zloader | f63e761cf5dfe53b09554fb2baf02ad9445ee3a46b3bf53769587690f98961f1

Analysis

max time kernel
300s
max time network
307s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
09-09-2022 19:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

CricutDesignSpace-Install-v7.16.117.exe
Size

137.0MB
MD5

bdb6d16a9208604994a4c135d333c2a2
SHA1

d5e1622253bdae269949e72d23d7011b7fef0b18
SHA256

f63e761cf5dfe53b09554fb2baf02ad9445ee3a46b3bf53769587690f98961f1
SHA512

98bb2b69521c939dccda54ddbe0bf35fec208079d99b1282b81c9947133d26d78f4dc0b0a732d6be01b5b99c7d0719c182b8be9fc1bcda2c21602e65fcbf0b22
SSDEEP

3145728:BgIsyUzwC0o9MAY65RWsTrEbR2XZql0nPOk5Ix2LBDSG:CIlwwCHM65rreR2pI0POkQCg

Score

10^/10

zloader botnet discovery trojan

Malware Config

Signatures

Zloader, Terdot, DELoader, ZeusSphinx
Zloader is a malware strain that was initially discovered back in August 2015.
trojan botnet zloader

Executes dropped EXE 9 IoCs

pid	Process
356	Cricut Design Space.exe
1744	Cricut Design Space.exe
4480	Cricut Design Space.exe
1844	Cricut Design Space.exe
5108	Cricut Design Space.exe
4948	Cricut Design Space.exe
2156	Cricut Design Space.exe
4772	Cricut Design Space.exe
4028	Cricut Design Space.exe

Checks computer location settings 2 TTPs 6 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Control Panel\International\Geo\Nation	Cricut Design Space.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Control Panel\International\Geo\Nation	Cricut Design Space.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Control Panel\International\Geo\Nation	Cricut Design Space.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Control Panel\International\Geo\Nation	Cricut Design Space.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Control Panel\International\Geo\Nation	Cricut Design Space.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Control Panel\International\Geo\Nation	Cricut Design Space.exe

Loads dropped DLL 22 IoCs

pid	Process
3500	CricutDesignSpace-Install-v7.16.117.exe
3500	CricutDesignSpace-Install-v7.16.117.exe
3500	CricutDesignSpace-Install-v7.16.117.exe
3500	CricutDesignSpace-Install-v7.16.117.exe
3500	CricutDesignSpace-Install-v7.16.117.exe
3500	CricutDesignSpace-Install-v7.16.117.exe
3500	CricutDesignSpace-Install-v7.16.117.exe
356	Cricut Design Space.exe
4480	Cricut Design Space.exe
1744	Cricut Design Space.exe
1844	Cricut Design Space.exe
1744	Cricut Design Space.exe
1744	Cricut Design Space.exe
1744	Cricut Design Space.exe
1744	Cricut Design Space.exe
1744	Cricut Design Space.exe
5108	Cricut Design Space.exe
4948	Cricut Design Space.exe
2156	Cricut Design Space.exe
4772	Cricut Design Space.exe
4028	Cricut Design Space.exe
4028	Cricut Design Space.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz	Cricut Design Space.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString	Cricut Design Space.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Cricut Design Space.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Cricut Design Space.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Cricut Design Space.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	Cricut Design Space.exe

Modifies registry class 7 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\cricut	Cricut Design Space.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\cricut\URL Protocol	Cricut Design Space.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\cricut\ = "URL:cricut"	Cricut Design Space.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\cricut\shell\open\command	Cricut Design Space.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\cricut\shell	Cricut Design Space.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\cricut\shell\open	Cricut Design Space.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\cricut\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Cricut Design Space\\Cricut Design Space.exe\" \"%1\""	Cricut Design Space.exe

Modifies system certificate store 2 TTPs 8 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 040000000100000010000000324a4bbbc863699bbe749ac6dd1d46240f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a190000000100000010000000fd960962ac6938e0d4b0769aa1a64e262000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	Cricut Design Space.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 5c000000010000000400000000080000190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e76200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65809000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e650040000000100000010000000324a4bbbc863699bbe749ac6dd1d46242000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	Cricut Design Space.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A	Cricut Design Space.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	Cricut Design Space.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	Cricut Design Space.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	Cricut Design Space.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	Cricut Design Space.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e76200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65809000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	Cricut Design Space.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3500	CricutDesignSpace-Install-v7.16.117.exe
3500	CricutDesignSpace-Install-v7.16.117.exe
3500	CricutDesignSpace-Install-v7.16.117.exe
3500	CricutDesignSpace-Install-v7.16.117.exe
3500	CricutDesignSpace-Install-v7.16.117.exe
3500	CricutDesignSpace-Install-v7.16.117.exe
4028	Cricut Design Space.exe
4028	Cricut Design Space.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeSecurityPrivilege	3500	CricutDesignSpace-Install-v7.16.117.exe
Token: SeShutdownPrivilege	356	Cricut Design Space.exe
Token: SeCreatePagefilePrivilege	356	Cricut Design Space.exe
Token: SeShutdownPrivilege	356	Cricut Design Space.exe
Token: SeCreatePagefilePrivilege	356	Cricut Design Space.exe
Token: SeShutdownPrivilege	356	Cricut Design Space.exe
Token: SeCreatePagefilePrivilege	356	Cricut Design Space.exe
Token: SeShutdownPrivilege	356	Cricut Design Space.exe
Token: SeCreatePagefilePrivilege	356	Cricut Design Space.exe
Token: SeShutdownPrivilege	356	Cricut Design Space.exe
Token: SeCreatePagefilePrivilege	356	Cricut Design Space.exe
Token: SeShutdownPrivilege	356	Cricut Design Space.exe
Token: SeCreatePagefilePrivilege	356	Cricut Design Space.exe
Token: SeShutdownPrivilege	356	Cricut Design Space.exe
Token: SeCreatePagefilePrivilege	356	Cricut Design Space.exe
Token: SeShutdownPrivilege	356	Cricut Design Space.exe
Token: SeCreatePagefilePrivilege	356	Cricut Design Space.exe
Token: SeShutdownPrivilege	356	Cricut Design Space.exe
Token: SeCreatePagefilePrivilege	356	Cricut Design Space.exe
Token: SeShutdownPrivilege	356	Cricut Design Space.exe
Token: SeCreatePagefilePrivilege	356	Cricut Design Space.exe
Token: SeShutdownPrivilege	356	Cricut Design Space.exe
Token: SeCreatePagefilePrivilege	356	Cricut Design Space.exe
Token: SeShutdownPrivilege	356	Cricut Design Space.exe
Token: SeCreatePagefilePrivilege	356	Cricut Design Space.exe
Token: SeShutdownPrivilege	356	Cricut Design Space.exe
Token: SeCreatePagefilePrivilege	356	Cricut Design Space.exe
Token: SeShutdownPrivilege	356	Cricut Design Space.exe
Token: SeCreatePagefilePrivilege	356	Cricut Design Space.exe
Token: SeShutdownPrivilege	356	Cricut Design Space.exe
Token: SeCreatePagefilePrivilege	356	Cricut Design Space.exe
Token: SeShutdownPrivilege	356	Cricut Design Space.exe
Token: SeCreatePagefilePrivilege	356	Cricut Design Space.exe
Token: SeShutdownPrivilege	356	Cricut Design Space.exe
Token: SeCreatePagefilePrivilege	356	Cricut Design Space.exe
Token: SeShutdownPrivilege	356	Cricut Design Space.exe
Token: SeCreatePagefilePrivilege	356	Cricut Design Space.exe
Token: SeShutdownPrivilege	356	Cricut Design Space.exe
Token: SeCreatePagefilePrivilege	356	Cricut Design Space.exe
Token: SeShutdownPrivilege	356	Cricut Design Space.exe
Token: SeCreatePagefilePrivilege	356	Cricut Design Space.exe
Token: SeShutdownPrivilege	356	Cricut Design Space.exe
Token: SeCreatePagefilePrivilege	356	Cricut Design Space.exe
Token: SeShutdownPrivilege	356	Cricut Design Space.exe
Token: SeCreatePagefilePrivilege	356	Cricut Design Space.exe
Token: SeShutdownPrivilege	356	Cricut Design Space.exe
Token: SeCreatePagefilePrivilege	356	Cricut Design Space.exe
Token: SeShutdownPrivilege	356	Cricut Design Space.exe
Token: SeCreatePagefilePrivilege	356	Cricut Design Space.exe
Token: SeShutdownPrivilege	356	Cricut Design Space.exe
Token: SeCreatePagefilePrivilege	356	Cricut Design Space.exe
Token: SeShutdownPrivilege	356	Cricut Design Space.exe
Token: SeCreatePagefilePrivilege	356	Cricut Design Space.exe
Token: SeShutdownPrivilege	356	Cricut Design Space.exe
Token: SeCreatePagefilePrivilege	356	Cricut Design Space.exe
Token: SeShutdownPrivilege	356	Cricut Design Space.exe
Token: SeCreatePagefilePrivilege	356	Cricut Design Space.exe
Token: SeShutdownPrivilege	356	Cricut Design Space.exe
Token: SeCreatePagefilePrivilege	356	Cricut Design Space.exe
Token: SeShutdownPrivilege	356	Cricut Design Space.exe
Token: SeCreatePagefilePrivilege	356	Cricut Design Space.exe
Token: SeShutdownPrivilege	356	Cricut Design Space.exe
Token: SeCreatePagefilePrivilege	356	Cricut Design Space.exe
Token: SeShutdownPrivilege	356	Cricut Design Space.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 356 wrote to memory of 1744	356	Cricut Design Space.exe	70
PID 356 wrote to memory of 1744	356	Cricut Design Space.exe	70
PID 356 wrote to memory of 1744	356	Cricut Design Space.exe	70
PID 356 wrote to memory of 1744	356	Cricut Design Space.exe	70
PID 356 wrote to memory of 1744	356	Cricut Design Space.exe	70
PID 356 wrote to memory of 1744	356	Cricut Design Space.exe	70
PID 356 wrote to memory of 1744	356	Cricut Design Space.exe	70
PID 356 wrote to memory of 1744	356	Cricut Design Space.exe	70
PID 356 wrote to memory of 1744	356	Cricut Design Space.exe	70
PID 356 wrote to memory of 1744	356	Cricut Design Space.exe	70
PID 356 wrote to memory of 1744	356	Cricut Design Space.exe	70
PID 356 wrote to memory of 1744	356	Cricut Design Space.exe	70
PID 356 wrote to memory of 1744	356	Cricut Design Space.exe	70
PID 356 wrote to memory of 1744	356	Cricut Design Space.exe	70
PID 356 wrote to memory of 1744	356	Cricut Design Space.exe	70
PID 356 wrote to memory of 1744	356	Cricut Design Space.exe	70
PID 356 wrote to memory of 1744	356	Cricut Design Space.exe	70
PID 356 wrote to memory of 1744	356	Cricut Design Space.exe	70
PID 356 wrote to memory of 1744	356	Cricut Design Space.exe	70
PID 356 wrote to memory of 1744	356	Cricut Design Space.exe	70
PID 356 wrote to memory of 1744	356	Cricut Design Space.exe	70
PID 356 wrote to memory of 1744	356	Cricut Design Space.exe	70
PID 356 wrote to memory of 1744	356	Cricut Design Space.exe	70
PID 356 wrote to memory of 1744	356	Cricut Design Space.exe	70
PID 356 wrote to memory of 1744	356	Cricut Design Space.exe	70
PID 356 wrote to memory of 1744	356	Cricut Design Space.exe	70
PID 356 wrote to memory of 1744	356	Cricut Design Space.exe	70
PID 356 wrote to memory of 1744	356	Cricut Design Space.exe	70
PID 356 wrote to memory of 1744	356	Cricut Design Space.exe	70
PID 356 wrote to memory of 1744	356	Cricut Design Space.exe	70
PID 356 wrote to memory of 1744	356	Cricut Design Space.exe	70
PID 356 wrote to memory of 1744	356	Cricut Design Space.exe	70
PID 356 wrote to memory of 1744	356	Cricut Design Space.exe	70
PID 356 wrote to memory of 1744	356	Cricut Design Space.exe	70
PID 356 wrote to memory of 1744	356	Cricut Design Space.exe	70
PID 356 wrote to memory of 1744	356	Cricut Design Space.exe	70
PID 356 wrote to memory of 1744	356	Cricut Design Space.exe	70
PID 356 wrote to memory of 1744	356	Cricut Design Space.exe	70
PID 356 wrote to memory of 1744	356	Cricut Design Space.exe	70
PID 356 wrote to memory of 4480	356	Cricut Design Space.exe	71
PID 356 wrote to memory of 4480	356	Cricut Design Space.exe	71
PID 356 wrote to memory of 4480	356	Cricut Design Space.exe	71
PID 356 wrote to memory of 1844	356	Cricut Design Space.exe	72
PID 356 wrote to memory of 1844	356	Cricut Design Space.exe	72
PID 356 wrote to memory of 1844	356	Cricut Design Space.exe	72
PID 356 wrote to memory of 5108	356	Cricut Design Space.exe	75
PID 356 wrote to memory of 5108	356	Cricut Design Space.exe	75
PID 356 wrote to memory of 5108	356	Cricut Design Space.exe	75
PID 356 wrote to memory of 4948	356	Cricut Design Space.exe	76
PID 356 wrote to memory of 4948	356	Cricut Design Space.exe	76
PID 356 wrote to memory of 4948	356	Cricut Design Space.exe	76
PID 356 wrote to memory of 2156	356	Cricut Design Space.exe	77
PID 356 wrote to memory of 2156	356	Cricut Design Space.exe	77
PID 356 wrote to memory of 2156	356	Cricut Design Space.exe	77
PID 356 wrote to memory of 2156	356	Cricut Design Space.exe	77
PID 356 wrote to memory of 2156	356	Cricut Design Space.exe	77
PID 356 wrote to memory of 2156	356	Cricut Design Space.exe	77
PID 356 wrote to memory of 2156	356	Cricut Design Space.exe	77
PID 356 wrote to memory of 2156	356	Cricut Design Space.exe	77
PID 356 wrote to memory of 2156	356	Cricut Design Space.exe	77
PID 356 wrote to memory of 2156	356	Cricut Design Space.exe	77
PID 356 wrote to memory of 2156	356	Cricut Design Space.exe	77
PID 356 wrote to memory of 2156	356	Cricut Design Space.exe	77
PID 356 wrote to memory of 2156	356	Cricut Design Space.exe	77

C:\Users\Admin\AppData\Local\Temp\CricutDesignSpace-Install-v7.16.117.exe
"C:\Users\Admin\AppData\Local\Temp\CricutDesignSpace-Install-v7.16.117.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3500

C:\Users\Admin\AppData\Local\Programs\Cricut Design Space\Cricut Design Space.exe
"C:\Users\Admin\AppData\Local\Programs\Cricut Design Space\Cricut Design Space.exe"
1⤵
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
- Checks processor information in registry
- Modifies registry class
- Modifies system certificate store
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:356
- C:\Users\Admin\AppData\Local\Programs\Cricut Design Space\Cricut Design Space.exe
  "C:\Users\Admin\AppData\Local\Programs\Cricut Design Space\Cricut Design Space.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\.cricut-design-space\UserData" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1464 --field-trial-handle=1572,i,4541775669350185008,17893388716296479324,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1744
- C:\Users\Admin\AppData\Local\Programs\Cricut Design Space\Cricut Design Space.exe
  "C:\Users\Admin\AppData\Local\Programs\Cricut Design Space\Cricut Design Space.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\.cricut-design-space\UserData" --mojo-platform-channel-handle=1668 --field-trial-handle=1572,i,4541775669350185008,17893388716296479324,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4480
- C:\Users\Admin\AppData\Local\Programs\Cricut Design Space\Cricut Design Space.exe
  "C:\Users\Admin\AppData\Local\Programs\Cricut Design Space\Cricut Design Space.exe" --type=renderer --user-data-dir="C:\Users\Admin\.cricut-design-space\UserData" --app-path="C:\Users\Admin\AppData\Local\Programs\Cricut Design Space\resources\app.asar" --no-sandbox --no-zygote --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=4 --mojo-platform-channel-handle=2212 --field-trial-handle=1572,i,4541775669350185008,17893388716296479324,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
  2⤵
  - Executes dropped EXE
  - Checks computer location settings
  - Loads dropped DLL
  PID:1844
- C:\Users\Admin\AppData\Local\Programs\Cricut Design Space\Cricut Design Space.exe
  "C:\Users\Admin\AppData\Local\Programs\Cricut Design Space\Cricut Design Space.exe" --type=renderer --user-data-dir="C:\Users\Admin\.cricut-design-space\UserData" --app-path="C:\Users\Admin\AppData\Local\Programs\Cricut Design Space\resources\app.asar" --no-sandbox --no-zygote --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --mojo-platform-channel-handle=3132 --field-trial-handle=1572,i,4541775669350185008,17893388716296479324,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
  2⤵
  - Executes dropped EXE
  - Checks computer location settings
  - Loads dropped DLL
  PID:5108
- C:\Users\Admin\AppData\Local\Programs\Cricut Design Space\Cricut Design Space.exe
  "C:\Users\Admin\AppData\Local\Programs\Cricut Design Space\Cricut Design Space.exe" --type=renderer --user-data-dir="C:\Users\Admin\.cricut-design-space\UserData" --app-path="C:\Users\Admin\AppData\Local\Programs\Cricut Design Space\resources\app.asar" --no-sandbox --no-zygote --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --mojo-platform-channel-handle=3536 --field-trial-handle=1572,i,4541775669350185008,17893388716296479324,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
  2⤵
  - Executes dropped EXE
  - Checks computer location settings
  - Loads dropped DLL
  PID:4948
- C:\Users\Admin\AppData\Local\Programs\Cricut Design Space\Cricut Design Space.exe
  "C:\Users\Admin\AppData\Local\Programs\Cricut Design Space\Cricut Design Space.exe" --type=renderer --user-data-dir="C:\Users\Admin\.cricut-design-space\UserData" --app-path="C:\Users\Admin\AppData\Local\Programs\Cricut Design Space\resources\app.asar" --enable-sandbox --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --mojo-platform-channel-handle=3732 --field-trial-handle=1572,i,4541775669350185008,17893388716296479324,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
  2⤵
  - Executes dropped EXE
  - Checks computer location settings
  - Loads dropped DLL
  PID:2156
- C:\Users\Admin\AppData\Local\Programs\Cricut Design Space\Cricut Design Space.exe
  "C:\Users\Admin\AppData\Local\Programs\Cricut Design Space\Cricut Design Space.exe" --type=renderer --user-data-dir="C:\Users\Admin\.cricut-design-space\UserData" --app-path="C:\Users\Admin\AppData\Local\Programs\Cricut Design Space\resources\app.asar" --enable-sandbox --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --mojo-platform-channel-handle=3660 --field-trial-handle=1572,i,4541775669350185008,17893388716296479324,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
  2⤵
  - Executes dropped EXE
  - Checks computer location settings
  - Loads dropped DLL
  PID:4772
- C:\Users\Admin\AppData\Local\Programs\Cricut Design Space\Cricut Design Space.exe
  "C:\Users\Admin\AppData\Local\Programs\Cricut Design Space\Cricut Design Space.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --user-data-dir="C:\Users\Admin\.cricut-design-space\UserData" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3804 --field-trial-handle=1572,i,4541775669350185008,17893388716296479324,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:4028

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Programs\Cricut Design Space\Cricut Design Space.exe

Filesize
122.6MB

MD5
e1f256b14f73757f75ee69f770dc13fd

SHA1
374e2e267e600baf849f35a491d15e88662d32de

SHA256
fb8c306be52f425d06be87431d55d5c8ba42a205da618a2692ff0ef839657ec5

SHA512
9dd304086a9c2c950fa4e2d03773fcfc305e8a1e1de48c607e8479bb72baa82b8ed3d8a5cfc0786a7d37c45e7b880bc3e9ce4ea64cba4b0e9f06f181bebaf979

Download Submit
C:\Users\Admin\AppData\Local\Programs\Cricut Design Space\Cricut Design Space.exe

Filesize
122.6MB

MD5
e1f256b14f73757f75ee69f770dc13fd

SHA1
374e2e267e600baf849f35a491d15e88662d32de

SHA256
fb8c306be52f425d06be87431d55d5c8ba42a205da618a2692ff0ef839657ec5

SHA512
9dd304086a9c2c950fa4e2d03773fcfc305e8a1e1de48c607e8479bb72baa82b8ed3d8a5cfc0786a7d37c45e7b880bc3e9ce4ea64cba4b0e9f06f181bebaf979

Download Submit
C:\Users\Admin\AppData\Local\Programs\Cricut Design Space\Cricut Design Space.exe

Filesize
122.6MB

MD5
e1f256b14f73757f75ee69f770dc13fd

SHA1
374e2e267e600baf849f35a491d15e88662d32de

SHA256
fb8c306be52f425d06be87431d55d5c8ba42a205da618a2692ff0ef839657ec5

SHA512
9dd304086a9c2c950fa4e2d03773fcfc305e8a1e1de48c607e8479bb72baa82b8ed3d8a5cfc0786a7d37c45e7b880bc3e9ce4ea64cba4b0e9f06f181bebaf979

Download Submit
C:\Users\Admin\AppData\Local\Programs\Cricut Design Space\Cricut Design Space.exe

Filesize
122.6MB

MD5
e1f256b14f73757f75ee69f770dc13fd

SHA1
374e2e267e600baf849f35a491d15e88662d32de

SHA256
fb8c306be52f425d06be87431d55d5c8ba42a205da618a2692ff0ef839657ec5

SHA512
9dd304086a9c2c950fa4e2d03773fcfc305e8a1e1de48c607e8479bb72baa82b8ed3d8a5cfc0786a7d37c45e7b880bc3e9ce4ea64cba4b0e9f06f181bebaf979

Download Submit
C:\Users\Admin\AppData\Local\Programs\Cricut Design Space\Cricut Design Space.exe

Filesize
122.6MB

MD5
e1f256b14f73757f75ee69f770dc13fd

SHA1
374e2e267e600baf849f35a491d15e88662d32de

SHA256
fb8c306be52f425d06be87431d55d5c8ba42a205da618a2692ff0ef839657ec5

SHA512
9dd304086a9c2c950fa4e2d03773fcfc305e8a1e1de48c607e8479bb72baa82b8ed3d8a5cfc0786a7d37c45e7b880bc3e9ce4ea64cba4b0e9f06f181bebaf979

Download Submit
C:\Users\Admin\AppData\Local\Programs\Cricut Design Space\Cricut Design Space.exe

Filesize
122.6MB

MD5
e1f256b14f73757f75ee69f770dc13fd

SHA1
374e2e267e600baf849f35a491d15e88662d32de

SHA256
fb8c306be52f425d06be87431d55d5c8ba42a205da618a2692ff0ef839657ec5

SHA512
9dd304086a9c2c950fa4e2d03773fcfc305e8a1e1de48c607e8479bb72baa82b8ed3d8a5cfc0786a7d37c45e7b880bc3e9ce4ea64cba4b0e9f06f181bebaf979

Download Submit
C:\Users\Admin\AppData\Local\Programs\Cricut Design Space\Cricut Design Space.exe

Filesize
122.6MB

MD5
e1f256b14f73757f75ee69f770dc13fd

SHA1
374e2e267e600baf849f35a491d15e88662d32de

SHA256
fb8c306be52f425d06be87431d55d5c8ba42a205da618a2692ff0ef839657ec5

SHA512
9dd304086a9c2c950fa4e2d03773fcfc305e8a1e1de48c607e8479bb72baa82b8ed3d8a5cfc0786a7d37c45e7b880bc3e9ce4ea64cba4b0e9f06f181bebaf979

Download Submit
C:\Users\Admin\AppData\Local\Programs\Cricut Design Space\Cricut Design Space.exe

Filesize
122.6MB

MD5
e1f256b14f73757f75ee69f770dc13fd

SHA1
374e2e267e600baf849f35a491d15e88662d32de

SHA256
fb8c306be52f425d06be87431d55d5c8ba42a205da618a2692ff0ef839657ec5

SHA512
9dd304086a9c2c950fa4e2d03773fcfc305e8a1e1de48c607e8479bb72baa82b8ed3d8a5cfc0786a7d37c45e7b880bc3e9ce4ea64cba4b0e9f06f181bebaf979

Download Submit
C:\Users\Admin\AppData\Local\Programs\Cricut Design Space\Cricut Design Space.exe

Filesize
122.6MB

MD5
e1f256b14f73757f75ee69f770dc13fd

SHA1
374e2e267e600baf849f35a491d15e88662d32de

SHA256
fb8c306be52f425d06be87431d55d5c8ba42a205da618a2692ff0ef839657ec5

SHA512
9dd304086a9c2c950fa4e2d03773fcfc305e8a1e1de48c607e8479bb72baa82b8ed3d8a5cfc0786a7d37c45e7b880bc3e9ce4ea64cba4b0e9f06f181bebaf979

Download Submit
C:\Users\Admin\AppData\Local\Programs\Cricut Design Space\Cricut Design Space.exe

Filesize
122.6MB

MD5
e1f256b14f73757f75ee69f770dc13fd

SHA1
374e2e267e600baf849f35a491d15e88662d32de

SHA256
fb8c306be52f425d06be87431d55d5c8ba42a205da618a2692ff0ef839657ec5

SHA512
9dd304086a9c2c950fa4e2d03773fcfc305e8a1e1de48c607e8479bb72baa82b8ed3d8a5cfc0786a7d37c45e7b880bc3e9ce4ea64cba4b0e9f06f181bebaf979

Download Submit
C:\Users\Admin\AppData\Local\Programs\Cricut Design Space\D3DCompiler_47.dll

Filesize
3.5MB

MD5
2f2e363c9a9baa0a9626db374cc4e8a4

SHA1
17f405e81e5fce4c5a02ca049f7bd48b31674c8f

SHA256
2630f4188bd2ea5451ca61d83869bf7068a4f0440401c949a9feb9fb476e15df

SHA512
e668a5d1f5e6f821ebfa0913e201f0dfd8da2f96605701f8db18d14ea4fdeac73aeb9b4fe1f22eaeffcdd1c0f73a6701763727d5b09775666f82b678404e4924

Download Submit
C:\Users\Admin\AppData\Local\Programs\Cricut Design Space\chrome_100_percent.pak

Filesize
145KB

MD5
237ca1be894f5e09fd1ccb934229c33b

SHA1
f0dfcf6db1481315054efb690df282ffe53e9fa1

SHA256
f14362449e2a7c940c095eda9c41aad5f1e0b1a1b21d1dc911558291c0c36dd2

SHA512
1e52782db4a397e27ce92412192e4de6d7398effaf8c7acabc9c06a317c2f69ee5c35da1070eb94020ed89779344b957edb6b40f871b8a15f969ef787fbb2bca

Download Submit
C:\Users\Admin\AppData\Local\Programs\Cricut Design Space\chrome_200_percent.pak

Filesize
214KB

MD5
7059af03603f93898f66981feb737064

SHA1
668e41a728d2295a455e5e0f0a8d2fee1781c538

SHA256
04d699cfc36565fa9c06206ba1c0c51474612c8fe481c6fd1807197dc70661e6

SHA512
435329d58b56607a2097d82644be932c60727be4ae95bc2bcf10b747b7658918073319dfa1386b514d84090304a95fcf19d56827c4b196e4d348745565441544

Download Submit
C:\Users\Admin\AppData\Local\Programs\Cricut Design Space\ffmpeg.dll

Filesize
2.5MB

MD5
9523cb78463a9873f7f3a770b4c419c5

SHA1
f2d870890adb7a3959cf1d104887298c7ed33cd0

SHA256
78ce3eb720c1b6182843125acea883f2343e042007075c5651d0f1ab8048d833

SHA512
ad8e69a569ad5ff4c664cb62d50231156952a743f06a42a4abca826c1495ea97c3beebb16d233ca0590583b8cc62a92e332013d287e229dc07357f203d2162b9

Download Submit
C:\Users\Admin\AppData\Local\Programs\Cricut Design Space\icudtl.dat

Filesize
9.8MB

MD5
d866d68e4a3eae8cdbfd5fc7a9967d20

SHA1
42a5033597e4be36ccfa16d19890049ba0e25a56

SHA256
c61704cc9cf5797bf32301a2b3312158af3fe86eadc913d937031cf594760c2d

SHA512
4cc04e708b9c3d854147b097e44ff795f956b8a714ab61ddd5434119ade768eb4da4b28938a9477e4cb0d63106cce09fd1ec86f33af1c864f4ea599f8d999b97

Download Submit
C:\Users\Admin\AppData\Local\Programs\Cricut Design Space\libegl.dll

Filesize
365KB

MD5
4be9bdf65fde02ce62d2e716aff48a5a

SHA1
72b3e1962a8b13be86087d8aa1dc0110aa579de7

SHA256
742560963f1c5bfb9a2af8bd5e296d33aef49ccc8ab981eb785bd57d5b228535

SHA512
2d19aeb4829ad151976a70ca4f10f043fd69bfcebdee6282f818f794eaf94ad5f0c128ab71a7b6b622ddb8cfa125ebdf47d2262f1fe92cc506a3d89fb9b461dc

Download Submit
C:\Users\Admin\AppData\Local\Programs\Cricut Design Space\libglesv2.dll

Filesize
6.0MB

MD5
97971787fc33173780cd1db6ce6a5798

SHA1
27f76b9eeab21289edc3a8613c3ad1bccc2e852b

SHA256
84c27d012abaea0a33d67edaca4a14c0e4cb5967213607ec68ef7bf97f80ba1d

SHA512
a29dc429d4574785cc122e70ce18f2b09a1b8a7804fc120fa8cac3d796963f7fb7fe486ee91716bd57e2dd76c114c29f6a5904af67d1b177258368ed241b178a

Download Submit
C:\Users\Admin\AppData\Local\Programs\Cricut Design Space\locales\en-US.pak

Filesize
114KB

MD5
88b9e849c0035cb100d031fa5e3fa0b4

SHA1
3576e0fa589e53ae36d2b75937bd3c5c0ab8dbfc

SHA256
25462802f57f52581d34d67df00f7a4d62cb5ee5ee0e5e853f48ad9caf04dd89

SHA512
99e8cf196cd9098adf74f569d06043809454860f8f3de9e942f3ce3c2faeeaa3d6bd0572503cb6c2a6b932aff9aa7e4542501731693ec6a015cc7282af388e8b

Download Submit
C:\Users\Admin\AppData\Local\Programs\Cricut Design Space\resources.pak

Filesize
4.9MB

MD5
ff31c1a39edc8202e052a41fb977a300

SHA1
f220ed82575e346c2fb086c0868c07318d57ef92

SHA256
965dcddcb984a231fb2356d6d7ff4e047c2d8fa527442fa64981ab5d254525c9

SHA512
3b3370dd630fd200969331ae7d9b7e005cfbc3aa41ad128274bdc7797de2eca89998787a90a96baecf25ffc64e2c764cb75051efbac57c679abfd17b47873cce

Download Submit
C:\Users\Admin\AppData\Local\Programs\Cricut Design Space\resources\app.asar

Filesize
161.9MB

MD5
4e7e6fd2d8e7cc55c82e19acc40d882b

SHA1
5271f5388edc1ba9cdbbb125686a01ed32d89d30

SHA256
e19b312890a73b46f0af6b1510eae8f7df776d8a589e8ba8b6963b1f42b33344

SHA512
9a8489a78594b653fdf739ac69cc881d7968b19cf4e2406caceaa2b098ace36df228bbdfef3d83b74780f3323fbd10038f7f07a4f9f7dc7e689e44c97fb03e8b

Download Submit
C:\Users\Admin\AppData\Local\Programs\Cricut Design Space\v8_context_snapshot.bin

Filesize
592KB

MD5
5490a6b619c784169f5db60ba31af7e2

SHA1
53d05e3e8da46fcfe7ab770c6534d1bc12da3e34

SHA256
a2336d5925b57213f27843b66d4d19766bd2c7eb611833583fb496397e76aa34

SHA512
ed323b42b1450962eed7ce7fc9afbdfbed2e25db9aed85051ea403da92080e3ccf01a53cdff24d94fa97d52433a9d311ae37462058d49c057ee6dff5cf6f52c8

Download Submit
C:\Users\Admin\AppData\Local\Programs\Cricut Design Space\vk_swiftshader.dll

Filesize
3.9MB

MD5
88a25cbe7be9c967b86b6fc383bf4d86

SHA1
43bd706268834a143b840df1e4607815358771aa

SHA256
44f0c7acb4c4400dac80678a722012d40853de3c07d6e31feb3ec64b0140411c

SHA512
ce8a9429af46a173dd34eab8dda067d1520f9e482d116fc239957b99102a01f4424e58f4a7e2d0ddda9d1382d44241f14e5639c57dc6d5a8c9f8c8c59d393c28

Download Submit
C:\Users\Admin\AppData\Local\Programs\Cricut Design Space\vk_swiftshader_icd.json

Filesize
106B

MD5
8642dd3a87e2de6e991fae08458e302b

SHA1
9c06735c31cec00600fd763a92f8112d085bd12a

SHA256
32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9

SHA512
f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

Download Submit
C:\Users\Admin\AppData\Local\Programs\Cricut Design Space\vulkan-1.dll

Filesize
741KB

MD5
cd8734dfb97e4f1041cfc2614f6ac8d8

SHA1
93323685ff04a96f06846eeb20afccf2dc2a0fbc

SHA256
9b7f9f71edec84d8c5b7754513ed17adebe09a4286c534120bdbf64f4b618db8

SHA512
df0aec526b36b8228bcf5d791df089d58bce772ee49f2e3520341602fba9a9578a80d7d1ad210fdd3ab1726223bc9b0a3ad403733de061e1df8e804260d700c7

Download Submit
\Users\Admin\AppData\Local\Programs\Cricut Design Space\d3dcompiler_47.dll

Filesize
3.5MB

MD5
2f2e363c9a9baa0a9626db374cc4e8a4

SHA1
17f405e81e5fce4c5a02ca049f7bd48b31674c8f

SHA256
2630f4188bd2ea5451ca61d83869bf7068a4f0440401c949a9feb9fb476e15df

SHA512
e668a5d1f5e6f821ebfa0913e201f0dfd8da2f96605701f8db18d14ea4fdeac73aeb9b4fe1f22eaeffcdd1c0f73a6701763727d5b09775666f82b678404e4924

Download Submit
\Users\Admin\AppData\Local\Programs\Cricut Design Space\ffmpeg.dll

Filesize
2.5MB

MD5
9523cb78463a9873f7f3a770b4c419c5

SHA1
f2d870890adb7a3959cf1d104887298c7ed33cd0

SHA256
78ce3eb720c1b6182843125acea883f2343e042007075c5651d0f1ab8048d833

SHA512
ad8e69a569ad5ff4c664cb62d50231156952a743f06a42a4abca826c1495ea97c3beebb16d233ca0590583b8cc62a92e332013d287e229dc07357f203d2162b9

Download Submit
\Users\Admin\AppData\Local\Programs\Cricut Design Space\ffmpeg.dll

Filesize
2.5MB

MD5
9523cb78463a9873f7f3a770b4c419c5

SHA1
f2d870890adb7a3959cf1d104887298c7ed33cd0

SHA256
78ce3eb720c1b6182843125acea883f2343e042007075c5651d0f1ab8048d833

SHA512
ad8e69a569ad5ff4c664cb62d50231156952a743f06a42a4abca826c1495ea97c3beebb16d233ca0590583b8cc62a92e332013d287e229dc07357f203d2162b9

Download Submit
\Users\Admin\AppData\Local\Programs\Cricut Design Space\ffmpeg.dll

Filesize
2.5MB

MD5
9523cb78463a9873f7f3a770b4c419c5

SHA1
f2d870890adb7a3959cf1d104887298c7ed33cd0

SHA256
78ce3eb720c1b6182843125acea883f2343e042007075c5651d0f1ab8048d833

SHA512
ad8e69a569ad5ff4c664cb62d50231156952a743f06a42a4abca826c1495ea97c3beebb16d233ca0590583b8cc62a92e332013d287e229dc07357f203d2162b9

Download Submit
\Users\Admin\AppData\Local\Programs\Cricut Design Space\ffmpeg.dll

Filesize
2.5MB

MD5
9523cb78463a9873f7f3a770b4c419c5

SHA1
f2d870890adb7a3959cf1d104887298c7ed33cd0

SHA256
78ce3eb720c1b6182843125acea883f2343e042007075c5651d0f1ab8048d833

SHA512
ad8e69a569ad5ff4c664cb62d50231156952a743f06a42a4abca826c1495ea97c3beebb16d233ca0590583b8cc62a92e332013d287e229dc07357f203d2162b9

Download Submit
\Users\Admin\AppData\Local\Programs\Cricut Design Space\ffmpeg.dll

Filesize
2.5MB

MD5
9523cb78463a9873f7f3a770b4c419c5

SHA1
f2d870890adb7a3959cf1d104887298c7ed33cd0

SHA256
78ce3eb720c1b6182843125acea883f2343e042007075c5651d0f1ab8048d833

SHA512
ad8e69a569ad5ff4c664cb62d50231156952a743f06a42a4abca826c1495ea97c3beebb16d233ca0590583b8cc62a92e332013d287e229dc07357f203d2162b9

Download Submit
\Users\Admin\AppData\Local\Programs\Cricut Design Space\ffmpeg.dll

Filesize
2.5MB

MD5
9523cb78463a9873f7f3a770b4c419c5

SHA1
f2d870890adb7a3959cf1d104887298c7ed33cd0

SHA256
78ce3eb720c1b6182843125acea883f2343e042007075c5651d0f1ab8048d833

SHA512
ad8e69a569ad5ff4c664cb62d50231156952a743f06a42a4abca826c1495ea97c3beebb16d233ca0590583b8cc62a92e332013d287e229dc07357f203d2162b9

Download Submit
\Users\Admin\AppData\Local\Programs\Cricut Design Space\ffmpeg.dll

Filesize
2.5MB

MD5
9523cb78463a9873f7f3a770b4c419c5

SHA1
f2d870890adb7a3959cf1d104887298c7ed33cd0

SHA256
78ce3eb720c1b6182843125acea883f2343e042007075c5651d0f1ab8048d833

SHA512
ad8e69a569ad5ff4c664cb62d50231156952a743f06a42a4abca826c1495ea97c3beebb16d233ca0590583b8cc62a92e332013d287e229dc07357f203d2162b9

Download Submit
\Users\Admin\AppData\Local\Programs\Cricut Design Space\ffmpeg.dll

Filesize
2.5MB

MD5
9523cb78463a9873f7f3a770b4c419c5

SHA1
f2d870890adb7a3959cf1d104887298c7ed33cd0

SHA256
78ce3eb720c1b6182843125acea883f2343e042007075c5651d0f1ab8048d833

SHA512
ad8e69a569ad5ff4c664cb62d50231156952a743f06a42a4abca826c1495ea97c3beebb16d233ca0590583b8cc62a92e332013d287e229dc07357f203d2162b9

Download Submit
\Users\Admin\AppData\Local\Programs\Cricut Design Space\ffmpeg.dll

Filesize
2.5MB

MD5
9523cb78463a9873f7f3a770b4c419c5

SHA1
f2d870890adb7a3959cf1d104887298c7ed33cd0

SHA256
78ce3eb720c1b6182843125acea883f2343e042007075c5651d0f1ab8048d833

SHA512
ad8e69a569ad5ff4c664cb62d50231156952a743f06a42a4abca826c1495ea97c3beebb16d233ca0590583b8cc62a92e332013d287e229dc07357f203d2162b9

Download Submit
\Users\Admin\AppData\Local\Programs\Cricut Design Space\libEGL.dll

Filesize
365KB

MD5
4be9bdf65fde02ce62d2e716aff48a5a

SHA1
72b3e1962a8b13be86087d8aa1dc0110aa579de7

SHA256
742560963f1c5bfb9a2af8bd5e296d33aef49ccc8ab981eb785bd57d5b228535

SHA512
2d19aeb4829ad151976a70ca4f10f043fd69bfcebdee6282f818f794eaf94ad5f0c128ab71a7b6b622ddb8cfa125ebdf47d2262f1fe92cc506a3d89fb9b461dc

Download Submit
\Users\Admin\AppData\Local\Programs\Cricut Design Space\libGLESv2.dll

Filesize
6.0MB

MD5
97971787fc33173780cd1db6ce6a5798

SHA1
27f76b9eeab21289edc3a8613c3ad1bccc2e852b

SHA256
84c27d012abaea0a33d67edaca4a14c0e4cb5967213607ec68ef7bf97f80ba1d

SHA512
a29dc429d4574785cc122e70ce18f2b09a1b8a7804fc120fa8cac3d796963f7fb7fe486ee91716bd57e2dd76c114c29f6a5904af67d1b177258368ed241b178a

Download Submit
\Users\Admin\AppData\Local\Programs\Cricut Design Space\vk_swiftshader.dll

Filesize
3.9MB

MD5
88a25cbe7be9c967b86b6fc383bf4d86

SHA1
43bd706268834a143b840df1e4607815358771aa

SHA256
44f0c7acb4c4400dac80678a722012d40853de3c07d6e31feb3ec64b0140411c

SHA512
ce8a9429af46a173dd34eab8dda067d1520f9e482d116fc239957b99102a01f4424e58f4a7e2d0ddda9d1382d44241f14e5639c57dc6d5a8c9f8c8c59d393c28

Download Submit
\Users\Admin\AppData\Local\Programs\Cricut Design Space\vk_swiftshader.dll

Filesize
3.9MB

MD5
88a25cbe7be9c967b86b6fc383bf4d86

SHA1
43bd706268834a143b840df1e4607815358771aa

SHA256
44f0c7acb4c4400dac80678a722012d40853de3c07d6e31feb3ec64b0140411c

SHA512
ce8a9429af46a173dd34eab8dda067d1520f9e482d116fc239957b99102a01f4424e58f4a7e2d0ddda9d1382d44241f14e5639c57dc6d5a8c9f8c8c59d393c28

Download Submit
\Users\Admin\AppData\Local\Programs\Cricut Design Space\vulkan-1.dll

Filesize
741KB

MD5
cd8734dfb97e4f1041cfc2614f6ac8d8

SHA1
93323685ff04a96f06846eeb20afccf2dc2a0fbc

SHA256
9b7f9f71edec84d8c5b7754513ed17adebe09a4286c534120bdbf64f4b618db8

SHA512
df0aec526b36b8228bcf5d791df089d58bce772ee49f2e3520341602fba9a9578a80d7d1ad210fdd3ab1726223bc9b0a3ad403733de061e1df8e804260d700c7

Download Submit
\Users\Admin\AppData\Local\Temp\nsw97E1.tmp\SpiderBanner.dll

Filesize
9KB

MD5
17309e33b596ba3a5693b4d3e85cf8d7

SHA1
7d361836cf53df42021c7f2b148aec9458818c01

SHA256
996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93

SHA512
1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

Download Submit
\Users\Admin\AppData\Local\Temp\nsw97E1.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
\Users\Admin\AppData\Local\Temp\nsw97E1.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
\Users\Admin\AppData\Local\Temp\nsw97E1.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
\Users\Admin\AppData\Local\Temp\nsw97E1.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
\Users\Admin\AppData\Local\Temp\nsw97E1.tmp\nsProcess.dll

Filesize
4KB

MD5
f0438a894f3a7e01a4aae8d1b5dd0289

SHA1
b058e3fcfb7b550041da16bf10d8837024c38bf6

SHA256
30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

SHA512
f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

Download Submit
\Users\Admin\AppData\Local\Temp\nsw97E1.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
memory/3500-145-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-115-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-164-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-167-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-168-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-170-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-169-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-172-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-171-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-174-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-166-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-175-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-178-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-165-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-177-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-163-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-180-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-181-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-182-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-183-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-161-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-159-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-155-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-156-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-157-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-148-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-154-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-153-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-152-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-151-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-150-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-149-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-147-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-146-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-135-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-116-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-162-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-144-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-143-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-142-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-141-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-140-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-139-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-138-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-137-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-136-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-134-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-133-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-132-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-129-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-131-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-130-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-128-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-117-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-127-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-126-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-118-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-125-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-122-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-124-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-123-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-121-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-119-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download
memory/3500-120-0x00000000776C0000-0x000000007784E000-memory.dmp

Filesize
1.6MB

Download