Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Alcohol120_trial_2.1.1.1019.exe

Overview

General Information

Sample Name:Alcohol120_trial_2.1.1.1019.exe
Analysis ID:696690
MD5:c07c71995fcf610966b3dc72da2338df
SHA1:4b28aa0311d1cca7bcd7edd89c3d127017a15cf4
SHA256:1d49d19f171c1f0136dad7b9ca6384915344185f202590606d106f27f4493443
Infos:

Detection

Score:60
Range:0 - 100
Whitelisted:false
Confidence:100%

Compliance

Score:18
Range:0 - 100

Signatures

Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for dropped file
PE file has a writeable .text section
Changes security center settings (notifications, updates, antivirus, firewall)
Uses 32bit PE files
Creates files inside the driver directory
Queries the volume information (name, serial number etc) of a device
Yara signature match
Antivirus or Machine Learning detection for unpacked file
May sleep (evasive loops) to hinder dynamic analysis
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Creates files inside the system directory
PE file contains sections with non-standard names
Found dropped PE file which has not been started or loaded
PE file contains executable resources (Code or Archives)
Entry point lies outside standard sections
EXE planting / hijacking vulnerabilities found
AV process strings found (often used to terminate AV products)
DLL planting / hijacking vulnerabilities found
Sample file is different than original file name gathered from version info
PE file contains strange resources
Drops PE files
Tries to load missing DLLs
Drops PE files to the windows directory (C:\Windows)
Creates driver files
Creates or modifies windows services
Queries disk information (often used to detect virtual machines)

Classification

Process Tree

  • System is start
  • Alcohol120_trial_2.1.1.1019.exe (PID: 2308 cmdline: "C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exe" MD5: C07C71995FCF610966B3DC72DA2338DF)
    • SPTD2inst.exe (PID: 5868 cmdline: "C:\Users\user\AppData\Local\Temp\SPTD2inst.exe" add /q MD5: 0E226BA5DFB6380C080E0718DFC00B93)
  • svchost.exe (PID: 676 cmdline: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService MD5: 9520A99E77D6196D0D09833146424113)
  • svchost.exe (PID: 3680 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: 9520A99E77D6196D0D09833146424113)
  • svchost.exe (PID: 244 cmdline: C:\Windows\system32\svchost.exe -k LocalService -p -s CDPSvc MD5: 9520A99E77D6196D0D09833146424113)
  • svchost.exe (PID: 1260 cmdline: C:\Windows\System32\svchost.exe -k NetworkService -p -s DoSvc MD5: 9520A99E77D6196D0D09833146424113)
  • svchost.exe (PID: 3792 cmdline: C:\Windows\System32\svchost.exe -k NetworkService -p MD5: 9520A99E77D6196D0D09833146424113)
  • SgrmBroker.exe (PID: 1176 cmdline: C:\Windows\system32\SgrmBroker.exe MD5: C51AA0BB954EA45E85572E6CC29BA6F4)
  • svchost.exe (PID: 4100 cmdline: C:\Windows\system32\svchost.exe -k netsvcs -p -s UsoSvc MD5: 9520A99E77D6196D0D09833146424113)
  • svchost.exe (PID: 5040 cmdline: C:\Windows\system32\svchost.exe -k UnistackSvcGroup MD5: 9520A99E77D6196D0D09833146424113)
  • svchost.exe (PID: 1416 cmdline: C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s wscsvc MD5: 9520A99E77D6196D0D09833146424113)
  • svchost.exe (PID: 6708 cmdline: C:\Windows\system32\svchost.exe -k netsvcs -p -s lfsvc MD5: 9520A99E77D6196D0D09833146424113)
  • 7zG.exe (PID: 7028 cmdline: "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\" -spe -an -ai#7zMap26653:116:7zEvent29920 MD5: 04FB3AE7F05C8BC333125972BA907398)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\lumsdk\net_updater32.exemisc_posunknown@patrickrolsen
  • 0x168234:$s2: cmd /c net start %s
  • 0x1e4326:$s3: pid:
  • 0x49c0d0:$s5: COMSPEC

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: Alcohol120_trial_2.1.1.1019.exeReversingLabs: Detection: 61%
Source: Alcohol120_trial_2.1.1.1019.exeVirustotal: Detection: 57%Perma Link
Antivirus / Scanner detection for submitted sample
Source: Alcohol120_trial_2.1.1.1019.exeAvira: detected
Multi AV Scanner detection for dropped file
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\Alcohol.exeReversingLabs: Detection: 45%
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\lumsdk\lum_sdk32.dllReversingLabs: Detection: 12%
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\lumsdk\net_updater32.exeReversingLabs: Detection: 12%
Source: 25.2.7zG.exe.1baf1601b7e.5.unpackAvira: Label: TR/Patched.Ren.Gen
Source: 25.2.7zG.exe.1baf15f6f7a.4.unpackAvira: Label: TR/Patched.Ren.Gen
Source: 25.2.7zG.exe.1baf120c40e.1.unpackAvira: Label: TR/Patched.Ren.Gen
Source: 25.2.7zG.exe.1baf1639326.8.unpackAvira: Label: TR/Patched.Ren.Gen
Source: C:\Program Files\7-Zip\7zG.exeEXE: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\KillAxShlExHlper.exeJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeEXE: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\$TEMP\SPTD2inst.exeJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeEXE: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\Plugins\Helper\AxXMLPoster.exeJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeEXE: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\AxAHCIServiceEx.exeJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeEXE: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\lumsdk\AXLumSDKHlper.exeJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeEXE: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\Plugins\Helper\UACHlper.exeJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeEXE: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\$TEMP\SPTDinst.exeJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeEXE: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\Alcohol.exeJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeEXE: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\Plugins\Helper\UACHlperx64.exeJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeEXE: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\MX_RegAutoplayCanceler64.exeJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeEXE: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\Plugins\Helper\AxSrvUACHlper.exeJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeEXE: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\MX_RegShlEx64.exeJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeEXE: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\lumsdk\net_updater32.exeJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeEXE: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\AxCmd.exeJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeEXE: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\AxShlExHlper.exeJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeDLL: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\pfctoc.dllJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeDLL: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\Alcoholx.dllJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeDLL: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\$PLUGINSDIR\inetc.dllJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeDLL: USP10.dllJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeDLL: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\$PLUGINSDIR\nsWeb.dllJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeDLL: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\Plugins\Helper\AxSwindHlp.dllJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeDLL: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\imgengine.dllJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeDLL: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\$PLUGINSDIR\InstallOptions.dllJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeDLL: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\AxShlEx64.dllJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeDLL: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\$PLUGINSDIR\nsDialogs.dllJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeDLL: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\SPTDIntf.dllJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeDLL: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\$PLUGINSDIR\W10_17763RegHlper.dllJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeDLL: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\Plugins\Helper\LiteZip.dllJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeDLL: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\Plugins\DPMChart.dllJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeDLL: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\$PLUGINSDIR\System.dllJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeDLL: RichEd20.DLLJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeDLL: SPTDIntf.dllJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeDLL: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\$PLUGINSDIR\LangDLL.dllJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeDLL: imageres.dllJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeDLL: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\$TEMP\SPTDIntf.dllJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeDLL: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\AxShlRes.dllJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeDLL: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\Plugins\AxtraWd.dllJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeDLL: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\AXShlEx.dllJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeDLL: SHFOLDER.DLLJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeDLL: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\Plugins\DPM.dllJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeDLL: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\DevSupp.dllJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeDLL: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\Plugins\NapalmBurn.dllJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeDLL: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\$PLUGINSDIR\SetupHlp.dllJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeDLL: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\lumsdk\lum_sdk32.dllJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeDLL: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\$PLUGINSDIR\nsExec.dllJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeDLL: msls31.dllJump to behavior

Compliance

barindex
Uses 32bit PE files
Source: Alcohol120_trial_2.1.1.1019.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
EXE planting / hijacking vulnerabilities found
Source: C:\Program Files\7-Zip\7zG.exeEXE: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\KillAxShlExHlper.exeJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeEXE: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\$TEMP\SPTD2inst.exeJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeEXE: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\Plugins\Helper\AxXMLPoster.exeJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeEXE: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\AxAHCIServiceEx.exeJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeEXE: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\lumsdk\AXLumSDKHlper.exeJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeEXE: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\Plugins\Helper\UACHlper.exeJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeEXE: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\$TEMP\SPTDinst.exeJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeEXE: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\Alcohol.exeJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeEXE: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\Plugins\Helper\UACHlperx64.exeJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeEXE: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\MX_RegAutoplayCanceler64.exeJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeEXE: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\Plugins\Helper\AxSrvUACHlper.exeJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeEXE: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\MX_RegShlEx64.exeJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeEXE: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\lumsdk\net_updater32.exeJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeEXE: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\AxCmd.exeJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeEXE: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\AxShlExHlper.exeJump to behavior
DLL planting / hijacking vulnerabilities found
Source: C:\Program Files\7-Zip\7zG.exeDLL: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\pfctoc.dllJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeDLL: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\Alcoholx.dllJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeDLL: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\$PLUGINSDIR\inetc.dllJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeDLL: USP10.dllJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeDLL: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\$PLUGINSDIR\nsWeb.dllJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeDLL: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\Plugins\Helper\AxSwindHlp.dllJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeDLL: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\imgengine.dllJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeDLL: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\$PLUGINSDIR\InstallOptions.dllJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeDLL: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\AxShlEx64.dllJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeDLL: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\$PLUGINSDIR\nsDialogs.dllJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeDLL: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\SPTDIntf.dllJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeDLL: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\$PLUGINSDIR\W10_17763RegHlper.dllJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeDLL: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\Plugins\Helper\LiteZip.dllJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeDLL: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\Plugins\DPMChart.dllJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeDLL: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\$PLUGINSDIR\System.dllJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeDLL: RichEd20.DLLJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeDLL: SPTDIntf.dllJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeDLL: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\$PLUGINSDIR\LangDLL.dllJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeDLL: imageres.dllJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeDLL: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\$TEMP\SPTDIntf.dllJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeDLL: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\AxShlRes.dllJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeDLL: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\Plugins\AxtraWd.dllJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeDLL: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\AXShlEx.dllJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeDLL: SHFOLDER.DLLJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeDLL: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\Plugins\DPM.dllJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeDLL: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\DevSupp.dllJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeDLL: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\Plugins\NapalmBurn.dllJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeDLL: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\$PLUGINSDIR\SetupHlp.dllJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeDLL: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\lumsdk\lum_sdk32.dllJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeDLL: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\$PLUGINSDIR\nsExec.dllJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeDLL: msls31.dllJump to behavior
Found installer window with terms and condition text
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeWindow detected: < &BackI &AgreeCancelAlcohol Soft Development Team Alcohol Soft Development TeamLicense AgreementPlease review the license terms before installing Alcohol 120%.Press Page Down to see the rest of the agreement.License AgreementEULA revision December 2012IMPORTANT - READ CAREFULLY: Note: This software contains measures to check if it is a legitimate version of our software. If these checks ascertain that the version in use has been altered in anyway from the originalCertain aspects of the software will fail to function correctly; this can also lead to an instability or failure of your system.Alcohol Soft is not liable for any problems that occur from using a non legal version of the software.Alcohol Soft is under no obligation to offer help or advice on how to remedy any problems that occur through using a non legal version of the software. This End-User License Agreement is a legal agreement between you (either an individual or a single entity) and Alcohol Soft for the software product identified above which includes computer software and may include associated media printed materials and "online" or electronic documentation ("SOFTWARE PRODUCT"). By installing copying or otherwise using the SOFTWARE PRODUCT you agree to be bound by the terms of this LICENSE AGREEMENT. If you do not agree to the terms of this LICENSE AGREEMENT do not install or use the SOFTWARE PRODUCT. License conditionsNo part of the software or the manual may be multiplied disseminated or processed in any way without the written consent of Alcohol Soft. Violations of these conditions will be prosecuted in every case. The use of the software is done at your own risk. The manufacturer and developer accept no liability for any damages either as direct or indirect consequence of the use of this product or software. Only observance of these conditions allows you to use the hardware and software in your computer system. All rights reserved. Software Copyright (C) 2002-2012 Alcohol Soft Development TeamSOFTWARE PRODUCT LICENSE The SOFTWARE PRODUCT is protected by copyright laws and international copyright treaties as well as other intellectual property laws and treaties. The SOFTWARE PRODUCT is licensed not sold. This also applies to demo versions. GRANT OF LICENSE. This LICENSE AGREEMENT grants you the following rights: Applications SoftwareYou may install and use one copy of the SOFTWARE PRODUCT or any prior version for the same operating system on a single computer. The primary user of the computer on which the SOFTWARE PRODUCT is installed may make a second copy for his or her exclusive use. Storage/Network UseYou may also store or install a copy of the SOFTWARE PRODUCT on a storage device such as a network server used only to install or run the SOFTWARE PRODUCT on your other computers over an internal network; however you must acquire and dedicate a license for each separate computer on which the SOFTWARE PRODUCT is installed or run from the storage device. A license for the SOFTW
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeWindow detected: < &Back&Next >CancelAlcohol Soft Development Team Alcohol Soft Development TeamLicense AgreementPlease review the license terms before installing Alcohol 120%.Press Page Down to see the rest of the agreement.License AgreementEULA revision December 2012IMPORTANT - READ CAREFULLY: Note: This software contains measures to check if it is a legitimate version of our software. If these checks ascertain that the version in use has been altered in anyway from the originalCertain aspects of the software will fail to function correctly; this can also lead to an instability or failure of your system.Alcohol Soft is not liable for any problems that occur from using a non legal version of the software.Alcohol Soft is under no obligation to offer help or advice on how to remedy any problems that occur through using a non legal version of the software. This End-User License Agreement is a legal agreement between you (either an individual or a single entity) and Alcohol Soft for the software product identified above which includes computer software and may include associated media printed materials and "online" or electronic documentation ("SOFTWARE PRODUCT"). By installing copying or otherwise using the SOFTWARE PRODUCT you agree to be bound by the terms of this LICENSE AGREEMENT. If you do not agree to the terms of this LICENSE AGREEMENT do not install or use the SOFTWARE PRODUCT. License conditionsNo part of the software or the manual may be multiplied disseminated or processed in any way without the written consent of Alcohol Soft. Violations of these conditions will be prosecuted in every case. The use of the software is done at your own risk. The manufacturer and developer accept no liability for any damages either as direct or indirect consequence of the use of this product or software. Only observance of these conditions allows you to use the hardware and software in your computer system. All rights reserved. Software Copyright (C) 2002-2012 Alcohol Soft Development TeamSOFTWARE PRODUCT LICENSE The SOFTWARE PRODUCT is protected by copyright laws and international copyright treaties as well as other intellectual property laws and treaties. The SOFTWARE PRODUCT is licensed not sold. This also applies to demo versions. GRANT OF LICENSE. This LICENSE AGREEMENT grants you the following rights: Applications SoftwareYou may install and use one copy of the SOFTWARE PRODUCT or any prior version for the same operating system on a single computer. The primary user of the computer on which the SOFTWARE PRODUCT is installed may make a second copy for his or her exclusive use. Storage/Network UseYou may also store or install a copy of the SOFTWARE PRODUCT on a storage device such as a network server used only to install or run the SOFTWARE PRODUCT on your other computers over an internal network; however you must acquire and dedicate a license for each separate computer on which the SOFTWARE PRODUCT is installed or run from the storage device. A license for the SOFTWA
Creates a software restore point
Source: C:\Users\user\AppData\Local\Temp\SPTD2inst.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore SRInitDoneJump to behavior
PE / OLE file has a valid certificate
Source: Alcohol120_trial_2.1.1.1019.exeStatic PE information: certificate valid
Binary contains paths to debug symbols
Source: Binary string: alcoholx.pdb source: 7zG.exe, 00000019.00000002.2458405645.000001BAF1639000.00000004.00000020.00020000.00000000.sdmp, Alcoholx.dll.25.dr
Source: Binary string: C:\projects\ipnetwork\src\System.Net.IPNetwork\obj\release\net45\System.Net.IPNetwork.pdb source: net_updater32.exe.25.dr, lum_sdk32.dll.25.dr
Source: Binary string: alcohol.pdbH source: 7zG.exe, 00000019.00000002.2458405645.000001BAF1639000.00000004.00000020.00020000.00000000.sdmp, Alcoholx.dll.25.dr
Source: Binary string: P.pdbZ source: 7zG.exe, 00000019.00000002.2458405645.000001BAF1639000.00000004.00000020.00020000.00000000.sdmp, NapalmBurn.dll.25.dr
Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdb source: 7zG.exe, 00000019.00000002.2447681599.000001BAF11A3000.00000004.00000020.00020000.00000000.sdmp, net_updater32.exe.25.dr
Source: Binary string: c:\cygwin\home\bat\bat\checkout\zon\build.app_win64r\pkg\win\sdk\lum_sdk32.dll.pdb source: net_updater32.exe.25.dr, lum_sdk32.dll.25.dr
Source: Binary string: E:\A\_work\39\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.ValueTuple\netstandard1.0\System.ValueTuple.pdb source: net_updater32.exe.25.dr, lum_sdk32.dll.25.dr
Source: Binary string: C:\Users\Richard\Documents\GitHub\NTFS-Streams\ntfsstreams\Trinet.Core.IO.Ntfs\obj\Release\net35\Trinet.Core.IO.Ntfs.pdb source: 7zG.exe, 00000019.00000002.2447681599.000001BAF11A3000.00000004.00000020.00020000.00000000.sdmp, net_updater32.exe.25.dr
Source: Binary string: c:\cygwin\home\bat\bat\checkout\zon\build.app_win64r\pkg\win\sdk\test_wpf.exe.pdb source: net_updater32.exe.25.dr
Source: Binary string: sptd2.pdb source: Alcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1533593477.000000000270E000.00000004.00000800.00020000.00000000.sdmp, SPTD2inst.exe, 00000006.00000000.1343326394.00007FF7E4556000.00000002.00000001.01000000.0000000F.sdmp, nso7B63.tmp.24.dr, sptd2.sys.6.dr, nsfCAF0.tmp.16.dr, SPTD2inst.exe.25.dr, nsg1C41.tmp.0.dr, SPTD2inst.exe.0.dr
Source: Binary string: C:\projects\dotnetzip-semverd\src\Zip\obj\Release\DotNetZip.pdb source: net_updater32.exe.25.dr, lum_sdk32.dll.25.dr
Source: Binary string: c:\cygwin\home\bat\bat\checkout\zon\build.app_win64r\pkg\win\sdk\lum_sdk_int.dll.pdb source: net_updater32.exe.25.dr, lum_sdk32.dll.25.dr
Source: Binary string: c:\svn\sptd\setup\objfre_wnet_amd64\amd64\SPTDinst.pdb source: Alcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1533593477.000000000270E000.00000004.00000800.00020000.00000000.sdmp, nso7B63.tmp.24.dr, nsfCAF0.tmp.16.dr, nsg1C41.tmp.0.dr
Source: Binary string: SPTD2inst.pdb source: Alcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1533593477.000000000270E000.00000004.00000800.00020000.00000000.sdmp, SPTD2inst.exe, 00000006.00000000.1343130023.00007FF7E4547000.00000002.00000001.01000000.0000000F.sdmp, nso7B63.tmp.24.dr, nsfCAF0.tmp.16.dr, SPTD2inst.exe.25.dr, nsg1C41.tmp.0.dr, SPTD2inst.exe.0.dr
Source: Binary string: c:\cygwin\home\bat\bat\checkout\zon\build.app_win64r\pkg\win\sdk\idle_report.exe.pdb source: net_updater32.exe.25.dr, lum_sdk32.dll.25.dr
Source: Binary string: msvcr120.i386.pdb source: 7zG.exe, 00000019.00000002.2447681599.000001BAF11A3000.00000004.00000020.00020000.00000000.sdmp, net_updater32.exe.25.dr
Source: Binary string: c:\cygwin\home\bat\bat\checkout\zon\build.app_win64r\pkg\win\util\websocket_sharp\WebSocketSharp.dll.pdb source: 7zG.exe, 00000019.00000002.2447681599.000001BAF11A3000.00000004.00000020.00020000.00000000.sdmp, net_updater32.exe.25.dr
Source: Binary string: E:\A\_work\39\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.ValueTuple\netstandard1.0\System.ValueTuple.pdbSHA256 source: net_updater32.exe.25.dr, lum_sdk32.dll.25.dr
Source: Binary string: imgengine.pdb source: 7zG.exe, 00000019.00000002.2447681599.000001BAF11A3000.00000004.00000020.00020000.00000000.sdmp, 7zG.exe, 00000019.00000002.2443082516.000001BAEF32F000.00000004.00000020.00020000.00000000.sdmp, imgengine.dll.25.dr
Source: Binary string: c:\cygwin\home\bat\bat\checkout\zon\build.app_win64r\pkg\win\sdk\lum_sdk32_clr.dll.pdb source: net_updater32.exe.25.dr, lum_sdk32.dll.25.dr
Source: Binary string: alcohol.pdbU source: 7zG.exe, 00000019.00000002.2458405645.000001BAF1639000.00000004.00000020.00020000.00000000.sdmp, Alcoholx.dll.25.dr
Source: Binary string: c:\cygwin\home\bat\bat\checkout\zon\build.app_win64r\pkg\win\util\lum_sdk_util.dll.pdb source: 7zG.exe, 00000019.00000002.2447681599.000001BAF11A3000.00000004.00000020.00020000.00000000.sdmp, net_updater32.exe.25.dr
Source: Binary string: c:\cygwin\home\bat\bat\checkout\zon\build.app_win64r\pkg\win\sdk\lum_sdk_int.dll.pdbr source: net_updater32.exe.25.dr, lum_sdk32.dll.25.dr
Source: Binary string: c:\svn\sptd\setup\objfre_wxp_x86\i386\SPTDinst.pdb source: Alcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1533593477.000000000270E000.00000004.00000800.00020000.00000000.sdmp, SPTDinst.exe.25.dr, nso7B63.tmp.24.dr, nsfCAF0.tmp.16.dr, nsg1C41.tmp.0.dr
Source: Binary string: C:\Documents and Settings\martin\My Documents\Visual Studio 2010\Projects\KillAxShlExHlper\Release\KillAxShlExHlper.pdb source: 7zG.exe, 00000019.00000002.2462678727.000001BAF18B5000.00000004.00000020.00020000.00000000.sdmp, KillAxShlExHlper.exe.25.dr
Source: Binary string: c:\svn\sptd\setup\objfre_wnet_amd64\amd64\SPTDinst.pdbH source: Alcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1533593477.000000000270E000.00000004.00000800.00020000.00000000.sdmp, nso7B63.tmp.24.dr, nsfCAF0.tmp.16.dr, nsg1C41.tmp.0.dr
Source: Binary string: c:\cygwin\home\bat\bat\checkout\zon\build.app_win64r\pkg\win\sdk\net_updater32.exe.pdb source: net_updater32.exe.25.dr
Source: Binary string: alcohol.pdb source: 7zG.exe, 00000019.00000002.2458405645.000001BAF1639000.00000004.00000020.00020000.00000000.sdmp, Alcoholx.dll.25.dr
Source: Binary string: C:\projects\ipnetwork\src\System.Net.IPNetwork\obj\release\net45\System.Net.IPNetwork.pdbSHA256j source: net_updater32.exe.25.dr, lum_sdk32.dll.25.dr
Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA256^Y source: 7zG.exe, 00000019.00000002.2447681599.000001BAF11A3000.00000004.00000020.00020000.00000000.sdmp, net_updater32.exe.25.dr
Source: Binary string: C:\Users\Richard\Documents\GitHub\NTFS-Streams\ntfsstreams\Trinet.Core.IO.Ntfs\obj\Release\net35\Trinet.Core.IO.Ntfs.pdbma source: 7zG.exe, 00000019.00000002.2447681599.000001BAF11A3000.00000004.00000020.00020000.00000000.sdmp, net_updater32.exe.25.dr
Source: Binary string: c:\svn\sptd\setup\objfre_wxp_x86\i386\SPTDinst.pdbf source: Alcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1533593477.000000000270E000.00000004.00000800.00020000.00000000.sdmp, SPTDinst.exe.25.dr, nso7B63.tmp.24.dr, nsfCAF0.tmp.16.dr, nsg1C41.tmp.0.dr
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeFile opened: C:\Users\user\Jump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeFile opened: C:\Users\user\AppData\Local\Temp\nsg1C42.tmp\W10_17763RegHlper.dllJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeFile opened: C:\Users\user\AppData\Local\Temp\nsg1C42.tmp\Jump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeFile opened: C:\Users\user\AppData\Jump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeFile opened: C:\Users\user\AppData\Local\Temp\Jump to behavior
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: 7zG.exe, 00000019.00000002.2447681599.000001BAF11A3000.00000004.00000020.00020000.00000000.sdmp, net_updater32.exe.25.dr, lum_sdk32.dll.25.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: 7zG.exe, 00000019.00000002.2447681599.000001BAF11A3000.00000004.00000020.00020000.00000000.sdmp, net_updater32.exe.25.dr, lum_sdk32.dll.25.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: 7zG.exe, 00000019.00000002.2447681599.000001BAF11A3000.00000004.00000020.00020000.00000000.sdmp, net_updater32.exe.25.drString found in binary or memory: http://cacerts.digicert.com/NETFoundationProjectsCodeSigningCA.crt0
Source: 7zG.exe, 00000019.00000002.2447681599.000001BAF11A3000.00000004.00000020.00020000.00000000.sdmp, Alcohol120_trial_2.1.1.1019.exe, net_updater32.exe.25.dr, AXLumSDKHlper.exe.25.dr, lum_sdk32.dll.25.drString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
Source: svchost.exe, 00000003.00000002.2449883320.000002AA1888B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: 7zG.exe, 00000019.00000002.2447681599.000001BAF11A3000.00000004.00000020.00020000.00000000.sdmp, 7zG.exe, 00000019.00000002.2443082516.000001BAEF32F000.00000004.00000020.00020000.00000000.sdmp, imgengine.dll.25.drString found in binary or memory: http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
Source: 7zG.exe, 00000019.00000002.2447681599.000001BAF11A3000.00000004.00000020.00020000.00000000.sdmp, 7zG.exe, 00000019.00000002.2443082516.000001BAEF32F000.00000004.00000020.00020000.00000000.sdmp, imgengine.dll.25.drString found in binary or memory: http://crl.comodoca.com/COMODORSACodeSigningCA.crl0t
Source: Alcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1533593477.000000000270E000.00000004.00000800.00020000.00000000.sdmp, SetupHlp.dll.16.dr, nso7B63.tmp.24.dr, nsfCAF0.tmp.16.dr, nsg1C41.tmp.0.dr, SetupHlp.dll.25.drString found in binary or memory: http://crl.daemon-tools.cc/entity.crl0
Source: Alcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1533593477.000000000270E000.00000004.00000800.00020000.00000000.sdmp, SPTDinst.exe.25.dr, nso7B63.tmp.24.dr, nsfCAF0.tmp.16.dr, nsg1C41.tmp.0.drString found in binary or memory: http://crl.duplexsecure.com/entity.crl0
Source: Alcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1533593477.000000000270E000.00000004.00000800.00020000.00000000.sdmp, 7zG.exe, 00000019.00000002.2458405645.000001BAF1639000.00000004.00000020.00020000.00000000.sdmp, 7zG.exe, 00000019.00000002.2444387632.000001BAEF3B9000.00000004.00000020.00020000.00000000.sdmp, 7zG.exe, 00000019.00000002.2442500190.000001BAEEDFC000.00000004.00000020.00020000.00000000.sdmp, nso7B63.tmp.24.dr, nsfCAF0.tmp.16.dr, SPTDIntf.dll.0.dr, nsg1C41.tmp.0.dr, SPTDIntf.dll.25.dr, Alcoholx.dll.25.dr, SPTDIntf.dll0.25.drString found in binary or memory: http://crl.globalsign.com/gs/gscodesigng2.crl0
Source: Alcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1533593477.000000000270E000.00000004.00000800.00020000.00000000.sdmp, SPTDinst.exe.25.dr, nso7B63.tmp.24.dr, nsfCAF0.tmp.16.dr, nsg1C41.tmp.0.drString found in binary or memory: http://crl.globalsign.com/gs/gscodesigng3.crl0
Source: Alcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1533593477.000000000270E000.00000004.00000800.00020000.00000000.sdmp, Alcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1531570592.0000000000409000.00000004.00000001.01000000.00000003.sdmp, SPTD2inst.exe, 00000006.00000000.1343326394.00007FF7E4556000.00000002.00000001.01000000.0000000F.sdmp, 7zG.exe, 00000019.00000002.2442500190.000001BAEEDFC000.00000004.00000020.00020000.00000000.sdmp, SPTDinst.exe.25.dr, nso7B63.tmp.24.dr, sptd2.sys.6.dr, nsfCAF0.tmp.16.dr, SPTD2inst.exe.25.dr, SPTDIntf.dll.0.dr, nsg1C41.tmp.0.dr, SPTDIntf.dll.25.dr, SPTD2inst.exe.0.dr, SPTDIntf.dll0.25.drString found in binary or memory: http://crl.globalsign.com/gs/gscodesignsha2g2.crl0
Source: Alcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1533593477.000000000270E000.00000004.00000800.00020000.00000000.sdmp, 7zG.exe, 00000019.00000002.2458405645.000001BAF1639000.00000004.00000020.00020000.00000000.sdmp, 7zG.exe, 00000019.00000002.2447681599.000001BAF11A3000.00000004.00000020.00020000.00000000.sdmp, 7zG.exe, 00000019.00000002.2444387632.000001BAEF3B9000.00000004.00000020.00020000.00000000.sdmp, 7zG.exe, 00000019.00000002.2443082516.000001BAEF32F000.00000004.00000020.00020000.00000000.sdmp, 7zG.exe, 00000019.00000002.2442500190.000001BAEEDFC000.00000004.00000020.00020000.00000000.sdmp, SPTDinst.exe.25.dr, nso7B63.tmp.24.dr, nsfCAF0.tmp.16.dr, SPTDIntf.dll.0.dr, nsg1C41.tmp.0.dr, SPTDIntf.dll.25.dr, Alcoholx.dll.25.dr, imgengine.dll.25.dr, SPTDIntf.dll0.25.drString found in binary or memory: http://crl.globalsign.com/gs/gstimestampingg2.crl0T
Source: Alcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1533593477.000000000270E000.00000004.00000800.00020000.00000000.sdmp, Alcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1531570592.0000000000409000.00000004.00000001.01000000.00000003.sdmp, SPTD2inst.exe, 00000006.00000000.1343326394.00007FF7E4556000.00000002.00000001.01000000.0000000F.sdmp, nso7B63.tmp.24.dr, sptd2.sys.6.dr, nsfCAF0.tmp.16.dr, SPTD2inst.exe.25.dr, nsg1C41.tmp.0.dr, SPTD2inst.exe.0.drString found in binary or memory: http://crl.globalsign.com/gs/gstimestampingsha2g2.crl0
Source: Alcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1533593477.000000000270E000.00000004.00000800.00020000.00000000.sdmp, 7zG.exe, 00000019.00000002.2442500190.000001BAEEDFC000.00000004.00000020.00020000.00000000.sdmp, SPTDinst.exe.25.dr, nso7B63.tmp.24.dr, nsfCAF0.tmp.16.dr, SPTDIntf.dll.0.dr, nsg1C41.tmp.0.dr, SPTDIntf.dll.25.dr, SPTDIntf.dll0.25.drString found in binary or memory: http://crl.globalsign.com/gs/gstimestampingsha2g2.crl0X
Source: Alcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1533593477.000000000270E000.00000004.00000800.00020000.00000000.sdmp, SPTDinst.exe.25.dr, nso7B63.tmp.24.dr, nsfCAF0.tmp.16.dr, nsg1C41.tmp.0.drString found in binary or memory: http://crl.globalsign.com/root.crl0Y
Source: svchost.exe, 00000003.00000002.2449883320.000002AA1888B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: Alcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1533593477.000000000270E000.00000004.00000800.00020000.00000000.sdmp, Alcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1531570592.0000000000409000.00000004.00000001.01000000.00000003.sdmp, SPTD2inst.exe, 00000006.00000000.1343326394.00007FF7E4556000.00000002.00000001.01000000.0000000F.sdmp, SPTD2inst.exe, 00000006.00000003.1348098962.00000292B902A000.00000004.00000020.00020000.00000000.sdmp, 7zG.exe, 00000019.00000002.2442500190.000001BAEEDFC000.00000004.00000020.00020000.00000000.sdmp, SPTDinst.exe.25.dr, nso7B63.tmp.24.dr, sptd2.sys.6.dr, nsfCAF0.tmp.16.dr, SPTD2inst.exe.25.dr, SPTDIntf.dll.0.dr, nsg1C41.tmp.0.dr, SPTDIntf.dll.25.dr, SPTD2inst.exe.0.dr, SPTDIntf.dll0.25.drString found in binary or memory: http://crl.globalsign.net/root-r3.crl0
Source: Alcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1533593477.000000000270E000.00000004.00000800.00020000.00000000.sdmp, 7zG.exe, 00000019.00000002.2458405645.000001BAF1639000.00000004.00000020.00020000.00000000.sdmp, 7zG.exe, 00000019.00000002.2447681599.000001BAF11A3000.00000004.00000020.00020000.00000000.sdmp, 7zG.exe, 00000019.00000002.2444387632.000001BAEF3B9000.00000004.00000020.00020000.00000000.sdmp, 7zG.exe, 00000019.00000002.2443082516.000001BAEF32F000.00000004.00000020.00020000.00000000.sdmp, 7zG.exe, 00000019.00000002.2442500190.000001BAEEDFC000.00000004.00000020.00020000.00000000.sdmp, SPTDinst.exe.25.dr, nso7B63.tmp.24.dr, nsfCAF0.tmp.16.dr, SPTDIntf.dll.0.dr, nsg1C41.tmp.0.dr, SPTDIntf.dll.25.dr, Alcoholx.dll.25.dr, imgengine.dll.25.dr, SPTDIntf.dll0.25.drString found in binary or memory: http://crl.globalsign.net/root.crl0
Source: Alcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1533593477.000000000270E000.00000004.00000800.00020000.00000000.sdmp, Alcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1531570592.0000000000409000.00000004.00000001.01000000.00000003.sdmp, SPTD2inst.exe, 00000006.00000000.1343326394.00007FF7E4556000.00000002.00000001.01000000.0000000F.sdmp, 7zG.exe, 00000019.00000002.2442500190.000001BAEEDFC000.00000004.00000020.00020000.00000000.sdmp, SPTDinst.exe.25.dr, nso7B63.tmp.24.dr, sptd2.sys.6.dr, nsfCAF0.tmp.16.dr, SPTD2inst.exe.25.dr, SPTDIntf.dll.0.dr, nsg1C41.tmp.0.dr, SPTDIntf.dll.25.dr, SPTD2inst.exe.0.dr, SPTDIntf.dll0.25.drString found in binary or memory: http://crl.globalsign.net/root.crl0O
Source: Alcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1533593477.000000000270E000.00000004.00000800.00020000.00000000.sdmp, SetupHlp.dll.16.dr, SPTDinst.exe.25.dr, nso7B63.tmp.24.dr, nsfCAF0.tmp.16.dr, nsg1C41.tmp.0.dr, SetupHlp.dll.25.drString found in binary or memory: http://crl.grsign.com/rootca.crl0Q
Source: 7zG.exe, 00000019.00000002.2447681599.000001BAF11A3000.00000004.00000020.00020000.00000000.sdmp, Alcohol120_trial_2.1.1.1019.exe, net_updater32.exe.25.dr, AXLumSDKHlper.exe.25.dr, lum_sdk32.dll.25.drString found in binary or memory: http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s
Source: Alcohol120_trial_2.1.1.1019.exe, AXLumSDKHlper.exe.25.drString found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
Source: UACHlper.exe.25.dr, W10_17763RegHlper.dll.24.dr, W10_17763RegHlper.dll.0.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: svchost.exe, 00000003.00000002.2446511929.000002AA172D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.ver)
Source: 7zG.exe, 00000019.00000002.2447681599.000001BAF11A3000.00000004.00000020.00020000.00000000.sdmp, net_updater32.exe.25.dr, lum_sdk32.dll.25.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: 7zG.exe, 00000019.00000002.2447681599.000001BAF11A3000.00000004.00000020.00020000.00000000.sdmp, net_updater32.exe.25.drString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
Source: 7zG.exe, 00000019.00000002.2447681599.000001BAF11A3000.00000004.00000020.00020000.00000000.sdmp, net_updater32.exe.25.drString found in binary or memory: http://crl3.digicert.com/NETFoundationProjectsCodeSigningCA.crl0E
Source: 7zG.exe, 00000019.00000002.2447681599.000001BAF11A3000.00000004.00000020.00020000.00000000.sdmp, net_updater32.exe.25.dr, lum_sdk32.dll.25.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: 7zG.exe, 00000019.00000002.2447681599.000001BAF11A3000.00000004.00000020.00020000.00000000.sdmp, net_updater32.exe.25.dr, lum_sdk32.dll.25.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: 7zG.exe, 00000019.00000002.2447681599.000001BAF11A3000.00000004.00000020.00020000.00000000.sdmp, net_updater32.exe.25.drString found in binary or memory: http://crl4.digicert.com/NETFoundationProjectsCodeSigningCA.crl0L
Source: 7zG.exe, 00000019.00000002.2447681599.000001BAF11A3000.00000004.00000020.00020000.00000000.sdmp, net_updater32.exe.25.dr, lum_sdk32.dll.25.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: 7zG.exe, 00000019.00000002.2447681599.000001BAF11A3000.00000004.00000020.00020000.00000000.sdmp, Alcohol120_trial_2.1.1.1019.exe, net_updater32.exe.25.dr, AXLumSDKHlper.exe.25.dr, lum_sdk32.dll.25.drString found in binary or memory: http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#
Source: Alcohol120_trial_2.1.1.1019.exe, AXLumSDKHlper.exe.25.drString found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
Source: svchost.exe, 00000003.00000003.1208811647.000002AA1CA4C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFU
Source: svchost.exe, 00000003.00000003.1208648695.000002AA1CA14000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome/AJzR0Zz0SQOCHzc0sR3MfHk_91.0.4472.77/91.0.4472.77_c
Source: svchost.exe, 00000003.00000003.1208811647.000002AA1CA4C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ANlaTV2JH2WK9RCoHi__mxg_1.0.6/S3ybLvFx94H
Source: svchost.exe, 00000003.00000003.1208811647.000002AA1CA4C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/APVOrL1aIZFPVuxAFYGUnkE_20210520.37540039
Source: svchost.exe, 00000003.00000003.1208811647.000002AA1CA4C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/APXXLABkvVhhXtYF5CAJK8E_43/G7yvLIv4RYlDG8
Source: net_updater32.exe.25.drString found in binary or memory: http://james.newtonking.com/projects/json
Source: 7zG.exe, 00000019.00000002.2447681599.000001BAF11A3000.00000004.00000020.00020000.00000000.sdmp, net_updater32.exe.25.dr, lum_sdk32.dll.25.drString found in binary or memory: http://luminati.io0
Source: Alcohol120_trial_2.1.1.1019.exeString found in binary or memory: http://nsis.sf.net/NSIS_Error
Source: Alcohol120_trial_2.1.1.1019.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: 7zG.exe, 00000019.00000002.2447681599.000001BAF11A3000.00000004.00000020.00020000.00000000.sdmp, 7zG.exe, 00000019.00000002.2443082516.000001BAEF32F000.00000004.00000020.00020000.00000000.sdmp, Alcohol120_trial_2.1.1.1019.exe, net_updater32.exe.25.dr, imgengine.dll.25.dr, AXLumSDKHlper.exe.25.dr, lum_sdk32.dll.25.drString found in binary or memory: http://ocsp.comodoca.com0
Source: 7zG.exe, 00000019.00000002.2447681599.000001BAF11A3000.00000004.00000020.00020000.00000000.sdmp, net_updater32.exe.25.dr, lum_sdk32.dll.25.drString found in binary or memory: http://ocsp.digicert.com0C
Source: 7zG.exe, 00000019.00000002.2447681599.000001BAF11A3000.00000004.00000020.00020000.00000000.sdmp, net_updater32.exe.25.drString found in binary or memory: http://ocsp.digicert.com0K
Source: 7zG.exe, 00000019.00000002.2447681599.000001BAF11A3000.00000004.00000020.00020000.00000000.sdmp, net_updater32.exe.25.drString found in binary or memory: http://ocsp.digicert.com0N
Source: 7zG.exe, 00000019.00000002.2447681599.000001BAF11A3000.00000004.00000020.00020000.00000000.sdmp, net_updater32.exe.25.dr, lum_sdk32.dll.25.drString found in binary or memory: http://ocsp.digicert.com0O
Source: Alcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1533593477.000000000270E000.00000004.00000800.00020000.00000000.sdmp, Alcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1531570592.0000000000409000.00000004.00000001.01000000.00000003.sdmp, SPTD2inst.exe, 00000006.00000000.1343326394.00007FF7E4556000.00000002.00000001.01000000.0000000F.sdmp, 7zG.exe, 00000019.00000002.2442500190.000001BAEEDFC000.00000004.00000020.00020000.00000000.sdmp, SPTDinst.exe.25.dr, nso7B63.tmp.24.dr, sptd2.sys.6.dr, nsfCAF0.tmp.16.dr, SPTD2inst.exe.25.dr, SPTDIntf.dll.0.dr, nsg1C41.tmp.0.dr, SPTDIntf.dll.25.dr, SPTD2inst.exe.0.dr, SPTDIntf.dll0.25.drString found in binary or memory: http://ocsp.globalsign.com/ExtendedSSLSHA256CACross0
Source: Alcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1533593477.000000000270E000.00000004.00000800.00020000.00000000.sdmp, SPTDinst.exe.25.dr, nso7B63.tmp.24.dr, nsfCAF0.tmp.16.dr, nsg1C41.tmp.0.drString found in binary or memory: http://ocsp.globalsign.com/rootr103
Source: 7zG.exe, 00000019.00000002.2447681599.000001BAF11A3000.00000004.00000020.00020000.00000000.sdmp, Alcohol120_trial_2.1.1.1019.exe, net_updater32.exe.25.dr, AXLumSDKHlper.exe.25.dr, lum_sdk32.dll.25.drString found in binary or memory: http://ocsp.sectigo.com0
Source: UACHlper.exe.25.dr, W10_17763RegHlper.dll.24.dr, W10_17763RegHlper.dll.0.drString found in binary or memory: http://ocsp.thawte.com0
Source: Alcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1533593477.000000000270E000.00000004.00000800.00020000.00000000.sdmp, 7zG.exe, 00000019.00000002.2458405645.000001BAF1639000.00000004.00000020.00020000.00000000.sdmp, 7zG.exe, 00000019.00000002.2444387632.000001BAEF3B9000.00000004.00000020.00020000.00000000.sdmp, 7zG.exe, 00000019.00000002.2442500190.000001BAEEDFC000.00000004.00000020.00020000.00000000.sdmp, nso7B63.tmp.24.dr, nsfCAF0.tmp.16.dr, SPTDIntf.dll.0.dr, nsg1C41.tmp.0.dr, SPTDIntf.dll.25.dr, Alcoholx.dll.25.dr, SPTDIntf.dll0.25.drString found in binary or memory: http://ocsp2.globalsign.com/gscodesigng20
Source: Alcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1533593477.000000000270E000.00000004.00000800.00020000.00000000.sdmp, SPTDinst.exe.25.dr, nso7B63.tmp.24.dr, nsfCAF0.tmp.16.dr, nsg1C41.tmp.0.drString found in binary or memory: http://ocsp2.globalsign.com/gscodesigng30V
Source: Alcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1533593477.000000000270E000.00000004.00000800.00020000.00000000.sdmp, Alcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1531570592.0000000000409000.00000004.00000001.01000000.00000003.sdmp, SPTD2inst.exe, 00000006.00000000.1343326394.00007FF7E4556000.00000002.00000001.01000000.0000000F.sdmp, 7zG.exe, 00000019.00000002.2442500190.000001BAEEDFC000.00000004.00000020.00020000.00000000.sdmp, SPTDinst.exe.25.dr, nso7B63.tmp.24.dr, sptd2.sys.6.dr, nsfCAF0.tmp.16.dr, SPTD2inst.exe.25.dr, SPTDIntf.dll.0.dr, nsg1C41.tmp.0.dr, SPTDIntf.dll.25.dr, SPTD2inst.exe.0.dr, SPTDIntf.dll0.25.drString found in binary or memory: http://ocsp2.globalsign.com/gscodesignsha2g20
Source: Alcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1533593477.000000000270E000.00000004.00000800.00020000.00000000.sdmp, Alcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1531570592.0000000000409000.00000004.00000001.01000000.00000003.sdmp, SPTD2inst.exe, 00000006.00000000.1343326394.00007FF7E4556000.00000002.00000001.01000000.0000000F.sdmp, nso7B63.tmp.24.dr, sptd2.sys.6.dr, nsfCAF0.tmp.16.dr, SPTD2inst.exe.25.dr, nsg1C41.tmp.0.dr, SPTD2inst.exe.0.drString found in binary or memory: http://ocsp2.globalsign.com/gstimestampingsha2g20
Source: svchost.exe, 00000003.00000003.1208648695.000002AA1CA14000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.3.drString found in binary or memory: http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHF
Source: svchost.exe, 00000003.00000003.1208811647.000002AA1CA4C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://redirector.gvt1.com/edgedl/release2/chrome_component/AIZk8O7Cv2UUbxc_aaUykKI_7/ALzUVHP-vRgKCz
Source: svchost.exe, 00000003.00000003.1208811647.000002AA1CA4C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://redirector.gvt1.com/edgedl/release2/chrome_component/AT25IXegX04GPhlqizv_jg_281/cp83jQFxy4Co7
Source: svchost.exe, 00000003.00000003.1208811647.000002AA1CA4C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://redirector.gvt1.com/edgedl/release2/chrome_component/CLzUPOY7PeNCWmHSoqszxQ_9.27.0/ANtasjH7xN
Source: Alcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1533593477.000000000270E000.00000004.00000800.00020000.00000000.sdmp, 7zG.exe, 00000019.00000002.2458405645.000001BAF1639000.00000004.00000020.00020000.00000000.sdmp, 7zG.exe, 00000019.00000002.2447681599.000001BAF11A3000.00000004.00000020.00020000.00000000.sdmp, 7zG.exe, 00000019.00000002.2444387632.000001BAEF3B9000.00000004.00000020.00020000.00000000.sdmp, 7zG.exe, 00000019.00000002.2443082516.000001BAEF32F000.00000004.00000020.00020000.00000000.sdmp, AxtraWd.dll.25.dr, nso7B63.tmp.24.dr, DevSupp.dll.25.dr, AxCmd.exe.25.dr, nsfCAF0.tmp.16.dr, AxAHCIServiceEx.exe.25.dr, W10_17763RegHlper.dll.16.dr, nsg1C41.tmp.0.dr, W10_17763RegHlper.dll.24.dr, W10_17763RegHlper.dll.0.drString found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
Source: Alcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1533593477.000000000270E000.00000004.00000800.00020000.00000000.sdmp, 7zG.exe, 00000019.00000002.2458405645.000001BAF1639000.00000004.00000020.00020000.00000000.sdmp, 7zG.exe, 00000019.00000002.2447681599.000001BAF11A3000.00000004.00000020.00020000.00000000.sdmp, 7zG.exe, 00000019.00000002.2443082516.000001BAEF32F000.00000004.00000020.00020000.00000000.sdmp, AxtraWd.dll.25.dr, nso7B63.tmp.24.dr, DevSupp.dll.25.dr, AxCmd.exe.25.dr, nsfCAF0.tmp.16.dr, AxAHCIServiceEx.exe.25.dr, W10_17763RegHlper.dll.16.dr, nsg1C41.tmp.0.dr, W10_17763RegHlper.dll.24.dr, W10_17763RegHlper.dll.0.drString found in binary or memory: http://s2.symcb.com0
Source: Alcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1533593477.000000000270E000.00000004.00000800.00020000.00000000.sdmp, 7zG.exe, 00000019.00000002.2458405645.000001BAF1639000.00000004.00000020.00020000.00000000.sdmp, 7zG.exe, 00000019.00000002.2444387632.000001BAEF3B9000.00000004.00000020.00020000.00000000.sdmp, 7zG.exe, 00000019.00000002.2442500190.000001BAEEDFC000.00000004.00000020.00020000.00000000.sdmp, nso7B63.tmp.24.dr, nsfCAF0.tmp.16.dr, SPTDIntf.dll.0.dr, nsg1C41.tmp.0.dr, SPTDIntf.dll.25.dr, Alcoholx.dll.25.dr, SPTDIntf.dll0.25.drString found in binary or memory: http://secure.globalsign.com/cacert/gscodesigng2.crt04
Source: Alcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1533593477.000000000270E000.00000004.00000800.00020000.00000000.sdmp, SPTDinst.exe.25.dr, nso7B63.tmp.24.dr, nsfCAF0.tmp.16.dr, nsg1C41.tmp.0.drString found in binary or memory: http://secure.globalsign.com/cacert/gscodesigng3ocsp.crt04
Source: Alcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1533593477.000000000270E000.00000004.00000800.00020000.00000000.sdmp, Alcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1531570592.0000000000409000.00000004.00000001.01000000.00000003.sdmp, SPTD2inst.exe, 00000006.00000000.1343326394.00007FF7E4556000.00000002.00000001.01000000.0000000F.sdmp, 7zG.exe, 00000019.00000002.2442500190.000001BAEEDFC000.00000004.00000020.00020000.00000000.sdmp, SPTDinst.exe.25.dr, nso7B63.tmp.24.dr, sptd2.sys.6.dr, nsfCAF0.tmp.16.dr, SPTD2inst.exe.25.dr, SPTDIntf.dll.0.dr, nsg1C41.tmp.0.dr, SPTDIntf.dll.25.dr, SPTD2inst.exe.0.dr, SPTDIntf.dll0.25.drString found in binary or memory: http://secure.globalsign.com/cacert/gscodesignsha2g2.crt08
Source: Alcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1533593477.000000000270E000.00000004.00000800.00020000.00000000.sdmp, 7zG.exe, 00000019.00000002.2458405645.000001BAF1639000.00000004.00000020.00020000.00000000.sdmp, 7zG.exe, 00000019.00000002.2447681599.000001BAF11A3000.00000004.00000020.00020000.00000000.sdmp, 7zG.exe, 00000019.00000002.2444387632.000001BAEF3B9000.00000004.00000020.00020000.00000000.sdmp, 7zG.exe, 00000019.00000002.2443082516.000001BAEF32F000.00000004.00000020.00020000.00000000.sdmp, 7zG.exe, 00000019.00000002.2442500190.000001BAEEDFC000.00000004.00000020.00020000.00000000.sdmp, SPTDinst.exe.25.dr, nso7B63.tmp.24.dr, nsfCAF0.tmp.16.dr, SPTDIntf.dll.0.dr, nsg1C41.tmp.0.dr, SPTDIntf.dll.25.dr, Alcoholx.dll.25.dr, imgengine.dll.25.dr, SPTDIntf.dll0.25.drString found in binary or memory: http://secure.globalsign.com/cacert/gstimestampingg2.crt0
Source: nsg1C41.tmp.0.dr, SPTDIntf.dll.25.dr, SPTD2inst.exe.0.dr, SPTDIntf.dll0.25.drString found in binary or memory: http://secure.globalsign.com/cacert/gstimestampingsha2g2.crt0
Source: Alcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1532246381.000000000054B000.00000004.00000020.00020000.00000000.sdmp, Alcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1533593477.000000000270E000.00000004.00000800.00020000.00000000.sdmp, Alcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1531916915.00000000004E0000.00000004.00000020.00020000.00000000.sdmp, Alcohol120_trial_2.1.1.1019.exe, 00000010.00000003.1698971628.000000000055D000.00000004.00000020.00020000.00000000.sdmp, Alcohol120_trial_2.1.1.1019.exe, 00000018.00000003.2143049815.00000000006ED000.00000004.00000020.00020000.00000000.sdmp, 7zG.exe, 00000019.00000002.2441540918.000001BAEEDCB000.00000004.00000020.00020000.00000000.sdmp, nso7B63.tmp.24.dr, nsfCAF0.tmp.16.dr, nsg1C41.tmp.0.drString found in binary or memory: http://support.alcohol-soft.com/display_trial_fe_adpage_in_intaller.php
Source: Alcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1533593477.000000000270E000.00000004.00000800.00020000.00000000.sdmp, Alcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1531916915.00000000004E0000.00000004.00000020.00020000.00000000.sdmp, Alcohol120_trial_2.1.1.1019.exe, 00000010.00000003.1698971628.000000000055D000.00000004.00000020.00020000.00000000.sdmp, Alcohol120_trial_2.1.1.1019.exe, 00000018.00000003.2143049815.00000000006ED000.00000004.00000020.00020000.00000000.sdmp, 7zG.exe, 00000019.00000002.2441540918.000001BAEEDCB000.00000004.00000020.00020000.00000000.sdmp, nso7B63.tmp.24.dr, nsfCAF0.tmp.16.dr, nsg1C41.tmp.0.drString found in binary or memory: http://support.alcohol-soft.com/display_trial_fe_adpage_in_intaller.php/SILENTget1023
Source: Alcohol120_trial_2.1.1.1019.exe, 00000000.00000003.1297952869.000000000059C000.00000004.00000020.00020000.00000000.sdmp, Alcohol120_trial_2.1.1.1019.exe, 00000010.00000003.1698971628.000000000055D000.00000004.00000020.00020000.00000000.sdmp, Alcohol120_trial_2.1.1.1019.exe, 00000018.00000003.2143049815.00000000006ED000.00000004.00000020.00020000.00000000.sdmp, 7zG.exe, 00000019.00000002.2441540918.000001BAEEDCB000.00000004.00000020.00020000.00000000.sdmp, nso7B63.tmp.24.dr, nsfCAF0.tmp.16.dr, nsg1C41.tmp.0.drString found in binary or memory: http://support.alcohol-soft.com/install_special_page.php?ref=A120T
Source: Alcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1533593477.000000000270E000.00000004.00000800.00020000.00000000.sdmp, Alcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1531916915.00000000004E0000.00000004.00000020.00020000.00000000.sdmp, Alcohol120_trial_2.1.1.1019.exe, 00000010.00000003.1698971628.000000000055D000.00000004.00000020.00020000.00000000.sdmp, Alcohol120_trial_2.1.1.1019.exe, 00000018.00000003.2143049815.00000000006ED000.00000004.00000020.00020000.00000000.sdmp, 7zG.exe, 00000019.00000002.2441540918.000001BAEEDCB000.00000004.00000020.00020000.00000000.sdmp, nso7B63.tmp.24.dr, nsfCAF0.tmp.16.dr, nsg1C41.tmp.0.drString found in binary or memory: http://support.alcohol-soft.com/install_special_page.php?ref=A120TAdPageTitleSubTitleURL
Source: Alcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1531916915.00000000004E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://support.alcohol-soft.com/install_special_page.php?ref=A120TH~
Source: Alcohol120_trial_2.1.1.1019.exe, 00000000.00000003.1295640182.00000000039C0000.00000004.00000800.00020000.00000000.sdmp, Alcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1531730987.0000000000434000.00000004.00000001.01000000.00000003.sdmp, InstallerADs.INI.0.dr, install_special_page[1].htm.0.drString found in binary or memory: http://support.alcohol-soft.com/install_special_page_contents.php
Source: Alcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1531730987.0000000000434000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: http://support.alcohol-soft.com/install_special_page_contents.php3284363278082047150324
Source: Alcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1533593477.000000000270E000.00000004.00000800.00020000.00000000.sdmp, 7zG.exe, 00000019.00000002.2447681599.000001BAF11A3000.00000004.00000020.00020000.00000000.sdmp, nso7B63.tmp.24.dr, DevSupp.dll.25.dr, nsfCAF0.tmp.16.dr, AxAHCIServiceEx.exe.25.dr, W10_17763RegHlper.dll.16.dr, nsg1C41.tmp.0.dr, W10_17763RegHlper.dll.24.dr, W10_17763RegHlper.dll.0.drString found in binary or memory: http://sv.symcb.com/sv.crl0a
Source: 7zG.exe, 00000019.00000002.2458405645.000001BAF1639000.00000004.00000020.00020000.00000000.sdmp, 7zG.exe, 00000019.00000002.2447681599.000001BAF11A3000.00000004.00000020.00020000.00000000.sdmp, 7zG.exe, 00000019.00000002.2443082516.000001BAEF32F000.00000004.00000020.00020000.00000000.sdmp, AxtraWd.dll.25.dr, AxCmd.exe.25.drString found in binary or memory: http://sv.symcb.com/sv.crl0f
Source: Alcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1533593477.000000000270E000.00000004.00000800.00020000.00000000.sdmp, 7zG.exe, 00000019.00000002.2458405645.000001BAF1639000.00000004.00000020.00020000.00000000.sdmp, 7zG.exe, 00000019.00000002.2447681599.000001BAF11A3000.00000004.00000020.00020000.00000000.sdmp, 7zG.exe, 00000019.00000002.2443082516.000001BAEF32F000.00000004.00000020.00020000.00000000.sdmp, AxtraWd.dll.25.dr, nso7B63.tmp.24.dr, DevSupp.dll.25.dr, AxCmd.exe.25.dr, nsfCAF0.tmp.16.dr, AxAHCIServiceEx.exe.25.dr, W10_17763RegHlper.dll.16.dr, nsg1C41.tmp.0.dr, W10_17763RegHlper.dll.24.dr, W10_17763RegHlper.dll.0.drString found in binary or memory: http://sv.symcb.com/sv.crt0
Source: Alcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1533593477.000000000270E000.00000004.00000800.00020000.00000000.sdmp, 7zG.exe, 00000019.00000002.2458405645.000001BAF1639000.00000004.00000020.00020000.00000000.sdmp, 7zG.exe, 00000019.00000002.2447681599.000001BAF11A3000.00000004.00000020.00020000.00000000.sdmp, 7zG.exe, 00000019.00000002.2443082516.000001BAEF32F000.00000004.00000020.00020000.00000000.sdmp, AxtraWd.dll.25.dr, nso7B63.tmp.24.dr, DevSupp.dll.25.dr, AxCmd.exe.25.dr, nsfCAF0.tmp.16.dr, AxAHCIServiceEx.exe.25.dr, W10_17763RegHlper.dll.16.dr, nsg1C41.tmp.0.dr, W10_17763RegHlper.dll.24.dr, W10_17763RegHlper.dll.0.drString found in binary or memory: http://sv.symcd.com0&
Source: UACHlper.exe.25.dr, W10_17763RegHlper.dll.24.dr, W10_17763RegHlper.dll.0.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: UACHlper.exe.25.dr, W10_17763RegHlper.dll.24.dr, W10_17763RegHlper.dll.0.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: UACHlper.exe.25.dr, W10_17763RegHlper.dll.24.dr, W10_17763RegHlper.dll.0.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: Alcohol120_trial_2.1.1.1019.exe, 00000000.00000003.1525184514.00000000005C8000.00000004.00000020.00020000.00000000.sdmp, Alcohol120_trial_2.1.1.1019.exe, 00000000.00000003.1525469195.00000000039FC000.00000004.00000800.00020000.00000000.sdmp, Alcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1533593477.000000000270E000.00000004.00000800.00020000.00000000.sdmp, Alcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1531916915.00000000004E0000.00000004.00000020.00020000.00000000.sdmp, Alcohol120_trial_2.1.1.1019.exe, 00000010.00000003.1698971628.000000000055D000.00000004.00000020.00020000.00000000.sdmp, Alcohol120_trial_2.1.1.1019.exe, 00000018.00000003.2143049815.00000000006ED000.00000004.00000020.00020000.00000000.sdmp, 7zG.exe, 00000019.00000002.2441540918.000001BAEEDCB000.00000004.00000020.00020000.00000000.sdmp, nso7B63.tmp.24.dr, nsfCAF0.tmp.16.dr, nsg1C41.tmp.0.drString found in binary or memory: http://www.120search.com/terms.html
Source: nsg1C41.tmp.0.drString found in binary or memory: http://www.alcohol-soft.com/
Source: nsg1C41.tmp.0.drString found in binary or memory: http://www.alcohol-soft.com/hpdskflt.php
Source: Alcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1533593477.000000000270E000.00000004.00000800.00020000.00000000.sdmp, Alcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1531916915.00000000004E0000.00000004.00000020.00020000.00000000.sdmp, Alcohol120_trial_2.1.1.1019.exe, 00000010.00000003.1698971628.000000000055D000.00000004.00000020.00020000.00000000.sdmp, Alcohol120_trial_2.1.1.1019.exe, 00000018.00000003.2143049815.00000000006ED000.00000004.00000020.00020000.00000000.sdmp, 7zG.exe, 00000019.00000002.2441540918.000001BAEEDCB000.00000004.00000020.00020000.00000000.sdmp, nso7B63.tmp.24.dr, nsfCAF0.tmp.16.dr, nsg1C41.tmp.0.drString found in binary or memory: http://www.alcohol-soft.com/hpdskflt.phpopen
Source: Alcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1533593477.000000000270E000.00000004.00000800.00020000.00000000.sdmp, Alcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1531916915.00000000004E0000.00000004.00000020.00020000.00000000.sdmp, Alcohol120_trial_2.1.1.1019.exe, 00000010.00000003.1698971628.000000000055D000.00000004.00000020.00020000.00000000.sdmp, Alcohol120_trial_2.1.1.1019.exe, 00000018.00000003.2143049815.00000000006ED000.00000004.00000020.00020000.00000000.sdmp, 7zG.exe, 00000019.00000002.2441540918.000001BAEEDCB000.00000004.00000020.00020000.00000000.sdmp, nso7B63.tmp.24.dr, nsfCAF0.tmp.16.dr, nsg1C41.tmp.0.drString found in binary or memory: http://www.alcohol-soft.com/images/a_logo_144x140.png
Source: nsg1C41.tmp.0.drString found in binary or memory: http://www.alcohol-soft.com/install.php?pid=Alcohol120_trial__2.1.1.1019&SFA=
Source: Alcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1533593477.000000000270E000.00000004.00000800.00020000.00000000.sdmp, Alcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1531916915.00000000004E0000.00000004.00000020.00020000.00000000.sdmp, Alcohol120_trial_2.1.1.1019.exe, 00000010.00000003.1698971628.000000000055D000.00000004.00000020.00020000.00000000.sdmp, Alcohol120_trial_2.1.1.1019.exe, 00000018.00000003.2143049815.00000000006ED000.00000004.00000020.00020000.00000000.sdmp, 7zG.exe, 00000019.00000002.2441540918.000001BAEEDCB000.00000004.00000020.00020000.00000000.sdmp, nso7B63.tmp.24.dr, nsfCAF0.tmp.16.dr, nsg1C41.tmp.0.drString found in binary or memory: http://www.alcohol-soft.com/open
Source: 7zG.exe, 00000019.00000002.2439672212.000001BAED4B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.autoitscript.com/autoit3
Source: svchost.exe, 00000008.00000002.1461600399.000001698E613000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.bingmapsportal.com
Source: lum_sdk32.dll.25.drString found in binary or memory: http://www.codeplex.com/DotNetZip
Source: 7zG.exe, 00000019.00000002.2447681599.000001BAF11A3000.00000004.00000020.00020000.00000000.sdmp, net_updater32.exe.25.dr, lum_sdk32.dll.25.drString found in binary or memory: http://www.digicert.com/CPS0
Source: nsg1C41.tmp.0.drString found in binary or memory: http://www.duplexsecure.com/
Source: nsg1C41.tmp.0.drString found in binary or memory: http://www.filefacts.net/redirect.php?
Source: Alcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1533593477.000000000270E000.00000004.00000800.00020000.00000000.sdmp, Alcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1531916915.00000000004E0000.00000004.00000020.00020000.00000000.sdmp, Alcohol120_trial_2.1.1.1019.exe, 00000010.00000003.1698971628.000000000055D000.00000004.00000020.00020000.00000000.sdmp, Alcohol120_trial_2.1.1.1019.exe, 00000018.00000003.2143049815.00000000006ED000.00000004.00000020.00020000.00000000.sdmp, 7zG.exe, 00000019.00000002.2441540918.000001BAEEDCB000.00000004.00000020.00020000.00000000.sdmp, nso7B63.tmp.24.dr, nsfCAF0.tmp.16.dr, nsg1C41.tmp.0.drString found in binary or memory: http://www.filefacts.net/redirect.php?ext=%s
Source: Alcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1533593477.000000000270E000.00000004.00000800.00020000.00000000.sdmp, Alcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1531916915.00000000004E0000.00000004.00000020.00020000.00000000.sdmp, Alcohol120_trial_2.1.1.1019.exe, 00000010.00000003.1698971628.000000000055D000.00000004.00000020.00020000.00000000.sdmp, Alcohol120_trial_2.1.1.1019.exe, 00000018.00000003.2143049815.00000000006ED000.00000004.00000020.00020000.00000000.sdmp, 7zG.exe, 00000019.00000002.2441540918.000001BAEEDCB000.00000004.00000020.00020000.00000000.sdmp, nso7B63.tmp.24.dr, nsfCAF0.tmp.16.dr, nsg1C41.tmp.0.drString found in binary or memory: http://www.filefacts.net/redirect.php?lang=%04x&ext=%s
Source: Alcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1533593477.000000000270E000.00000004.00000800.00020000.00000000.sdmp, Alcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1531916915.00000000004E0000.00000004.00000020.00020000.00000000.sdmp, Alcohol120_trial_2.1.1.1019.exe, 00000010.00000003.1698971628.000000000055D000.00000004.00000020.00020000.00000000.sdmp, Alcohol120_trial_2.1.1.1019.exe, 00000018.00000003.2143049815.00000000006ED000.00000004.00000020.00020000.00000000.sdmp, 7zG.exe, 00000019.00000002.2441540918.000001BAEEDCB000.00000004.00000020.00020000.00000000.sdmp, nso7B63.tmp.24.dr, nsfCAF0.tmp.16.dr, nsg1C41.tmp.0.drString found in binary or memory: http://www.filefacts.net/redirect.php?lang=%04x&ext=%shttp://www.filefacts.net/redirect.php?ext=%s
Source: Alcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1533593477.000000000270E000.00000004.00000800.00020000.00000000.sdmp, Alcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1531570592.0000000000409000.00000004.00000001.01000000.00000003.sdmp, SPTD2inst.exe, 00000006.00000000.1343326394.00007FF7E4556000.00000002.00000001.01000000.0000000F.sdmp, 7zG.exe, 00000019.00000002.2442500190.000001BAEEDFC000.00000004.00000020.00020000.00000000.sdmp, SPTDinst.exe.25.dr, nso7B63.tmp.24.dr, sptd2.sys.6.dr, nsfCAF0.tmp.16.dr, SPTD2inst.exe.25.dr, SPTDIntf.dll.0.dr, nsg1C41.tmp.0.dr, SPTDIntf.dll.25.dr, SPTD2inst.exe.0.dr, SPTDIntf.dll0.25.drString found in binary or memory: http://www.globalsign.net/repository/03
Source: Alcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1533593477.000000000270E000.00000004.00000800.00020000.00000000.sdmp, 7zG.exe, 00000019.00000002.2458405645.000001BAF1639000.00000004.00000020.00020000.00000000.sdmp, 7zG.exe, 00000019.00000002.2447681599.000001BAF11A3000.00000004.00000020.00020000.00000000.sdmp, 7zG.exe, 00000019.00000002.2443082516.000001BAEF32F000.00000004.00000020.00020000.00000000.sdmp, AxtraWd.dll.25.dr, nso7B63.tmp.24.dr, DevSupp.dll.25.dr, AxCmd.exe.25.dr, nsfCAF0.tmp.16.dr, AxAHCIServiceEx.exe.25.dr, W10_17763RegHlper.dll.16.dr, nsg1C41.tmp.0.dr, W10_17763RegHlper.dll.24.dr, W10_17763RegHlper.dll.0.drString found in binary or memory: http://www.symauth.com/cps0(
Source: Alcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1533593477.000000000270E000.00000004.00000800.00020000.00000000.sdmp, 7zG.exe, 00000019.00000002.2458405645.000001BAF1639000.00000004.00000020.00020000.00000000.sdmp, 7zG.exe, 00000019.00000002.2447681599.000001BAF11A3000.00000004.00000020.00020000.00000000.sdmp, 7zG.exe, 00000019.00000002.2443082516.000001BAEF32F000.00000004.00000020.00020000.00000000.sdmp, AxtraWd.dll.25.dr, nso7B63.tmp.24.dr, DevSupp.dll.25.dr, AxCmd.exe.25.dr, nsfCAF0.tmp.16.dr, AxAHCIServiceEx.exe.25.dr, W10_17763RegHlper.dll.16.dr, nsg1C41.tmp.0.dr, W10_17763RegHlper.dll.24.dr, W10_17763RegHlper.dll.0.drString found in binary or memory: http://www.symauth.com/rpa00
Source: svchost.exe, 00000004.00000002.2441101764.00000186F7641000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://%s.dnet.xboxlive.com
Source: svchost.exe, 00000004.00000002.2441101764.00000186F7641000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://%s.xboxlive.com
Source: svchost.exe, 00000004.00000002.2441101764.00000186F7641000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000002.2440547697.00000186F762B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000002.2442338679.00000186F7670000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://activity.windows.com
Source: svchost.exe, 00000008.00000003.1460033766.000001698E648000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1459902320.000001698E646000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://appexmapsappupdate.blob.core.windows.net
Source: svchost.exe, 00000004.00000002.2441101764.00000186F7641000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bn2-df.notify.windows.com/v2/register/xplatform/device
Source: net_updater32.exe.25.dr, lum_sdk32.dll.25.drString found in binary or memory: https://brightdata.com/faq#accepted_usage?
Source: net_updater32.exe.25.dr, lum_sdk32.dll.25.drString found in binary or memory: https://brightdata.com/faq#lum-peers?
Source: net_updater32.exe.25.dr, lum_sdk32.dll.25.drString found in binary or memory: https://brightdata.com/legal/sdk-privacy?
Source: net_updater32.exe.25.dr, lum_sdk32.dll.25.drString found in binary or memory: https://brightdata.com/sdk/faq#sdk_app_connect?
Source: Alcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1533593477.000000000270E000.00000004.00000800.00020000.00000000.sdmp, 7zG.exe, 00000019.00000002.2458405645.000001BAF1639000.00000004.00000020.00020000.00000000.sdmp, 7zG.exe, 00000019.00000002.2447681599.000001BAF11A3000.00000004.00000020.00020000.00000000.sdmp, 7zG.exe, 00000019.00000002.2443082516.000001BAEF32F000.00000004.00000020.00020000.00000000.sdmp, AxtraWd.dll.25.dr, nso7B63.tmp.24.dr, DevSupp.dll.25.dr, AxCmd.exe.25.dr, nsfCAF0.tmp.16.dr, AxAHCIServiceEx.exe.25.dr, W10_17763RegHlper.dll.16.dr, nsg1C41.tmp.0.dr, W10_17763RegHlper.dll.24.dr, W10_17763RegHlper.dll.0.drString found in binary or memory: https://d.symcb.com/cps0%
Source: Alcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1533593477.000000000270E000.00000004.00000800.00020000.00000000.sdmp, 7zG.exe, 00000019.00000002.2458405645.000001BAF1639000.00000004.00000020.00020000.00000000.sdmp, 7zG.exe, 00000019.00000002.2447681599.000001BAF11A3000.00000004.00000020.00020000.00000000.sdmp, 7zG.exe, 00000019.00000002.2443082516.000001BAEF32F000.00000004.00000020.00020000.00000000.sdmp, AxtraWd.dll.25.dr, nso7B63.tmp.24.dr, DevSupp.dll.25.dr, AxCmd.exe.25.dr, nsfCAF0.tmp.16.dr, AxAHCIServiceEx.exe.25.dr, W10_17763RegHlper.dll.16.dr, nsg1C41.tmp.0.dr, W10_17763RegHlper.dll.24.dr, W10_17763RegHlper.dll.0.drString found in binary or memory: https://d.symcb.com/rpa0
Source: svchost.exe, 00000008.00000003.1459902320.000001698E646000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.1461892365.000001698E649000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/V1/MapControlConfiguration/native/
Source: svchost.exe, 00000008.00000003.1459960151.000001698E645000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.1462146805.000001698E673000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.1461706501.000001698E62B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1459576112.000001698E669000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1459220051.000001698E671000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/v1/Imagery/Copyright/
Source: svchost.exe, 00000008.00000003.1460133276.000001698E65C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/v1/JsonFilter/VenueMaps/data/
Source: svchost.exe, 00000008.00000003.1460033766.000001698E648000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1459902320.000001698E646000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/v1/Locations
Source: svchost.exe, 00000008.00000003.1459636917.000001698E663000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/v1/Routes/
Source: svchost.exe, 00000008.00000003.1460133276.000001698E65C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/v1/Traffic/Incidents/
Source: svchost.exe, 00000008.00000003.1459576112.000001698E669000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1459220051.000001698E671000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/v1/Transit/Schedules/
Source: svchost.exe, 00000008.00000002.1462146805.000001698E673000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1459576112.000001698E669000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1459220051.000001698E671000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/v1/Transit/Stops/
Source: svchost.exe, 00000008.00000003.1460033766.000001698E648000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1459902320.000001698E646000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.ditu.live.com/mapcontrol/logging.ashx
Source: svchost.exe, 00000008.00000002.1461706501.000001698E62B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Imagery/Copyright/
Source: svchost.exe, 00000008.00000003.1460133276.000001698E65C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/JsonFilter/VenueMaps/data/
Source: svchost.exe, 00000008.00000003.1460033766.000001698E648000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1459902320.000001698E646000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Locations
Source: svchost.exe, 00000008.00000003.1459636917.000001698E663000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.1461706501.000001698E62B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/
Source: svchost.exe, 00000008.00000003.1460033766.000001698E648000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1459902320.000001698E646000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/Driving
Source: svchost.exe, 00000008.00000003.1460033766.000001698E648000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1459902320.000001698E646000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/Transit
Source: svchost.exe, 00000008.00000003.1460033766.000001698E648000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1459902320.000001698E646000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/Walking
Source: svchost.exe, 00000008.00000002.1461706501.000001698E62B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Traffic/Incidents/
Source: svchost.exe, 00000008.00000003.1460289271.000001698E641000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.1461867097.000001698E642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Transit/Schedules/
Source: svchost.exe, 00000008.00000003.1459576112.000001698E669000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Transit/Stops/
Source: svchost.exe, 00000008.00000003.1460033766.000001698E648000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1459902320.000001698E646000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/mapcontrol/logging.ashx
Source: svchost.exe, 00000008.00000003.1459636917.000001698E663000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1459902320.000001698E646000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.1461996142.000001698E664000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/webservices/v1/LoggingService/LoggingService.svc/Log?
Source: svchost.exe, 00000008.00000003.1459326475.000001698E64F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gd?pv=1&r=
Source: svchost.exe, 00000008.00000003.1459220051.000001698E671000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gdi?pv=1&r=
Source: svchost.exe, 00000008.00000003.1459636917.000001698E663000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.1461996142.000001698E664000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gdv?pv=1&r=
Source: svchost.exe, 00000008.00000003.1459960151.000001698E645000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1459750239.000001698E660000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gri?pv=1&r=
Source: svchost.exe, 00000008.00000003.1459220051.000001698E671000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dynamic.t
Source: svchost.exe, 00000008.00000003.1460033766.000001698E648000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1459902320.000001698E646000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dynamic.t0.tiles.ditu.live.com/comp/gen.ashx
Source: svchost.exe, 00000008.00000003.1357822076.000001698E636000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ecn.dev.virtualearth.net/REST/V1/MapControlConfiguration/native/
Source: svchost.exe, 00000008.00000003.1459636917.000001698E663000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.1461706501.000001698E62B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1459576112.000001698E669000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ecn.dev.virtualearth.net/REST/v1/Imagery/Copyright/
Source: svchost.exe, 00000008.00000003.1459576112.000001698E669000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ecn.dev.virtualearth.net/mapcontrol/roadshield.ashx?bucket=
Source: svchost.exe, 00000003.00000003.1209247666.000002AA1CA92000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.3.drString found in binary or memory: https://g.live.com/1rewlive5skydrive/OneDriveProduction?OneDriveUpdate=8832247681fc94bb89bb92977c3-C
Source: svchost.exe, 00000003.00000003.1209247666.000002AA1CA92000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.3.drString found in binary or memory: https://g.live.com/1rewlive5skydrive/OneDriveProduction?OneDriveUpdate=a8436e7320e39c903a35da9b911
Source: svchost.exe, 00000003.00000003.1209053117.000002AA1CA7B000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.3.drString found in binary or memory: https://g.live.com/1rewlive5skydrive/OneDriveProduction?OneDriveUpdate=f48c47f7803b912ab9b4c1a01f72
Source: qmgr.db.3.drString found in binary or memory: https://g.live.com/odclientsettings/Prod
Source: svchost.exe, 00000003.00000003.1209247666.000002AA1CA92000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000003.00000003.1208953641.000002AA1CA73000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000003.00000003.1208730670.000002AA1CA37000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.3.drString found in binary or memory: https://g.live.com/odclientsettings/Prod-C:
Source: svchost.exe, 00000003.00000003.1209247666.000002AA1CA92000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.3.drString found in binary or memory: https://g.live.com/odclientsettings/Prod?OneDriveUpdate=60c3c2b058b5ae1621bf716ac53a-C:
Source: net_updater32.exe.25.dr, lum_sdk32.dll.25.drString found in binary or memory: https://github.com/dotnet/corefx/tree/30ab651fcb4354552bd4891619a0bdd81e0ebdbf
Source: net_updater32.exe.25.dr, lum_sdk32.dll.25.drString found in binary or memory: https://github.com/dotnet/corefx/tree/30ab651fcb4354552bd4891619a0bdd81e0ebdbf8
Source: svchost.exe, 00000004.00000002.2441101764.00000186F7641000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://global.notify.windows.com/v2/register/xplatform/device
Source: svchost.exe, 00000003.00000003.1209053117.000002AA1CA7B000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.3.drString found in binary or memory: https://oneclient.sfx.ms/Win/Prod/21.073.0411.0002/OneDriveSetup.exe
Source: svchost.exe, 00000003.00000003.1208730670.000002AA1CA37000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oneclient.sfx.ms/Win/Prod/21.073.0411.0002/OneDriveSetup.exe-C:
Source: svchost.exe, 00000003.00000003.1209247666.000002AA1CA92000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.3.drString found in binary or memory: https://oneclient.sfx.ms/Win/Prod/21.083.0425.0003/OneDriveSetup.exe
Source: 7zG.exe, 00000019.00000002.2447681599.000001BAF11A3000.00000004.00000020.00020000.00000000.sdmp, Alcohol120_trial_2.1.1.1019.exe, net_updater32.exe.25.dr, AXLumSDKHlper.exe.25.dr, lum_sdk32.dll.25.drString found in binary or memory: https://sectigo.com/CPS0
Source: Alcohol120_trial_2.1.1.1019.exe, AXLumSDKHlper.exe.25.drString found in binary or memory: https://sectigo.com/CPS0D
Source: 7zG.exe, 00000019.00000002.2439672212.000001BAED4B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org
Source: svchost.exe, 00000008.00000003.1460289271.000001698E641000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/comp/gen.ashx
Source: svchost.exe, 00000008.00000002.1461842039.000001698E63F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gd?pv=1&r=
Source: svchost.exe, 00000008.00000003.1460194805.000001698E644000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1459902320.000001698E646000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdi?pv=1&r=
Source: svchost.exe, 00000008.00000003.1357822076.000001698E636000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdv?pv=1&r=
Source: svchost.exe, 00000008.00000002.1461706501.000001698E62B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gri?pv=1&r=
Source: svchost.exe, 00000008.00000003.1460033766.000001698E648000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1459902320.000001698E646000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t0.ssl.ak.tiles.virtualearth.net/tiles/gen
Source: svchost.exe, 00000008.00000003.1460194805.000001698E644000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1459902320.000001698E646000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiles.virtualearth.net/tiles/cmd/StreetSideBubbleMetaData?north=
Source: 7zG.exe, 00000019.00000002.2447681599.000001BAF11A3000.00000004.00000020.00020000.00000000.sdmp, net_updater32.exe.25.dr, lum_sdk32.dll.25.drString found in binary or memory: https://www.digicert.com/CPS0
Source: nsg1C41.tmp.0.dr, SPTDIntf.dll.25.dr, Alcoholx.dll.25.dr, SPTD2inst.exe.0.dr, imgengine.dll.25.dr, SPTDIntf.dll0.25.drString found in binary or memory: https://www.globalsign.com/repository/0
Source: Alcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1533593477.000000000270E000.00000004.00000800.00020000.00000000.sdmp, 7zG.exe, 00000019.00000002.2458405645.000001BAF1639000.00000004.00000020.00020000.00000000.sdmp, 7zG.exe, 00000019.00000002.2447681599.000001BAF11A3000.00000004.00000020.00020000.00000000.sdmp, 7zG.exe, 00000019.00000002.2444387632.000001BAEF3B9000.00000004.00000020.00020000.00000000.sdmp, 7zG.exe, 00000019.00000002.2443082516.000001BAEF32F000.00000004.00000020.00020000.00000000.sdmp, 7zG.exe, 00000019.00000002.2442500190.000001BAEEDFC000.00000004.00000020.00020000.00000000.sdmp, SPTDinst.exe.25.dr, nso7B63.tmp.24.dr, nsfCAF0.tmp.16.dr, SPTDIntf.dll.0.dr, nsg1C41.tmp.0.dr, SPTDIntf.dll.25.dr, Alcoholx.dll.25.dr, imgengine.dll.25.dr, SPTDIntf.dll0.25.drString found in binary or memory: https://www.globalsign.com/repository/03
Source: Alcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1533593477.000000000270E000.00000004.00000800.00020000.00000000.sdmp, Alcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1531570592.0000000000409000.00000004.00000001.01000000.00000003.sdmp, SPTD2inst.exe, 00000006.00000000.1343326394.00007FF7E4556000.00000002.00000001.01000000.0000000F.sdmp, SPTD2inst.exe, 00000006.00000003.1348098962.00000292B902A000.00000004.00000020.00020000.00000000.sdmp, 7zG.exe, 00000019.00000002.2442500190.000001BAEEDFC000.00000004.00000020.00020000.00000000.sdmp, SPTDinst.exe.25.dr, nso7B63.tmp.24.dr, sptd2.sys.6.dr, nsfCAF0.tmp.16.dr, SPTD2inst.exe.25.dr, SPTDIntf.dll.0.dr, nsg1C41.tmp.0.dr, SPTDIntf.dll.25.dr, SPTD2inst.exe.0.dr, SPTDIntf.dll0.25.drString found in binary or memory: https://www.globalsign.com/repository/06
Source: 7zG.exe, 00000019.00000002.2439672212.000001BAED4B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org
Source: 7zG.exe, 00000019.00000002.2439672212.000001BAED4B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/88.0.1/releasenotes
Source: 7zG.exe, 00000019.00000002.2447681599.000001BAF11A3000.00000004.00000020.00020000.00000000.sdmp, net_updater32.exe.25.drString found in binary or memory: https://www.newtonsoft.com/json
Source: net_updater32.exe.25.drString found in binary or memory: https://www.newtonsoft.com/jsonschema
Source: 7zG.exe, 00000019.00000002.2447681599.000001BAF11A3000.00000004.00000020.00020000.00000000.sdmp, net_updater32.exe.25.drString found in binary or memory: https://www.nuget.org/packages/Newtonsoft.Json.Bson
Source: unknownDNS traffic detected: queries for: support.alcohol-soft.com
Source: global trafficHTTP traffic detected: GET /display_trial_fe_adpage_in_intaller.php HTTP/1.1User-Agent: NSIS_Inetc (Mozilla)Host: support.alcohol-soft.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /install_special_page.php?ref=A120T HTTP/1.1User-Agent: NSIS_Inetc (Mozilla)Host: support.alcohol-soft.comConnection: Keep-AliveCache-Control: no-cache

System Summary

barindex
Malicious sample detected (through community Yara rule)
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\lumsdk\net_updater32.exe, type: DROPPEDMatched rule: misc_pos Author: @patrickrolsen
PE file has a writeable .text section
Source: SetupHlp.dll.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: SetupHlp.dll.16.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: SetupHlp.dll.24.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: SetupHlp.dll.25.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Alcoholx.dll.25.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: Alcohol120_trial_2.1.1.1019.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: C:\Users\user\AppData\Local\Temp\SPTD2inst.exeFile created: C:\Windows\System32\Drivers\sptd2.sysJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\lumsdk\net_updater32.exe, type: DROPPEDMatched rule: misc_pos author = @patrickrolsen, reference = POS Malware
Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmpJump to behavior
Source: SPTD2inst.exe.0.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (native) x86-64, for MS Windows
Source: SPTD2inst.exe.25.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (native) Intel 80386, for MS Windows
Source: lum_sdk32.dll.25.drStatic PE information: Resource name: BINARY type: PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Source: lum_sdk32.dll.25.drStatic PE information: Resource name: BINARY type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Source: lum_sdk32.dll.25.drStatic PE information: Resource name: BINARY type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Source: net_updater32.exe.25.drStatic PE information: Resource name: BINARY type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Source: Alcohol.exe.25.drStatic PE information: Resource name: RT_STRING type: DOS executable (COM)
Source: Alcohol.exe.25.drStatic PE information: Resource name: RT_STRING type: COM executable for DOS
Source: AxSwindHlp.dll.25.drStatic PE information: Resource name: RT_STRING type: COM executable for DOS
Source: Alcoholx.dll.25.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (native) Intel 80386, for MS Windows
Source: Alcoholx.dll.25.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (native) x86-64, for MS Windows
Source: AxtraWd.dll.25.drStatic PE information: Resource name: RT_BITMAP type: COM executable for DOS
Source: Alcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1533593477.000000000270E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesptd.sysR vs Alcohol120_trial_2.1.1.1019.exe
Source: Alcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1533593477.000000000270E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesptdinst.exeR vs Alcohol120_trial_2.1.1.1019.exe
Source: Alcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1533593477.000000000270E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesptd2inst.exeR vs Alcohol120_trial_2.1.1.1019.exe
Source: Alcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1533593477.000000000270E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesptd2.sysR vs Alcohol120_trial_2.1.1.1019.exe
Source: Alcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1533593477.000000000270E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesptdintf.dllR vs Alcohol120_trial_2.1.1.1019.exe
Source: Alcohol120_trial_2.1.1.1019.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: Alcohol120_trial_2.1.1.1019.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: SPTD2inst.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: SPTDinst.exe.25.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: SPTD2inst.exe.25.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: lum_sdk32.dll.25.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: Alcohol.exe.25.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: Alcohol.exe.25.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: AxShlRes.dll.25.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: AxShlRes.dll.25.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: AxShlRes.dll.25.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: AxShlRes.dll.25.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: AxShlRes.dll.25.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: AxShlRes.dll.25.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: AxShlRes.dll.25.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: AxShlRes.dll.25.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: AxShlRes.dll.25.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: AxShlRes.dll.25.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: AxShlRes.dll.25.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: AxShlRes.dll.25.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: AxShlRes.dll.25.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: AxShlRes.dll.25.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: AxShlRes.dll.25.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: AxShlRes.dll.25.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: AxShlRes.dll.25.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: AxShlRes.dll.25.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: AxShlRes.dll.25.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: AxShlRes.dll.25.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: AxShlRes.dll.25.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: AxShlRes.dll.25.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: AxShlRes.dll.25.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: AxShlRes.dll.25.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: AxShlRes.dll.25.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: AxShlRes.dll.25.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: C:\Windows\System32\svchost.exeSection loaded: cdpsgshims.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: wmi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SPTD2inst.exeFile created: C:\Windows\System32\Drivers\sptd2.sysJump to behavior
Source: AxShlExHlper.exe.25.drStatic PE information: Section: UPX1 ZLIB complexity 0.9943769904458599
Source: Alcohol.exe.25.drStatic PE information: Section: SSE2 ZLIB complexity 0.9993558636476633
Source: DPM.dll.25.drStatic PE information: Section: UPX1 ZLIB complexity 0.9892711900684932
Source: DPMChart.dll.25.drStatic PE information: Section: UPX1 ZLIB complexity 0.9966781695272021
Source: AxSwindHlp.dll.25.drStatic PE information: Section: UPX1 ZLIB complexity 0.994308909921671
Source: AxXMLPoster.exe.25.drStatic PE information: Section: UPX1 ZLIB complexity 0.9956221064814815
Source: AxtraWd.dll.25.drStatic PE information: Section: UPX1 ZLIB complexity 0.9977099910164271
Source: Alcohol120_trial_2.1.1.1019.exeReversingLabs: Detection: 61%
Source: Alcohol120_trial_2.1.1.1019.exeVirustotal: Detection: 57%
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeFile read: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeJump to behavior
Source: Alcohol120_trial_2.1.1.1019.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exe "C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exe"
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k LocalService -p -s CDPSvc
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeProcess created: C:\Users\user\AppData\Local\Temp\SPTD2inst.exe "C:\Users\user\AppData\Local\Temp\SPTD2inst.exe" add /q
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k NetworkService -p -s DoSvc
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k NetworkService -p
Source: unknownProcess created: C:\Windows\System32\SgrmBroker.exe C:\Windows\system32\SgrmBroker.exe
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k netsvcs -p -s UsoSvc
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k UnistackSvcGroup
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s wscsvc
Source: unknownProcess created: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exe "C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exe"
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k netsvcs -p -s lfsvc
Source: unknownProcess created: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exe "C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exe"
Source: unknownProcess created: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exe "C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exe"
Source: unknownProcess created: C:\Program Files\7-Zip\7zG.exe "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\" -spe -an -ai#7zMap26653:116:7zEvent29920
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeProcess created: C:\Users\user\AppData\Local\Temp\SPTD2inst.exe "C:\Users\user\AppData\Local\Temp\SPTD2inst.exe" add /qJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CE8D676K\display_trial_fe_adpage_in_intaller[1].htmJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeFile created: C:\Users\user\AppData\Local\Temp\nsl1C11.tmpJump to behavior
Source: nsg1C41.tmp.0.drBinary string: %ws%d\Driver\\DEVICE\\??\\Device\%wsSPTD2not ignoredignoredcdromtape
Source: nsg1C41.tmp.0.drBinary string: \Device\sptd2\DosDevices\sptd2U
Source: SPTD2inst.exe.0.drBinary string: \Device\%ws
Source: net_updater32.exe.25.drBinary string: AMA.M.PMP.M.DSTJANUARYFEBRUARYMARCHAPRILMAYJUNEJULYAUGUSTSEPTEMBERSEPTOCTOBERNOVEMBERDECEMBERSUNDAYMONDAYTUESDAYTUESWEDNESDAYWEDNESTHURSDAYTHURTHURSFRIDAYSATURDAYYEARMONTHFORTNIGHTWEEKDAYHOURMINUTEMINSECONDSECTOMORROWYESTERDAYTODAYNOWLASTTHISNEXTFIRSTTHIRDFOURTHFIFTHSIXTHSEVENTHEIGHTHNINTHTENTHELEVENTHTWELFTHAGOGMTUTUTCWETWESTBSTARTBRTBRSTNSTNDTASTADTCLTCLSTESTEDTCSTCDTMSTMDTPSTPDTAKSTAKDTHSTHASTHADTSSTWATCETCESTMETMEZMESTMESZEETEESTCATSASTEATMSKMSDISTSGTKSTJSTGSTNZSTNZDTBCDEGHIKLMNOPQSUVXYZTZ\Device\Afd\AsyncSelectHlpfailed to open afd handlefailed to set fd 0x%xfailed UnregisterWait fd%d %mfailed RegisterWaitForSingleObject fd%dwrong vsock type 0x%x fd%dMsgWaitForMultipleObjects failed %mepoll_win32BIO testpools_uninit: sz %d != n %dpools_uninit: memory leak %d allocated elmejob already openedejob not openedejob already closedejob not in queuer%d)
Source: SPTD2inst.exe.0.drBinary string: \Device\sptd2\DosDevices\sptd2L
Source: SPTD2inst.exe.0.drBinary string: \DEVICE\
Source: net_updater32.exe.25.drBinary string: \Device\Afd\AsyncSelectHlp
Source: classification engineClassification label: mal60.evad.winEXE@17/76@1/2
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeMutant created: \Sessions\1\BaseNamedObjects\Global\0d79c293c1ed61418462e24595c90d04install
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeMutant created: \Sessions\1\BaseNamedObjects\Global\0d79c293c1ed61418462e24595c90d04uninstall
Source: C:\Users\user\AppData\Local\Temp\SPTD2inst.exeMutant created: \Sessions\1\BaseNamedObjects\Global\sptd2_setup_mutex
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeFile written: C:\Users\user\AppData\Local\Temp\nsg1C42.tmp\_InstUpdateOption.iniJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\System32\svchost.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\System32\svchost.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeWindow detected: < &BackI &AgreeCancelAlcohol Soft Development Team Alcohol Soft Development TeamLicense AgreementPlease review the license terms before installing Alcohol 120%.Press Page Down to see the rest of the agreement.License AgreementEULA revision December 2012IMPORTANT - READ CAREFULLY: Note: This software contains measures to check if it is a legitimate version of our software. If these checks ascertain that the version in use has been altered in anyway from the originalCertain aspects of the software will fail to function correctly; this can also lead to an instability or failure of your system.Alcohol Soft is not liable for any problems that occur from using a non legal version of the software.Alcohol Soft is under no obligation to offer help or advice on how to remedy any problems that occur through using a non legal version of the software. This End-User License Agreement is a legal agreement between you (either an individual or a single entity) and Alcohol Soft for the software product identified above which includes computer software and may include associated media printed materials and "online" or electronic documentation ("SOFTWARE PRODUCT"). By installing copying or otherwise using the SOFTWARE PRODUCT you agree to be bound by the terms of this LICENSE AGREEMENT. If you do not agree to the terms of this LICENSE AGREEMENT do not install or use the SOFTWARE PRODUCT. License conditionsNo part of the software or the manual may be multiplied disseminated or processed in any way without the written consent of Alcohol Soft. Violations of these conditions will be prosecuted in every case. The use of the software is done at your own risk. The manufacturer and developer accept no liability for any damages either as direct or indirect consequence of the use of this product or software. Only observance of these conditions allows you to use the hardware and software in your computer system. All rights reserved. Software Copyright (C) 2002-2012 Alcohol Soft Development TeamSOFTWARE PRODUCT LICENSE The SOFTWARE PRODUCT is protected by copyright laws and international copyright treaties as well as other intellectual property laws and treaties. The SOFTWARE PRODUCT is licensed not sold. This also applies to demo versions. GRANT OF LICENSE. This LICENSE AGREEMENT grants you the following rights: Applications SoftwareYou may install and use one copy of the SOFTWARE PRODUCT or any prior version for the same operating system on a single computer. The primary user of the computer on which the SOFTWARE PRODUCT is installed may make a second copy for his or her exclusive use. Storage/Network UseYou may also store or install a copy of the SOFTWARE PRODUCT on a storage device such as a network server used only to install or run the SOFTWARE PRODUCT on your other computers over an internal network; however you must acquire and dedicate a license for each separate computer on which the SOFTWARE PRODUCT is installed or run from the storage device. A license for the SOFTW
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeWindow detected: < &Back&Next >CancelAlcohol Soft Development Team Alcohol Soft Development TeamLicense AgreementPlease review the license terms before installing Alcohol 120%.Press Page Down to see the rest of the agreement.License AgreementEULA revision December 2012IMPORTANT - READ CAREFULLY: Note: This software contains measures to check if it is a legitimate version of our software. If these checks ascertain that the version in use has been altered in anyway from the originalCertain aspects of the software will fail to function correctly; this can also lead to an instability or failure of your system.Alcohol Soft is not liable for any problems that occur from using a non legal version of the software.Alcohol Soft is under no obligation to offer help or advice on how to remedy any problems that occur through using a non legal version of the software. This End-User License Agreement is a legal agreement between you (either an individual or a single entity) and Alcohol Soft for the software product identified above which includes computer software and may include associated media printed materials and "online" or electronic documentation ("SOFTWARE PRODUCT"). By installing copying or otherwise using the SOFTWARE PRODUCT you agree to be bound by the terms of this LICENSE AGREEMENT. If you do not agree to the terms of this LICENSE AGREEMENT do not install or use the SOFTWARE PRODUCT. License conditionsNo part of the software or the manual may be multiplied disseminated or processed in any way without the written consent of Alcohol Soft. Violations of these conditions will be prosecuted in every case. The use of the software is done at your own risk. The manufacturer and developer accept no liability for any damages either as direct or indirect consequence of the use of this product or software. Only observance of these conditions allows you to use the hardware and software in your computer system. All rights reserved. Software Copyright (C) 2002-2012 Alcohol Soft Development TeamSOFTWARE PRODUCT LICENSE The SOFTWARE PRODUCT is protected by copyright laws and international copyright treaties as well as other intellectual property laws and treaties. The SOFTWARE PRODUCT is licensed not sold. This also applies to demo versions. GRANT OF LICENSE. This LICENSE AGREEMENT grants you the following rights: Applications SoftwareYou may install and use one copy of the SOFTWARE PRODUCT or any prior version for the same operating system on a single computer. The primary user of the computer on which the SOFTWARE PRODUCT is installed may make a second copy for his or her exclusive use. Storage/Network UseYou may also store or install a copy of the SOFTWARE PRODUCT on a storage device such as a network server used only to install or run the SOFTWARE PRODUCT on your other computers over an internal network; however you must acquire and dedicate a license for each separate computer on which the SOFTWARE PRODUCT is installed or run from the storage device. A license for the SOFTWA
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: Alcohol120_trial_2.1.1.1019.exeStatic file information: File size 10163184 > 1048576
Source: Alcohol120_trial_2.1.1.1019.exeStatic PE information: certificate valid
Source: Binary string: alcoholx.pdb source: 7zG.exe, 00000019.00000002.2458405645.000001BAF1639000.00000004.00000020.00020000.00000000.sdmp, Alcoholx.dll.25.dr
Source: Binary string: C:\projects\ipnetwork\src\System.Net.IPNetwork\obj\release\net45\System.Net.IPNetwork.pdb source: net_updater32.exe.25.dr, lum_sdk32.dll.25.dr
Source: Binary string: alcohol.pdbH source: 7zG.exe, 00000019.00000002.2458405645.000001BAF1639000.00000004.00000020.00020000.00000000.sdmp, Alcoholx.dll.25.dr
Source: Binary string: P.pdbZ source: 7zG.exe, 00000019.00000002.2458405645.000001BAF1639000.00000004.00000020.00020000.00000000.sdmp, NapalmBurn.dll.25.dr
Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdb source: 7zG.exe, 00000019.00000002.2447681599.000001BAF11A3000.00000004.00000020.00020000.00000000.sdmp, net_updater32.exe.25.dr
Source: Binary string: c:\cygwin\home\bat\bat\checkout\zon\build.app_win64r\pkg\win\sdk\lum_sdk32.dll.pdb source: net_updater32.exe.25.dr, lum_sdk32.dll.25.dr
Source: Binary string: E:\A\_work\39\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.ValueTuple\netstandard1.0\System.ValueTuple.pdb source: net_updater32.exe.25.dr, lum_sdk32.dll.25.dr
Source: Binary string: C:\Users\Richard\Documents\GitHub\NTFS-Streams\ntfsstreams\Trinet.Core.IO.Ntfs\obj\Release\net35\Trinet.Core.IO.Ntfs.pdb source: 7zG.exe, 00000019.00000002.2447681599.000001BAF11A3000.00000004.00000020.00020000.00000000.sdmp, net_updater32.exe.25.dr
Source: Binary string: c:\cygwin\home\bat\bat\checkout\zon\build.app_win64r\pkg\win\sdk\test_wpf.exe.pdb source: net_updater32.exe.25.dr
Source: Binary string: sptd2.pdb source: Alcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1533593477.000000000270E000.00000004.00000800.00020000.00000000.sdmp, SPTD2inst.exe, 00000006.00000000.1343326394.00007FF7E4556000.00000002.00000001.01000000.0000000F.sdmp, nso7B63.tmp.24.dr, sptd2.sys.6.dr, nsfCAF0.tmp.16.dr, SPTD2inst.exe.25.dr, nsg1C41.tmp.0.dr, SPTD2inst.exe.0.dr
Source: Binary string: C:\projects\dotnetzip-semverd\src\Zip\obj\Release\DotNetZip.pdb source: net_updater32.exe.25.dr, lum_sdk32.dll.25.dr
Source: Binary string: c:\cygwin\home\bat\bat\checkout\zon\build.app_win64r\pkg\win\sdk\lum_sdk_int.dll.pdb source: net_updater32.exe.25.dr, lum_sdk32.dll.25.dr
Source: Binary string: c:\svn\sptd\setup\objfre_wnet_amd64\amd64\SPTDinst.pdb source: Alcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1533593477.000000000270E000.00000004.00000800.00020000.00000000.sdmp, nso7B63.tmp.24.dr, nsfCAF0.tmp.16.dr, nsg1C41.tmp.0.dr
Source: Binary string: SPTD2inst.pdb source: Alcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1533593477.000000000270E000.00000004.00000800.00020000.00000000.sdmp, SPTD2inst.exe, 00000006.00000000.1343130023.00007FF7E4547000.00000002.00000001.01000000.0000000F.sdmp, nso7B63.tmp.24.dr, nsfCAF0.tmp.16.dr, SPTD2inst.exe.25.dr, nsg1C41.tmp.0.dr, SPTD2inst.exe.0.dr
Source: Binary string: c:\cygwin\home\bat\bat\checkout\zon\build.app_win64r\pkg\win\sdk\idle_report.exe.pdb source: net_updater32.exe.25.dr, lum_sdk32.dll.25.dr
Source: Binary string: msvcr120.i386.pdb source: 7zG.exe, 00000019.00000002.2447681599.000001BAF11A3000.00000004.00000020.00020000.00000000.sdmp, net_updater32.exe.25.dr
Source: Binary string: c:\cygwin\home\bat\bat\checkout\zon\build.app_win64r\pkg\win\util\websocket_sharp\WebSocketSharp.dll.pdb source: 7zG.exe, 00000019.00000002.2447681599.000001BAF11A3000.00000004.00000020.00020000.00000000.sdmp, net_updater32.exe.25.dr
Source: Binary string: E:\A\_work\39\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.ValueTuple\netstandard1.0\System.ValueTuple.pdbSHA256 source: net_updater32.exe.25.dr, lum_sdk32.dll.25.dr
Source: Binary string: imgengine.pdb source: 7zG.exe, 00000019.00000002.2447681599.000001BAF11A3000.00000004.00000020.00020000.00000000.sdmp, 7zG.exe, 00000019.00000002.2443082516.000001BAEF32F000.00000004.00000020.00020000.00000000.sdmp, imgengine.dll.25.dr
Source: Binary string: c:\cygwin\home\bat\bat\checkout\zon\build.app_win64r\pkg\win\sdk\lum_sdk32_clr.dll.pdb source: net_updater32.exe.25.dr, lum_sdk32.dll.25.dr
Source: Binary string: alcohol.pdbU source: 7zG.exe, 00000019.00000002.2458405645.000001BAF1639000.00000004.00000020.00020000.00000000.sdmp, Alcoholx.dll.25.dr
Source: Binary string: c:\cygwin\home\bat\bat\checkout\zon\build.app_win64r\pkg\win\util\lum_sdk_util.dll.pdb source: 7zG.exe, 00000019.00000002.2447681599.000001BAF11A3000.00000004.00000020.00020000.00000000.sdmp, net_updater32.exe.25.dr
Source: Binary string: c:\cygwin\home\bat\bat\checkout\zon\build.app_win64r\pkg\win\sdk\lum_sdk_int.dll.pdbr source: net_updater32.exe.25.dr, lum_sdk32.dll.25.dr
Source: Binary string: c:\svn\sptd\setup\objfre_wxp_x86\i386\SPTDinst.pdb source: Alcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1533593477.000000000270E000.00000004.00000800.00020000.00000000.sdmp, SPTDinst.exe.25.dr, nso7B63.tmp.24.dr, nsfCAF0.tmp.16.dr, nsg1C41.tmp.0.dr
Source: Binary string: C:\Documents and Settings\martin\My Documents\Visual Studio 2010\Projects\KillAxShlExHlper\Release\KillAxShlExHlper.pdb source: 7zG.exe, 00000019.00000002.2462678727.000001BAF18B5000.00000004.00000020.00020000.00000000.sdmp, KillAxShlExHlper.exe.25.dr
Source: Binary string: c:\svn\sptd\setup\objfre_wnet_amd64\amd64\SPTDinst.pdbH source: Alcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1533593477.000000000270E000.00000004.00000800.00020000.00000000.sdmp, nso7B63.tmp.24.dr, nsfCAF0.tmp.16.dr, nsg1C41.tmp.0.dr
Source: Binary string: c:\cygwin\home\bat\bat\checkout\zon\build.app_win64r\pkg\win\sdk\net_updater32.exe.pdb source: net_updater32.exe.25.dr
Source: Binary string: alcohol.pdb source: 7zG.exe, 00000019.00000002.2458405645.000001BAF1639000.00000004.00000020.00020000.00000000.sdmp, Alcoholx.dll.25.dr
Source: Binary string: C:\projects\ipnetwork\src\System.Net.IPNetwork\obj\release\net45\System.Net.IPNetwork.pdbSHA256j source: net_updater32.exe.25.dr, lum_sdk32.dll.25.dr
Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA256^Y source: 7zG.exe, 00000019.00000002.2447681599.000001BAF11A3000.00000004.00000020.00020000.00000000.sdmp, net_updater32.exe.25.dr
Source: Binary string: C:\Users\Richard\Documents\GitHub\NTFS-Streams\ntfsstreams\Trinet.Core.IO.Ntfs\obj\Release\net35\Trinet.Core.IO.Ntfs.pdbma source: 7zG.exe, 00000019.00000002.2447681599.000001BAF11A3000.00000004.00000020.00020000.00000000.sdmp, net_updater32.exe.25.dr
Source: Binary string: c:\svn\sptd\setup\objfre_wxp_x86\i386\SPTDinst.pdbf source: Alcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1533593477.000000000270E000.00000004.00000800.00020000.00000000.sdmp, SPTDinst.exe.25.dr, nso7B63.tmp.24.dr, nsfCAF0.tmp.16.dr, nsg1C41.tmp.0.dr
Source: SPTDIntf.dll.0.drStatic PE information: section name: .stext
Source: SPTDIntf.dll.0.drStatic PE information: section name: .vmp0
Source: SetupHlp.dll.0.drStatic PE information: section name: .nsis0
Source: SetupHlp.dll.0.drStatic PE information: section name: .nsis1
Source: sptd2.sys.6.drStatic PE information: section name: .sptd0
Source: SetupHlp.dll.16.drStatic PE information: section name: .nsis0
Source: SetupHlp.dll.16.drStatic PE information: section name: .nsis1
Source: SetupHlp.dll.24.drStatic PE information: section name: .nsis0
Source: SetupHlp.dll.24.drStatic PE information: section name: .nsis1
Source: AxShlExHlper.exe.25.drStatic PE information: section name: CODEINIT
Source: AxShlExHlper.exe.25.drStatic PE information: section name: CODESIGN
Source: SetupHlp.dll.25.drStatic PE information: section name: .nsis0
Source: SetupHlp.dll.25.drStatic PE information: section name: .nsis1
Source: SPTDinst.exe.25.drStatic PE information: section name: .stext
Source: SPTDinst.exe.25.drStatic PE information: section name: .sptd0
Source: SPTDinst.exe.25.drStatic PE information: section name: CODEINIT
Source: SPTDinst.exe.25.drStatic PE information: section name: CODESIGN
Source: SPTDIntf.dll.25.drStatic PE information: section name: .stext
Source: SPTDIntf.dll.25.drStatic PE information: section name: .vmp0
Source: SPTDIntf.dll0.25.drStatic PE information: section name: .stext
Source: SPTDIntf.dll0.25.drStatic PE information: section name: .vmp0
Source: Alcohol.exe.25.drStatic PE information: section name: SSE3
Source: Alcohol.exe.25.drStatic PE information: section name: SSE2
Source: Alcohol.exe.25.drStatic PE information: section name: CODEINIT
Source: Alcohol.exe.25.drStatic PE information: section name: CODESIGN
Source: DevSupp.dll.25.drStatic PE information: section name: SSE3
Source: DevSupp.dll.25.drStatic PE information: section name: SSE2
Source: LiteZip.dll.25.drStatic PE information: section name: shared
Source: Alcoholx.dll.25.drStatic PE information: section name: .valc0
Source: NapalmBurn.dll.25.drStatic PE information: section name: UPX2
Source: initial sampleStatic PE information: section where entry point is pointing to: CODEINIT
Source: initial sampleStatic PE information: section name: .nsis1 entropy: 7.830078750208178
Source: initial sampleStatic PE information: section name: .sptd0 entropy: 7.862691237996005
Source: initial sampleStatic PE information: section name: .nsis1 entropy: 7.830078750208178
Source: initial sampleStatic PE information: section name: .nsis1 entropy: 7.830078750208178
Source: initial sampleStatic PE information: section name: .nsis1 entropy: 7.830078750208178
Source: initial sampleStatic PE information: section name: .sptd0 entropy: 7.967976460183642
Source: initial sampleStatic PE information: section name: SSE2 entropy: 7.999808399311007
Source: initial sampleStatic PE information: section name: SSE2 entropy: 7.966668397899757
Source: initial sampleStatic PE information: section name: .valc0 entropy: 7.954794238927864
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: C:\Program Files\7-Zip\7zG.exeFile created: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\$TEMP\SPTD2inst.exeJump to dropped file
Source: C:\Program Files\7-Zip\7zG.exeFile created: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\Alcoholx.dllJump to dropped file
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeFile created: C:\Users\user\AppData\Local\Temp\SPTDIntf.dllJump to dropped file
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeFile created: C:\Users\user\AppData\Local\Temp\nsj7B93.tmp\System.dllJump to dropped file
Source: C:\Program Files\7-Zip\7zG.exeFile created: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\$PLUGINSDIR\InstallOptions.dllJump to dropped file
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeFile created: C:\Users\user\AppData\Local\Temp\nsj7B93.tmp\LangDLL.dllJump to dropped file
Source: C:\Program Files\7-Zip\7zG.exeFile created: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\$PLUGINSDIR\W10_17763RegHlper.dllJump to dropped file
Source: C:\Program Files\7-Zip\7zG.exeFile created: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\SPTDIntf.dllJump to dropped file
Source: C:\Program Files\7-Zip\7zG.exeFile created: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\$PLUGINSDIR\nsDialogs.dllJump to dropped file
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeFile created: C:\Users\user\AppData\Local\Temp\nsg1C42.tmp\inetc.dllJump to dropped file
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeFile created: C:\Users\user\AppData\Local\Temp\nsfCAF1.tmp\SetupHlp.dllJump to dropped file
Source: C:\Program Files\7-Zip\7zG.exeFile created: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\Plugins\DPMChart.dllJump to dropped file
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeFile created: C:\Users\user\AppData\Local\Temp\nsfCAF1.tmp\W10_17763RegHlper.dllJump to dropped file
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeFile created: C:\Users\user\AppData\Local\Temp\nsg1C42.tmp\nsWeb.dllJump to dropped file
Source: C:\Program Files\7-Zip\7zG.exeFile created: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\AxShlExHlper.exeJump to dropped file
Source: C:\Program Files\7-Zip\7zG.exeFile created: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\AxShlRes.dllJump to dropped file
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeFile created: C:\Users\user\AppData\Local\Temp\nsfCAF1.tmp\System.dllJump to dropped file
Source: C:\Program Files\7-Zip\7zG.exeFile created: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\Plugins\AxtraWd.dllJump to dropped file
Source: C:\Program Files\7-Zip\7zG.exeFile created: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\$TEMP\SPTDinst.exeJump to dropped file
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeFile created: C:\Users\user\AppData\Local\Temp\nsfCAF1.tmp\LangDLL.dllJump to dropped file
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeFile created: C:\Users\user\AppData\Local\Temp\nsg1C42.tmp\W10_17763RegHlper.dllJump to dropped file
Source: C:\Program Files\7-Zip\7zG.exeFile created: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\MX_RegAutoplayCanceler64.exeJump to dropped file
Source: C:\Program Files\7-Zip\7zG.exeFile created: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\MX_RegShlEx64.exeJump to dropped file
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeFile created: C:\Users\user\AppData\Local\Temp\nsj7B93.tmp\W10_17763RegHlper.dllJump to dropped file
Source: C:\Program Files\7-Zip\7zG.exeFile created: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\$PLUGINSDIR\SetupHlp.dllJump to dropped file
Source: C:\Program Files\7-Zip\7zG.exeFile created: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\KillAxShlExHlper.exeJump to dropped file
Source: C:\Program Files\7-Zip\7zG.exeFile created: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\pfctoc.dllJump to dropped file
Source: C:\Program Files\7-Zip\7zG.exeFile created: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\$PLUGINSDIR\inetc.dllJump to dropped file
Source: C:\Program Files\7-Zip\7zG.exeFile created: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\$PLUGINSDIR\nsWeb.dllJump to dropped file
Source: C:\Program Files\7-Zip\7zG.exeFile created: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\Plugins\Helper\AxXMLPoster.exeJump to dropped file
Source: C:\Program Files\7-Zip\7zG.exeFile created: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\Plugins\Helper\AxSwindHlp.dllJump to dropped file
Source: C:\Program Files\7-Zip\7zG.exeFile created: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\imgengine.dllJump to dropped file
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeFile created: C:\Users\user\AppData\Local\Temp\nsj7B93.tmp\SetupHlp.dllJump to dropped file
Source: C:\Program Files\7-Zip\7zG.exeFile created: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\AxShlEx64.dllJump to dropped file
Source: C:\Program Files\7-Zip\7zG.exeFile created: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\Alcohol.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\SPTD2inst.exeFile created: C:\Windows\System32\drivers\sptd2.sysJump to dropped file
Source: C:\Program Files\7-Zip\7zG.exeFile created: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\Plugins\Helper\LiteZip.dllJump to dropped file
Source: C:\Program Files\7-Zip\7zG.exeFile created: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\Plugins\Helper\AxSrvUACHlper.exeJump to dropped file
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeFile created: C:\Users\user\AppData\Local\Temp\nsg1C42.tmp\nsDialogs.dllJump to dropped file
Source: C:\Program Files\7-Zip\7zG.exeFile created: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\$PLUGINSDIR\System.dllJump to dropped file
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeFile created: C:\Users\user\AppData\Local\Temp\nsg1C42.tmp\System.dllJump to dropped file
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeFile created: C:\Users\user\AppData\Local\Temp\nsg1C42.tmp\SetupHlp.dllJump to dropped file
Source: C:\Program Files\7-Zip\7zG.exeFile created: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\lumsdk\net_updater32.exeJump to dropped file
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeFile created: C:\Users\user\AppData\Local\Temp\SPTD2inst.exeJump to dropped file
Source: C:\Program Files\7-Zip\7zG.exeFile created: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\$PLUGINSDIR\LangDLL.dllJump to dropped file
Source: C:\Program Files\7-Zip\7zG.exeFile created: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\$TEMP\SPTDIntf.dllJump to dropped file
Source: C:\Program Files\7-Zip\7zG.exeFile created: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\AxAHCIServiceEx.exeJump to dropped file
Source: C:\Program Files\7-Zip\7zG.exeFile created: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\lumsdk\AXLumSDKHlper.exeJump to dropped file
Source: C:\Program Files\7-Zip\7zG.exeFile created: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\Plugins\Helper\UACHlper.exeJump to dropped file
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeFile created: C:\Users\user\AppData\Local\Temp\nsg1C42.tmp\LangDLL.dllJump to dropped file
Source: C:\Program Files\7-Zip\7zG.exeFile created: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\AXShlEx.dllJump to dropped file
Source: C:\Program Files\7-Zip\7zG.exeFile created: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\Plugins\DPM.dllJump to dropped file
Source: C:\Program Files\7-Zip\7zG.exeFile created: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\DevSupp.dllJump to dropped file
Source: C:\Program Files\7-Zip\7zG.exeFile created: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\Plugins\NapalmBurn.dllJump to dropped file
Source: C:\Program Files\7-Zip\7zG.exeFile created: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\Plugins\Helper\UACHlperx64.exeJump to dropped file
Source: C:\Program Files\7-Zip\7zG.exeFile created: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\lumsdk\lum_sdk32.dllJump to dropped file
Source: C:\Program Files\7-Zip\7zG.exeFile created: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\$PLUGINSDIR\nsExec.dllJump to dropped file
Source: C:\Program Files\7-Zip\7zG.exeFile created: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\AxCmd.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\SPTD2inst.exeFile created: C:\Windows\System32\drivers\sptd2.sysJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\SPTD2inst.exeRegistry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System\sptd2Jump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SPTD2inst.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\svchost.exe TID: 320Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeDropped PE file which has not been started: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\KillAxShlExHlper.exeJump to dropped file
Source: C:\Program Files\7-Zip\7zG.exeDropped PE file which has not been started: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\$TEMP\SPTD2inst.exeJump to dropped file
Source: C:\Program Files\7-Zip\7zG.exeDropped PE file which has not been started: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\Alcoholx.dllJump to dropped file
Source: C:\Program Files\7-Zip\7zG.exeDropped PE file which has not been started: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\pfctoc.dllJump to dropped file
Source: C:\Program Files\7-Zip\7zG.exeDropped PE file which has not been started: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\Plugins\Helper\AxXMLPoster.exeJump to dropped file
Source: C:\Program Files\7-Zip\7zG.exeDropped PE file which has not been started: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\Plugins\Helper\AxSwindHlp.dllJump to dropped file
Source: C:\Program Files\7-Zip\7zG.exeDropped PE file which has not been started: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\imgengine.dllJump to dropped file
Source: C:\Program Files\7-Zip\7zG.exeDropped PE file which has not been started: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\$PLUGINSDIR\InstallOptions.dllJump to dropped file
Source: C:\Program Files\7-Zip\7zG.exeDropped PE file which has not been started: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\AxShlEx64.dllJump to dropped file
Source: C:\Program Files\7-Zip\7zG.exeDropped PE file which has not been started: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\Alcohol.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\SPTD2inst.exeDropped PE file which has not been started: C:\Windows\System32\drivers\sptd2.sysJump to dropped file
Source: C:\Program Files\7-Zip\7zG.exeDropped PE file which has not been started: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\Plugins\Helper\LiteZip.dllJump to dropped file
Source: C:\Program Files\7-Zip\7zG.exeDropped PE file which has not been started: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\Plugins\DPMChart.dllJump to dropped file
Source: C:\Program Files\7-Zip\7zG.exeDropped PE file which has not been started: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\Plugins\Helper\AxSrvUACHlper.exeJump to dropped file
Source: C:\Program Files\7-Zip\7zG.exeDropped PE file which has not been started: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\lumsdk\net_updater32.exeJump to dropped file
Source: C:\Program Files\7-Zip\7zG.exeDropped PE file which has not been started: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\AxShlExHlper.exeJump to dropped file
Source: C:\Program Files\7-Zip\7zG.exeDropped PE file which has not been started: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\AxAHCIServiceEx.exeJump to dropped file
Source: C:\Program Files\7-Zip\7zG.exeDropped PE file which has not been started: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\lumsdk\AXLumSDKHlper.exeJump to dropped file
Source: C:\Program Files\7-Zip\7zG.exeDropped PE file which has not been started: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\Plugins\Helper\UACHlper.exeJump to dropped file
Source: C:\Program Files\7-Zip\7zG.exeDropped PE file which has not been started: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\Plugins\AxtraWd.dllJump to dropped file
Source: C:\Program Files\7-Zip\7zG.exeDropped PE file which has not been started: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\$TEMP\SPTDinst.exeJump to dropped file
Source: C:\Program Files\7-Zip\7zG.exeDropped PE file which has not been started: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\AXShlEx.dllJump to dropped file
Source: C:\Program Files\7-Zip\7zG.exeDropped PE file which has not been started: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\Plugins\DPM.dllJump to dropped file
Source: C:\Program Files\7-Zip\7zG.exeDropped PE file which has not been started: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\DevSupp.dllJump to dropped file
Source: C:\Program Files\7-Zip\7zG.exeDropped PE file which has not been started: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\Plugins\NapalmBurn.dllJump to dropped file
Source: C:\Program Files\7-Zip\7zG.exeDropped PE file which has not been started: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\Plugins\Helper\UACHlperx64.exeJump to dropped file
Source: C:\Program Files\7-Zip\7zG.exeDropped PE file which has not been started: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\MX_RegAutoplayCanceler64.exeJump to dropped file
Source: C:\Program Files\7-Zip\7zG.exeDropped PE file which has not been started: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\MX_RegShlEx64.exeJump to dropped file
Source: C:\Program Files\7-Zip\7zG.exeDropped PE file which has not been started: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\lumsdk\lum_sdk32.dllJump to dropped file
Source: C:\Program Files\7-Zip\7zG.exeDropped PE file which has not been started: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\$PLUGINSDIR\nsExec.dllJump to dropped file
Source: C:\Program Files\7-Zip\7zG.exeDropped PE file which has not been started: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\AxCmd.exeJump to dropped file
Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0Jump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeFile opened: C:\Users\user\Jump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeFile opened: C:\Users\user\AppData\Local\Temp\nsg1C42.tmp\W10_17763RegHlper.dllJump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeFile opened: C:\Users\user\AppData\Local\Temp\nsg1C42.tmp\Jump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeFile opened: C:\Users\user\AppData\Jump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exeFile opened: C:\Users\user\AppData\Local\Temp\Jump to behavior
Source: svchost.exe, 00000003.00000002.2441364773.000002AA1722B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWg\
Source: Alcohol120_trial_2.1.1.1019.exe, 00000000.00000003.1298019084.00000000005AD000.00000004.00000020.00020000.00000000.sdmp, Alcohol120_trial_2.1.1.1019.exe, 00000000.00000003.1525595511.0000000000584000.00000004.00000020.00020000.00000000.sdmp, Alcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1532613333.0000000000588000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000002.2449394052.000002AA18858000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: Alcohol120_trial_2.1.1.1019.exe, 00000000.00000003.1298019084.00000000005AD000.00000004.00000020.00020000.00000000.sdmp, Alcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1532920238.00000000005B6000.00000004.00000020.00020000.00000000.sdmp, Alcohol120_trial_2.1.1.1019.exe, 00000000.00000003.1525821229.00000000005B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000002.2449394052.000002AA18858000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW&
Source: svchost.exe, 00000002.00000002.2438977252.000001C2C3000000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: HvHostWdiSystemHostScDeviceEnumWiaRpctrkwksAudioEndpointBuilderhidservdot3svcUmRdpServiceDsSvcfhsvcvmickvpexchangevmicshutdownvmicguestinterfacevmicvmsessionStorSvcNetmanTabletInputServicevmicvssPcaSvcNgcSvcIPxlatCfgSvcEmbeddedModewlansvcsvsvcsysmainWwanSvcDeviceAssociationServiceDisplayEnhancementServiceNcbServiceSensorServiceDevQueryBrokerCscServiceWPDBusEnum
Source: svchost.exe, 00000002.00000002.2439963719.000001C2C3026000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000002.2442923452.00000186F7682000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.2440216651.000001AF4422B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: net_updater32.exe.25.dr, lum_sdk32.dll.25.drBinary or memory string: Shell_TrayWnd
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior

Lowering of HIPS / PFW / Operating System Security Settings

barindex
Changes security center settings (notifications, updates, antivirus, firewall)
Source: C:\Windows\System32\svchost.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center cvalJump to behavior
Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecNotificationQuery - ROOT\SecurityCenter : SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA &apos;AntiVirusProduct&apos; OR TargetInstance ISA &apos;FirewallProduct&apos; OR TargetInstance ISA &apos;AntiSpywareProduct&apos;
Source: C:\Windows\System32\svchost.exeWMI Queries: AntiVirusProduct.instanceGuid=&quot;{D68DDC3A-831F-4fae-9E44-DA132C1ACF46}&quot;
Source: svchost.exe, 0000000D.00000002.2442153764.000001BD19902000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: gramFiles%\Windows Defender\MsMpeng.exe
Source: svchost.exe, 0000000D.00000002.2440871691.000001BD19840000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: &@V%ProgramFiles%\Windows Defender\MsMpeng.exe
Source: svchost.exe, 0000000D.00000002.2440871691.000001BD19840000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: @V%ProgramFiles%\Windows Defender\MsMpeng.exe
Source: svchost.exe, 0000000D.00000002.2442153764.000001BD19902000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: MsMpeng.exe
Source: svchost.exe, 0000000D.00000002.2442153764.000001BD19902000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000002.2439719789.000001BD19813000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid Accounts1
Windows Management Instrumentation		2
Windows Service		2
Windows Service		31
Masquerading		OS Credential Dumping131
Security Software Discovery		Remote ServicesData from Local SystemExfiltration Over Other Network Medium1
Ingress Tool Transfer		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/Job1
DLL Side-Loading		2
Process Injection		1
Disable or Modify Tools		LSASS Memory2
Virtualization/Sandbox Evasion		Remote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth2
Non-Application Layer Protocol		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)2
DLL Search Order Hijacking		1
DLL Side-Loading		2
Virtualization/Sandbox Evasion		Security Account Manager1
Process Discovery		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration2
Application Layer Protocol		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)2
DLL Search Order Hijacking		2
Process Injection		NTDS1
Remote System Discovery		Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script11
Obfuscated Files or Information		LSA Secrets3
File and Directory Discovery		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
Replication Through Removable MediaLaunchdRc.commonRc.common31
Software Packing		Cached Domain Credentials21
System Information Discovery		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
External Remote ServicesScheduled TaskStartup ItemsStartup Items1
DLL Side-Loading		DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job2
DLL Search Order Hijacking		Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 696690 Sample: Alcohol120_trial_2.1.1.1019.exe Startdate: 02/09/2022 Architecture: WINDOWS Score: 60 44 Malicious sample detected (through community Yara rule) 2->44 46 Antivirus / Scanner detection for submitted sample 2->46 48 Multi AV Scanner detection for dropped file 2->48 50 2 other signatures 2->50 6 7zG.exe 57 2->6         started        9 svchost.exe 2->9         started        12 Alcohol120_trial_2.1.1.1019.exe 1 50 2->12         started        15 12 other processes 2->15 process3 dnsIp4 22 C:\Users\user\Desktop\...\pfctoc.dll, PE32 6->22 dropped 24 C:\Users\user\Desktop\...\net_updater32.exe, PE32 6->24 dropped 26 C:\Users\user\Desktop\...\lum_sdk32.dll, PE32 6->26 dropped 34 37 other files (none is malicious) 6->34 dropped 52 Changes security center settings (notifications, updates, antivirus, firewall) 9->52 40 support.alcohol-soft.com 95.211.206.2, 49693, 80 LEASEWEB-NL-AMS-01NetherlandsNL Netherlands 12->40 36 9 other files (none is malicious) 12->36 dropped 17 SPTD2inst.exe 3 1 12->17         started        42 127.0.0.1 unknown unknown 15->42 28 C:\Users\user\...\W10_17763RegHlper.dll, PE32 15->28 dropped 30 C:\Users\user\AppData\Local\...\System.dll, PE32 15->30 dropped 32 C:\Users\user\AppData\Local\...\SetupHlp.dll, PE32 15->32 dropped 38 5 other files (none is malicious) 15->38 dropped file5 signatures6 process7 file8 20 C:\Windows\System32\drivers\sptd2.sys, PE32+ 17->20 dropped

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
Alcohol120_trial_2.1.1.1019.exe62%ReversingLabsWin32.PUA.Superfluss
Alcohol120_trial_2.1.1.1019.exe58%VirustotalBrowse
Alcohol120_trial_2.1.1.1019.exe0%MetadefenderBrowse
Alcohol120_trial_2.1.1.1019.exe100%AviraPUA/Alcohol.AR

Dropped Files

No Antivirus matches

Unpacked PE Files

SourceDetectionScannerLabelLinkDownload
25.2.7zG.exe.1baf18bedd2.10.unpack100%AviraTR/Crypt.XPACK.GenDownload File
25.2.7zG.exe.1baf1601b7e.5.unpack100%AviraTR/Patched.Ren.GenDownload File
25.2.7zG.exe.1baf15f6f7a.4.unpack100%AviraTR/Patched.Ren.GenDownload File
25.2.7zG.exe.1baf120c40e.1.unpack100%AviraTR/Patched.Ren.GenDownload File
25.2.7zG.exe.1baf1639326.8.unpack100%AviraTR/Patched.Ren.GenDownload File

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s0%URL Reputationsafe
https://%s.xboxlive.com0%URL Reputationsafe
https://dynamic.t0%URL Reputationsafe
http://ocsp.sectigo.com00%URL Reputationsafe
http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#0%URL Reputationsafe
https://sectigo.com/CPS0D0%URL Reputationsafe
https://sectigo.com/CPS00%URL Reputationsafe
http://ocsp.thawte.com00%URL Reputationsafe
http://james.newtonking.com/projects/json0%URL Reputationsafe
https://brightdata.com/legal/sdk-privacy?0%Avira URL Cloudsafe
http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t0%URL Reputationsafe
http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#0%URL Reputationsafe
http://www.globalsign.net/repository/030%URL Reputationsafe
http://crl.ver)0%Avira URL Cloudsafe
https://%s.dnet.xboxlive.com0%URL Reputationsafe
https://brightdata.com/faq#lum-peers?0%Avira URL Cloudsafe
https://brightdata.com/faq#accepted_usage?0%Avira URL Cloudsafe
http://www.duplexsecure.com/0%Avira URL Cloudsafe
http://luminati.io00%Avira URL Cloudsafe
http://crl.duplexsecure.com/entity.crl00%Avira URL Cloudsafe
http://crl.grsign.com/rootca.crl0Q0%Avira URL Cloudsafe
https://brightdata.com/sdk/faq#sdk_app_connect?0%Avira URL Cloudsafe
http://www.120search.com/terms.html0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
support.alcohol-soft.com
95.211.206.2
truefalse
    		high

    Contacted URLs

    NameMaliciousAntivirus DetectionReputation
    http://support.alcohol-soft.com/display_trial_fe_adpage_in_intaller.phpfalse
      		high
      http://support.alcohol-soft.com/install_special_page.php?ref=A120Tfalse
        		high

        URLs from Memory and Binaries

        NameSourceMaliciousAntivirus DetectionReputation
        https://dev.ditu.live.com/REST/v1/Routes/svchost.exe, 00000008.00000003.1459636917.000001698E663000.00000004.00000020.00020000.00000000.sdmpfalse
          		high
          https://dev.ditu.live.com/REST/v1/Traffic/Incidents/svchost.exe, 00000008.00000003.1460133276.000001698E65C000.00000004.00000020.00020000.00000000.sdmpfalse
            		high
            http://luminati.io07zG.exe, 00000019.00000002.2447681599.000001BAF11A3000.00000004.00000020.00020000.00000000.sdmp, net_updater32.exe.25.dr, lum_sdk32.dll.25.drfalse
            • Avira URL Cloud: safe
            		unknown
            https://dev.virtualearth.net/REST/v1/Routes/Walkingsvchost.exe, 00000008.00000003.1460033766.000001698E648000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1459902320.000001698E646000.00000004.00000020.00020000.00000000.sdmpfalse
              		high
              https://dev.ditu.live.com/REST/v1/Imagery/Copyright/svchost.exe, 00000008.00000003.1459960151.000001698E645000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.1462146805.000001698E673000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.1461706501.000001698E62B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1459576112.000001698E669000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1459220051.000001698E671000.00000004.00000020.00020000.00000000.sdmpfalse
                		high
                https://g.live.com/1rewlive5skydrive/OneDriveProduction?OneDriveUpdate=f48c47f7803b912ab9b4c1a01f72svchost.exe, 00000003.00000003.1209053117.000002AA1CA7B000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.3.drfalse
                  		high
                  https://dev.virtualearth.net/REST/v1/Transit/Schedules/svchost.exe, 00000008.00000003.1460289271.000001698E641000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.1461867097.000001698E642000.00000004.00000020.00020000.00000000.sdmpfalse
                    		high
                    http://support.alcohol-soft.com/install_special_page_contents.phpAlcohol120_trial_2.1.1.1019.exe, 00000000.00000003.1295640182.00000000039C0000.00000004.00000800.00020000.00000000.sdmp, Alcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1531730987.0000000000434000.00000004.00000001.01000000.00000003.sdmp, InstallerADs.INI.0.dr, install_special_page[1].htm.0.drfalse
                      		high
                      http://www.autoitscript.com/autoit37zG.exe, 00000019.00000002.2439672212.000001BAED4B9000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        http://www.bingmapsportal.comsvchost.exe, 00000008.00000002.1461600399.000001698E613000.00000004.00000020.00020000.00000000.sdmpfalse
                          		high
                          https://dev.virtualearth.net/REST/v1/Imagery/Copyright/svchost.exe, 00000008.00000002.1461706501.000001698E62B000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            http://www.filefacts.net/redirect.php?ext=%sAlcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1533593477.000000000270E000.00000004.00000800.00020000.00000000.sdmp, Alcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1531916915.00000000004E0000.00000004.00000020.00020000.00000000.sdmp, Alcohol120_trial_2.1.1.1019.exe, 00000010.00000003.1698971628.000000000055D000.00000004.00000020.00020000.00000000.sdmp, Alcohol120_trial_2.1.1.1019.exe, 00000018.00000003.2143049815.00000000006ED000.00000004.00000020.00020000.00000000.sdmp, 7zG.exe, 00000019.00000002.2441540918.000001BAEEDCB000.00000004.00000020.00020000.00000000.sdmp, nso7B63.tmp.24.dr, nsfCAF0.tmp.16.dr, nsg1C41.tmp.0.drfalse
                              		high
                              https://brightdata.com/faq#lum-peers?net_updater32.exe.25.dr, lum_sdk32.dll.25.drfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://g.live.com/odclientsettings/Prodqmgr.db.3.drfalse
                                		high
                                http://www.filefacts.net/redirect.php?nsg1C41.tmp.0.drfalse
                                  		high
                                  https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdv?pv=1&r=svchost.exe, 00000008.00000003.1357822076.000001698E636000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    https://brightdata.com/legal/sdk-privacy?net_updater32.exe.25.dr, lum_sdk32.dll.25.drfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://dev.virtualearth.net/REST/v1/Routes/svchost.exe, 00000008.00000003.1459636917.000001698E663000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.1461706501.000001698E62B000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      https://dynamic.api.tiles.ditu.live.com/odvs/gri?pv=1&r=svchost.exe, 00000008.00000003.1459960151.000001698E645000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1459750239.000001698E660000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        http://crl.ver)svchost.exe, 00000003.00000002.2446511929.000002AA172D5000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		low
                                        http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s7zG.exe, 00000019.00000002.2447681599.000001BAF11A3000.00000004.00000020.00020000.00000000.sdmp, Alcohol120_trial_2.1.1.1019.exe, net_updater32.exe.25.dr, AXLumSDKHlper.exe.25.dr, lum_sdk32.dll.25.drfalse
                                        • URL Reputation: safe
                                        		unknown
                                        http://nsis.sf.net/NSIS_ErrorErrorAlcohol120_trial_2.1.1.1019.exefalse
                                          		high
                                          https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gd?pv=1&r=svchost.exe, 00000008.00000002.1461842039.000001698E63F000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            https://ecn.dev.virtualearth.net/REST/V1/MapControlConfiguration/native/svchost.exe, 00000008.00000003.1357822076.000001698E636000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              http://www.symauth.com/cps0(Alcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1533593477.000000000270E000.00000004.00000800.00020000.00000000.sdmp, 7zG.exe, 00000019.00000002.2458405645.000001BAF1639000.00000004.00000020.00020000.00000000.sdmp, 7zG.exe, 00000019.00000002.2447681599.000001BAF11A3000.00000004.00000020.00020000.00000000.sdmp, 7zG.exe, 00000019.00000002.2443082516.000001BAEF32F000.00000004.00000020.00020000.00000000.sdmp, AxtraWd.dll.25.dr, nso7B63.tmp.24.dr, DevSupp.dll.25.dr, AxCmd.exe.25.dr, nsfCAF0.tmp.16.dr, AxAHCIServiceEx.exe.25.dr, W10_17763RegHlper.dll.16.dr, nsg1C41.tmp.0.dr, W10_17763RegHlper.dll.24.dr, W10_17763RegHlper.dll.0.drfalse
                                                		high
                                                https://%s.xboxlive.comsvchost.exe, 00000004.00000002.2441101764.00000186F7641000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		low
                                                https://dev.virtualearth.net/REST/v1/Locationssvchost.exe, 00000008.00000003.1460033766.000001698E648000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1459902320.000001698E646000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://dev.ditu.live.com/REST/V1/MapControlConfiguration/native/svchost.exe, 00000008.00000003.1459902320.000001698E646000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.1461892365.000001698E649000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://www.filefacts.net/redirect.php?lang=%04x&ext=%sAlcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1533593477.000000000270E000.00000004.00000800.00020000.00000000.sdmp, Alcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1531916915.00000000004E0000.00000004.00000020.00020000.00000000.sdmp, Alcohol120_trial_2.1.1.1019.exe, 00000010.00000003.1698971628.000000000055D000.00000004.00000020.00020000.00000000.sdmp, Alcohol120_trial_2.1.1.1019.exe, 00000018.00000003.2143049815.00000000006ED000.00000004.00000020.00020000.00000000.sdmp, 7zG.exe, 00000019.00000002.2441540918.000001BAEEDCB000.00000004.00000020.00020000.00000000.sdmp, nso7B63.tmp.24.dr, nsfCAF0.tmp.16.dr, nsg1C41.tmp.0.drfalse
                                                      		high
                                                      http://support.alcohol-soft.com/install_special_page_contents.php3284363278082047150324Alcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1531730987.0000000000434000.00000004.00000001.01000000.00000003.sdmpfalse
                                                        		high
                                                        https://dev.virtualearth.net/REST/v1/JsonFilter/VenueMaps/data/svchost.exe, 00000008.00000003.1460133276.000001698E65C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://nsis.sf.net/NSIS_ErrorAlcohol120_trial_2.1.1.1019.exefalse
                                                            		high
                                                            http://crl.daemon-tools.cc/entity.crl0Alcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1533593477.000000000270E000.00000004.00000800.00020000.00000000.sdmp, SetupHlp.dll.16.dr, nso7B63.tmp.24.dr, nsfCAF0.tmp.16.dr, nsg1C41.tmp.0.dr, SetupHlp.dll.25.drfalse
                                                              		high
                                                              https://dynamic.tsvchost.exe, 00000008.00000003.1459220051.000001698E671000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              https://g.live.com/odclientsettings/Prod-C:svchost.exe, 00000003.00000003.1209247666.000002AA1CA92000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000003.00000003.1208953641.000002AA1CA73000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000003.00000003.1208730670.000002AA1CA37000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.3.drfalse
                                                                		high
                                                                http://support.alcohol-soft.com/install_special_page.php?ref=A120TH~Alcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1531916915.00000000004E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://www.symauth.com/rpa00Alcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1533593477.000000000270E000.00000004.00000800.00020000.00000000.sdmp, 7zG.exe, 00000019.00000002.2458405645.000001BAF1639000.00000004.00000020.00020000.00000000.sdmp, 7zG.exe, 00000019.00000002.2447681599.000001BAF11A3000.00000004.00000020.00020000.00000000.sdmp, 7zG.exe, 00000019.00000002.2443082516.000001BAEF32F000.00000004.00000020.00020000.00000000.sdmp, AxtraWd.dll.25.dr, nso7B63.tmp.24.dr, DevSupp.dll.25.dr, AxCmd.exe.25.dr, nsfCAF0.tmp.16.dr, AxAHCIServiceEx.exe.25.dr, W10_17763RegHlper.dll.16.dr, nsg1C41.tmp.0.dr, W10_17763RegHlper.dll.24.dr, W10_17763RegHlper.dll.0.drfalse
                                                                    		high
                                                                    https://dev.virtualearth.net/REST/v1/Routes/Transitsvchost.exe, 00000008.00000003.1460033766.000001698E648000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1459902320.000001698E646000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://www.newtonsoft.com/jsonschemanet_updater32.exe.25.drfalse
                                                                        		high
                                                                        https://brightdata.com/faq#accepted_usage?net_updater32.exe.25.dr, lum_sdk32.dll.25.drfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        https://dev.ditu.live.com/REST/v1/Transit/Schedules/svchost.exe, 00000008.00000003.1459576112.000001698E669000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1459220051.000001698E671000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://dynamic.api.tiles.ditu.live.com/odvs/gdv?pv=1&r=svchost.exe, 00000008.00000003.1459636917.000001698E663000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.1461996142.000001698E664000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://dev.ditu.live.com/REST/v1/JsonFilter/VenueMaps/data/svchost.exe, 00000008.00000003.1460133276.000001698E65C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://dynamic.api.tiles.ditu.live.com/odvs/gd?pv=1&r=svchost.exe, 00000008.00000003.1459326475.000001698E64F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://www.duplexsecure.com/nsg1C41.tmp.0.drfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                http://www.filefacts.net/redirect.php?lang=%04x&ext=%shttp://www.filefacts.net/redirect.php?ext=%sAlcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1533593477.000000000270E000.00000004.00000800.00020000.00000000.sdmp, Alcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1531916915.00000000004E0000.00000004.00000020.00020000.00000000.sdmp, Alcohol120_trial_2.1.1.1019.exe, 00000010.00000003.1698971628.000000000055D000.00000004.00000020.00020000.00000000.sdmp, Alcohol120_trial_2.1.1.1019.exe, 00000018.00000003.2143049815.00000000006ED000.00000004.00000020.00020000.00000000.sdmp, 7zG.exe, 00000019.00000002.2441540918.000001BAEEDCB000.00000004.00000020.00020000.00000000.sdmp, nso7B63.tmp.24.dr, nsfCAF0.tmp.16.dr, nsg1C41.tmp.0.drfalse
                                                                                  		high
                                                                                  https://g.live.com/odclientsettings/Prod?OneDriveUpdate=60c3c2b058b5ae1621bf716ac53a-C:svchost.exe, 00000003.00000003.1209247666.000002AA1CA92000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.3.drfalse
                                                                                    		high
                                                                                    http://ocsp.sectigo.com07zG.exe, 00000019.00000002.2447681599.000001BAF11A3000.00000004.00000020.00020000.00000000.sdmp, Alcohol120_trial_2.1.1.1019.exe, net_updater32.exe.25.dr, AXLumSDKHlper.exe.25.dr, lum_sdk32.dll.25.drfalse
                                                                                    • URL Reputation: safe
                                                                                    		unknown
                                                                                    https://dev.virtualearth.net/REST/v1/Routes/Drivingsvchost.exe, 00000008.00000003.1460033766.000001698E648000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1459902320.000001698E646000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://www.alcohol-soft.com/install.php?pid=Alcohol120_trial__2.1.1.1019&SFA=nsg1C41.tmp.0.drfalse
                                                                                        		high
                                                                                        https://t0.ssl.ak.dynamic.tiles.virtualearth.net/comp/gen.ashxsvchost.exe, 00000008.00000003.1460289271.000001698E641000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://www.alcohol-soft.com/hpdskflt.phpopenAlcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1533593477.000000000270E000.00000004.00000800.00020000.00000000.sdmp, Alcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1531916915.00000000004E0000.00000004.00000020.00020000.00000000.sdmp, Alcohol120_trial_2.1.1.1019.exe, 00000010.00000003.1698971628.000000000055D000.00000004.00000020.00020000.00000000.sdmp, Alcohol120_trial_2.1.1.1019.exe, 00000018.00000003.2143049815.00000000006ED000.00000004.00000020.00020000.00000000.sdmp, 7zG.exe, 00000019.00000002.2441540918.000001BAEEDCB000.00000004.00000020.00020000.00000000.sdmp, nso7B63.tmp.24.dr, nsfCAF0.tmp.16.dr, nsg1C41.tmp.0.drfalse
                                                                                            		high
                                                                                            https://www.newtonsoft.com/json7zG.exe, 00000019.00000002.2447681599.000001BAF11A3000.00000004.00000020.00020000.00000000.sdmp, net_updater32.exe.25.drfalse
                                                                                              		high
                                                                                              http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#7zG.exe, 00000019.00000002.2447681599.000001BAF11A3000.00000004.00000020.00020000.00000000.sdmp, Alcohol120_trial_2.1.1.1019.exe, net_updater32.exe.25.dr, AXLumSDKHlper.exe.25.dr, lum_sdk32.dll.25.drfalse
                                                                                              • URL Reputation: safe
                                                                                              		unknown
                                                                                              https://github.com/dotnet/corefx/tree/30ab651fcb4354552bd4891619a0bdd81e0ebdbfnet_updater32.exe.25.dr, lum_sdk32.dll.25.drfalse
                                                                                                		high
                                                                                                http://crl.duplexsecure.com/entity.crl0Alcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1533593477.000000000270E000.00000004.00000800.00020000.00000000.sdmp, SPTDinst.exe.25.dr, nso7B63.tmp.24.dr, nsfCAF0.tmp.16.dr, nsg1C41.tmp.0.drfalse
                                                                                                • Avira URL Cloud: safe
                                                                                                		unknown
                                                                                                http://support.alcohol-soft.com/display_trial_fe_adpage_in_intaller.php/SILENTget1023Alcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1533593477.000000000270E000.00000004.00000800.00020000.00000000.sdmp, Alcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1531916915.00000000004E0000.00000004.00000020.00020000.00000000.sdmp, Alcohol120_trial_2.1.1.1019.exe, 00000010.00000003.1698971628.000000000055D000.00000004.00000020.00020000.00000000.sdmp, Alcohol120_trial_2.1.1.1019.exe, 00000018.00000003.2143049815.00000000006ED000.00000004.00000020.00020000.00000000.sdmp, 7zG.exe, 00000019.00000002.2441540918.000001BAEEDCB000.00000004.00000020.00020000.00000000.sdmp, nso7B63.tmp.24.dr, nsfCAF0.tmp.16.dr, nsg1C41.tmp.0.drfalse
                                                                                                  		high
                                                                                                  https://dev.ditu.live.com/mapcontrol/logging.ashxsvchost.exe, 00000008.00000003.1460033766.000001698E648000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1459902320.000001698E646000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gri?pv=1&r=svchost.exe, 00000008.00000002.1461706501.000001698E62B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://crl.thawte.com/ThawteTimestampingCA.crl0UACHlper.exe.25.dr, W10_17763RegHlper.dll.24.dr, W10_17763RegHlper.dll.0.drfalse
                                                                                                        		high
                                                                                                        https://sectigo.com/CPS0DAlcohol120_trial_2.1.1.1019.exe, AXLumSDKHlper.exe.25.drfalse
                                                                                                        • URL Reputation: safe
                                                                                                        		unknown
                                                                                                        http://www.alcohol-soft.com/images/a_logo_144x140.pngAlcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1533593477.000000000270E000.00000004.00000800.00020000.00000000.sdmp, Alcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1531916915.00000000004E0000.00000004.00000020.00020000.00000000.sdmp, Alcohol120_trial_2.1.1.1019.exe, 00000010.00000003.1698971628.000000000055D000.00000004.00000020.00020000.00000000.sdmp, Alcohol120_trial_2.1.1.1019.exe, 00000018.00000003.2143049815.00000000006ED000.00000004.00000020.00020000.00000000.sdmp, 7zG.exe, 00000019.00000002.2441540918.000001BAEEDCB000.00000004.00000020.00020000.00000000.sdmp, nso7B63.tmp.24.dr, nsfCAF0.tmp.16.dr, nsg1C41.tmp.0.drfalse
                                                                                                          		high
                                                                                                          https://ecn.dev.virtualearth.net/mapcontrol/roadshield.ashx?bucket=svchost.exe, 00000008.00000003.1459576112.000001698E669000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://g.live.com/1rewlive5skydrive/OneDriveProduction?OneDriveUpdate=a8436e7320e39c903a35da9b911svchost.exe, 00000003.00000003.1209247666.000002AA1CA92000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.3.drfalse
                                                                                                              		high
                                                                                                              http://www.alcohol-soft.com/hpdskflt.phpnsg1C41.tmp.0.drfalse
                                                                                                                		high
                                                                                                                https://ecn.dev.virtualearth.net/REST/v1/Imagery/Copyright/svchost.exe, 00000008.00000003.1459636917.000001698E663000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.1461706501.000001698E62B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1459576112.000001698E669000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://dynamic.t0.tiles.ditu.live.com/comp/gen.ashxsvchost.exe, 00000008.00000003.1460033766.000001698E648000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1459902320.000001698E646000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://sectigo.com/CPS07zG.exe, 00000019.00000002.2447681599.000001BAF11A3000.00000004.00000020.00020000.00000000.sdmp, Alcohol120_trial_2.1.1.1019.exe, net_updater32.exe.25.dr, AXLumSDKHlper.exe.25.dr, lum_sdk32.dll.25.drfalse
                                                                                                                    • URL Reputation: safe
                                                                                                                    		unknown
                                                                                                                    https://dev.ditu.live.com/REST/v1/Transit/Stops/svchost.exe, 00000008.00000002.1462146805.000001698E673000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1459576112.000001698E669000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1459220051.000001698E671000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://ocsp.thawte.com0UACHlper.exe.25.dr, W10_17763RegHlper.dll.24.dr, W10_17763RegHlper.dll.0.drfalse
                                                                                                                      • URL Reputation: safe
                                                                                                                      		unknown
                                                                                                                      https://dev.virtualearth.net/REST/v1/Traffic/Incidents/svchost.exe, 00000008.00000002.1461706501.000001698E62B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://crl.grsign.com/rootca.crl0QAlcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1533593477.000000000270E000.00000004.00000800.00020000.00000000.sdmp, SetupHlp.dll.16.dr, SPTDinst.exe.25.dr, nso7B63.tmp.24.dr, nsfCAF0.tmp.16.dr, nsg1C41.tmp.0.dr, SetupHlp.dll.25.drfalse
                                                                                                                        • Avira URL Cloud: safe
                                                                                                                        		unknown
                                                                                                                        https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdi?pv=1&r=svchost.exe, 00000008.00000003.1460194805.000001698E644000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1459902320.000001698E646000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://www.alcohol-soft.com/openAlcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1533593477.000000000270E000.00000004.00000800.00020000.00000000.sdmp, Alcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1531916915.00000000004E0000.00000004.00000020.00020000.00000000.sdmp, Alcohol120_trial_2.1.1.1019.exe, 00000010.00000003.1698971628.000000000055D000.00000004.00000020.00020000.00000000.sdmp, Alcohol120_trial_2.1.1.1019.exe, 00000018.00000003.2143049815.00000000006ED000.00000004.00000020.00020000.00000000.sdmp, 7zG.exe, 00000019.00000002.2441540918.000001BAEEDCB000.00000004.00000020.00020000.00000000.sdmp, nso7B63.tmp.24.dr, nsfCAF0.tmp.16.dr, nsg1C41.tmp.0.drfalse
                                                                                                                            		high
                                                                                                                            https://dev.virtualearth.net/REST/v1/Transit/Stops/svchost.exe, 00000008.00000003.1459576112.000001698E669000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://dev.virtualearth.net/webservices/v1/LoggingService/LoggingService.svc/Log?svchost.exe, 00000008.00000003.1459636917.000001698E663000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1459902320.000001698E646000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.1461996142.000001698E664000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://github.com/dotnet/corefx/tree/30ab651fcb4354552bd4891619a0bdd81e0ebdbf8net_updater32.exe.25.dr, lum_sdk32.dll.25.drfalse
                                                                                                                                  		high
                                                                                                                                  https://dev.virtualearth.net/mapcontrol/logging.ashxsvchost.exe, 00000008.00000003.1460033766.000001698E648000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1459902320.000001698E646000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://james.newtonking.com/projects/jsonnet_updater32.exe.25.drfalse
                                                                                                                                    • URL Reputation: safe
                                                                                                                                    		unknown
                                                                                                                                    https://brightdata.com/sdk/faq#sdk_app_connect?net_updater32.exe.25.dr, lum_sdk32.dll.25.drfalse
                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                    		unknown
                                                                                                                                    http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0tAlcohol120_trial_2.1.1.1019.exe, AXLumSDKHlper.exe.25.drfalse
                                                                                                                                    • URL Reputation: safe
                                                                                                                                    		unknown
                                                                                                                                    https://dynamic.api.tiles.ditu.live.com/odvs/gdi?pv=1&r=svchost.exe, 00000008.00000003.1459220051.000001698E671000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#Alcohol120_trial_2.1.1.1019.exe, AXLumSDKHlper.exe.25.drfalse
                                                                                                                                      • URL Reputation: safe
                                                                                                                                      		unknown
                                                                                                                                      https://t0.ssl.ak.tiles.virtualearth.net/tiles/gensvchost.exe, 00000008.00000003.1460033766.000001698E648000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1459902320.000001698E646000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://www.codeplex.com/DotNetZiplum_sdk32.dll.25.drfalse
                                                                                                                                          		high
                                                                                                                                          https://g.live.com/1rewlive5skydrive/OneDriveProduction?OneDriveUpdate=8832247681fc94bb89bb92977c3-Csvchost.exe, 00000003.00000003.1209247666.000002AA1CA92000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.3.drfalse
                                                                                                                                            		high
                                                                                                                                            http://www.alcohol-soft.com/nsg1C41.tmp.0.drfalse
                                                                                                                                              		high
                                                                                                                                              https://tiles.virtualearth.net/tiles/cmd/StreetSideBubbleMetaData?north=svchost.exe, 00000008.00000003.1460194805.000001698E644000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1459902320.000001698E646000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://www.nuget.org/packages/Newtonsoft.Json.Bson7zG.exe, 00000019.00000002.2447681599.000001BAF11A3000.00000004.00000020.00020000.00000000.sdmp, net_updater32.exe.25.drfalse
                                                                                                                                                  		high
                                                                                                                                                  https://support.mozilla.org7zG.exe, 00000019.00000002.2439672212.000001BAED4B9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    http://support.alcohol-soft.com/install_special_page.php?ref=A120TAdPageTitleSubTitleURLAlcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1533593477.000000000270E000.00000004.00000800.00020000.00000000.sdmp, Alcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1531916915.00000000004E0000.00000004.00000020.00020000.00000000.sdmp, Alcohol120_trial_2.1.1.1019.exe, 00000010.00000003.1698971628.000000000055D000.00000004.00000020.00020000.00000000.sdmp, Alcohol120_trial_2.1.1.1019.exe, 00000018.00000003.2143049815.00000000006ED000.00000004.00000020.00020000.00000000.sdmp, 7zG.exe, 00000019.00000002.2441540918.000001BAEEDCB000.00000004.00000020.00020000.00000000.sdmp, nso7B63.tmp.24.dr, nsfCAF0.tmp.16.dr, nsg1C41.tmp.0.drfalse
                                                                                                                                                      		high
                                                                                                                                                      https://activity.windows.comsvchost.exe, 00000004.00000002.2441101764.00000186F7641000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000002.2440547697.00000186F762B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000002.2442338679.00000186F7670000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://dev.ditu.live.com/REST/v1/Locationssvchost.exe, 00000008.00000003.1460033766.000001698E648000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1459902320.000001698E646000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          http://www.120search.com/terms.htmlAlcohol120_trial_2.1.1.1019.exe, 00000000.00000003.1525184514.00000000005C8000.00000004.00000020.00020000.00000000.sdmp, Alcohol120_trial_2.1.1.1019.exe, 00000000.00000003.1525469195.00000000039FC000.00000004.00000800.00020000.00000000.sdmp, Alcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1533593477.000000000270E000.00000004.00000800.00020000.00000000.sdmp, Alcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1531916915.00000000004E0000.00000004.00000020.00020000.00000000.sdmp, Alcohol120_trial_2.1.1.1019.exe, 00000010.00000003.1698971628.000000000055D000.00000004.00000020.00020000.00000000.sdmp, Alcohol120_trial_2.1.1.1019.exe, 00000018.00000003.2143049815.00000000006ED000.00000004.00000020.00020000.00000000.sdmp, 7zG.exe, 00000019.00000002.2441540918.000001BAEEDCB000.00000004.00000020.00020000.00000000.sdmp, nso7B63.tmp.24.dr, nsfCAF0.tmp.16.dr, nsg1C41.tmp.0.drfalse
                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                          		unknown
                                                                                                                                                          http://www.globalsign.net/repository/03Alcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1533593477.000000000270E000.00000004.00000800.00020000.00000000.sdmp, Alcohol120_trial_2.1.1.1019.exe, 00000000.00000002.1531570592.0000000000409000.00000004.00000001.01000000.00000003.sdmp, SPTD2inst.exe, 00000006.00000000.1343326394.00007FF7E4556000.00000002.00000001.01000000.0000000F.sdmp, 7zG.exe, 00000019.00000002.2442500190.000001BAEEDFC000.00000004.00000020.00020000.00000000.sdmp, SPTDinst.exe.25.dr, nso7B63.tmp.24.dr, sptd2.sys.6.dr, nsfCAF0.tmp.16.dr, SPTD2inst.exe.25.dr, SPTDIntf.dll.0.dr, nsg1C41.tmp.0.dr, SPTDIntf.dll.25.dr, SPTD2inst.exe.0.dr, SPTDIntf.dll0.25.drfalse
                                                                                                                                                          • URL Reputation: safe
                                                                                                                                                          		unknown
                                                                                                                                                          https://%s.dnet.xboxlive.comsvchost.exe, 00000004.00000002.2441101764.00000186F7641000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          • URL Reputation: safe
                                                                                                                                                          		low

                                                                                                                                                          World Map of Contacted IPs

                                                                                                                                                          • No. of IPs < 25%
                                                                                                                                                          • 25% < No. of IPs < 50%
                                                                                                                                                          • 50% < No. of IPs < 75%
                                                                                                                                                          • 75% < No. of IPs

                                                                                                                                                          Public IPs

                                                                                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                          95.211.206.2
                                                                                                                                                          		support.alcohol-soft.comNetherlands
                                                                                                                                                          		60781LEASEWEB-NL-AMS-01NetherlandsNLfalse

                                                                                                                                                          Private

                                                                                                                                                          IP
                                                                                                                                                          127.0.0.1

                                                                                                                                                          General Information

                                                                                                                                                          Joe Sandbox Version:35.0.0 Citrine
                                                                                                                                                          Analysis ID:696690
                                                                                                                                                          Start date and time:2022-09-02 16:29:15 +02:00
                                                                                                                                                          Joe Sandbox Product:CloudBasic
                                                                                                                                                          Overall analysis duration:0h 6m 15s
                                                                                                                                                          Hypervisor based Inspection enabled:false
                                                                                                                                                          Report type:full
                                                                                                                                                          Sample file name:Alcohol120_trial_2.1.1.1019.exe
                                                                                                                                                          Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                                                                                                                                          Number of analysed new started processes analysed:26
                                                                                                                                                          Number of new started drivers analysed:0
                                                                                                                                                          Number of existing processes analysed:0
                                                                                                                                                          Number of existing drivers analysed:0
                                                                                                                                                          Number of injected processes analysed:1
                                                                                                                                                          Technologies:
                                                                                                                                                          • HCA enabled
                                                                                                                                                          • EGA enabled
                                                                                                                                                          • HDC enabled
                                                                                                                                                          • AMSI enabled
                                                                                                                                                          Analysis Mode:default
                                                                                                                                                          Analysis stop reason:Timeout
                                                                                                                                                          Detection:MAL
                                                                                                                                                          Classification:mal60.evad.winEXE@17/76@1/2
                                                                                                                                                          EGA Information:Failed
                                                                                                                                                          HDC Information:Failed
                                                                                                                                                          HCA Information:
                                                                                                                                                          • Successful, ratio: 100%
                                                                                                                                                          • Number of executed functions: 0
                                                                                                                                                          • Number of non-executed functions: 0
                                                                                                                                                          Cookbook Comments:
                                                                                                                                                          • Found application associated with file extension: .exe
                                                                                                                                                          • Adjust boot time
                                                                                                                                                          • Enable AMSI

                                                                                                                                                          Warnings

                                                                                                                                                          • Exclude process from analysis (whitelisted): dllhost.exe, consent.exe, BackgroundTransferHost.exe, SIHClient.exe, backgroundTaskHost.exe, usocoreworker.exe, svchost.exe
                                                                                                                                                          • Excluded IPs from analysis (whitelisted): 23.50.105.163
                                                                                                                                                          • Excluded domains from analysis (whitelisted): www.bing.com, fp.msedge.net, fs.microsoft.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, t-ring.msedge.net, k-ring.msedge.net, 45b7e22314f9316513f059b49592234c.clo.footprintdns.com, login.live.com, crl.comodoca.com, e16604.g.akamaiedge.net, prod.fs.microsoft.com.akadns.net
                                                                                                                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                          • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                                                          Simulations

                                                                                                                                                          Behavior and APIs

                                                                                                                                                          TimeTypeDescription
                                                                                                                                                          16:29:46API Interceptor2x Sleep call for process: svchost.exe modified

                                                                                                                                                          Joe Sandbox View / Context

                                                                                                                                                          IPs

                                                                                                                                                          No context

                                                                                                                                                          Domains

                                                                                                                                                          No context

                                                                                                                                                          ASNs

                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                          LEASEWEB-NL-AMS-01NetherlandsNLBenefit.htmlGet hashmaliciousBrowse
                                                                                                                                                          • 81.171.27.195
                                                                                                                                                          Benefit.htmlGet hashmaliciousBrowse
                                                                                                                                                          • 81.171.27.195
                                                                                                                                                          http://www.greendo.comGet hashmaliciousBrowse
                                                                                                                                                          • 37.48.65.144
                                                                                                                                                          test.exeGet hashmaliciousBrowse
                                                                                                                                                          • 85.17.167.196
                                                                                                                                                          CoHCsufkT7.exeGet hashmaliciousBrowse
                                                                                                                                                          • 89.149.244.69
                                                                                                                                                          ti6qvy1OhU.exeGet hashmaliciousBrowse
                                                                                                                                                          • 5.79.66.145
                                                                                                                                                          ti6qvy1OhU.exeGet hashmaliciousBrowse
                                                                                                                                                          • 5.79.66.145
                                                                                                                                                          aAP32K91Qx.exeGet hashmaliciousBrowse
                                                                                                                                                          • 95.211.117.215
                                                                                                                                                          eQzca5P8PR.exeGet hashmaliciousBrowse
                                                                                                                                                          • 5.79.70.250
                                                                                                                                                          eQzca5P8PR.exeGet hashmaliciousBrowse
                                                                                                                                                          • 5.79.70.250
                                                                                                                                                          SecuriteInfo.com.Linux.Siggen.9999.25720.13267.elfGet hashmaliciousBrowse
                                                                                                                                                          • 31.186.168.37
                                                                                                                                                          https://pc-visio01.web.app/Get hashmaliciousBrowse
                                                                                                                                                          • 62.212.64.229
                                                                                                                                                          __substg1.htmlGet hashmaliciousBrowse
                                                                                                                                                          • 94.75.250.227
                                                                                                                                                          1DCAB4CDFFDF269EA33719990AC81C515345B50FE1C60.exeGet hashmaliciousBrowse
                                                                                                                                                          • 185.227.110.219
                                                                                                                                                          https://bit.ly/3pEg2lBGet hashmaliciousBrowse
                                                                                                                                                          • 213.227.154.223
                                                                                                                                                          HSBC BANK REMITTANCE ADVICE .htmlGet hashmaliciousBrowse
                                                                                                                                                          • 94.75.250.227
                                                                                                                                                          Achr69puHyGet hashmaliciousBrowse
                                                                                                                                                          • 31.186.168.36
                                                                                                                                                          https://eisjj.cc/n245Uyu2Get hashmaliciousBrowse
                                                                                                                                                          • 85.17.54.17
                                                                                                                                                          http://eisjj.cc/n245UyuGet hashmaliciousBrowse
                                                                                                                                                          • 85.17.54.17
                                                                                                                                                          Voice20994958.htmGet hashmaliciousBrowse
                                                                                                                                                          • 212.32.237.101

                                                                                                                                                          JA3 Fingerprints

                                                                                                                                                          No context

                                                                                                                                                          Dropped Files

                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                          C:\Users\user\AppData\Local\Temp\SPTDIntf.dll0195+judiciario+0048+_22208202101UCwJ.msiGet hashmaliciousBrowse
                                                                                                                                                            banload.msiGet hashmaliciousBrowse
                                                                                                                                                              banload.msiGet hashmaliciousBrowse
                                                                                                                                                                banload.msiGet hashmaliciousBrowse
                                                                                                                                                                  docabrir#U2332nsakjfsdi.msiGet hashmaliciousBrowse
                                                                                                                                                                    FMULAR-BRAS_789132.msiGet hashmaliciousBrowse
                                                                                                                                                                      06202009408IDm39.msiGet hashmaliciousBrowse

                                                                                                                                                                        Created / dropped Files

                                                                                                                                                                        C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                        File Type:Extensible storage engine DataBase, version 0x620, checksum 0xdc67cf55, page size 16384, DirtyShutdown, Windows version 10.0
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):786432
                                                                                                                                                                        Entropy (8bit):0.6428619821245625
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:1536:xfYySB2nSB25SjlK/BHidB8ycYi/c9kea8K2rMPCCxYhHzecRPoKjhHzFO8w7nJB:xfFaoaflrd
                                                                                                                                                                        MD5:B6CF763166A13FD71908584D6D2274E6
                                                                                                                                                                        SHA1:86423FED598DA332BDED0CE87FDD60DFC26D7A01
                                                                                                                                                                        SHA-256:5417D4307689B304A5933F92F19FD20E08063C3E1534A0C6395947CD9FCB30EF
                                                                                                                                                                        SHA-512:AB38E105558D2685D7F87D9166A42BDE3A2BE6697AB4A08EBCB61D3DEF070AFCCC9B57CB5D059AC2F86F03ACC142087668B17859E6B288EB2D2872BE762204A3
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:.g.U... .......).........ah.....y......................^.......*....y../....zo.h...........................n........y...........................................................................................................G......P....@...................................................................................................... ............y......................................................................................................................................................................................................................................3.t./....zo1..................u>/....zo..........................#..............................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\98S549LJ\install_special_page[1].htm

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exe
                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):157
                                                                                                                                                                        Entropy (8bit):4.820625530081005
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:3:l15FogGbFqWEgXHv3KYm5UGWQLGqbvFD0QVgBLEJDN4GDg0qFYAGuwp:l1bROqDgXHv33G5GqLhpCBLE/Dg0q0
                                                                                                                                                                        MD5:FB5EB7C6C2034D5F115DD4E04A0373CB
                                                                                                                                                                        SHA1:8EEE6F2EC25EB7DAE7D2AEB102D562E469E79B8E
                                                                                                                                                                        SHA-256:F4611C75D17ABD8022B0DC092B8BFA1B40963F70FE35D2D127F5AE1277F59DDB
                                                                                                                                                                        SHA-512:EF61773AEE5B57501667659C22CD63D1A3177D7CC7E34452B7C2179211637858E81E00678589E617AC19B4225445828DBAD240BE469B3BAD097C11B4C4F45BC2
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:[AdPage].Title = "Alcohol Installer".SubTitle = "Handy & Useful tools Introductions".URL = http://support.alcohol-soft.com/install_special_page_contents.php.

                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CE8D676K\display_trial_fe_adpage_in_intaller[1].htm

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exe
                                                                                                                                                                        File Type:very short file (no magic)
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):1
                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:3:V:V
                                                                                                                                                                        MD5:CFCD208495D565EF66E7DFF9F98764DA
                                                                                                                                                                        SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
                                                                                                                                                                        SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
                                                                                                                                                                        SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:0

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\SPTD2inst.exe

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exe
                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):365768
                                                                                                                                                                        Entropy (8bit):6.842740819856597
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:6144:RCjA6GaDLMP1T9jcAdFgPLtmLF0nFaq0t49eFUBVokD9VkJ/K2I3whejmvmnNHpy:RZpaM7j162IZ0/K26wIwui
                                                                                                                                                                        MD5:0E226BA5DFB6380C080E0718DFC00B93
                                                                                                                                                                        SHA1:A8C3B31891EB92E3C68DD14DC9D3E29F0AF2BF66
                                                                                                                                                                        SHA-256:7134B671818C893D81CBC7B80D4A3840461DB225748E5FDEE8E2BD79A43BAE9E
                                                                                                                                                                        SHA-512:2FD9A1B8BCDB126B545E055AA8F358875A9E509A0405A6CBA6B4EFE2AA560F6BC414B055B7AC4ABCA80B7AD4EA80E2AC693D8A25F217D5C7975051D6A731D897
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............zwT.zwT.zwT..sU.zwT..tU.zwT..rUHzwT..tU.zwT..rU.zwT..sU.zwT..qU.zwT..vU.zwT.zvTPzwT..~U.zwT...T.zwT..uU.zwTRich.zwT........................PE..d...<..Z.........."......R...@.......4.........@....................................,.....`.....................................................x........F...`.......x..........8...@...T............................................p...............................text....P.......R.................. ..`.rdata.......p.......V..............@..@.data....)...0......................@....pdata.......`......................@..@.rsrc....F.......H...(..............@..@.reloc..8............p..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\SPTDIntf.dll

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exe
                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):51232
                                                                                                                                                                        Entropy (8bit):7.020595533923927
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:768:6m4EIMJr6AoDyToG8+A9DDd9VtZgqj9jqSqJqSsXGV/KQMTXCLmvLn23+zjE:BpIMd6PVG8+eskZGZVmC2E
                                                                                                                                                                        MD5:3862C98F3676F3FD8BF4759DB17CF273
                                                                                                                                                                        SHA1:8CE5CA251376345220FA502930E4339CFBD7721D
                                                                                                                                                                        SHA-256:1C7D5E42FF3BC5E1A0ECD01FA68633DC67515B3A06E660FCD2D22D6EA436A6F1
                                                                                                                                                                        SHA-512:1836A39AD1BF17E086836298323CC36538174D991AA2E9EE4FD8B4594E88AAD1723FD875501F2E256E2B358FC88A84CD564B5BEF79ECA2B51AF4880C9646F396
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Joe Sandbox View:
                                                                                                                                                                        • Filename: 0195+judiciario+0048+_22208202101UCwJ.msi, Detection: malicious, Browse
                                                                                                                                                                        • Filename: banload.msi, Detection: malicious, Browse
                                                                                                                                                                        • Filename: banload.msi, Detection: malicious, Browse
                                                                                                                                                                        • Filename: banload.msi, Detection: malicious, Browse
                                                                                                                                                                        • Filename: docabrir#U2332nsakjfsdi.msi, Detection: malicious, Browse
                                                                                                                                                                        • Filename: FMULAR-BRAS_789132.msi, Detection: malicious, Browse
                                                                                                                                                                        • Filename: 06202009408IDm39.msi, Detection: malicious, Browse
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A................R...............!..............................>............Rich....................PE..L...I..V...........!.........................@......................................8.....@.........................@@..|....A..(.......\............... 4......D... @...............................................@...............................text............................... ..`.stext..@....0...................... ....rdata..z....@......................@..@.data...4....P....... ..............@....vmp0....Z...`...\...".............. ..`.reloc..D............~..............@..@.rsrc...............................@..@................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsfCAF0.tmp

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exe
                                                                                                                                                                        File Type:data
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):2270579
                                                                                                                                                                        Entropy (8bit):7.396117523104436
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:49152:u+7MwsbtgsIMwjQCyN62L08zdL/B3sCc4iD45i5:9sILMI8h7qQk5
                                                                                                                                                                        MD5:594CFCA8047139358E4DCEAB8A1D0F3F
                                                                                                                                                                        SHA1:B74C0EB0C144DE3DD36F780A5857AEFFEBFB382F
                                                                                                                                                                        SHA-256:4B4295A8E3F866B8EC87D57F37708897636F77D38E6AE33FFDEF1704EB9B80DA
                                                                                                                                                                        SHA-512:CCAAC3975284B3DFD1C845212FB85432C0A2A5323E23DD33C9081A5978795665EED7C7DE90ACE518500049E9090D8D2BC917C9E58709D706AAFBFB461DDD0A64
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:.3......,.......l.......\,.......................2......................................................:.......p...?...E...............<...................................................................................................................................................J...[............)..................................................................f...............................................................................................................................h...............................................................g...........................................~...}...|...{...............Z.......j...............z...y...........................j...............................................x...w...................................v.......................................................................u...........................................H........<..................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsfCAF1.tmp\LangDLL.dll

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exe
                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):5632
                                                                                                                                                                        Entropy (8bit):3.951555564830228
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:48:iV6pAvmNC6iMPUptxEZK65x/AmvycNSmwVsOYJyvrpXptp/JvR0Jlof5d2:2811GED5ZTvycNSmwVsTJuftpZR0Sd2
                                                                                                                                                                        MD5:9384F4007C492D4FA040924F31C00166
                                                                                                                                                                        SHA1:ABA37FAEF30D7C445584C688A0B5638F5DB31C7B
                                                                                                                                                                        SHA-256:60A964095AF1BE79F6A99B22212FEFE2D16F5A0AFD7E707D14394E4143E3F4F5
                                                                                                                                                                        SHA-512:68F158887E24302673227ADFFC688FD3EDABF097D7F5410F983E06C6B9C7344CA1D8A45C7FA05553ADCC5987993DF3A298763477168D4842E554C4EB93B9AAAF
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................~..........z.....B....Rich..........PE..L......K...........!......................... ...............................`......................................p"..I...` ..P....@..`....................P....................................................... ..`............................text...l........................... ..`.rdata....... ......................@..@.data...l....0......................@....rsrc...`....@......................@..@.reloc..@....P......................@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsfCAF1.tmp\SetupHlp.dll

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exe
                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):50176
                                                                                                                                                                        Entropy (8bit):7.427642668371209
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:768:otNv3IMEiRyxVewMx8AKMe5AlgYT43RgXYJg3kuBXTQRynnpCNU/Be:otNPIMPRyxIwMx8AKKytyYOn+RKCS/Be
                                                                                                                                                                        MD5:26628AE407ED37AD4FB7B1E8AD623DF4
                                                                                                                                                                        SHA1:B01D933757A57EEA04241CF656583E23F0278B9A
                                                                                                                                                                        SHA-256:A5F3700631C64057A304DAEF08AF79A3428DA669585BA4EAD2A7FF7FC34CDF9D
                                                                                                                                                                        SHA-512:C7B4E6377EB85660ED7BD762105689A20D62B2CD3F56587C390F85DC612ED2D822982BBCB3175E59DC9E7E5DC9B65065EA4CBCB79581695222EAC2C5A727FCB6
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........iz...)...)...)...)...)...)...)]a.)...)...)...)...)...)...)...)...)...)Rich...)........................PE..L...J..\...........!.........................@............................................@..........................D.......E..d...............................4....................................................@...............................text....$.......&.................. ....rdata.......@.......*..............@..@.data........P.......6..............@....nsis0.......`.......8..............`..`.nsis1..1u...p...v...<..............`..`.reloc..............................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsfCAF1.tmp\System.dll

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exe
                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):11264
                                                                                                                                                                        Entropy (8bit):5.568877095847681
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
                                                                                                                                                                        MD5:C17103AE9072A06DA581DEC998343FC1
                                                                                                                                                                        SHA1:B72148C6BDFAADA8B8C3F950E610EE7CF1DA1F8D
                                                                                                                                                                        SHA-256:DC58D8AD81CACB0C1ED72E33BFF8F23EA40B5252B5BB55D393A0903E6819AE2F
                                                                                                                                                                        SHA-512:D32A71AAEF18E993F28096D536E41C4D016850721B31171513CE28BBD805A54FD290B7C3E9D935F72E676A1ACFB4F0DCC89D95040A0DD29F2B6975855C18986F
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......)...m.m.m...k.m.~....j....l.9..i....l.Richm.........................PE..L......K...........!................0).......0...............................`......................................p2......t0..P............................P.......................................................0..X............................text...1........................... ..`.rdata.......0......."..............@..@.data...d....@.......&..............@....reloc.......P.......(..............@..B................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsfCAF1.tmp\W10_17763RegHlper.dll

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exe
                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):9632
                                                                                                                                                                        Entropy (8bit):6.2536667530818075
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:96:6MJhmLhi2r4wl9/F47vzz2dqxSG7+4EQej7Dc5Q0ryDeTuDn6aXveElfC9zeRZtx:6xkC4w4nYe+PjPmXrc3bw0J9N+Z5k
                                                                                                                                                                        MD5:D1A1686AC8444BBD9B1DAED5944BCF04
                                                                                                                                                                        SHA1:D91AC9FF19526D12E4FCE8717F520EB816A266D0
                                                                                                                                                                        SHA-256:9F25311E89E9C14622E64CDF30330612B984FD940D2197AB6A95A3EF1E6E59AA
                                                                                                                                                                        SHA-512:44CF32C83D434EE141B90F8BE5BF796223E3FD0C24267AEDA7AA01D85F18664ECF5E80B01FD59E3F821B11E5103A48D24EBFD95AB5452C914A3E393D858A5F24
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........................,...............Rich..................PE..L...V..]...........!......................... ...............................P.......>.............................. !......\ ..<............................@..<.................................................... ...............................text... ........................... ..`.rdata....... ......................@..@.data...L....0......................@....reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsg1C41.tmp

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exe
                                                                                                                                                                        File Type:data
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):2270579
                                                                                                                                                                        Entropy (8bit):7.396117523104436
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:49152:u+7MwsbtgsIMwjQCyN62L08zdL/B3sCc4iD45i5:9sILMI8h7qQk5
                                                                                                                                                                        MD5:594CFCA8047139358E4DCEAB8A1D0F3F
                                                                                                                                                                        SHA1:B74C0EB0C144DE3DD36F780A5857AEFFEBFB382F
                                                                                                                                                                        SHA-256:4B4295A8E3F866B8EC87D57F37708897636F77D38E6AE33FFDEF1704EB9B80DA
                                                                                                                                                                        SHA-512:CCAAC3975284B3DFD1C845212FB85432C0A2A5323E23DD33C9081A5978795665EED7C7DE90ACE518500049E9090D8D2BC917C9E58709D706AAFBFB461DDD0A64
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:.3......,.......l.......\,.......................2......................................................:.......p...?...E...............<...................................................................................................................................................J...[............)..................................................................f...............................................................................................................................h...............................................................g...........................................~...}...|...{...............Z.......j...............z...y...........................j...............................................x...w...................................v.......................................................................u...........................................H........<..................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsg1C42.tmp\DisplayAdPage.txt

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exe
                                                                                                                                                                        File Type:very short file (no magic)
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):1
                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:3:V:V
                                                                                                                                                                        MD5:CFCD208495D565EF66E7DFF9F98764DA
                                                                                                                                                                        SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
                                                                                                                                                                        SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
                                                                                                                                                                        SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:0

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsg1C42.tmp\InstallerADs.INI

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exe
                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):157
                                                                                                                                                                        Entropy (8bit):4.820625530081005
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:3:l15FogGbFqWEgXHv3KYm5UGWQLGqbvFD0QVgBLEJDN4GDg0qFYAGuwp:l1bROqDgXHv33G5GqLhpCBLE/Dg0q0
                                                                                                                                                                        MD5:FB5EB7C6C2034D5F115DD4E04A0373CB
                                                                                                                                                                        SHA1:8EEE6F2EC25EB7DAE7D2AEB102D562E469E79B8E
                                                                                                                                                                        SHA-256:F4611C75D17ABD8022B0DC092B8BFA1B40963F70FE35D2D127F5AE1277F59DDB
                                                                                                                                                                        SHA-512:EF61773AEE5B57501667659C22CD63D1A3177D7CC7E34452B7C2179211637858E81E00678589E617AC19B4225445828DBAD240BE469B3BAD097C11B4C4F45BC2
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:[AdPage].Title = "Alcohol Installer".SubTitle = "Handy & Useful tools Introductions".URL = http://support.alcohol-soft.com/install_special_page_contents.php.

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsg1C42.tmp\LangDLL.dll

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exe
                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):5632
                                                                                                                                                                        Entropy (8bit):3.951555564830228
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:48:iV6pAvmNC6iMPUptxEZK65x/AmvycNSmwVsOYJyvrpXptp/JvR0Jlof5d2:2811GED5ZTvycNSmwVsTJuftpZR0Sd2
                                                                                                                                                                        MD5:9384F4007C492D4FA040924F31C00166
                                                                                                                                                                        SHA1:ABA37FAEF30D7C445584C688A0B5638F5DB31C7B
                                                                                                                                                                        SHA-256:60A964095AF1BE79F6A99B22212FEFE2D16F5A0AFD7E707D14394E4143E3F4F5
                                                                                                                                                                        SHA-512:68F158887E24302673227ADFFC688FD3EDABF097D7F5410F983E06C6B9C7344CA1D8A45C7FA05553ADCC5987993DF3A298763477168D4842E554C4EB93B9AAAF
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................~..........z.....B....Rich..........PE..L......K...........!......................... ...............................`......................................p"..I...` ..P....@..`....................P....................................................... ..`............................text...l........................... ..`.rdata....... ......................@..@.data...l....0......................@....rsrc...`....@......................@..@.reloc..@....P......................@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsg1C42.tmp\SetupHlp.dll

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exe
                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):50176
                                                                                                                                                                        Entropy (8bit):7.427642668371209
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:768:otNv3IMEiRyxVewMx8AKMe5AlgYT43RgXYJg3kuBXTQRynnpCNU/Be:otNPIMPRyxIwMx8AKKytyYOn+RKCS/Be
                                                                                                                                                                        MD5:26628AE407ED37AD4FB7B1E8AD623DF4
                                                                                                                                                                        SHA1:B01D933757A57EEA04241CF656583E23F0278B9A
                                                                                                                                                                        SHA-256:A5F3700631C64057A304DAEF08AF79A3428DA669585BA4EAD2A7FF7FC34CDF9D
                                                                                                                                                                        SHA-512:C7B4E6377EB85660ED7BD762105689A20D62B2CD3F56587C390F85DC612ED2D822982BBCB3175E59DC9E7E5DC9B65065EA4CBCB79581695222EAC2C5A727FCB6
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........iz...)...)...)...)...)...)...)]a.)...)...)...)...)...)...)...)...)...)Rich...)........................PE..L...J..\...........!.........................@............................................@..........................D.......E..d...............................4....................................................@...............................text....$.......&.................. ....rdata.......@.......*..............@..@.data........P.......6..............@....nsis0.......`.......8..............`..`.nsis1..1u...p...v...<..............`..`.reloc..............................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsg1C42.tmp\System.dll

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exe
                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):11264
                                                                                                                                                                        Entropy (8bit):5.568877095847681
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
                                                                                                                                                                        MD5:C17103AE9072A06DA581DEC998343FC1
                                                                                                                                                                        SHA1:B72148C6BDFAADA8B8C3F950E610EE7CF1DA1F8D
                                                                                                                                                                        SHA-256:DC58D8AD81CACB0C1ED72E33BFF8F23EA40B5252B5BB55D393A0903E6819AE2F
                                                                                                                                                                        SHA-512:D32A71AAEF18E993F28096D536E41C4D016850721B31171513CE28BBD805A54FD290B7C3E9D935F72E676A1ACFB4F0DCC89D95040A0DD29F2B6975855C18986F
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......)...m.m.m...k.m.~....j....l.9..i....l.Richm.........................PE..L......K...........!................0).......0...............................`......................................p2......t0..P............................P.......................................................0..X............................text...1........................... ..`.rdata.......0......."..............@..@.data...d....@.......&..............@....reloc.......P.......(..............@..B................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsg1C42.tmp\W10_17763RegHlper.dll

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exe
                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):9632
                                                                                                                                                                        Entropy (8bit):6.2536667530818075
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:96:6MJhmLhi2r4wl9/F47vzz2dqxSG7+4EQej7Dc5Q0ryDeTuDn6aXveElfC9zeRZtx:6xkC4w4nYe+PjPmXrc3bw0J9N+Z5k
                                                                                                                                                                        MD5:D1A1686AC8444BBD9B1DAED5944BCF04
                                                                                                                                                                        SHA1:D91AC9FF19526D12E4FCE8717F520EB816A266D0
                                                                                                                                                                        SHA-256:9F25311E89E9C14622E64CDF30330612B984FD940D2197AB6A95A3EF1E6E59AA
                                                                                                                                                                        SHA-512:44CF32C83D434EE141B90F8BE5BF796223E3FD0C24267AEDA7AA01D85F18664ECF5E80B01FD59E3F821B11E5103A48D24EBFD95AB5452C914A3E393D858A5F24
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........................,...............Rich..................PE..L...V..]...........!......................... ...............................P.......>.............................. !......\ ..<............................@..<.................................................... ...............................text... ........................... ..`.rdata....... ......................@..@.data...L....0......................@....reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsg1C42.tmp\_InstUpdateOption.ini

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exe
                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):234
                                                                                                                                                                        Entropy (8bit):4.790458800357036
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:6:lNfa9WpI8oOKQ783QXRSMpoqoY/H3QXRSMpoE0f:lNykpIsMQXR/PvQXR/H0
                                                                                                                                                                        MD5:6D3B1ADFEA8DE98F7034950C8B7DB0CA
                                                                                                                                                                        SHA1:10A7F8800818837463262B4005845B1443F39643
                                                                                                                                                                        SHA-256:F502171564FCC30091DEBCEAC31F1702D96707A1A75029FE69AD49DEA2DB4EEC
                                                                                                                                                                        SHA-512:53BB984D87D6D89A638A96AE3D328CE6864FEF5833CB5F35A16751CCD6F111A7DB0F951D1B16480F370D304F1794A88A004912A0F084782B572EB3735237BC9D
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:[Settings]..NumFields=3..RTL=0..[Field 1]..Type=Label..Left=0..Right=-1..Top=0..Bottom=24..[Field 2]..Type=RadioButton..Left=30..Right=-1..Top=50..Bottom=58..State=1..[Field 3]..Type=RadioButton..Left=30..Right=-1..Top=70..Bottom=78..

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsg1C42.tmp\inetc.dll

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exe
                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                        Entropy (8bit):5.79794752453478
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:384:EVJOXQZkjhm+Np3aWgzxljzbbEUhU7ya4LtU0Ac9khYLMkIX0+GBty3S:EeXQcm+NpqWgzxljzfEUhUua4LtG
                                                                                                                                                                        MD5:C498AE64B4971132BBA676873978DE1E
                                                                                                                                                                        SHA1:92E4009CD776B6C8616D8BFFADE7668EF3CB3C27
                                                                                                                                                                        SHA-256:5552BDDE7E4113393F683EF501E4CC84DCCC071BDC51391EA7FA3E7C1D49E4E8
                                                                                                                                                                        SHA-512:8E5CA35493F749A39CEAE6796D2658BA10F7D8D9CECA45BB4365B338FABD1DFA9B9F92E33F50C91B0273E66ADFBCE4B98B09C15FD2473F8B214ED797462333D7
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................$....................`.....X....Rich..........PE..L......R...........!.....,...(.......:.......@......................................................................PI..l...|A..x....`.......................p.......................................................@..|............................text...4+.......,.................. ..`.rdata.......@.......0..............@..@.data...`....P.......:..............@....rsrc........`.......D..............@..@.reloc.......p.......J..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsg1C42.tmp\modern-header.bmp

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exe
                                                                                                                                                                        File Type:PC bitmap, Windows 3.x format, 150 x 57 x 24
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):25820
                                                                                                                                                                        Entropy (8bit):5.188890068777106
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:768:sxDuVVwTviL24EYpf0eIiJX2rhZfXHbya1iniBUdi5iOieWig:IK0biudrd1eqoGhe5
                                                                                                                                                                        MD5:F6C98435D3C275E5CA0D57A9C1F61B03
                                                                                                                                                                        SHA1:6DD37B198F09013FAE24D7A61EDE4F22E4C367FD
                                                                                                                                                                        SHA-256:365C7A4011ED2714C058F97CB7596881B8471C67BE646E365CE36284327A8CAA
                                                                                                                                                                        SHA-512:056472102623E62559701EC528CC0B633A2F73D7B028A4D5762BA293C7202851D2B7F9B92ED1FD2FE3955184E52279B9C6AE8E227CF9AEC3BC1D402AA2121394
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:BM.d......6...(.......9............d.....................................................................................................................................................................................................................................................................................................................~..{..y..w..s|.oy.nx.kv.ep.cn.am.^j.[h.Yf.Vc.Tb.P^.M\.JZ.IX.FV.DT.AR.>P.<N.:L.9K.7I.5G.4F.2D./B..A.,@.*>.)<.)<.&;.%9.$8.$8.$7.#7."5."5.!4.!4.!3.!3.!3."4.!3.!2...............................................................................................................................................................................................................................................................................................................~..x..w..t~.q{.ny.it.fq.co.`l.^k.Zg.Xe.Tb.R`.O^.L[.KZ.HX.EU.CS.AR.?P.<N.<N.:L.9J.8J.6H.6H.3F.2E.2D.1D.0C..A..@.+>.+>.)<.(;.&9.%8.%7.$6.$6.%7.%7.$6.$6.............................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsg1C42.tmp\modern-wizard.bmp

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exe
                                                                                                                                                                        File Type:PC bitmap, Windows 3.x format, 164 x 314 x 24
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):154544
                                                                                                                                                                        Entropy (8bit):6.597941184998617
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:1536:g+2SEKEjTY4/F4FXbuOtBTXdfKFlQ1oJjwjfW2yKbE7vp/Ye6xjcHowRvQbfkw0J:fSb4FXCOzKw/ziR/sSowRvQbfkw0J
                                                                                                                                                                        MD5:6AD7F23B6DEE9BD5C2849FA8A831DF24
                                                                                                                                                                        SHA1:E221E3917DF3F0CFBC8C545C7C28375131B3CD54
                                                                                                                                                                        SHA-256:AA800D4D2CA0DAC3C75EA5EF2EACCC6E4DEC72F24C21C0E2511D1F1C79DA6013
                                                                                                                                                                        SHA-512:FD454C1F881E4D46A241FD930260186B880FB75C25B268160B1F8540607B1C6C495D264BD2B7E00864839A673F6EFC76605043937BBA494DE871BA770BB78C91
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:BM.[......6...(.......:...........z[....................................................................................................................................................................... .."..$..(..,..0../../..2..2..2..2..-..+..(..'..#..".. ........... ..$..%..(..,..-..+..%....................... ..%..2..?..O..[..Z..U..J..=..-.."........#..%..*..*..%..".."..%..+..0../..'.. .................#..$..#.. ..#..-..7..?..B..@..:..3..3..7..=..P!!m''~""q..X..O..^$$u$$v..`..P..Z..a##s''}..]..B##s33.&&{..h!!m j..X..M..f...33.)).$$v)).......................................................................................................................................... ................................... .."..#..%..'..(..(..'..$.."..".. .."..".."..".. ..#..%..,..2..5..5..-..+..*..'..$..#.................$..0..=..M..V..Z..U..H..:..-..#.. .. ..%..,..-..*..#..%..,..2..5..3..'.................#..%..%..$..%..-..;..G..N..H..;..5..:..=..H..]$$v''~ j..S..V j%%x!!n..]..V..[ k$$v!!n..M!

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsg1C42.tmp\nsDialogs.dll

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exe
                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):9728
                                                                                                                                                                        Entropy (8bit):5.054726426952
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:96:hBABCcnl5TKhkfLxSslykcxM2DjDf3GE+Xv8Xav+Yx4VndY7ndS27gA:h6n+0SAfRE+/8ZYxMdqn420
                                                                                                                                                                        MD5:C10E04DD4AD4277D5ADC951BB331C777
                                                                                                                                                                        SHA1:B1E30808198A3AE6D6D1CCA62DF8893DC2A7AD43
                                                                                                                                                                        SHA-256:E31AD6C6E82E603378CB6B80E67D0E0DCD9CF384E1199AC5A65CB4935680021A
                                                                                                                                                                        SHA-512:853A5564BF751D40484EA482444C6958457CB4A17FB973CF870F03F201B8B2643BE41BCCDE00F6B2026DC0C3D113E6481B0DC4C7B0F3AE7966D38C92C6B5862E
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......../.cXN`0XN`0XN`0XNa0mN`0.A=0UN`0.mP0]N`0.Hf0YN`0.nd0YN`0RichXN`0........................PE..L......K...........!......... ...............0.......................................................................6..k....0.......`.......................p.......................................................0...............................text...G........................... ..`.rdata..k....0......................@..@.data........@......................@....rsrc........`....... ..............@..@.reloc..<....p......."..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsg1C42.tmp\nsWeb.dll

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exe
                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):8704
                                                                                                                                                                        Entropy (8bit):5.116295914206125
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:96:9E1ZgHfHizBkiz1zCuNrwXTP8Jx/N6SCMeNV37bnwXwPML/bUdut5tCsPb2N6nOc:9E1ZkGdbiSCMeNN7LwAY/gd+Oc
                                                                                                                                                                        MD5:84BCF3C71E70D5A6E9DC07D70466BDC3
                                                                                                                                                                        SHA1:31603A1AFC2D767A3392D363FF61533BEAA25359
                                                                                                                                                                        SHA-256:7D4DA7469D00E98F863B78CAECE3F2B753E26D7CE0CA9916C0802C35D7D22BCF
                                                                                                                                                                        SHA-512:61AEFA3C22D2F66053F568A4CC3A5FC1CF9DEB514213B550E5182EDCECD88FADF0CB78E7A593E6D4B7261ED1238E7693F1D38170C84A68BAF4943C3B9584D48E
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........5.n.T.=.T.=.T.=.v.=.T.=R\.=.T.=_\.=.T.=.T.=.T.=.r.=.T.=.R.=.T.=#t.=.T.=Rich.T.=........PE..L....fCB...........!......................... ...............................`......................................@%......h!.......@.......................P....................................................... ...............................text...p........................... ..`.rdata....... ......................@..@.data........0......................@....rsrc........@......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsj7B93.tmp\LangDLL.dll

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exe
                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):5632
                                                                                                                                                                        Entropy (8bit):3.951555564830228
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:48:iV6pAvmNC6iMPUptxEZK65x/AmvycNSmwVsOYJyvrpXptp/JvR0Jlof5d2:2811GED5ZTvycNSmwVsTJuftpZR0Sd2
                                                                                                                                                                        MD5:9384F4007C492D4FA040924F31C00166
                                                                                                                                                                        SHA1:ABA37FAEF30D7C445584C688A0B5638F5DB31C7B
                                                                                                                                                                        SHA-256:60A964095AF1BE79F6A99B22212FEFE2D16F5A0AFD7E707D14394E4143E3F4F5
                                                                                                                                                                        SHA-512:68F158887E24302673227ADFFC688FD3EDABF097D7F5410F983E06C6B9C7344CA1D8A45C7FA05553ADCC5987993DF3A298763477168D4842E554C4EB93B9AAAF
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................~..........z.....B....Rich..........PE..L......K...........!......................... ...............................`......................................p"..I...` ..P....@..`....................P....................................................... ..`............................text...l........................... ..`.rdata....... ......................@..@.data...l....0......................@....rsrc...`....@......................@..@.reloc..@....P......................@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsj7B93.tmp\SetupHlp.dll

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exe
                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):50176
                                                                                                                                                                        Entropy (8bit):7.427642668371209
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:768:otNv3IMEiRyxVewMx8AKMe5AlgYT43RgXYJg3kuBXTQRynnpCNU/Be:otNPIMPRyxIwMx8AKKytyYOn+RKCS/Be
                                                                                                                                                                        MD5:26628AE407ED37AD4FB7B1E8AD623DF4
                                                                                                                                                                        SHA1:B01D933757A57EEA04241CF656583E23F0278B9A
                                                                                                                                                                        SHA-256:A5F3700631C64057A304DAEF08AF79A3428DA669585BA4EAD2A7FF7FC34CDF9D
                                                                                                                                                                        SHA-512:C7B4E6377EB85660ED7BD762105689A20D62B2CD3F56587C390F85DC612ED2D822982BBCB3175E59DC9E7E5DC9B65065EA4CBCB79581695222EAC2C5A727FCB6
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........iz...)...)...)...)...)...)...)]a.)...)...)...)...)...)...)...)...)...)Rich...)........................PE..L...J..\...........!.........................@............................................@..........................D.......E..d...............................4....................................................@...............................text....$.......&.................. ....rdata.......@.......*..............@..@.data........P.......6..............@....nsis0.......`.......8..............`..`.nsis1..1u...p...v...<..............`..`.reloc..............................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsj7B93.tmp\System.dll

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exe
                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):11264
                                                                                                                                                                        Entropy (8bit):5.568877095847681
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
                                                                                                                                                                        MD5:C17103AE9072A06DA581DEC998343FC1
                                                                                                                                                                        SHA1:B72148C6BDFAADA8B8C3F950E610EE7CF1DA1F8D
                                                                                                                                                                        SHA-256:DC58D8AD81CACB0C1ED72E33BFF8F23EA40B5252B5BB55D393A0903E6819AE2F
                                                                                                                                                                        SHA-512:D32A71AAEF18E993F28096D536E41C4D016850721B31171513CE28BBD805A54FD290B7C3E9D935F72E676A1ACFB4F0DCC89D95040A0DD29F2B6975855C18986F
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......)...m.m.m...k.m.~....j....l.9..i....l.Richm.........................PE..L......K...........!................0).......0...............................`......................................p2......t0..P............................P.......................................................0..X............................text...1........................... ..`.rdata.......0......."..............@..@.data...d....@.......&..............@....reloc.......P.......(..............@..B................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsj7B93.tmp\W10_17763RegHlper.dll

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exe
                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):9632
                                                                                                                                                                        Entropy (8bit):6.2536667530818075
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:96:6MJhmLhi2r4wl9/F47vzz2dqxSG7+4EQej7Dc5Q0ryDeTuDn6aXveElfC9zeRZtx:6xkC4w4nYe+PjPmXrc3bw0J9N+Z5k
                                                                                                                                                                        MD5:D1A1686AC8444BBD9B1DAED5944BCF04
                                                                                                                                                                        SHA1:D91AC9FF19526D12E4FCE8717F520EB816A266D0
                                                                                                                                                                        SHA-256:9F25311E89E9C14622E64CDF30330612B984FD940D2197AB6A95A3EF1E6E59AA
                                                                                                                                                                        SHA-512:44CF32C83D434EE141B90F8BE5BF796223E3FD0C24267AEDA7AA01D85F18664ECF5E80B01FD59E3F821B11E5103A48D24EBFD95AB5452C914A3E393D858A5F24
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........................,...............Rich..................PE..L...V..]...........!......................... ...............................P.......>.............................. !......\ ..<............................@..<.................................................... ...............................text... ........................... ..`.rdata....... ......................@..@.data...L....0......................@....reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nso7B63.tmp

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exe
                                                                                                                                                                        File Type:data
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):2270579
                                                                                                                                                                        Entropy (8bit):7.396117523104436
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:49152:u+7MwsbtgsIMwjQCyN62L08zdL/B3sCc4iD45i5:9sILMI8h7qQk5
                                                                                                                                                                        MD5:594CFCA8047139358E4DCEAB8A1D0F3F
                                                                                                                                                                        SHA1:B74C0EB0C144DE3DD36F780A5857AEFFEBFB382F
                                                                                                                                                                        SHA-256:4B4295A8E3F866B8EC87D57F37708897636F77D38E6AE33FFDEF1704EB9B80DA
                                                                                                                                                                        SHA-512:CCAAC3975284B3DFD1C845212FB85432C0A2A5323E23DD33C9081A5978795665EED7C7DE90ACE518500049E9090D8D2BC917C9E58709D706AAFBFB461DDD0A64
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:.3......,.......l.......\,.......................2......................................................:.......p...?...E...............<...................................................................................................................................................J...[............)..................................................................f...............................................................................................................................h...............................................................g...........................................~...}...|...{...............Z.......j...............z...y...........................j...............................................x...w...................................v.......................................................................u...........................................H........<..................................................................................................

                                                                                                                                                                        C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\$PLUGINSDIR\InstallOptions.dll

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Program Files\7-Zip\7zG.exe
                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):14848
                                                                                                                                                                        Entropy (8bit):5.550299117674118
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:192:86d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jwK72dwF7dBEnbok:86UdHXcIiY535zBt2jw+BEnbo
                                                                                                                                                                        MD5:325B008AEC81E5AAA57096F05D4212B5
                                                                                                                                                                        SHA1:27A2D89747A20305B6518438EFF5B9F57F7DF5C3
                                                                                                                                                                        SHA-256:C9CD5C9609E70005926AE5171726A4142FFBCCCC771D307EFCD195DAFC1E6B4B
                                                                                                                                                                        SHA-512:18362B3AEE529A27E85CC087627ECF6E2D21196D725F499C4A185CB3A380999F43FF1833A8EBEC3F5BA1D3A113EF83185770E663854121F2D8B885790115AFDF
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......L.p..q.,.q.,.q.,.q.,@q.,.~C,.q.,\R.,.q.,\R/,.q.,.w.,.q.,.Q.,.q.,Rich.q.,........................PE..L......K...........!.........<.......).......0.......................................................................8..p...81.......p..........................@....................................................0..8............................text...@........................... ..`.rdata.......0....... ..............@..@.data... (...@.......*..............@....rsrc........p.......2..............@..@.reloc...............4..............@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\$PLUGINSDIR\LangDLL.dll

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Program Files\7-Zip\7zG.exe
                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):5632
                                                                                                                                                                        Entropy (8bit):3.951555564830228
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:48:iV6pAvmNC6iMPUptxEZK65x/AmvycNSmwVsOYJyvrpXptp/JvR0Jlof5d2:2811GED5ZTvycNSmwVsTJuftpZR0Sd2
                                                                                                                                                                        MD5:9384F4007C492D4FA040924F31C00166
                                                                                                                                                                        SHA1:ABA37FAEF30D7C445584C688A0B5638F5DB31C7B
                                                                                                                                                                        SHA-256:60A964095AF1BE79F6A99B22212FEFE2D16F5A0AFD7E707D14394E4143E3F4F5
                                                                                                                                                                        SHA-512:68F158887E24302673227ADFFC688FD3EDABF097D7F5410F983E06C6B9C7344CA1D8A45C7FA05553ADCC5987993DF3A298763477168D4842E554C4EB93B9AAAF
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................~..........z.....B....Rich..........PE..L......K...........!......................... ...............................`......................................p"..I...` ..P....@..`....................P....................................................... ..`............................text...l........................... ..`.rdata....... ......................@..@.data...l....0......................@....rsrc...`....@......................@..@.reloc..@....P......................@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\$PLUGINSDIR\SetupHlp.dll

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Program Files\7-Zip\7zG.exe
                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):50176
                                                                                                                                                                        Entropy (8bit):7.427642668371209
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:768:otNv3IMEiRyxVewMx8AKMe5AlgYT43RgXYJg3kuBXTQRynnpCNU/Be:otNPIMPRyxIwMx8AKKytyYOn+RKCS/Be
                                                                                                                                                                        MD5:26628AE407ED37AD4FB7B1E8AD623DF4
                                                                                                                                                                        SHA1:B01D933757A57EEA04241CF656583E23F0278B9A
                                                                                                                                                                        SHA-256:A5F3700631C64057A304DAEF08AF79A3428DA669585BA4EAD2A7FF7FC34CDF9D
                                                                                                                                                                        SHA-512:C7B4E6377EB85660ED7BD762105689A20D62B2CD3F56587C390F85DC612ED2D822982BBCB3175E59DC9E7E5DC9B65065EA4CBCB79581695222EAC2C5A727FCB6
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........iz...)...)...)...)...)...)...)]a.)...)...)...)...)...)...)...)...)...)Rich...)........................PE..L...J..\...........!.........................@............................................@..........................D.......E..d...............................4....................................................@...............................text....$.......&.................. ....rdata.......@.......*..............@..@.data........P.......6..............@....nsis0.......`.......8..............`..`.nsis1..1u...p...v...<..............`..`.reloc..............................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\$PLUGINSDIR\System.dll

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Program Files\7-Zip\7zG.exe
                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):11264
                                                                                                                                                                        Entropy (8bit):5.568877095847681
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
                                                                                                                                                                        MD5:C17103AE9072A06DA581DEC998343FC1
                                                                                                                                                                        SHA1:B72148C6BDFAADA8B8C3F950E610EE7CF1DA1F8D
                                                                                                                                                                        SHA-256:DC58D8AD81CACB0C1ED72E33BFF8F23EA40B5252B5BB55D393A0903E6819AE2F
                                                                                                                                                                        SHA-512:D32A71AAEF18E993F28096D536E41C4D016850721B31171513CE28BBD805A54FD290B7C3E9D935F72E676A1ACFB4F0DCC89D95040A0DD29F2B6975855C18986F
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......)...m.m.m...k.m.~....j....l.9..i....l.Richm.........................PE..L......K...........!................0).......0...............................`......................................p2......t0..P............................P.......................................................0..X............................text...1........................... ..`.rdata.......0......."..............@..@.data...d....@.......&..............@....reloc.......P.......(..............@..B................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\$PLUGINSDIR\W10_17763RegHlper.dll

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Program Files\7-Zip\7zG.exe
                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):9632
                                                                                                                                                                        Entropy (8bit):6.2536667530818075
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:96:6MJhmLhi2r4wl9/F47vzz2dqxSG7+4EQej7Dc5Q0ryDeTuDn6aXveElfC9zeRZtx:6xkC4w4nYe+PjPmXrc3bw0J9N+Z5k
                                                                                                                                                                        MD5:D1A1686AC8444BBD9B1DAED5944BCF04
                                                                                                                                                                        SHA1:D91AC9FF19526D12E4FCE8717F520EB816A266D0
                                                                                                                                                                        SHA-256:9F25311E89E9C14622E64CDF30330612B984FD940D2197AB6A95A3EF1E6E59AA
                                                                                                                                                                        SHA-512:44CF32C83D434EE141B90F8BE5BF796223E3FD0C24267AEDA7AA01D85F18664ECF5E80B01FD59E3F821B11E5103A48D24EBFD95AB5452C914A3E393D858A5F24
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........................,...............Rich..................PE..L...V..]...........!......................... ...............................P.......>.............................. !......\ ..<............................@..<.................................................... ...............................text... ........................... ..`.rdata....... ......................@..@.data...L....0......................@....reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\$PLUGINSDIR\_InstUpdateOption.ini

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Program Files\7-Zip\7zG.exe
                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):225
                                                                                                                                                                        Entropy (8bit):4.809358337682643
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:6:lN+BWpI8oOKQ783QXRSMpoqoY/H3QXRSMpoE0e:lN+IpIsMQXR/PvQXR/H9
                                                                                                                                                                        MD5:CE819CC71C59C4F69933159285E8E727
                                                                                                                                                                        SHA1:C1EF04EBD08A47B794E831C149BAAF525A91FD87
                                                                                                                                                                        SHA-256:AE10F55E6EEE0C64AD9DC5AB9998ED8DDE13F3EA050913B66CC5350DB7A6385E
                                                                                                                                                                        SHA-512:091B9B7F730D79041648332FED6925D3C0D7BAF53C6388B08FE2D90C2B6AD89E61A7E68461B1F114521B63C62887103BDE66EC615CEE42A3A5F4E5C1FF5CC2D6
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:[Settings]..NumFields=3..[Field 1]..Type=Label..Left=0..Right=-1..Top=0..Bottom=24..[Field 2]..Type=RadioButton..Left=30..Right=-1..Top=50..Bottom=58..State=1..[Field 3]..Type=RadioButton..Left=30..Right=-1..Top=70..Bottom=78

                                                                                                                                                                        C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\$PLUGINSDIR\inetc.dll

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Program Files\7-Zip\7zG.exe
                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                        Entropy (8bit):5.79794752453478
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:384:EVJOXQZkjhm+Np3aWgzxljzbbEUhU7ya4LtU0Ac9khYLMkIX0+GBty3S:EeXQcm+NpqWgzxljzfEUhUua4LtG
                                                                                                                                                                        MD5:C498AE64B4971132BBA676873978DE1E
                                                                                                                                                                        SHA1:92E4009CD776B6C8616D8BFFADE7668EF3CB3C27
                                                                                                                                                                        SHA-256:5552BDDE7E4113393F683EF501E4CC84DCCC071BDC51391EA7FA3E7C1D49E4E8
                                                                                                                                                                        SHA-512:8E5CA35493F749A39CEAE6796D2658BA10F7D8D9CECA45BB4365B338FABD1DFA9B9F92E33F50C91B0273E66ADFBCE4B98B09C15FD2473F8B214ED797462333D7
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................$....................`.....X....Rich..........PE..L......R...........!.....,...(.......:.......@......................................................................PI..l...|A..x....`.......................p.......................................................@..|............................text...4+.......,.................. ..`.rdata.......@.......0..............@..@.data...`....P.......:..............@....rsrc........`.......D..............@..@.reloc.......p.......J..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\$PLUGINSDIR\modern-header.bmp

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Program Files\7-Zip\7zG.exe
                                                                                                                                                                        File Type:PC bitmap, Windows 3.x format, 150 x 57 x 24
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):25820
                                                                                                                                                                        Entropy (8bit):5.188890068777106
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:768:sxDuVVwTviL24EYpf0eIiJX2rhZfXHbya1iniBUdi5iOieWig:IK0biudrd1eqoGhe5
                                                                                                                                                                        MD5:F6C98435D3C275E5CA0D57A9C1F61B03
                                                                                                                                                                        SHA1:6DD37B198F09013FAE24D7A61EDE4F22E4C367FD
                                                                                                                                                                        SHA-256:365C7A4011ED2714C058F97CB7596881B8471C67BE646E365CE36284327A8CAA
                                                                                                                                                                        SHA-512:056472102623E62559701EC528CC0B633A2F73D7B028A4D5762BA293C7202851D2B7F9B92ED1FD2FE3955184E52279B9C6AE8E227CF9AEC3BC1D402AA2121394
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:BM.d......6...(.......9............d.....................................................................................................................................................................................................................................................................................................................~..{..y..w..s|.oy.nx.kv.ep.cn.am.^j.[h.Yf.Vc.Tb.P^.M\.JZ.IX.FV.DT.AR.>P.<N.:L.9K.7I.5G.4F.2D./B..A.,@.*>.)<.)<.&;.%9.$8.$8.$7.#7."5."5.!4.!4.!3.!3.!3."4.!3.!2...............................................................................................................................................................................................................................................................................................................~..x..w..t~.q{.ny.it.fq.co.`l.^k.Zg.Xe.Tb.R`.O^.L[.KZ.HX.EU.CS.AR.?P.<N.<N.:L.9J.8J.6H.6H.3F.2E.2D.1D.0C..A..@.+>.+>.)<.(;.&9.%8.%7.$6.$6.%7.%7.$6.$6.............................................

                                                                                                                                                                        C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\$PLUGINSDIR\modern-wizard.bmp

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Program Files\7-Zip\7zG.exe
                                                                                                                                                                        File Type:PC bitmap, Windows 3.x format, 164 x 314 x 24
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):154544
                                                                                                                                                                        Entropy (8bit):6.597941184998617
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:1536:g+2SEKEjTY4/F4FXbuOtBTXdfKFlQ1oJjwjfW2yKbE7vp/Ye6xjcHowRvQbfkw0J:fSb4FXCOzKw/ziR/sSowRvQbfkw0J
                                                                                                                                                                        MD5:6AD7F23B6DEE9BD5C2849FA8A831DF24
                                                                                                                                                                        SHA1:E221E3917DF3F0CFBC8C545C7C28375131B3CD54
                                                                                                                                                                        SHA-256:AA800D4D2CA0DAC3C75EA5EF2EACCC6E4DEC72F24C21C0E2511D1F1C79DA6013
                                                                                                                                                                        SHA-512:FD454C1F881E4D46A241FD930260186B880FB75C25B268160B1F8540607B1C6C495D264BD2B7E00864839A673F6EFC76605043937BBA494DE871BA770BB78C91
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:BM.[......6...(.......:...........z[....................................................................................................................................................................... .."..$..(..,..0../../..2..2..2..2..-..+..(..'..#..".. ........... ..$..%..(..,..-..+..%....................... ..%..2..?..O..[..Z..U..J..=..-.."........#..%..*..*..%..".."..%..+..0../..'.. .................#..$..#.. ..#..-..7..?..B..@..:..3..3..7..=..P!!m''~""q..X..O..^$$u$$v..`..P..Z..a##s''}..]..B##s33.&&{..h!!m j..X..M..f...33.)).$$v)).......................................................................................................................................... ................................... .."..#..%..'..(..(..'..$.."..".. .."..".."..".. ..#..%..,..2..5..5..-..+..*..'..$..#.................$..0..=..M..V..Z..U..H..:..-..#.. .. ..%..,..-..*..#..%..,..2..5..3..'.................#..%..%..$..%..-..;..G..N..H..;..5..:..=..H..]$$v''~ j..S..V j%%x!!n..]..V..[ k$$v!!n..M!

                                                                                                                                                                        C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\$PLUGINSDIR\nsDialogs.dll

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Program Files\7-Zip\7zG.exe
                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):9728
                                                                                                                                                                        Entropy (8bit):5.054726426952
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:96:hBABCcnl5TKhkfLxSslykcxM2DjDf3GE+Xv8Xav+Yx4VndY7ndS27gA:h6n+0SAfRE+/8ZYxMdqn420
                                                                                                                                                                        MD5:C10E04DD4AD4277D5ADC951BB331C777
                                                                                                                                                                        SHA1:B1E30808198A3AE6D6D1CCA62DF8893DC2A7AD43
                                                                                                                                                                        SHA-256:E31AD6C6E82E603378CB6B80E67D0E0DCD9CF384E1199AC5A65CB4935680021A
                                                                                                                                                                        SHA-512:853A5564BF751D40484EA482444C6958457CB4A17FB973CF870F03F201B8B2643BE41BCCDE00F6B2026DC0C3D113E6481B0DC4C7B0F3AE7966D38C92C6B5862E
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......../.cXN`0XN`0XN`0XNa0mN`0.A=0UN`0.mP0]N`0.Hf0YN`0.nd0YN`0RichXN`0........................PE..L......K...........!......... ...............0.......................................................................6..k....0.......`.......................p.......................................................0...............................text...G........................... ..`.rdata..k....0......................@..@.data........@......................@....rsrc........`....... ..............@..@.reloc..<....p......."..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\$PLUGINSDIR\nsExec.dll

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Program Files\7-Zip\7zG.exe
                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):6656
                                                                                                                                                                        Entropy (8bit):5.036651327230889
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:96:M7GUb+YNfwgcr8zyKwZ5S4JxN8BS0ef9/3VI9d0qqyVgNk32E:eKgfwgcr8zylsB49Ud0qJVgNX
                                                                                                                                                                        MD5:ACC2B699EDFEA5BF5AAE45ABA3A41E96
                                                                                                                                                                        SHA1:D2ACCF4D494E43CEB2CFF69ABE4DD17147D29CC2
                                                                                                                                                                        SHA-256:168A974EAA3F588D759DB3F47C1A9FDC3494BA1FA1A73A84E5E3B2A4D58ABD7E
                                                                                                                                                                        SHA-512:E29EA10ADA98C71A18273B04F44F385B120D4E8473E441CE5748CFA44A23648814F2656F429B85440157988C88DE776C6AC008DC38BF09CBB746C230A46C69FE
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........................,.................Rich...........PE..L......K...........!......................... ...............................P.......................................$..l.... ..P............................@....................................................... ...............................text...H........................... ..`.rdata..,.... ......................@..@.data........0......................@....reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\$PLUGINSDIR\nsWeb.dll

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Program Files\7-Zip\7zG.exe
                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):8704
                                                                                                                                                                        Entropy (8bit):5.116295914206125
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:96:9E1ZgHfHizBkiz1zCuNrwXTP8Jx/N6SCMeNV37bnwXwPML/bUdut5tCsPb2N6nOc:9E1ZkGdbiSCMeNN7LwAY/gd+Oc
                                                                                                                                                                        MD5:84BCF3C71E70D5A6E9DC07D70466BDC3
                                                                                                                                                                        SHA1:31603A1AFC2D767A3392D363FF61533BEAA25359
                                                                                                                                                                        SHA-256:7D4DA7469D00E98F863B78CAECE3F2B753E26D7CE0CA9916C0802C35D7D22BCF
                                                                                                                                                                        SHA-512:61AEFA3C22D2F66053F568A4CC3A5FC1CF9DEB514213B550E5182EDCECD88FADF0CB78E7A593E6D4B7261ED1238E7693F1D38170C84A68BAF4943C3B9584D48E
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........5.n.T.=.T.=.T.=.v.=.T.=R\.=.T.=_\.=.T.=.T.=.T.=.r.=.T.=.R.=.T.=#t.=.T.=Rich.T.=........PE..L....fCB...........!......................... ...............................`......................................@%......h!.......@.......................P....................................................... ...............................text...p........................... ..`.rdata....... ......................@..@.data........0......................@....rsrc........@......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\$TEMP\SPTD2inst.exe

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Program Files\7-Zip\7zG.exe
                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):302792
                                                                                                                                                                        Entropy (8bit):6.988372864109766
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:6144:gn+h3uLVWboHhBihF1Eo7FknFAA+N2RxNtLi/q6y9zv7f3jCIT7a6jyhD:gn+h+IbEBiD1Eo7kuq6KzvLzCIT7ax
                                                                                                                                                                        MD5:1FE60B4F5DB3B9F3A4E235EA1128B830
                                                                                                                                                                        SHA1:A7D5C4EDDDCDF3D189C503A0905D4B34122AA7E2
                                                                                                                                                                        SHA-256:711D37B41E676BB0E5246F598F5AB648F44B2376D22C2EA4492CC304DFD44FBB
                                                                                                                                                                        SHA-512:101A79DEA4C8B6405864EBD0BAD8C21DBACF8F46A25626D957A9C747F66F69E3E6EEDF93304B9E4BF7E02EEE350D7887B49CAB00CF4B01FA11F279294EF0A6F8
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......X.z..u...u...u..o....u..o...u..o....u.......u.......u.......u..o....u..o....u...u..u.......u.......u.......u..Rich.u..........PE..L......Z.................F...N.......,.......`....@..................................:....@.................................<...x.......................................T...............................@............`...............................text...yE.......F.................. ..`.rdata...z...`...|...J..............@..@.data...............................@....rsrc...............................@..@.reloc...............n..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\$TEMP\SPTDIntf.dll

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Program Files\7-Zip\7zG.exe
                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):51232
                                                                                                                                                                        Entropy (8bit):7.020595533923927
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:768:6m4EIMJr6AoDyToG8+A9DDd9VtZgqj9jqSqJqSsXGV/KQMTXCLmvLn23+zjE:BpIMd6PVG8+eskZGZVmC2E
                                                                                                                                                                        MD5:3862C98F3676F3FD8BF4759DB17CF273
                                                                                                                                                                        SHA1:8CE5CA251376345220FA502930E4339CFBD7721D
                                                                                                                                                                        SHA-256:1C7D5E42FF3BC5E1A0ECD01FA68633DC67515B3A06E660FCD2D22D6EA436A6F1
                                                                                                                                                                        SHA-512:1836A39AD1BF17E086836298323CC36538174D991AA2E9EE4FD8B4594E88AAD1723FD875501F2E256E2B358FC88A84CD564B5BEF79ECA2B51AF4880C9646F396
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A................R...............!..............................>............Rich....................PE..L...I..V...........!.........................@......................................8.....@.........................@@..|....A..(.......\............... 4......D... @...............................................@...............................text............................... ..`.stext..@....0...................... ....rdata..z....@......................@..@.data...4....P....... ..............@....vmp0....Z...`...\...".............. ..`.reloc..D............~..............@..@.rsrc...............................@..@................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\$TEMP\SPTDinst.exe

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Program Files\7-Zip\7zG.exe
                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):495232
                                                                                                                                                                        Entropy (8bit):7.88350653075061
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:12288:eqJic2xsnd61zt6vj4dyMIyi6L/0oNJ+TDCPUCY3S2RK0j1:V4mM1zt6ubi6L/B3sCPUCk5
                                                                                                                                                                        MD5:B69569EED571E046149B2EB841B27429
                                                                                                                                                                        SHA1:CA2E9DD4408A0FB36A78DB55E702700841474D89
                                                                                                                                                                        SHA-256:859882A4111AAC37C928E003902F8E4951D882F3A6A58C3A345545CF241B19A1
                                                                                                                                                                        SHA-512:EA386736DEB32B0412A31B54B473D0CFA917F2D17A62C7EC5D9D05E30A820A00176E3F7BD7401F711C00801BA2182C103F60397E13C3DD226154A6CAC8630F23
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Ve..7.Q.7.Q.7.Q.O.Q.7.Q.O.Q.7.Q.O.Q.7.Q.O.Q.7.Q.O.Q.7.Qd8VQ.7.Q.7.Q/7.Q.O.Q.7.Q..uQ.7.Q.O.Q.7.Q.O.Q.7.Q.O.Q.7.QRich.7.Q........................PE..L...h._Z.................:...6...............`....@.......................................@...... ..................@G..`....p..d....p...............Z...4.......... ...................................@............q...............................text....7.......8.................. ..`.stext.......P.......<.............. ....data........`.......>..............@....idata..v....p.......6..............@....sptd0...............@..............`..`.rsrc........p.......*..............@..@CODEINIT ............H.............. ..bCODESIGN.............J..............@..B................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\AXShlEx.dll

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Program Files\7-Zip\7zG.exe
                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, UPX compressed
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):42784
                                                                                                                                                                        Entropy (8bit):7.692229744294293
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:768:Y9OJsaM/CxiDSUNNve7TukwZnU/G9kDKxKCrJ0Zgu:3Zx0hNFe7T7wZnU/G9kOxbF0Z
                                                                                                                                                                        MD5:8E074E914D9B428C17183323896F8E5F
                                                                                                                                                                        SHA1:E1A407584B486ECDB713293E05311282B71B18FE
                                                                                                                                                                        SHA-256:DF54AE57CC694C856345A35C35B0E1F8CBDE234BE75BF9C83BC591FCBD821746
                                                                                                                                                                        SHA-512:554CAE2235C0BEE916EFC7FA31B8CCE4E2F9BE5DE96D138F48F8E687732ED72F6C5955C8D456EF2EFBA9D45AEAC1E40DC1B7EF136E3B612102CB5BCEA4BB2A4B
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......O.9...WL..WL..WLd.\L..WL..YL..WLd.]LS.WL..L..WL..L..WL..VL..WL_.fL..WL.QL..WL.SL..WLRich..WL................PE..L....g.T...........!..................... ..........................................Y.......................................$...........$............... ...........................................................................................UPX0....................................UPX1......... ...|..................@....rsrc...............................@..............................................................................................................................................................................................................................................................................................................................................................................................3.91.UPX!....

                                                                                                                                                                        C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\Alcohol.exe

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Program Files\7-Zip\7zG.exe
                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):1690288
                                                                                                                                                                        Entropy (8bit):7.98388933524691
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:49152:QB7tbxfdbPeguSS/nbZj2/Th1JPtQNq9hdVZxiol:QvtZrTSfb8XJPyNq9h3iol
                                                                                                                                                                        MD5:A9F8C03FDEABA9E56934FDEFA9EB46F1
                                                                                                                                                                        SHA1:74BDE8988BC723ADC4A1F042A260A44B8FEFAB5F
                                                                                                                                                                        SHA-256:4AC4B770C340B3522A0484AA8DB3BB67718240CAA1206E1967A3AD3423670CA8
                                                                                                                                                                        SHA-512:FB4B12E216D1214EF03557D5FC2F5789CD2258DBD69A26E4949AA7B6409EAEB3F81C95332CBD6FAD2754ADF10CC396F47F8D9FEFEA73CFDA98DE3E3DE7AA676B
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................................................................................................................................................................................................................................................................................PE..L.....ea..........................R...l...R...j...@...........................l.................. ....................H.x.....l.......j..................$....................................j.....................................................SSE3......R.............................SSE2..........R.....................@....rsrc.........j.....................@...CODEINIT .....l..................... ..bCODESIGN......l.....................@..B...........................EM64TSSE4....

                                                                                                                                                                        C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\Alcoholx.dll

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Program Files\7-Zip\7zG.exe
                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):862480
                                                                                                                                                                        Entropy (8bit):7.1802892850047915
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:24576:/INJ9T7+yHyZnutzochOVjWL7zh0yamxbcBS37KL:/INJFNyNns8jWZ537K
                                                                                                                                                                        MD5:619D3846C60821FCF42E1B8D30AE1F1A
                                                                                                                                                                        SHA1:752AAEE37DAD05A6FDDD50E83148702E4C09B1F4
                                                                                                                                                                        SHA-256:24A259A22F46BD796702D70080F76F86DD7D0E6D6BA77ABB23CB5273C90C5A89
                                                                                                                                                                        SHA-512:CC422E8F9D6A2ECBC6769FB4228BEF5A403A792BF0651A2C7476B2AC06A1CF648CEEF2254A4C7C5051BFF327DC6A7E37ABA2133B0E7001345454558476957BF9
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......y...=.b.=.b.=.b.0.....b.0...).b.0.....b.4..<.b.>...?.b.4..7.b...{.>.b.=.c...b.R..<.b.R...<.b.>...>.b.>...<.b.0...<.b.>...<.b.Rich=.b.........................PE..L...P.&U...........!.........L...............................................p............@.........................@.......\...........8w......................p...P...8...............................@............................................text..."........................... ....rdata...f.......h..................@..@.data...`S... ......................@....valc0...=.......>...8..............`..`.reloc..p............v..............@..@.rsrc...............................@..@................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\AxAHCIServiceEx.exe

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Program Files\7-Zip\7zG.exe
                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):105888
                                                                                                                                                                        Entropy (8bit):7.930615874179617
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:3072:un4ExN3k2Mek4Eek7OTncQWvhmPMeuTe+outO+B/:u4ExN3tMeqeOQpWpXZoSp5
                                                                                                                                                                        MD5:03656342F2D3E44637134DA43C6F131A
                                                                                                                                                                        SHA1:ADCBD83CB4E90C7BB7190F648CAF83E34D087CEA
                                                                                                                                                                        SHA-256:DC4D5327B18DA95C7F0117EDA093D1FFF85E682F94AF0FDFBFB35E893320518B
                                                                                                                                                                        SHA-512:41ED0BE615C090889B5F52E46C9ED233E56992854B346FE99528CCAB53223603E2A3CF27E664B72D3188B7757D1C7CDAAE5FFF1206FACE1829DD565140DD810E
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$...........K.q.K.q.K.q.....A.q......q.....R.q...u._.q...r.].q...t.d.q..j..E.q..j..J.q...u.G.q...t.A.q...p.H.q.K.p...q...x.N.q.....J.q.K..I.q...s.J.q.RichK.q.................PE..L......].............................(.......@....@..........................P............@..................................H.......@......................PJ.......................................3..............................................UPX0....................................UPX1.............v..................@....rsrc........@.......z..............@......................................................................................................................................................................................................................................................................................................................................3.94.UPX!....

                                                                                                                                                                        C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\AxCmd.exe

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Program Files\7-Zip\7zG.exe
                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):35280
                                                                                                                                                                        Entropy (8bit):7.668876598401497
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:384:sh1AGrG5Aqg7GYx49zdeZriOkS35i7IHAt5A+7BRBf8uzfhm977dxWc2gvd51i5a:U17+bqGk49a3k51LEvdGG8bUuP3od
                                                                                                                                                                        MD5:7C167D202DDF10715D2361005CE3D8C4
                                                                                                                                                                        SHA1:8C50E1985502E2CBE956508714B6EC19424766BD
                                                                                                                                                                        SHA-256:447E0C97697B371D4F34D1E560D06BCC89C6FDF81457AC31C079FD6F4BFCD3EC
                                                                                                                                                                        SHA-512:E197CBA1EE402F69B33AD9FC5D4D5D7C0DA7D92B2494A6AD38C30D7A79AA6BBC0BA80F8C8540B1571B8AB836CDF23DF463F71DF875ABF04265EA878D5125A805
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:...~...~...~...............k.............w...~.......*...|..........Rich~...........................PE..L....!1U.................p..........pD.......P....@..........................`......b.......................................(T..L....P..(............r..............................................................................................UPX0....................................UPX1.....p.......h..................@....rsrc........P.......l..............@......................................................................................................................................................................................................................................................................................................................................................................................................3.91.UPX!....

                                                                                                                                                                        C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\AxShlEx64.dll

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Program Files\7-Zip\7zG.exe
                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):100128
                                                                                                                                                                        Entropy (8bit):6.090416183885346
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:1536:DbriJr4s0g6KMjVMMHWswND4U/5NM85zVw1rVl/wMLh/CXw9b:DXiJrj0g6xVMXskDPU8E1fYMLhv
                                                                                                                                                                        MD5:6E21A7D80BAF55ED8FBBA18E6E292E22
                                                                                                                                                                        SHA1:4D9FC4B24B6A87D73B21690CEE1592A4FC9D5224
                                                                                                                                                                        SHA-256:6BFEA8612746448D9C55F41616E66EEEBF0BE11B899F6513DF41EEB96E089A90
                                                                                                                                                                        SHA-512:7A69E9C6AD4800DDF9BE85C868C78461ED06242E172D0A9EB8D0C625C5370573B0C46C19F5F36674090F4168A9E4B07398B2E0AC32992DB228B8F16BF3A276CF
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......?..!{..r{..r{..r.9.r...r.9.rr..r.9.rt..r{..r.r.9.r}..r.9.rz..r.9.rz..r.9.rz..rRich{..r........PE..d....g.T.........." ................@................................................................................................G......09.......................n.. .......|.......................................................@............................text............................... ..`.rdata...G.......H..................@..@.data...`5...P.......<..............@....pdata...............N..............@..@.rsrc................^..............@..@.reloc...............j..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\AxShlExHlper.exe

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Program Files\7-Zip\7zG.exe
                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):259536
                                                                                                                                                                        Entropy (8bit):7.953653906946484
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:6144:2eFk2AAL3T00AI+7c2u6tjMoPgtXoShNn:h7RMuOMXtXoShNn
                                                                                                                                                                        MD5:4DDF47F19E533FA028C10A583C261002
                                                                                                                                                                        SHA1:0936F3C0184BA027CF17404F6F1F1676A7C9C4AA
                                                                                                                                                                        SHA-256:604E022A1395BDF9BD08CAE9633E83B65D9F47C770E6FBA6F2443210FA8CBC05
                                                                                                                                                                        SHA-512:A25D95F68146E251F03D23580576BFC30464F380160F237B76D9FF3493B1652E7D84860E4CFD98EC342931AD6F1E5A6C58B43D47B6E7E6F146D6E50972C429C9
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................................................................................................................................................................................................................................................................................PE..L....!1U..................... ...............p....@.............................................. ......................p.......@....p......................................................@l......................................................UPX0....................................UPX1................................@....rsrc.... ...p......................@...CODEINIT ........................... ..bCODESIGN............................@..B...........................3.91.UPX!....

                                                                                                                                                                        C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\AxShlRes.dll

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Program Files\7-Zip\7zG.exe
                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, UPX compressed
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):532768
                                                                                                                                                                        Entropy (8bit):6.746063565607934
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:6144:ZP+RXffRUTUZGj940wDEhwHdSpf4DZohuguugc14QPu:ZP6fJBw5wDzHdq4D8uguuh
                                                                                                                                                                        MD5:95D3EAC576229C99C413E21E01E9A1E1
                                                                                                                                                                        SHA1:33440A302BB789E977D88F819888987111CE3A0F
                                                                                                                                                                        SHA-256:A1BC49CEA1FE7A35E2B75164CC0769C1EE7A2886E415C79708744ADFAC4E4CEC
                                                                                                                                                                        SHA-512:3193C41C6599ADDB7FA4548CE5F1BDDFC8E4D9AC5B715076266C1EC236E4DE03E187481793D29ED673196E4CCE2CC1CAB1918755C0B3FACCA88B897E178FE14B
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ 5.A[..A[..A[.hG]..A[.Rich.A[.................PE..L....$.T...........!............. ..@1...0...@...............................@......u........................................=.......@.................. ...$>......................................................................................UPX0..... ..............................UPX1.........0......................@....rsrc........@......................@..............................................................................................................................................................................................................................................................................................................................................................................................................................................................3.91.UPX!....

                                                                                                                                                                        C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\AxType.ini

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Program Files\7-Zip\7zG.exe
                                                                                                                                                                        File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):8748
                                                                                                                                                                        Entropy (8bit):5.076617701933336
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:96:twQZ4w44VUCNQhWSVKViXjPbps6IjIgQnNQaSkl:2Hxpl
                                                                                                                                                                        MD5:DAE945477F8F434F25947893780BE9E2
                                                                                                                                                                        SHA1:EFBFEDFD0F41CEC82F405DC909C6DB5295CDB4A5
                                                                                                                                                                        SHA-256:FF8739BA491637159252F0B5FCE73015436DEFAE5C0FD0B7BD0C775DD2D6E52D
                                                                                                                                                                        SHA-512:3D189C95699B1DD183CE5B03BFBE7CBFAA586542BF9D53106E377080B4223EAFBCC88CD632B28BB103B536C9D6AECA0E0467120E618AC1A7B7402896B64AD651
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:.[3DO]..MAX Read Speed=16777215..Skip Read Error=0..Fast Skip Read Error=0..Read SubChannel Data=0..Read PreGap Area=0..MAX Write Speed=2117..Fix EFM Error=0..Burn RMPS on Disc=0..RecordMethodCount=3..RecordMethod_00=0x01..RecordMethod_01=0x02..RecordMethod_02=0x05....[Audio CD]..MAX Read Speed=16777215..Skip Read Error=0..Fast Skip Read Error=0..Read SubChannel Data=0..Read PreGap Area=0..MAX Write Speed=16777215..Fix EFM Error=0..Burn RMPS on Disc=0..RecordMethodCount=5..RecordMethod_00=0x01..RecordMethod_01=0x02..RecordMethod_02=0x03..RecordMethod_03=0x04..RecordMethod_04=0x05....[Audio CD+]..MAX Read Speed=16777215..Skip Read Error=0..Fast Skip Read Error=0..Read SubChannel Data=1..Read PreGap Area=0..MAX Write Speed=16777215..Fix EFM Error=0..Burn RMPS on Disc=0..RecordMethodCount=2..RecordMethod_00=0x04..RecordMethod_01=0x03....[CD-COPS]..MAX Read Speed=16777215..Skip Read Error=0..Fast Skip Read Error=0..Read SubChannel Data=0..Read PreGap Area=0..DPM=1..DPM Precision=0..MAX W

                                                                                                                                                                        C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\DevSupp.dll

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Program Files\7-Zip\7zG.exe
                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):59296
                                                                                                                                                                        Entropy (8bit):7.870722726354678
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:1536:6QWP4ZTdb6O/XrGqBMw0vOzcm82DsYGnouy85EW:6NP4vbRPTaw06cZ1hout5EW
                                                                                                                                                                        MD5:D539D44BD955B26B2883558F2B05FB3E
                                                                                                                                                                        SHA1:0468DB35DCF9A35FB41EC2BD28AFE51457A234FD
                                                                                                                                                                        SHA-256:574586EB3978DDE8F47B79A19B29D194AC7392399E3E21C1BA4D5BA1AA87DFD7
                                                                                                                                                                        SHA-512:F61E4249B801F1C325E6BBABF88071BBB8E5BE7A45422888A49CCF07FB8301485471AB7828C60E8EE17E2C5E5E5C2C0F310339FA3100A1A32FA087DB1A398A6F
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......,-L.hL".hL".hL".hL#.%L"..C..mL"..S).kL"..P,.|L"..S(.8L".<o..jL".<o..iL"..J$.iL"..l&.iL".RichhL".........PE..L..... [...........!.................H.......`...............................p......LM...............................d..<....c.......`.......................d......................................................................................SSE3....................................SSE2................................@....rsrc........`......................@......................................................................................................................................................................................................................................................................................................................................................................................................EM64TSSE4....

                                                                                                                                                                        C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\KillAxShlExHlper.exe

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Program Files\7-Zip\7zG.exe
                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):34816
                                                                                                                                                                        Entropy (8bit):5.871975570317292
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:768:eDwNZ/9TwwHI2FUH2eCfWhD1Ln2SEDI4ZBeW5:2EwQIAUH2eCyx927
                                                                                                                                                                        MD5:31F05DEC16E89893B3D50446294BC37B
                                                                                                                                                                        SHA1:7D170058375271941617053FF7DF0E2D651C0E37
                                                                                                                                                                        SHA-256:3830F563803366C61127CFDEA7F8AE786C4E716234388EEC05E5F7CE683494CB
                                                                                                                                                                        SHA-512:5329587CB1EBB66D86AAC5304752634D4B3AC666A6980CB72BAD1A9663BD835DC44706A1467040C80E4FB78122F8DC0F8AD67F82362945B8F29B15E73358A52B
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......?-..{L..{L..{L...:..oL...::.uL...:..8L..r47.xL..{L..=L...:..zL...:9.zL..Rich{L..........PE..L.../-8R.................J...:...............`....@.................................=.....@.................................L{..(................................... a...............................x..@............`...............................text....H.......J.................. ..`.rdata... ...`..."...N..............@..@.data................p..............@....rsrc................|..............@..@.reloc...............~..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\MX_RegAutoplayCanceler64.exe

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Program Files\7-Zip\7zG.exe
                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):34304
                                                                                                                                                                        Entropy (8bit):5.515651599302089
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:768:CPLZ5o5jZJRU3W5hIn+hBQppmqK1F4dmu7ieLDb:C9SI/+Ypmb1F4dmulLD
                                                                                                                                                                        MD5:B5E37F35456A3574401E821CAAB38F89
                                                                                                                                                                        SHA1:B60E4F10F48E82DC48E5FD6C60418C5DF4271AAA
                                                                                                                                                                        SHA-256:520937A2DE76DBE893382A2F030FA00EBBA0400866D8084696FF01FCEAB6B031
                                                                                                                                                                        SHA-512:3C388470F7D83F44E788D727AAADEA4040A913E8BEC4EC2DC0FF6A76FB0E21A0424CE269D75A05735D589D97BD75393AEBEA38669AABBAF8B02A94394A0B2604
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......j.e.............XPf.m...XPv.$...XPp.+.......c...XPe.-...XPs./...Rich............................PE..d......F..........#......L...H................@..............................................................................................z..<....................................................................................`...............................text...>K.......L.................. ..`.rdata...!...`..."...P..............@..@.data...0............r..............@....pdata..............................@..@................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\MX_RegShlEx64.exe

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Program Files\7-Zip\7zG.exe
                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):34304
                                                                                                                                                                        Entropy (8bit):5.504764380194882
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:384:2ThZhZhOx3m/wx/vj0mDD9sxQsapXXXNG0t6OpugdYchOsDeeIKir3LrkPs6:+bPIWwx/b31sxRWH93XpBeKne2i7Las
                                                                                                                                                                        MD5:797DF6430A7D9CCE2737BCD149657661
                                                                                                                                                                        SHA1:0C1A7414BFAB9F7A27EB45E23EA875BE543C1E23
                                                                                                                                                                        SHA-256:CEEE43FD89E1C1542EBCD33C6CB17A0674F00DDEB29564CC4BB270C8E0E8622B
                                                                                                                                                                        SHA-512:C29D68691F8DA63758859A5FA968DB7EC1A7A2181808CB103B63F4C2855C9B3749C9D339B850606F8C3DF01800CCB690CD180847768016F60A6A5D96E54DBDE1
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......j.eE............XPf.m...XPv.$...XPp.+.......a...XPe.-...XPs./...Rich............PE..d....<E..........#......L...H......p.........@..............................................................................................z..<....................................................................................`...............................text....K.......L.................. ..`.rdata...!...`..."...P..............@..@.data...0............r..............@....pdata..............................@..@................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\Plugins\AxtraWd.dll

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Program Files\7-Zip\7zG.exe
                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):566736
                                                                                                                                                                        Entropy (8bit):7.9427015914142025
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:12288:tYiJNx66eDJshUg+aWH9Jth127X+oRz8xd9RpLIY7GoSd:9I6EJshUg+aWbXSDRgd9fLLc
                                                                                                                                                                        MD5:085E5D1D74E00A909F2CB46AD831D2E9
                                                                                                                                                                        SHA1:D850B877CC4C686FC8C0E885ADD6F7EB87E70FC3
                                                                                                                                                                        SHA-256:2EA4688295E15FEEBC343A0386D7AAA50179E5FAC310417D2381C892A2E176C6
                                                                                                                                                                        SHA-512:5FC23CF097FB67C6D9B57FA801B5431FEA320DCBEC260628A1607880C34107D79A13F6D8B5171F1E6F0E988F13220F51FC37EA6C4448A9D2AF8157E4ABA0C8A6
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................................................................................................................................................................................................................................................................................PE..L....!1U...........#................0........0....@.......................... .......................................E......@B.......0..@...........................................................................................................UPX0....................................UPX1................................@....rsrc........0......................@..............................................................................................................3.91.UPX!....

                                                                                                                                                                        C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\Plugins\DPM.dll

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Program Files\7-Zip\7zG.exe
                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, UPX compressed
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):77312
                                                                                                                                                                        Entropy (8bit):7.851746378133595
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:1536:3iLYRgJGDAmjZvp2CE3DRRKiFzYh7muxbu7kyWa1+OePo6LL0Nks0txRp+d4u:3iLYaJV0Z5Ezqi5Yh7msbmkI1+1LL4vh
                                                                                                                                                                        MD5:D3F5E76300D0355E25BC42A643F9C05D
                                                                                                                                                                        SHA1:6DC851145C45147E06174ECC40868A9426D04F54
                                                                                                                                                                        SHA-256:7A9B03EFE4168C76D39CDF269D979E6901A09265EB86C117A99B13DE12573DBF
                                                                                                                                                                        SHA-512:FA804DA74386BD55017FCBCBFEE55AD9427A68668DBA1875387FBAB5E9B46ED12D4733FF2DA6BF6B0E134CE4AF975B73D44E46005513EB5DAB2400939A687FDF
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^.s.?p .?p .?p ... .?p ... .?p .0- .?p .?q .?p ... .?p ... .?p ... .?p ... .?p Rich.?p ........PE..L......I...........!.....0.......... ...................................................................................4...0...........0...................0...........................................H...........................................UPX0....................................UPX1.....0.......$..................@....rsrc................(..............@..............................................................................................................................................................................................................................................................................................................................................................................................................3.03.UPX!....

                                                                                                                                                                        C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\Plugins\DPMChart.dll

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Program Files\7-Zip\7zG.exe
                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):408352
                                                                                                                                                                        Entropy (8bit):7.983304899838288
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:12288:6w9cxG6wnHmPp1aKcIkJXqq+ZOhVrhDZXoS:ZcxEGyKgX7+ZOhlhl
                                                                                                                                                                        MD5:168E80D0FBFBF4E803DB8FB8B52C6EF5
                                                                                                                                                                        SHA1:09C6AD38AB8BB9D12BB1C09D0FF6A9A0BE9C8305
                                                                                                                                                                        SHA-256:D6DF170645A3EA74E8C71B2F8C3269497A51E1833B0C766FE6E7396505B6110D
                                                                                                                                                                        SHA-512:9562E4E2331022E66FCA63979C15EC8F1C5213606F987749CF94FA927CC4A858DD9C4FE5EFE62C6AE941E730A065E6A2AAF12300D61F29CB3AEC8FA0F0865090
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................................................................................................................................................................................................................................................................................PE..L..."i.T...........#......... ......@.............@..................................@..............................(................................".. ...D.......................................................................................UPX0....................................UPX1................................@....rsrc.... ..........................@..............................................................................................................3.91.UPX!....

                                                                                                                                                                        C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\Plugins\Helper\AxSrvUACHlper.exe

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Program Files\7-Zip\7zG.exe
                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):33568
                                                                                                                                                                        Entropy (8bit):7.604226223318244
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:384:WHhRtUr2AVX7khSUgDrDXHDmgIqicLs4Q2ViEGYDTBwHSXjuF2nYPLcSeM7N:ehRa9AhLgjkQKUBtTuEA
                                                                                                                                                                        MD5:E7928218F88EFC0BB5F290E3E31F0322
                                                                                                                                                                        SHA1:D8C1BC99DCDFE93858CEBF8378F8A0C461FBED8B
                                                                                                                                                                        SHA-256:A770EAD957D449DA851A105276C348467428E1A7BDA23A8FA80380C2276E3B3A
                                                                                                                                                                        SHA-512:6FF1899D57B4C5874D5E990C022D9CC8ED418E1EB2F5CFF558C2137D0E77734480F5A69DD8078DCFF20925700AEC54792EBC62E5F1B0E926A6817D2D13A6E7CE
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........R/..3A..3A..3A..E..3A..E.3A..K..3A..3@..3A..E..3A..E..3A..E..3A.Rich.3A.........PE..L...M..R.................`...........7.......@....@..........................P......g.....@..................................G..t....@...............j.. ...<I.......................................9..H...........................................UPX0....................................UPX1.....`.......\..................@....rsrc........@.......`..............@......................................................................................................................................................................................................................................................................................................................................................................................................................3.91.UPX!....

                                                                                                                                                                        C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\Plugins\Helper\AxSwindHlp.dll

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Program Files\7-Zip\7zG.exe
                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):226152
                                                                                                                                                                        Entropy (8bit):7.92751848516974
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:6144:+oqBU/XGiT0AynCdNOn0fH6LpsknRHNM7x6N6n6UyxP3oSiZ:VqBU/XGR+Oneav9i7xO6nhuP3oSu
                                                                                                                                                                        MD5:DE52523559FF5F08EB0C27DCD9511F4F
                                                                                                                                                                        SHA1:250B17552C35EC99A5B9E4BAC5178B1EB28A8114
                                                                                                                                                                        SHA-256:0E092A55553D1141FAD374B9976C030B7D911B9041F2657449F37B59AD56608C
                                                                                                                                                                        SHA-512:1BBE8E8CA37A866D225EE0CEE836619C4DA3B9871DFAECC5DC8771BF2CD14CE0DFA8F1A8F3FBB674CB5232523DEBE34B39815074115DA0CA5A3D05FCE37EF697
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................................................................................................................................................................................................................................................................................PE..L......N...........#.........`...p..Pq............@..................................q..............................0...@N...........................\..h...p.......................................................................................UPX0.....p..............................UPX1................................@....rsrc....`.......Z..................@..............................................................................................................3.07.UPX!....

                                                                                                                                                                        C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\Plugins\Helper\AxXMLPoster.exe

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Program Files\7-Zip\7zG.exe
                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):357152
                                                                                                                                                                        Entropy (8bit):7.982795884253719
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:6144:1sJ8s9k0+H0Pe8+19bTv+QnuOXlKTKTghhnZfuL32ZdZxuAtBhQLlkqzT8oS:1sJ8s60+H0PS/vNnfgThvA2Zg6+L/8oS
                                                                                                                                                                        MD5:738F85A69D589ACA25FB95974E70FE7D
                                                                                                                                                                        SHA1:26DED8BE1D1E7CC4CD40EF7590904D1805019BE0
                                                                                                                                                                        SHA-256:F769BC3E702545E4A9C70054704CE51390DC65AF1211B0AC05D7E423E40F4741
                                                                                                                                                                        SHA-512:D3AD0B62E69E69AB3D93788DDDF16596CA96CD3E4962DB52C53C3C76388BC61869A93FBF79A6A5E7C4342231DCABAAECD97E423D7C5811093D85FBB162AA256B
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................................................................................................................................................................................................................................................................................PE..L....U{R.................P...........G.......`....@..........................p................... .......................9...l..x....`...............Z.. ...................................xS......................................................UPX0....................................UPX1.....P.......F..................@....rsrc........`.......J..............@..............................................................................................................3.91.UPX!....

                                                                                                                                                                        C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\Plugins\Helper\LiteZip.dll

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Program Files\7-Zip\7zG.exe
                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):40448
                                                                                                                                                                        Entropy (8bit):5.906766061994967
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:768:wj9Pke+3R4jdBybsCkhLchUuJ1aaj8JUBgAfKH4hLFgxA:K9MGjdB/LlG/gC3fLqu
                                                                                                                                                                        MD5:286B6AD418744DF0545AD9951858B562
                                                                                                                                                                        SHA1:75827D92C3D660D286EB53F54A835FB255150F80
                                                                                                                                                                        SHA-256:3A162FBD8FAE14B25A323B98E93F131DF6FF20F4C7022D2C11042A0D2CCCDA49
                                                                                                                                                                        SHA-512:4DEDFE65AA9616E6575506433A3A85A02B01AEA792710AF3A7DB535346612DB63635AB2841149D2DEC8DC17EEBFD804A8D130AABDFD61D04E2506E2284FDAB65
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...q.H...........!.....f...F.......T..............................................................................`...........<.......\...........................................................................\... ............................text....e.......f.................. ..`.rdata...............j..............@..@.data...8!...........n..............@....idata..F............~..............@...shared..............................@....rsrc...\...........................@..@.reloc..b...........................@..B........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\Plugins\Helper\UACHlper.exe

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Program Files\7-Zip\7zG.exe
                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):24352
                                                                                                                                                                        Entropy (8bit):7.468376406830286
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:384:LZWBqG/yGrX/nxAfizWY4qr48BZaJMx7Eeg0ynWTUIqwnYPLcSeMdIX:L/G/yGr/nB48qex7EPWAnwmI
                                                                                                                                                                        MD5:9170436E8AE8F4AA7DF36B613C56F67F
                                                                                                                                                                        SHA1:61F82309D9829098EB2AFFBA75BCE4F3EA80DDEF
                                                                                                                                                                        SHA-256:9129B9869A7B6D35BE105F13A61AA47243EE12BB7DDD056BF0EFDF55B81E42E5
                                                                                                                                                                        SHA-512:D5C15A92732B7E0F4AB1C0BEE9ABFAFFC251BA6882280F533E915ADFCAD183DEE5581D22A05FDDA05EEAD2AC2A30FFBFEE4B7C36BD9073B874663DFECEDA1283
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....... ..`d..3d..3d..3...3f..3...3[..3...3j..3=..3o..3d..3...30..3f..3...3e..3Richd..3................PE..L....q?T.................@..........@.............@.................................."...............................................................F.. ...........................................................................................UPX0....................................UPX1.....@.......8..................@....rsrc................<..............@..............................................................................................................................................................................................................................................................................................................................................................................................................3.91.UPX!....

                                                                                                                                                                        C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\Plugins\Helper\UACHlperx64.exe

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Program Files\7-Zip\7zG.exe
                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):48416
                                                                                                                                                                        Entropy (8bit):6.018068871423216
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:768:Ef4LEjGge3UAzS3DQVgccdr1nVMw+pQ2nCJtI81iy8LxE3sJn:Ef4LEjGUH3XV6TCg84LxE3sB
                                                                                                                                                                        MD5:4EDF36DAF8E08D167FCCC5493CA2F0C5
                                                                                                                                                                        SHA1:F3833D7976631F3FDF99FD87D560610121A046DA
                                                                                                                                                                        SHA-256:CAF13981FB1454BA7CA7D3DB7B89029BC3CAE7D3B93C35C28FD1CF4D9A9EE305
                                                                                                                                                                        SHA-512:54464C1F43E891A092B3FFF718EC41D93B981E85D190EC8F570C6F6B7F995EDD9793DEA5DD9A230A86EECA6F2D051B0544EBB3E945EB0E1C79BAAE5F46B134A5
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......I..4...g...g...g{j.gN..g{j.g...g{j.g...g...gt..g{j.g...g{j.g...g{j.g...gRich...g........PE..d....q?T..........#......Z...\......@$........@.....................................j...........................................................x...............|....... ............................................................p..x............................text....Y.......Z.................. ..`.rdata...)...p...*...^..............@..@.data...."..........................@....pdata..|...........................@..@.rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\Plugins\NapalmBurn.dll

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Program Files\7-Zip\7zG.exe
                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows, UPX compressed
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):71168
                                                                                                                                                                        Entropy (8bit):5.96290389276414
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:1536:RahVVNDN65GS+x/iPGIBG6ML0qEutdqJ8nF:Qh6Gfx/iPTdML0qEERF
                                                                                                                                                                        MD5:EA293170F7B88E0E6093550E89C95257
                                                                                                                                                                        SHA1:AEDFEF704D2096237CC26CFD594B8814BB95880E
                                                                                                                                                                        SHA-256:6BC3717F488EC3979844C519697779D6013935CE46C151E84694A5CD5C719C37
                                                                                                                                                                        SHA-512:75707A3426BEFBA9208412681027C496040B0601E6E94DB19C273D108B0798A677F0B681B991F92EA6D1F55039F189EF7B979A4EFCE3EDD46D3E6C689DB83CE4
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........Y.f_Y.f_Y.f_..u_\.f_Y.g_<.f_~Z._H.f_~Z._X.f_~Z._..f_~Z._i.f_~Z._X.f_RichY.f_........PE..L.....iG...........!.........p....................@.....................................................................d..................................L.......................................L...H...........................................UPX0....................................UPX1................................@...UPX2.....p.......f..................@......................................................................................................................................................................................................................................................................................................................................................................................................................3.00.UPX!....

                                                                                                                                                                        C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\SPTDIntf.dll

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Program Files\7-Zip\7zG.exe
                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):51232
                                                                                                                                                                        Entropy (8bit):7.020595533923927
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:768:6m4EIMJr6AoDyToG8+A9DDd9VtZgqj9jqSqJqSsXGV/KQMTXCLmvLn23+zjE:BpIMd6PVG8+eskZGZVmC2E
                                                                                                                                                                        MD5:3862C98F3676F3FD8BF4759DB17CF273
                                                                                                                                                                        SHA1:8CE5CA251376345220FA502930E4339CFBD7721D
                                                                                                                                                                        SHA-256:1C7D5E42FF3BC5E1A0ECD01FA68633DC67515B3A06E660FCD2D22D6EA436A6F1
                                                                                                                                                                        SHA-512:1836A39AD1BF17E086836298323CC36538174D991AA2E9EE4FD8B4594E88AAD1723FD875501F2E256E2B358FC88A84CD564B5BEF79ECA2B51AF4880C9646F396
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A................R...............!..............................>............Rich....................PE..L...I..V...........!.........................@......................................8.....@.........................@@..|....A..(.......\............... 4......D... @...............................................@...............................text............................... ..`.stext..@....0...................... ....rdata..z....@......................@..@.data...4....P....... ..............@....vmp0....Z...`...\...".............. ..`.reloc..D............~..............@..@.rsrc...............................@..@................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\imgengine.dll

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Program Files\7-Zip\7zG.exe
                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):514904
                                                                                                                                                                        Entropy (8bit):6.847061719400002
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:12288:jWT2qSUbEEhrX8l0t0j20nnNftSCd6t1yqn63tqu:iT2RwMlE0nNftV6t1y+6dqu
                                                                                                                                                                        MD5:CE96E04E72ECCDC3DD9481044DCAE307
                                                                                                                                                                        SHA1:896D39978646307464AAF9E08932BCF678E2D4D4
                                                                                                                                                                        SHA-256:EE4BEFC19306D1BCFE334EA2D1A799E57080BB8AD2B159A7A57AF9F714212A98
                                                                                                                                                                        SHA-512:C586823D9DD7F8BA436DEC318EDA084DEA393A4751290EBE465802852BDC1A478EC6F59C84D636C228FBCB0447DC27E10922DC61DCA76B9046365BB3E6D34FFD
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........W.E.9FE.9FE.9FH..Fu.9FH..F^.9FH..F9.9FF..FV.9FL..FF.9FE.8F..9FL..FV.9FL..FN.9FF..FO.9FF..FD.9FH..FD.9FF..FD.9FRichE.9F........................PE..L.....-V...........!................B........................................@...........@..........................*..f...h*..(.......X...............X.......,1......8...........................X...@...............@............................text...`........................... ..`.rdata...!......."..................@..@.data........@...l... ..............@....rsrc...X...........................@..@.reloc..,1.......2..................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\lumsdk\AXLumSDKHlper.exe

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Program Files\7-Zip\7zG.exe
                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):27312
                                                                                                                                                                        Entropy (8bit):7.613442726635941
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:384:0gZST/1W1FxcSTp/FFUslej/MmR0X0NsgjLqmBVKc+uYTGfZb8ZpHSGAp9E+OWWw:pwT/YFtFFwj/tRs/mBmuYwbiRGp9E+tj
                                                                                                                                                                        MD5:21F78C495418A5DDF6703692491D3959
                                                                                                                                                                        SHA1:D85FA21C1416FC60F47C62455C0279E3D2483C48
                                                                                                                                                                        SHA-256:D5E56E3E4FF541601939CA260E9B0E2E5506BFE9C7FB99D5573A43CBD85E8D34
                                                                                                                                                                        SHA-512:61B8F7F74C0194B23F1F9E9CCB12C20C0E0810181C12236636F05267EC7BC3B3C7761127E53232880FAD02200BCE3F3AE770C18F1293F26FEE0836C44374A15D
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............a~..a~..a~.....a~.....a~.....a~.....a~......a~..a..a~.....a~.....a~.Rich.a~.........................PE..L...>2.`.................@..........p.............@.......................................@..........................................................F...$..........................................4...H...........................................UPX0....................................UPX1.....@.......>..................@....rsrc................B..............@..............................................................................................................................................................................................................................................................................................................................................................................................3.96.UPX!....

                                                                                                                                                                        C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\lumsdk\lum_sdk32.dll

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Program Files\7-Zip\7zG.exe
                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):3381560
                                                                                                                                                                        Entropy (8bit):6.714396567381941
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:24576:8+cWM8rotnNJ54cPF/nIu9I/ovtAkoh0tXNL2PVh6B+BzjmcrmFyjLF847eiWWcX:zML54cP9IyktBzjD+ZVX+xIPbPX
                                                                                                                                                                        MD5:5D99ABB287BC141EE08D89BDEAE38CD7
                                                                                                                                                                        SHA1:1CABA90BCD452AC96DF630C0880030B732AF05B6
                                                                                                                                                                        SHA-256:299B7057508C3AB32D9DB53B3BB62592CAFCC4810C9301C208F04967A39D84E6
                                                                                                                                                                        SHA-512:9D97B6D485A07AE2EC9DC7A36497E767096B5DC248D2D3857BE8076EF71F6D293FC884022BF69D270F71A9657A9C7621E3B1C7FB74CE10792529F82FE5EE8809
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~t.E:.m.:.m.:.m.7G....m.7G../.m.7G....m....1.m.:.l...m.Gl..8.m.Gl..;.m.7G..;.m.:...;.m.Gl..;.m.Rich:.m.........................PE..L....X.`...........!..........0..............................................3.......4...@......................... .......(...x.........0..........X3.8A....3.........8...............................@...............@............................text............................... ..`.rdata..tz.......|..................@..@.data....:...0......................@....tls.........p.......&..............@....rsrc.....0.......0..(..............@..@.reloc........3......:3.............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\lumsdk\net_updater32.exe

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Program Files\7-Zip\7zG.exe
                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):5552440
                                                                                                                                                                        Entropy (8bit):6.794335652510903
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:98304:3TagZJs7ekw00BX2A7CO4sriX7cVI1CNuIL0Z:3TagZJKekw00BX2AdrwO4Ii
                                                                                                                                                                        MD5:CF5D00D9B595020BF1CD6E53B8C5EB33
                                                                                                                                                                        SHA1:65B2716D24CB13B8D18FE028FB9F973AAD6EBD90
                                                                                                                                                                        SHA-256:5AAF74DCDC6732895E24BB7A501FADDB8F143D2EFB80EE415CCDCDF104171BC6
                                                                                                                                                                        SHA-512:557FAA4EF8025A854F88E9B1BD3C9131746ED14290416A21ECF708D05F9BBC11FD4F5FF4EA5541BA1A68A7564525B371D37D0AA3C49B3603FEFF16976C07F11B
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Yara Hits:
                                                                                                                                                                        • Rule: misc_pos, Description: unknown, Source: C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\lumsdk\net_updater32.exe, Author: @patrickrolsen
                                                                                                                                                                        Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......b...&...&...&.../.~......C..'....C..)....C.......C..?.......=.......0......#...I.G.=....C..........9...&.................'......'...Rich&...................PE..L....X.`.................p....>.....".............@...........................T.......U...@.....................................,..... ..3..........xT.8A....S..-..`S..T....................S......x...@...............@...\...@....................text...Kn.......p.................. ..`.rdata...*.......,...t..............@..@.data....O..........................@....rsrc....3... ...3.................@..@.reloc...-....S......JS.............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\pfctoc.dll

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Program Files\7-Zip\7zG.exe
                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):167936
                                                                                                                                                                        Entropy (8bit):5.895083801950922
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:3072:cUHdcXZX9whcli+x8mc7HBrRYcZSAv3a0:UX9tig7eSU7
                                                                                                                                                                        MD5:8CCF709953BC732C82724FD71D1C38F7
                                                                                                                                                                        SHA1:4F2AC0B14BB4DB32130BDB19C66B4436248DCD02
                                                                                                                                                                        SHA-256:0152F9543BC45759FD44D7A6EF9C8710B5F04B7A010AEB66626B272E743DF227
                                                                                                                                                                        SHA-512:3D82996895164A1D3D0C80C3515A0FC6DEDCE2599C8D3CAD0133BC061869321FBA9BDAA6F6145B88B195777EC6039F2F530BDE81AF188187FABEC856B2469BA4
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......M...........................h...........f..............f...{...p..."...........................Rich............PE..L...)4.<...........!......... ......~...................................................................................\...............x.......................(....................................................................................text............................... ..`.rdata...T.......`..................@..@.data....q.......@..................@....rsrc...x............P..............@..@.reloc.../.......0...`..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Windows\ServiceProfiles\LocalService\AppData\Local\ConnectedDevicesPlatform\CDPGlobalSettings.cdp

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                        File Type:UTF-8 Unicode (with BOM) text
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):2583
                                                                                                                                                                        Entropy (8bit):4.9697986369741445
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:48:5nL4sTeegaiJpfd8ewgm63QmncUJ3t30rPzDA0GJBjUFtlTFeolVK1W7mTJf/7J0:xL4sTtgjDfiewgm63QmcUxl01G6tTeoN
                                                                                                                                                                        MD5:B85E9A4702D1EEE70CA0B91AB0BD8110
                                                                                                                                                                        SHA1:9BE136BF0625D12E69B5F440892C67DD76ED2363
                                                                                                                                                                        SHA-256:4C365648A2AF6EA1B81DF89BD9BA18082D9475218CF609C0E72EAB72157C4F9C
                                                                                                                                                                        SHA-512:66931D4BD97531B12609E11A78F81BEA25215C0CFC83DDC42290B27E6A808D7702DE6585D826788763BC9823C038BCB904109FCAD10731D28E58EC10BEFE3026
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:.{. "AFSEnvironment" : 0,. "AFSUrl" : "https://activity.windows.com",. "AccountSettings" : [],. "AfcDefaultUser" : "",. "AfcPrivacySettings" : {. "ActivityFeed" : 0,. "CloudSync" : 0,. "PublishUserActivity" : 0,. "UploadUserActivity" : 1. },. "AfsConnectivityEnabled" : true,. "AfsPostInitializeSyncWaitMs" : 10000,. "AfsSyncFrequencyMs" : 86400000,. "Authentication.Environment" : 0,. "BluetoothTransportEnabled" : true,. "BluetoothTransportHostingAllowed" : true,. "CcsApiVersion" : "/api/v1",. "CcsDefaultServerName" : "romeccs.microsoft.com",. "CcsPollingEnabled" : false,. "CcsPollingInterval" : 0,. "CcsSeenRequestIds" : [],. "CcsSeenRequestIdsLastUpdatedTime" : "0000-00-00T00:00:00.000",. "Cloud.SessionIdleTimeoutIntervalSecs" : 3600,. "CloudDataGroupPolicyActivitiyPolicies" : [],. "CloudDataMDMActivitiyPolicies" : [],. "CloudTransportEnabled" : true,. "CloudTransportHostingAllowed" : true,. "CustomAuthClsid" : "",.

                                                                                                                                                                        C:\Windows\ServiceProfiles\LocalService\AppData\Local\ConnectedDevicesPlatform\L.user.cdp

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                        File Type:UTF-8 Unicode (with BOM) text
                                                                                                                                                                        Category:modified
                                                                                                                                                                        Size (bytes):945
                                                                                                                                                                        Entropy (8bit):4.874012735499585
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:24:oYMVcATnwlThXGpA781cL1/yKNYmXG2mXG784zZGUQUXGoXp:vupMdB0AI1cx/yKPGXGIIjQOzp
                                                                                                                                                                        MD5:7577F94E4A4A78C6F4C0AF029FE4C889
                                                                                                                                                                        SHA1:9ED5E83B77BECA57DC3A7E1C5533134AA9269C7C
                                                                                                                                                                        SHA-256:B19475C2D301AE938C551C077E1356F38E54EDC37B13D74284867AF8972EE0C0
                                                                                                                                                                        SHA-512:D5E1A3C76500B69E576504CEBD4B10842193D80444B330F03795915BAAF4888E3B938A616D3239E499BCB74DF75BBA88939A4C7FE3E9C39E97F7766D914C51C5
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:.{. "AfcDatabaseSettings" : {. "DatabaseInstanceId" : 0,. "LastUpdated" : "2022-09-02T16:29:47.207". },. "AfsActivityTypes" : [],. "AfsChannelUri" : "",. "AfsEnvironment" : "",. "AfsSubscriptionId" : "",. "AfsSubscriptionUpdateTime" : "0000-00-00T00:00:00.000",. "BaseRegisteredInfoHash" : "",. "CNCNotificationUri" : "",. "CNCNotificationUriExpirationTime" : "0000-00-00T00:00:00.000",. "CNCNotificationUriLastSynced" : "0000-00-00T00:00:00.000",. "DdsRegistrationExpiryTickCount" : 1679188549344,. "Devices" : [],. "FormatVersion" : 12,. "LastRegisteredNotificationUri" : "",. "LastRegisteredNotificationUriExpirationTime" : "0000-00-00T00:00:00.000",. "LastSyncedTime" : "0000-00-00T00:00:00.000",. "LogicalDeviceId" : "",. "NextDataEncryptionKeyRolloverTime" : "0000-00-00T00:00:00.000",. "RegisteredInfoHash" : "",. "RegisteredWithStrongAuth" : false,. "StableUserId" : "L.user".}.

                                                                                                                                                                        C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):55
                                                                                                                                                                        Entropy (8bit):4.306461250274409
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
                                                                                                                                                                        MD5:DCA83F08D448911A14C22EBCACC5AD57
                                                                                                                                                                        SHA1:91270525521B7FE0D986DB19747F47D34B6318AD
                                                                                                                                                                        SHA-256:2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
                                                                                                                                                                        SHA-512:96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

                                                                                                                                                                        C:\Windows\System32\drivers\sptd2.sys

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\SPTD2inst.exe
                                                                                                                                                                        File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):207344
                                                                                                                                                                        Entropy (8bit):7.251233410014884
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:6144:XPLtmLF0nFaq0t49eFUBVokD9VkJ/K2I3whejmvmnNHC:Z2IZ0/K26wIwuU
                                                                                                                                                                        MD5:783F139321FDB95C09F6B1F1A025B0C2
                                                                                                                                                                        SHA1:B944E0C15375FF008B8BC8556D876F095A0F2F9D
                                                                                                                                                                        SHA-256:BC960ADA7A513CEFFC5DF620F00173070BCC9D60061C897D8294306AE61303E7
                                                                                                                                                                        SHA-512:14AD29280764A5E3477C5DB3E76907C1598C8EB1ACA4BB0F3F00D653A770CC549845A576B419CAD71E2C8B468E93B611F4FD3F17CD59B25D3BE6B2878CDB75BA
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......cp..'..H'..H'..H'..H...HTs.I"..HTs.I!..HTs.I#..HTs.I ..H.r.I6..H.rZH&..H.r.I&..HRich'..H........................PE..d...1..Z.........."..........8.................@.............................`.......w....`.................................................0...<....P...................!...@..........8............................................... ............................text...t........................... ..h.data...............................@....pdata..............................@..H.idata..............................@..HPAGE....|........................... ..`INIT............. .................. ..b.sptd0...F.......H..................`..b.reloc.......@......................@..B.rsrc........P......................@..B........................................................................................................................................

                                                                                                                                                                        Static File Info

                                                                                                                                                                        General

                                                                                                                                                                        File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                        Entropy (8bit):7.999773823611829
                                                                                                                                                                        TrID:
                                                                                                                                                                        • Win32 Executable (generic) a (10002005/4) 92.16%
                                                                                                                                                                        • NSIS - Nullsoft Scriptable Install System (846627/2) 7.80%
                                                                                                                                                                        • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                        • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                        File name:Alcohol120_trial_2.1.1.1019.exe
                                                                                                                                                                        File size:10163184
                                                                                                                                                                        MD5:c07c71995fcf610966b3dc72da2338df
                                                                                                                                                                        SHA1:4b28aa0311d1cca7bcd7edd89c3d127017a15cf4
                                                                                                                                                                        SHA256:1d49d19f171c1f0136dad7b9ca6384915344185f202590606d106f27f4493443
                                                                                                                                                                        SHA512:55566906c0064a28aecd2ada186b9e40e75deec028662206e5fa20d11a938849a57084f3a33ee4663c2613e9e1827cb0ff9533f317209908d130d68058554f2d
                                                                                                                                                                        SSDEEP:196608:GTTbLcQ5sPbvz3C6wL8HLnKdh1FTXiDYSG5obYKqfDVxpFf+JLRnK:GTTVMyxLTh1FeDYmbYKGPWO
                                                                                                                                                                        TLSH:B9A6338E10C952D6C4A3D2B357B7E3BB99F2A1C85880362CA550CF1D2B139DBDB37589
                                                                                                                                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..iu..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i........................PE..L......K.................\.........

                                                                                                                                                                        File Icon

                                                                                                                                                                        Icon Hash:a2a0b496b2caca72

                                                                                                                                                                        Static PE Info

                                                                                                                                                                        General

                                                                                                                                                                        Entrypoint:0x40323c
                                                                                                                                                                        Entrypoint Section:.text
                                                                                                                                                                        Digitally signed:true
                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                        Subsystem:windows gui
                                                                                                                                                                        Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                                                                                                        DLL Characteristics:TERMINAL_SERVER_AWARE
                                                                                                                                                                        Time Stamp:0x4B1AE3C6 [Sat Dec 5 22:50:46 2009 UTC]
                                                                                                                                                                        TLS Callbacks:
                                                                                                                                                                        CLR (.Net) Version:
                                                                                                                                                                        OS Version Major:4
                                                                                                                                                                        OS Version Minor:0
                                                                                                                                                                        File Version Major:4
                                                                                                                                                                        File Version Minor:0
                                                                                                                                                                        Subsystem Version Major:4
                                                                                                                                                                        Subsystem Version Minor:0
                                                                                                                                                                        Import Hash:099c0646ea7282d232219f8807883be0

                                                                                                                                                                        Authenticode Signature

                                                                                                                                                                        Signature Valid:true
                                                                                                                                                                        Signature Issuer:CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB
                                                                                                                                                                        Signature Validation Error:The operation completed successfully
                                                                                                                                                                        Error Number:0
                                                                                                                                                                        Not Before, Not After
                                                                                                                                                                        • 1/28/2021 1:00:00 AM 1/27/2022 12:59:59 AM
                                                                                                                                                                        Subject Chain
                                                                                                                                                                        • CN=Quinton Mawhinney, O=Quinton Mawhinney, L=Belfast, S=Antrim, PostalCode=BT16 1WR, C=GB
                                                                                                                                                                        Version:3
                                                                                                                                                                        Thumbprint MD5:408A97181FC1AFB9362B7624241C22D1
                                                                                                                                                                        Thumbprint SHA-1:6B5EE2E1B42BB594A4165C547E09538C89086E8F
                                                                                                                                                                        Thumbprint SHA-256:CF247EC7134F5A2F800D4498243B64518D49189F51A37E9461051E43107B05CE
                                                                                                                                                                        Serial:00C4EE2923153BA912566AFDFABB6D7D7A

                                                                                                                                                                        Entrypoint Preview

                                                                                                                                                                        Instruction
                                                                                                                                                                        sub esp, 00000180h
                                                                                                                                                                        push ebx
                                                                                                                                                                        push ebp
                                                                                                                                                                        push esi
                                                                                                                                                                        xor ebx, ebx
                                                                                                                                                                        push edi
                                                                                                                                                                        mov dword ptr [esp+18h], ebx
                                                                                                                                                                        mov dword ptr [esp+10h], 00409130h
                                                                                                                                                                        xor esi, esi
                                                                                                                                                                        mov byte ptr [esp+14h], 00000020h
                                                                                                                                                                        call dword ptr [00407030h]
                                                                                                                                                                        push 00008001h
                                                                                                                                                                        call dword ptr [004070B4h]
                                                                                                                                                                        push ebx
                                                                                                                                                                        call dword ptr [0040727Ch]
                                                                                                                                                                        push 00000008h
                                                                                                                                                                        mov dword ptr [00423F58h], eax
                                                                                                                                                                        call 00007FBB8467480Eh
                                                                                                                                                                        mov dword ptr [00423EA4h], eax
                                                                                                                                                                        push ebx
                                                                                                                                                                        lea eax, dword ptr [esp+34h]
                                                                                                                                                                        push 00000160h
                                                                                                                                                                        push eax
                                                                                                                                                                        push ebx
                                                                                                                                                                        push 0041F458h
                                                                                                                                                                        call dword ptr [00407158h]
                                                                                                                                                                        push 004091B8h
                                                                                                                                                                        push 004236A0h
                                                                                                                                                                        call 00007FBB846744C1h
                                                                                                                                                                        call dword ptr [004070B0h]
                                                                                                                                                                        mov edi, 00429000h
                                                                                                                                                                        push eax
                                                                                                                                                                        push edi
                                                                                                                                                                        call 00007FBB846744AFh
                                                                                                                                                                        push ebx
                                                                                                                                                                        call dword ptr [0040710Ch]
                                                                                                                                                                        cmp byte ptr [00429000h], 00000022h
                                                                                                                                                                        mov dword ptr [00423EA0h], eax
                                                                                                                                                                        mov eax, edi
                                                                                                                                                                        jne 00007FBB84671C0Ch
                                                                                                                                                                        mov byte ptr [esp+14h], 00000022h
                                                                                                                                                                        mov eax, 00429001h
                                                                                                                                                                        push dword ptr [esp+14h]
                                                                                                                                                                        push eax
                                                                                                                                                                        call 00007FBB84673FA2h
                                                                                                                                                                        push eax
                                                                                                                                                                        call dword ptr [0040721Ch]
                                                                                                                                                                        mov dword ptr [esp+1Ch], eax
                                                                                                                                                                        jmp 00007FBB84671C65h
                                                                                                                                                                        cmp cl, 00000020h
                                                                                                                                                                        jne 00007FBB84671C08h
                                                                                                                                                                        inc eax
                                                                                                                                                                        cmp byte ptr [eax], 00000020h
                                                                                                                                                                        je 00007FBB84671BFCh
                                                                                                                                                                        cmp byte ptr [eax], 00000022h
                                                                                                                                                                        mov byte ptr [eax+eax+00h], 00000000h

                                                                                                                                                                        Rich Headers

                                                                                                                                                                        Programming Language:
                                                                                                                                                                        • [EXP] VC++ 6.0 SP5 build 8804

                                                                                                                                                                        Data Directories

                                                                                                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x73a40xb4.rdata
                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x410000x2a99.rsrc
                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x9aef400x24b0
                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x70000x28c.rdata
                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                        Sections

                                                                                                                                                                        NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                        .text0x10000x5a5a0x5c00False0.6604534646739131data6.417698236857409IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                        .rdata0x70000x11900x1200False0.4453125data5.181627099249737IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                        .data0x90000x1af980x400False0.55859375data4.70902740305165IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                        .ndata0x240000x1d0000x0False0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                        .rsrc0x410000x2a990x2c00False0.3162286931818182data4.532447624064218IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                                        Resources

                                                                                                                                                                        NameRVASizeTypeLanguageCountry
                                                                                                                                                                        RT_BITMAP0x413400x666dataEnglishUnited States
                                                                                                                                                                        RT_ICON0x419a80x8a8dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 15793151, next used block 10789024EnglishUnited States
                                                                                                                                                                        RT_ICON0x422500x568GLS_BINARY_LSB_FIRSTEnglishUnited States
                                                                                                                                                                        RT_ICON0x427b80x2e8dataEnglishUnited States
                                                                                                                                                                        RT_ICON0x42aa00x128GLS_BINARY_LSB_FIRSTEnglishUnited States
                                                                                                                                                                        RT_DIALOG0x42bc80xb4dataEnglishUnited States
                                                                                                                                                                        RT_DIALOG0x42c7c0x120dataEnglishUnited States
                                                                                                                                                                        RT_DIALOG0x42d9c0x158dataEnglishUnited States
                                                                                                                                                                        RT_DIALOG0x42ef40x200dataEnglishUnited States
                                                                                                                                                                        RT_DIALOG0x430f40xf8dataEnglishUnited States
                                                                                                                                                                        RT_DIALOG0x431ec0xeedataEnglishUnited States
                                                                                                                                                                        RT_GROUP_ICON0x432dc0x3edataEnglishUnited States
                                                                                                                                                                        RT_VERSION0x4331c0x2dcdata
                                                                                                                                                                        RT_MANIFEST0x435f80x4a1XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States

                                                                                                                                                                        Imports

                                                                                                                                                                        DLLImport
                                                                                                                                                                        KERNEL32.dllCompareFileTime, SearchPathA, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, GetLastError, CreateDirectoryA, SetFileAttributesA, Sleep, GetTickCount, CreateFileA, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, SetFileTime, GetTempPathA, GetCommandLineA, SetErrorMode, LoadLibraryA, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, CreateProcessA, RemoveDirectoryA, GetTempFileNameA, lstrlenA, lstrcatA, GetSystemDirectoryA, GetVersion, CloseHandle, lstrcmpiA, lstrcmpA, ExpandEnvironmentStringsA, GlobalFree, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GetModuleHandleA, LoadLibraryExA, GetProcAddress, FreeLibrary, MultiByteToWideChar, WritePrivateProfileStringA, GetPrivateProfileStringA, WriteFile, ReadFile, MulDiv, SetFilePointer, FindClose, FindNextFileA, FindFirstFileA, DeleteFileA, GetWindowsDirectoryA
                                                                                                                                                                        USER32.dllEndDialog, ScreenToClient, GetWindowRect, EnableMenuItem, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, RegisterClassA, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, DestroyWindow, CreateDialogParamA, SetTimer, SetWindowTextA, PostQuitMessage, SetForegroundWindow, wsprintfA, SendMessageTimeoutA, FindWindowExA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, OpenClipboard, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongA, LoadImageA, GetDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndPaint, ShowWindow
                                                                                                                                                                        GDI32.dllSetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectA, SetBkMode, SetTextColor, SelectObject
                                                                                                                                                                        SHELL32.dllSHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA, SHGetSpecialFolderLocation
                                                                                                                                                                        ADVAPI32.dllRegQueryValueExA, RegSetValueExA, RegEnumKeyA, RegEnumValueA, RegOpenKeyExA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA
                                                                                                                                                                        COMCTL32.dllImageList_AddMasked, ImageList_Destroy, ImageList_Create
                                                                                                                                                                        ole32.dllCoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance
                                                                                                                                                                        VERSION.dllGetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA

                                                                                                                                                                        Possible Origin

                                                                                                                                                                        Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                        EnglishUnited States

                                                                                                                                                                        Network Behavior

                                                                                                                                                                        Network Port Distribution

                                                                                                                                                                        TCP Packets

                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                        Sep 2, 2022 16:29:55.760776043 CEST4969380192.168.2.395.211.206.2
                                                                                                                                                                        Sep 2, 2022 16:29:55.785860062 CEST804969395.211.206.2192.168.2.3
                                                                                                                                                                        Sep 2, 2022 16:29:55.786043882 CEST4969380192.168.2.395.211.206.2
                                                                                                                                                                        Sep 2, 2022 16:29:55.787832022 CEST4969380192.168.2.395.211.206.2
                                                                                                                                                                        Sep 2, 2022 16:29:55.812961102 CEST804969395.211.206.2192.168.2.3
                                                                                                                                                                        Sep 2, 2022 16:29:55.814873934 CEST804969395.211.206.2192.168.2.3
                                                                                                                                                                        Sep 2, 2022 16:29:55.815001965 CEST4969380192.168.2.395.211.206.2
                                                                                                                                                                        Sep 2, 2022 16:29:56.237015963 CEST4969380192.168.2.395.211.206.2
                                                                                                                                                                        Sep 2, 2022 16:29:56.263555050 CEST804969395.211.206.2192.168.2.3
                                                                                                                                                                        Sep 2, 2022 16:29:56.263823032 CEST4969380192.168.2.395.211.206.2
                                                                                                                                                                        Sep 2, 2022 16:29:58.265552998 CEST804969395.211.206.2192.168.2.3
                                                                                                                                                                        Sep 2, 2022 16:29:58.265719891 CEST4969380192.168.2.395.211.206.2
                                                                                                                                                                        Sep 2, 2022 16:30:20.691631079 CEST4969380192.168.2.395.211.206.2

                                                                                                                                                                        UDP Packets

                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                        Sep 2, 2022 16:29:55.705209970 CEST5740753192.168.2.31.1.1.1
                                                                                                                                                                        Sep 2, 2022 16:29:55.739373922 CEST53574071.1.1.1192.168.2.3

                                                                                                                                                                        DNS Queries

                                                                                                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                                                                                        Sep 2, 2022 16:29:55.705209970 CEST192.168.2.31.1.1.10x4d62Standard query (0)support.alcohol-soft.comA (IP address)IN (0x0001)

                                                                                                                                                                        DNS Answers

                                                                                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                                                                                        Sep 2, 2022 16:29:55.739373922 CEST1.1.1.1192.168.2.30x4d62No error (0)support.alcohol-soft.com95.211.206.2A (IP address)IN (0x0001)

                                                                                                                                                                        HTTP Request Dependency Graph

                                                                                                                                                                        • support.alcohol-soft.com

                                                                                                                                                                        HTTP Packets

                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                        0192.168.2.34969395.211.206.280C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exe
                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                        Sep 2, 2022 16:29:55.787832022 CEST42OUTGET /display_trial_fe_adpage_in_intaller.php HTTP/1.1
                                                                                                                                                                        User-Agent: NSIS_Inetc (Mozilla)
                                                                                                                                                                        Host: support.alcohol-soft.com
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                        Sep 2, 2022 16:29:55.814873934 CEST43INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Fri, 02 Sep 2022 14:29:55 GMT
                                                                                                                                                                        Server: Apache/2
                                                                                                                                                                        Vary: User-Agent
                                                                                                                                                                        Content-Length: 1
                                                                                                                                                                        Keep-Alive: timeout=2, max=100
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                        Data Raw: 30
                                                                                                                                                                        Data Ascii: 0
                                                                                                                                                                        Sep 2, 2022 16:29:56.237015963 CEST43OUTGET /install_special_page.php?ref=A120T HTTP/1.1
                                                                                                                                                                        User-Agent: NSIS_Inetc (Mozilla)
                                                                                                                                                                        Host: support.alcohol-soft.com
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                        Sep 2, 2022 16:29:56.263555050 CEST43INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Fri, 02 Sep 2022 14:29:56 GMT
                                                                                                                                                                        Server: Apache/2
                                                                                                                                                                        Vary: Accept-Encoding,User-Agent
                                                                                                                                                                        Content-Length: 157
                                                                                                                                                                        Keep-Alive: timeout=2, max=99
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                        Data Raw: 5b 41 64 50 61 67 65 5d 0a 54 69 74 6c 65 20 3d 20 22 41 6c 63 6f 68 6f 6c 20 49 6e 73 74 61 6c 6c 65 72 22 0a 53 75 62 54 69 74 6c 65 20 3d 20 22 48 61 6e 64 79 20 26 20 55 73 65 66 75 6c 20 74 6f 6f 6c 73 20 49 6e 74 72 6f 64 75 63 74 69 6f 6e 73 22 0a 55 52 4c 20 3d 20 68 74 74 70 3a 2f 2f 73 75 70 70 6f 72 74 2e 61 6c 63 6f 68 6f 6c 2d 73 6f 66 74 2e 63 6f 6d 2f 69 6e 73 74 61 6c 6c 5f 73 70 65 63 69 61 6c 5f 70 61 67 65 5f 63 6f 6e 74 65 6e 74 73 2e 70 68 70 0a
                                                                                                                                                                        Data Ascii: [AdPage]Title = "Alcohol Installer"SubTitle = "Handy & Useful tools Introductions"URL = http://support.alcohol-soft.com/install_special_page_contents.php


                                                                                                                                                                        Statistics

                                                                                                                                                                        CPU Usage

                                                                                                                                                                        Click to jump to process

                                                                                                                                                                        Memory Usage

                                                                                                                                                                        Click to jump to process

                                                                                                                                                                        High Level Behavior Distribution

                                                                                                                                                                        Click to dive into process behavior distribution

                                                                                                                                                                        Behavior

                                                                                                                                                                        Click to jump to process

                                                                                                                                                                        System Behavior

                                                                                                                                                                        General

                                                                                                                                                                        Target ID:0
                                                                                                                                                                        Start time:16:29:43
                                                                                                                                                                        Start date:02/09/2022
                                                                                                                                                                        Path:C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exe
                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                        Commandline:"C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exe"
                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                        File size:10163184 bytes
                                                                                                                                                                        MD5 hash:C07C71995FCF610966B3DC72DA2338DF
                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                        Reputation:low

                                                                                                                                                                        General

                                                                                                                                                                        Target ID:2
                                                                                                                                                                        Start time:16:29:45
                                                                                                                                                                        Start date:02/09/2022
                                                                                                                                                                        Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                        Commandline:C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService
                                                                                                                                                                        Imagebase:0x7ff711320000
                                                                                                                                                                        File size:53744 bytes
                                                                                                                                                                        MD5 hash:9520A99E77D6196D0D09833146424113
                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                        Reputation:moderate

                                                                                                                                                                        General

                                                                                                                                                                        Target ID:3
                                                                                                                                                                        Start time:16:29:46
                                                                                                                                                                        Start date:02/09/2022
                                                                                                                                                                        Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                        Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                                                                                                                                                        Imagebase:0x7ff711320000
                                                                                                                                                                        File size:53744 bytes
                                                                                                                                                                        MD5 hash:9520A99E77D6196D0D09833146424113
                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                        Reputation:moderate

                                                                                                                                                                        General

                                                                                                                                                                        Target ID:4
                                                                                                                                                                        Start time:16:29:46
                                                                                                                                                                        Start date:02/09/2022
                                                                                                                                                                        Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                        Commandline:C:\Windows\system32\svchost.exe -k LocalService -p -s CDPSvc
                                                                                                                                                                        Imagebase:0x7ff711320000
                                                                                                                                                                        File size:53744 bytes
                                                                                                                                                                        MD5 hash:9520A99E77D6196D0D09833146424113
                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                        Reputation:moderate

                                                                                                                                                                        General

                                                                                                                                                                        Target ID:6
                                                                                                                                                                        Start time:16:30:00
                                                                                                                                                                        Start date:02/09/2022
                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Temp\SPTD2inst.exe
                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Local\Temp\SPTD2inst.exe" add /q
                                                                                                                                                                        Imagebase:0x7ff7e4530000
                                                                                                                                                                        File size:365768 bytes
                                                                                                                                                                        MD5 hash:0E226BA5DFB6380C080E0718DFC00B93
                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                        Reputation:low

                                                                                                                                                                        General

                                                                                                                                                                        Target ID:7
                                                                                                                                                                        Start time:16:30:00
                                                                                                                                                                        Start date:02/09/2022
                                                                                                                                                                        Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                        Commandline:C:\Windows\System32\svchost.exe -k NetworkService -p -s DoSvc
                                                                                                                                                                        Imagebase:0x7ff711320000
                                                                                                                                                                        File size:53744 bytes
                                                                                                                                                                        MD5 hash:9520A99E77D6196D0D09833146424113
                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                        Reputation:moderate

                                                                                                                                                                        General

                                                                                                                                                                        Target ID:8
                                                                                                                                                                        Start time:16:30:01
                                                                                                                                                                        Start date:02/09/2022
                                                                                                                                                                        Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                        Commandline:C:\Windows\System32\svchost.exe -k NetworkService -p
                                                                                                                                                                        Imagebase:0x7ff711320000
                                                                                                                                                                        File size:53744 bytes
                                                                                                                                                                        MD5 hash:9520A99E77D6196D0D09833146424113
                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                        Reputation:moderate

                                                                                                                                                                        General

                                                                                                                                                                        Target ID:9
                                                                                                                                                                        Start time:16:30:02
                                                                                                                                                                        Start date:02/09/2022
                                                                                                                                                                        Path:C:\Windows\System32\SgrmBroker.exe
                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                        Commandline:C:\Windows\system32\SgrmBroker.exe
                                                                                                                                                                        Imagebase:0x7ff67b1f0000
                                                                                                                                                                        File size:263904 bytes
                                                                                                                                                                        MD5 hash:C51AA0BB954EA45E85572E6CC29BA6F4
                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                        Reputation:low

                                                                                                                                                                        General

                                                                                                                                                                        Target ID:10
                                                                                                                                                                        Start time:16:30:02
                                                                                                                                                                        Start date:02/09/2022
                                                                                                                                                                        Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                        Commandline:C:\Windows\system32\svchost.exe -k netsvcs -p -s UsoSvc
                                                                                                                                                                        Imagebase:0x7ff711320000
                                                                                                                                                                        File size:53744 bytes
                                                                                                                                                                        MD5 hash:9520A99E77D6196D0D09833146424113
                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                        Reputation:moderate

                                                                                                                                                                        General

                                                                                                                                                                        Target ID:11
                                                                                                                                                                        Start time:16:30:02
                                                                                                                                                                        Start date:02/09/2022
                                                                                                                                                                        Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                        Commandline:C:\Windows\system32\svchost.exe -k UnistackSvcGroup
                                                                                                                                                                        Imagebase:0x7ff711320000
                                                                                                                                                                        File size:53744 bytes
                                                                                                                                                                        MD5 hash:9520A99E77D6196D0D09833146424113
                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                        Reputation:moderate

                                                                                                                                                                        General

                                                                                                                                                                        Target ID:13
                                                                                                                                                                        Start time:16:30:03
                                                                                                                                                                        Start date:02/09/2022
                                                                                                                                                                        Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                        Commandline:C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s wscsvc
                                                                                                                                                                        Imagebase:0x7ff711320000
                                                                                                                                                                        File size:53744 bytes
                                                                                                                                                                        MD5 hash:9520A99E77D6196D0D09833146424113
                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                        Programmed in:C, C++ or other language

                                                                                                                                                                        General

                                                                                                                                                                        Target ID:16
                                                                                                                                                                        Start time:16:30:28
                                                                                                                                                                        Start date:02/09/2022
                                                                                                                                                                        Path:C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exe
                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                        Commandline:"C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exe"
                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                        File size:10163184 bytes
                                                                                                                                                                        MD5 hash:C07C71995FCF610966B3DC72DA2338DF
                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                        Programmed in:C, C++ or other language

                                                                                                                                                                        General

                                                                                                                                                                        Target ID:20
                                                                                                                                                                        Start time:16:30:42
                                                                                                                                                                        Start date:02/09/2022
                                                                                                                                                                        Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                        Commandline:C:\Windows\system32\svchost.exe -k netsvcs -p -s lfsvc
                                                                                                                                                                        Imagebase:0x7ff711320000
                                                                                                                                                                        File size:53744 bytes
                                                                                                                                                                        MD5 hash:9520A99E77D6196D0D09833146424113
                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                        Programmed in:C, C++ or other language

                                                                                                                                                                        General

                                                                                                                                                                        Target ID:22
                                                                                                                                                                        Start time:16:31:11
                                                                                                                                                                        Start date:02/09/2022
                                                                                                                                                                        Path:C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exe
                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                        Commandline:"C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exe"
                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                        File size:10163184 bytes
                                                                                                                                                                        MD5 hash:C07C71995FCF610966B3DC72DA2338DF
                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                        Programmed in:C, C++ or other language

                                                                                                                                                                        General

                                                                                                                                                                        Target ID:24
                                                                                                                                                                        Start time:16:31:13
                                                                                                                                                                        Start date:02/09/2022
                                                                                                                                                                        Path:C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exe
                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                        Commandline:"C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019.exe"
                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                        File size:10163184 bytes
                                                                                                                                                                        MD5 hash:C07C71995FCF610966B3DC72DA2338DF
                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                        Programmed in:C, C++ or other language

                                                                                                                                                                        General

                                                                                                                                                                        Target ID:25
                                                                                                                                                                        Start time:16:31:35
                                                                                                                                                                        Start date:02/09/2022
                                                                                                                                                                        Path:C:\Program Files\7-Zip\7zG.exe
                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                        Commandline:"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\user\Desktop\Alcohol120_trial_2.1.1.1019\" -spe -an -ai#7zMap26653:116:7zEvent29920
                                                                                                                                                                        Imagebase:0xf40000
                                                                                                                                                                        File size:581632 bytes
                                                                                                                                                                        MD5 hash:04FB3AE7F05C8BC333125972BA907398
                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                        Programmed in:C, C++ or other language

                                                                                                                                                                        Disassembly

                                                                                                                                                                        No disassembly