2954d5ac821f26ad281

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\Network\NETLOCAL.LGO

MD5 886a6ec4c437b9d71c061c0b95f4fd40
SHA1 9e601bb54017a9a24df60b6c5709b86321fbdd60
SHA256 04ebc67ede85c171148c4a41c19ddfaf64a8342c6d10aaf97a3b7dc8da08ae76
SHA512 b2ee5ac1a59e3003469435b1138e7d2b64f0cee50eb7c7f1e47daec9d6d222b5c38f8ee0e482865d2845ef3bddeb0b0c525121f5a7bd1386360363529190f023

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\Multimed\CDROM.LGO

MD5 b7e032a03eca04ab9a57cd9378c2daea
SHA1 9819866aa84e9f69ac1cf244306e4055c20376c2
SHA256 4dac6972d0437a91f0e8d122c2d5a3b3dbd7ea7cae44ba30a210b948b7bc8082
SHA512 1ce2cd639efb2ac6ad6dbff9ca895485fd67d27b0497973003957769c4a9167288816d21c61af047500caf7f16cc0822a3b7d6b6c44a76ca64fd12d95e0d1544

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\Misc\CAR.BMP

MD5 5fc366b3371bde5c769a8c5b9d0ff966
SHA1 124f3a48111e1adba8cbee101655d6bf438c9129
SHA256 4b0231a2577be467d7d37612b75e38d6e944b7ba757f7fe1c36b697e0fc5ee46
SHA512 e78445e2e70e7ffe3100ff91f5c388817b3cec3964e58ea3e5f415e221c88faf421712d363edcb954ec32d929f6c9e7e3da9e8fed0877e2516312afc5fa585b3

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\index.html

MD5 6e86736d64a4522b490c716cde97a8bc
SHA1 e48de1ddecfc842bbb8924c1023029ec21f838f6
SHA256 26d4e150e3fcb0b881d9cadf4adfc1aa369ca96e16b46c6935b7903d3916c04e
SHA512 67fe43cacf04a4844c4b11580ca549f4cb7fff160f32be5cd8d8449a6c47775f91a78b6503802615a5fc7e450358bfc53d486a07d302099fc73f8d67fa2b9804

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\Examples\3d\3DBITMAP.LGO

MD5 c7eb72cbf51334c39e297403a6e00e5c
SHA1 eb8e6b0b81888da182730c055ad228907c0e49b1
SHA256 f29fc7faf7d4bb8797367c5ab027c797c2af33edcf081efa9daa7a7e7bd9ee0f
SHA512 f6e79a3e723baeba11b21694d5177d8211510ac69e770f9f05553094c681e91613c2e6687da1b253a72d9e242c9975c25d62b3493fc070a1fdecd41cf3bd02f2

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\icuin30.dll

MD5 3204dadc26ec04db0fadfc9adf914513
SHA1 fc4bf25277ce523b235b09eead166b05081cc943
SHA256 195a654a1bcd29d42543c870b72861fe07558c347426931b0e9e18defb445406
SHA512 7c271459281bb6fe596431ce1f4e48d95e6d58dac286f475700bbe5e48feed53cb0bab387e66b827334f8672ac502dc77655e9020f2db174d6a62e1bfc738d96

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\libwinpthread-1.dll

MD5 db18b7ec5f93127e6099744ea9568c1b
SHA1 e9143c76e308a816837e2f1a19dd0c5e2306ed08
SHA256 5bbef249a0d00e2d32c699d0bbe89f714ebeb872b3990a5cbeccb1d89f63e5e8
SHA512 ee1e645bed0bc3ad9e959d6342153e608ad21a7f5aef60b4cd8cc96fde7aeec4bbbb7474b59cab8ced8f28dc9f66cab32f4825333c891524901dcc40e70a1580

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\libgcc_s_seh-1.dll

MD5 534b365361004828059600f05b34006d
SHA1 d8ff411b0939a021f47c845c6a90f1240bab5268
SHA256 438ae82ffd621a2413199155574cc85681f8986f05420b1485aa4be936c3bc0b
SHA512 1ccb3732a82f2fedca85c27afdd48e65dde70d5b1620e436d457624a2cb796887c5e7dc2983a0794ebbbcade3e5b9f9fc9320b390894471993c7b1e85268592d

C:\Users\Admin\AppData\Roaming\MyBusinessCatalog\Virtual Catalog Tools 2.6.8.2\install\95502B3\libEGL.dll

MD5 2874582e39562af961a6d1c59447459c
SHA1 3cf7d154637aac69913b1f549938a21c7c4b16ba
SHA256 b1070d55627c2899d5928eff2f2e3187537162e93e189458fadd7ccfd6a2ca3d
SHA512 eeca63a7020346bda9a399b83f4e57b6b54bbb222c4a3cf7191ab7fe0271f6473bcc58f0e60ce5f7d5cbd57298b858ffa042b62ed9a9be0806e08e4c6f5c7091

memory/2880-499-0x0000000000B20000-0x0000000000EBB000-memory.dmp

C:\Config.Msi\e57bc00.rbs

MD5 51aa7c8f51879c01b966002622baebb2
SHA1 00cfbcaa75b0519c11481a5d1b831f16cb09ffae
SHA256 796887ac652780b19b0bfbb71f92b131df6cddadac31d0818e39671de24035e7
SHA512 955e9dd693cf9ce601893cdc71437d3f95728f63ae415a557ad1d139ddb2d57f8e7fe472641d664d367f2285518376ad094d8111c26199e0c11a8d1598e95be4

C:\Users\Admin\AppData\Local\Temp\dslCBOstad\_Files\_Screen_Desktop.jpeg

MD5 9055ea393abab79333ecae06b12657ed
SHA1 b759f675e6e5dc7c9d1e5a007fd3880832e39f43
SHA256 8ee78882c77b6f263904f937820d54c4bfe8eb71430bea6cda0c8777c8ea923a
SHA512 b9d01955abf22723c03776c2de85e637292a9cf1c73f8fb79f54e47057b2d9a51786addf8fa66012b90846bf711eb68640f02f674e263f4cff14247e52ca6bb3

C:\Users\Admin\AppData\Local\Temp\dslCBOstad\_Files\_Information.txt

MD5 cce09e90a634fe19c2710c13f1da065d
SHA1 f0ef5b1ea557ce8d311f426c3e74b532b38fcde9
SHA256 6670c43bac9d54c43ace4c91b5e85f8fc086adcf656d96df0db5f1aa5bda94dc
SHA512 d8af52dcd45303787085e3d9c9a09018fb9fb01fd126391102b56866a752f485af0a171ad147d02793ef47c43ed6966bfb064d634ffba08e9613f382572cacb0

C:\Users\Admin\AppData\Local\Temp\dslCBOstad\_Files\_Information.txt

MD5 1a454dfc9de5289e1e2a9d31326f1e45
SHA1 d3df2f72a3b7c180803a089441dedc5cb3b9cd28
SHA256 2e46b8bfcd237af980381bb567daef5c2e0ad56fe00b3aa9bd65a66731e7e0e4
SHA512 6dbea292d8b257eef25ccc7d6acca760f343d8cad3827753843e20dd366141791ade6136282485bf0b5d0e6ec2a0d2b17ffe6ba835e2e5c2ab921eb9af32d231

C:\Users\Admin\AppData\Local\Temp\dslCBOstad\_Files\_Information.txt

MD5 7f4357de7ff412e692e11d6f6d49847b
SHA1 2a4c7413e4c5b248c4ebc2ae4ef336e7707511f8
SHA256 c5405a9bbb2f8d44e030aaa1c2e7fd1cfac8f2c8dbda3d8eb45f579745510a23
SHA512 380eb2a5afb8128ec242cfb2e338fcf0638db494c4e70e0715980fa2ed7c6196edc0129b305cdc32752ba6f47246eb19664359dbde675d835084393fa59be2fe

C:\Users\Admin\AppData\Local\Temp\dslCBOstad\YStgtnFbfwcqC.zip

MD5 7b285f58cddd26458f173f1dbdca4eb2
SHA1 f1c45d08dd73bd566e094457765a838b0b7a00ba
SHA256 ac37fde0b8b9d6694134ba72eb3a824e49c1599a146df341c994a404493bc378
SHA512 19672f6cafdfe007ca070f0f3b19962e178680157d2e4fe6a02c11e6842bdac841277af0bba102e2499ad72552caf18d4a163be72c766dac1a5a1bfad1c355f6

memory/2880-623-0x0000000000B20000-0x0000000000EBB000-memory.dmp