f99e60e6baac68914020726d270c5d0da9597c9341e8bc6f50dd7436dac8bf64

Analysis

max time kernel
103s
max time network
109s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
18-10-2022 11:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Draw.io _caMQZ.exe
Size

5.1MB
MD5

5347d1465f1abfbe142bee26234c2d42
SHA1

43aa39e7c91122fac3ceff37278f878eb60df870
SHA256

3eeab0e2bbd7e74117cf4d36fa98a7d0125fc46161a1193f0b72fca297f5c8ac
SHA512

afe6c2b058056813ef2f6642c5e4593c37bfc12b38f7f8990e3a923e56922a7c2647eb2e214d7da22de60648475bf59b2b3a9f4818f2861dbc37f9f8e10815bd
SSDEEP

49152:nhvEwVL6q9TUDEYh8ESu07hZPKBmeSOlNUA2lEj6T6RSUvfkt9Y:1LVQYA08RSUnkt6

Score

8^/10

discovery spyware stealer

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 5 IoCs

Processes:

Quick_Driver_Updater.exeQuick_Driver_Updater.tmpqdu.exedraw.io-13.9.9-windows-installer.exedraw.io.exe

pid	Process
1940	Quick_Driver_Updater.exe
436	Quick_Driver_Updater.tmp
1400	qdu.exe
1608	draw.io-13.9.9-windows-installer.exe
1600	draw.io.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

draw.io.exe

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Control Panel\International\Geo\Nation	draw.io.exe

Loads dropped DLL 23 IoCs

Processes:

Quick_Driver_Updater.exeQuick_Driver_Updater.tmpdraw.io-13.9.9-windows-installer.exedraw.io.exe

pid	Process
1940	Quick_Driver_Updater.exe
436	Quick_Driver_Updater.tmp
436	Quick_Driver_Updater.tmp
436	Quick_Driver_Updater.tmp
436	Quick_Driver_Updater.tmp
1608	draw.io-13.9.9-windows-installer.exe
1608	draw.io-13.9.9-windows-installer.exe
1608	draw.io-13.9.9-windows-installer.exe
1608	draw.io-13.9.9-windows-installer.exe
1608	draw.io-13.9.9-windows-installer.exe
1608	draw.io-13.9.9-windows-installer.exe
1608	draw.io-13.9.9-windows-installer.exe
1608	draw.io-13.9.9-windows-installer.exe
1608	draw.io-13.9.9-windows-installer.exe
1608	draw.io-13.9.9-windows-installer.exe
1608	draw.io-13.9.9-windows-installer.exe
1608	draw.io-13.9.9-windows-installer.exe
1192
1192
1192
1192
1600	draw.io.exe
1192

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

Processes:

Quick_Driver_Updater.tmpdraw.io-13.9.9-windows-installer.exe

description	ioc	Process
File created	C:\Program Files\Quick Driver Updater\is-8KPTQ.tmp	Quick_Driver_Updater.tmp
File created	C:\Program Files\draw.io\locales\fr.pak	draw.io-13.9.9-windows-installer.exe
File created	C:\Program Files\Quick Driver Updater\langs\is-LII7L.tmp	Quick_Driver_Updater.tmp
File created	C:\Program Files\draw.io\snapshot_blob.bin	draw.io-13.9.9-windows-installer.exe
File created	C:\Program Files\draw.io\locales\hi.pak	draw.io-13.9.9-windows-installer.exe
File opened for modification	C:\Program Files\draw.io\locales\ta.pak	draw.io-13.9.9-windows-installer.exe
File opened for modification	C:\Program Files\draw.io\snapshot_blob.bin	draw.io-13.9.9-windows-installer.exe
File created	C:\Program Files\draw.io\locales\et.pak	draw.io-13.9.9-windows-installer.exe
File created	C:\Program Files\draw.io\locales\th.pak	draw.io-13.9.9-windows-installer.exe
File created	C:\Program Files\Quick Driver Updater\langs\is-F76V0.tmp	Quick_Driver_Updater.tmp
File created	C:\Program Files\draw.io\locales\es.pak	draw.io-13.9.9-windows-installer.exe
File opened for modification	C:\Program Files\draw.io\locales\lv.pak	draw.io-13.9.9-windows-installer.exe
File opened for modification	C:\Program Files\draw.io\locales\pl.pak	draw.io-13.9.9-windows-installer.exe
File opened for modification	C:\Program Files\Quick Driver Updater\dp\qduverif.exe	Quick_Driver_Updater.tmp
File created	C:\Program Files\Quick Driver Updater\langs\is-U6LHT.tmp	Quick_Driver_Updater.tmp
File created	C:\Program Files\draw.io\resources.pak	draw.io-13.9.9-windows-installer.exe
File created	C:\Program Files\Quick Driver Updater\is-R1DF8.tmp	Quick_Driver_Updater.tmp
File created	C:\Program Files\Quick Driver Updater\langs\is-K84GJ.tmp	Quick_Driver_Updater.tmp
File created	C:\Program Files\draw.io\locales\es-419.pak	draw.io-13.9.9-windows-installer.exe
File created	C:\Program Files\draw.io\locales\id.pak	draw.io-13.9.9-windows-installer.exe
File created	C:\Program Files\draw.io\vk_swiftshader.dll	draw.io-13.9.9-windows-installer.exe
File created	C:\Program Files\Quick Driver Updater\dp\is-U1LOP.tmp	Quick_Driver_Updater.tmp
File opened for modification	C:\Program Files\draw.io\locales\uk.pak	draw.io-13.9.9-windows-installer.exe
File created	C:\Program Files\Quick Driver Updater\langs\is-VKQCF.tmp	Quick_Driver_Updater.tmp
File opened for modification	C:\Program Files\draw.io\locales\hi.pak	draw.io-13.9.9-windows-installer.exe
File created	C:\Program Files\draw.io\locales\sw.pak	draw.io-13.9.9-windows-installer.exe
File opened for modification	C:\Program Files\draw.io\locales\pt-PT.pak	draw.io-13.9.9-windows-installer.exe
File opened for modification	C:\Program Files\draw.io\locales\ru.pak	draw.io-13.9.9-windows-installer.exe
File created	C:\Program Files\draw.io\locales\vi.pak	draw.io-13.9.9-windows-installer.exe
File opened for modification	C:\Program Files\draw.io\icudtl.dat	draw.io-13.9.9-windows-installer.exe
File opened for modification	C:\Program Files\draw.io\locales\am.pak	draw.io-13.9.9-windows-installer.exe
File created	C:\Program Files\Quick Driver Updater\is-3KGV6.tmp	Quick_Driver_Updater.tmp
File created	C:\Program Files\Quick Driver Updater\langs\is-3SN28.tmp	Quick_Driver_Updater.tmp
File opened for modification	C:\Program Files\draw.io\locales\de.pak	draw.io-13.9.9-windows-installer.exe
File created	C:\Program Files\draw.io\locales\sl.pak	draw.io-13.9.9-windows-installer.exe
File opened for modification	C:\Program Files\draw.io\resources.pak	draw.io-13.9.9-windows-installer.exe
File opened for modification	C:\Program Files\Quick Driver Updater\System.Data.SQLite.dll	Quick_Driver_Updater.tmp
File created	C:\Program Files\draw.io\locales\ro.pak	draw.io-13.9.9-windows-installer.exe
File created	C:\Program Files\draw.io\locales\lt.pak	draw.io-13.9.9-windows-installer.exe
File created	C:\Program Files\draw.io\locales\hr.pak	draw.io-13.9.9-windows-installer.exe
File opened for modification	C:\Program Files\draw.io\locales\nl.pak	draw.io-13.9.9-windows-installer.exe
File opened for modification	C:\Program Files\Quick Driver Updater\Delimon.Win32.IO.dll	Quick_Driver_Updater.tmp
File opened for modification	C:\Program Files\Quick Driver Updater\dp\7z.dll	Quick_Driver_Updater.tmp
File opened for modification	C:\Program Files\draw.io\locales\zh-CN.pak	draw.io-13.9.9-windows-installer.exe
File created	C:\Program Files\draw.io\libEGL.dll	draw.io-13.9.9-windows-installer.exe
File opened for modification	C:\Program Files\Quick Driver Updater\unins000.dat	Quick_Driver_Updater.tmp
File opened for modification	C:\Program Files\draw.io\resources	draw.io-13.9.9-windows-installer.exe
File created	C:\Program Files\draw.io\chrome_200_percent.pak	draw.io-13.9.9-windows-installer.exe
File created	C:\Program Files\Quick Driver Updater\dp\is-KAA9Q.tmp	Quick_Driver_Updater.tmp
File created	C:\Program Files\draw.io\icudtl.dat	draw.io-13.9.9-windows-installer.exe
File opened for modification	C:\Program Files\draw.io\locales\th.pak	draw.io-13.9.9-windows-installer.exe
File created	C:\Program Files\Quick Driver Updater\is-IPDQV.tmp	Quick_Driver_Updater.tmp
File opened for modification	C:\Program Files\draw.io\locales\en-GB.pak	draw.io-13.9.9-windows-installer.exe
File created	C:\Program Files\draw.io\locales\nl.pak	draw.io-13.9.9-windows-installer.exe
File opened for modification	C:\Program Files\draw.io\locales\pt-BR.pak	draw.io-13.9.9-windows-installer.exe
File opened for modification	C:\Program Files\draw.io\locales\tr.pak	draw.io-13.9.9-windows-installer.exe
File opened for modification	C:\Program Files\draw.io\locales\ja.pak	draw.io-13.9.9-windows-installer.exe
File opened for modification	C:\Program Files\draw.io\locales\ms.pak	draw.io-13.9.9-windows-installer.exe
File created	C:\Program Files\draw.io\Uninstall draw.io.exe	draw.io-13.9.9-windows-installer.exe
File created	C:\Program Files\Quick Driver Updater\langs\is-UD0CR.tmp	Quick_Driver_Updater.tmp
File created	C:\Program Files\draw.io\locales\ja.pak	draw.io-13.9.9-windows-installer.exe
File opened for modification	C:\Program Files\draw.io\resources\app.asar	draw.io-13.9.9-windows-installer.exe
File created	C:\Program Files\draw.io\locales\pt-BR.pak	draw.io-13.9.9-windows-installer.exe
File opened for modification	C:\Program Files\draw.io\ffmpeg.dll	draw.io-13.9.9-windows-installer.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Creates scheduled task(s) 1 TTPs 1 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence

Scheduled Task

T1053

Processes:

schtasks.exe

pid	Process
1156	schtasks.exe

Kills process with taskkill 1 IoCs

evasion

Processes:

taskkill.exe

pid	Process
1968	taskkill.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

Processes:

Draw.io _caMQZ.exe

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main	Draw.io _caMQZ.exe

Modifies registry class 26 IoCs

Processes:

draw.io-13.9.9-windows-installer.exe

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\VSDX Document	draw.io-13.9.9-windows-installer.exe
Key created	\REGISTRY\MACHINE\Software\Classes\VSDX Document\shell	draw.io-13.9.9-windows-installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VSDX Document\shell\ = "open"	draw.io-13.9.9-windows-installer.exe
Key created	\REGISTRY\MACHINE\Software\Classes\VSDX Document\shell\open\command	draw.io-13.9.9-windows-installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VSDX Document\shell\open\command\ = "C:\\Program Files\\draw.io\\draw.io.exe \"%1\""	draw.io-13.9.9-windows-installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\draw.io Diagram\shell\open\command\ = "C:\\Program Files\\draw.io\\draw.io.exe \"%1\""	draw.io-13.9.9-windows-installer.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.vsdx	draw.io-13.9.9-windows-installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VSDX Document\shell\open\ = "Open with draw.io"	draw.io-13.9.9-windows-installer.exe
Key created	\REGISTRY\MACHINE\Software\Classes\draw.io Diagram	draw.io-13.9.9-windows-installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VSDX Document\ = "VSDX Document"	draw.io-13.9.9-windows-installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\draw.io Diagram\ = "draw.io Diagram"	draw.io-13.9.9-windows-installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\draw.io Diagram\DefaultIcon\ = "C:\\Program Files\\draw.io\\draw.io.exe,0"	draw.io-13.9.9-windows-installer.exe
Key created	\REGISTRY\MACHINE\Software\Classes\draw.io Diagram\shell\open\command	draw.io-13.9.9-windows-installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.vsdx\ = "VSDX Document"	draw.io-13.9.9-windows-installer.exe
Key created	\REGISTRY\MACHINE\Software\Classes\VSDX Document\shell\open	draw.io-13.9.9-windows-installer.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.drawio	draw.io-13.9.9-windows-installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.drawio\draw.io Diagram_backup	draw.io-13.9.9-windows-installer.exe
Key created	\REGISTRY\MACHINE\Software\Classes\draw.io Diagram\shell	draw.io-13.9.9-windows-installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\draw.io Diagram\shell\ = "open"	draw.io-13.9.9-windows-installer.exe
Key created	\REGISTRY\MACHINE\Software\Classes\draw.io Diagram\shell\open	draw.io-13.9.9-windows-installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\draw.io Diagram\shell\open\ = "Open with draw.io"	draw.io-13.9.9-windows-installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.vsdx\VSDX Document_backup	draw.io-13.9.9-windows-installer.exe
Key created	\REGISTRY\MACHINE\Software\Classes\VSDX Document\DefaultIcon	draw.io-13.9.9-windows-installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.drawio\ = "draw.io Diagram"	draw.io-13.9.9-windows-installer.exe
Key created	\REGISTRY\MACHINE\Software\Classes\draw.io Diagram\DefaultIcon	draw.io-13.9.9-windows-installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VSDX Document\DefaultIcon\ = "C:\\Program Files\\draw.io\\draw.io.exe,0"	draw.io-13.9.9-windows-installer.exe

Modifies system certificate store 2 TTPs 22 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

Processes:

Draw.io _caMQZ.exeqdu.exe

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 19000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca61d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e4090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f006700690065007300000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a92000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	Draw.io _caMQZ.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A	Draw.io _caMQZ.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 040000000100000010000000497904b0eb8719ac47b0bc11519b74d00f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030853000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c00b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	qdu.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	qdu.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13	Draw.io _caMQZ.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030853000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c00b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	Draw.io _caMQZ.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	Draw.io _caMQZ.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc41560858910090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000000f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	Draw.io _caMQZ.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 0f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	Draw.io _caMQZ.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e709000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	Draw.io _caMQZ.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	qdu.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	Draw.io _caMQZ.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	Draw.io _caMQZ.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349	qdu.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43	qdu.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	Draw.io _caMQZ.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f00000053000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	Draw.io _caMQZ.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 040000000100000010000000a923759bba49366e31c2dbf2e766ba870f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca619000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	Draw.io _caMQZ.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	Draw.io _caMQZ.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	qdu.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349	Draw.io _caMQZ.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6	Draw.io _caMQZ.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

Processes:

Draw.io _caMQZ.exeQuick_Driver_Updater.tmpdraw.io-13.9.9-windows-installer.exe

pid	Process
1436	Draw.io _caMQZ.exe
1436	Draw.io _caMQZ.exe
1436	Draw.io _caMQZ.exe
1436	Draw.io _caMQZ.exe
1436	Draw.io _caMQZ.exe
1436	Draw.io _caMQZ.exe
1436	Draw.io _caMQZ.exe
1436	Draw.io _caMQZ.exe
1436	Draw.io _caMQZ.exe
1436	Draw.io _caMQZ.exe
436	Quick_Driver_Updater.tmp
436	Quick_Driver_Updater.tmp
1608	draw.io-13.9.9-windows-installer.exe
1608	draw.io-13.9.9-windows-installer.exe
1608	draw.io-13.9.9-windows-installer.exe
1608	draw.io-13.9.9-windows-installer.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

taskkill.exedraw.io-13.9.9-windows-installer.exe

description	pid	Process
Token: SeDebugPrivilege	1968	taskkill.exe
Token: SeSecurityPrivilege	1608	draw.io-13.9.9-windows-installer.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

Quick_Driver_Updater.tmp

pid	Process
436	Quick_Driver_Updater.tmp

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

Draw.io _caMQZ.exe

pid	Process
1436	Draw.io _caMQZ.exe
1436	Draw.io _caMQZ.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

Draw.io _caMQZ.exeQuick_Driver_Updater.exeQuick_Driver_Updater.tmpdraw.io.exe

description	pid	Process	procid_target
PID 1436 wrote to memory of 1940	1436	Draw.io _caMQZ.exe	29
PID 1436 wrote to memory of 1940	1436	Draw.io _caMQZ.exe	29
PID 1436 wrote to memory of 1940	1436	Draw.io _caMQZ.exe	29
PID 1436 wrote to memory of 1940	1436	Draw.io _caMQZ.exe	29
PID 1436 wrote to memory of 1940	1436	Draw.io _caMQZ.exe	29
PID 1436 wrote to memory of 1940	1436	Draw.io _caMQZ.exe	29
PID 1436 wrote to memory of 1940	1436	Draw.io _caMQZ.exe	29
PID 1940 wrote to memory of 436	1940	Quick_Driver_Updater.exe	30
PID 1940 wrote to memory of 436	1940	Quick_Driver_Updater.exe	30
PID 1940 wrote to memory of 436	1940	Quick_Driver_Updater.exe	30
PID 1940 wrote to memory of 436	1940	Quick_Driver_Updater.exe	30
PID 1940 wrote to memory of 436	1940	Quick_Driver_Updater.exe	30
PID 1940 wrote to memory of 436	1940	Quick_Driver_Updater.exe	30
PID 1940 wrote to memory of 436	1940	Quick_Driver_Updater.exe	30
PID 436 wrote to memory of 1808	436	Quick_Driver_Updater.tmp	31
PID 436 wrote to memory of 1808	436	Quick_Driver_Updater.tmp	31
PID 436 wrote to memory of 1808	436	Quick_Driver_Updater.tmp	31
PID 436 wrote to memory of 1808	436	Quick_Driver_Updater.tmp	31
PID 436 wrote to memory of 1968	436	Quick_Driver_Updater.tmp	32
PID 436 wrote to memory of 1968	436	Quick_Driver_Updater.tmp	32
PID 436 wrote to memory of 1968	436	Quick_Driver_Updater.tmp	32
PID 436 wrote to memory of 1968	436	Quick_Driver_Updater.tmp	32
PID 436 wrote to memory of 1156	436	Quick_Driver_Updater.tmp	36
PID 436 wrote to memory of 1156	436	Quick_Driver_Updater.tmp	36
PID 436 wrote to memory of 1156	436	Quick_Driver_Updater.tmp	36
PID 436 wrote to memory of 1156	436	Quick_Driver_Updater.tmp	36
PID 436 wrote to memory of 1400	436	Quick_Driver_Updater.tmp	39
PID 436 wrote to memory of 1400	436	Quick_Driver_Updater.tmp	39
PID 436 wrote to memory of 1400	436	Quick_Driver_Updater.tmp	39
PID 436 wrote to memory of 1400	436	Quick_Driver_Updater.tmp	39
PID 436 wrote to memory of 1400	436	Quick_Driver_Updater.tmp	39
PID 436 wrote to memory of 1400	436	Quick_Driver_Updater.tmp	39
PID 436 wrote to memory of 1400	436	Quick_Driver_Updater.tmp	39
PID 1436 wrote to memory of 1608	1436	Draw.io _caMQZ.exe	40
PID 1436 wrote to memory of 1608	1436	Draw.io _caMQZ.exe	40
PID 1436 wrote to memory of 1608	1436	Draw.io _caMQZ.exe	40
PID 1436 wrote to memory of 1608	1436	Draw.io _caMQZ.exe	40
PID 1436 wrote to memory of 1608	1436	Draw.io _caMQZ.exe	40
PID 1436 wrote to memory of 1608	1436	Draw.io _caMQZ.exe	40
PID 1436 wrote to memory of 1608	1436	Draw.io _caMQZ.exe	40
PID 1600 wrote to memory of 1228	1600	draw.io.exe	43
PID 1600 wrote to memory of 1228	1600	draw.io.exe	43
PID 1600 wrote to memory of 1228	1600	draw.io.exe	43
PID 1600 wrote to memory of 1228	1600	draw.io.exe	43
PID 1600 wrote to memory of 1228	1600	draw.io.exe	43
PID 1600 wrote to memory of 1228	1600	draw.io.exe	43
PID 1600 wrote to memory of 1228	1600	draw.io.exe	43
PID 1600 wrote to memory of 1228	1600	draw.io.exe	43
PID 1600 wrote to memory of 1228	1600	draw.io.exe	43
PID 1600 wrote to memory of 1228	1600	draw.io.exe	43
PID 1600 wrote to memory of 1228	1600	draw.io.exe	43
PID 1600 wrote to memory of 1228	1600	draw.io.exe	43
PID 1600 wrote to memory of 1228	1600	draw.io.exe	43
PID 1600 wrote to memory of 1228	1600	draw.io.exe	43
PID 1600 wrote to memory of 1228	1600	draw.io.exe	43
PID 1600 wrote to memory of 1228	1600	draw.io.exe	43
PID 1600 wrote to memory of 1228	1600	draw.io.exe	43
PID 1600 wrote to memory of 1228	1600	draw.io.exe	43
PID 1600 wrote to memory of 1228	1600	draw.io.exe	43
PID 1600 wrote to memory of 1228	1600	draw.io.exe	43
PID 1600 wrote to memory of 1228	1600	draw.io.exe	43
PID 1600 wrote to memory of 1228	1600	draw.io.exe	43
PID 1600 wrote to memory of 1228	1600	draw.io.exe	43
PID 1600 wrote to memory of 1228	1600	draw.io.exe	43

C:\Users\Admin\AppData\Local\Temp\Draw.io _caMQZ.exe
"C:\Users\Admin\AppData\Local\Temp\Draw.io _caMQZ.exe"
1⤵
- Modifies Internet Explorer settings
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1436
- C:\Users\Admin\AppData\Local\Temp\Quick_Driver_Updater_exe_5101820221109291327051947\Quick_Driver_Updater.exe
  "C:\Users\Admin\AppData\Local\Temp\Quick_Driver_Updater_exe_5101820221109291327051947\Quick_Driver_Updater.exe" /verysilent /ppi=1 /ppinag=1 /ddtime=500 /delay=5 /source=sftqdu1 /pixel=SFT5696_SFT5567_RUNT
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1940
- - C:\Users\Admin\AppData\Local\Temp\is-DLOTC.tmp\Quick_Driver_Updater.tmp
    "C:\Users\Admin\AppData\Local\Temp\is-DLOTC.tmp\Quick_Driver_Updater.tmp" /SL5="$201A0,5773230,1034240,C:\Users\Admin\AppData\Local\Temp\Quick_Driver_Updater_exe_5101820221109291327051947\Quick_Driver_Updater.exe" /verysilent /ppi=1 /ppinag=1 /ddtime=500 /delay=5 /source=sftqdu1 /pixel=SFT5696_SFT5567_RUNT
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Program Files directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of WriteProcessMemory
    PID:436
  - - C:\Windows\SysWOW64\schtasks.exe
      "C:\Windows\System32\schtasks.exe" /delete /tn "Quick Driver Updater_launcher" /f
      4⤵
      PID:1808
  - - C:\Windows\SysWOW64\taskkill.exe
      "C:\Windows\System32\taskkill.exe" /f /im "qdu.exe"
      4⤵
      Kills process with taskkill
      Suspicious use of AdjustPrivilegeToken
      PID:1968
  - - C:\Windows\system32\schtasks.exe
      "schtasks" /Create /F /RL Highest /SC ONCE /st 00:00 /TN "Quick Driver Updater skipuac" /TR "'C:\Program Files\Quick Driver Updater\qdu.exe'"
      4⤵
      Creates scheduled task(s)
      PID:1156
  - - C:\Program Files\Quick Driver Updater\qdu.exe
      "C:\Program Files\Quick Driver Updater\qdu.exe" cntryphnno
      4⤵
      Executes dropped EXE
      Modifies system certificate store
      PID:1400
- C:\Users\Admin\AppData\Local\Temp\draw_io-13_9_9-windows-installer_exe_1101820221109164704703562\draw.io-13.9.9-windows-installer.exe
  "C:\Users\Admin\AppData\Local\Temp\draw_io-13_9_9-windows-installer_exe_1101820221109164704703562\draw.io-13.9.9-windows-installer.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1608

C:\Program Files\draw.io\draw.io.exe
"C:\Program Files\draw.io\draw.io.exe"
1⤵
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1600
- C:\Program Files\draw.io\draw.io.exe
  "C:\Program Files\draw.io\draw.io.exe" --type=gpu-process --field-trial-handle=976,3422835706857449898,7175595767374947996,131072 --enable-features=WebComponentsV0Enabled --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --mojo-platform-channel-handle=984 /prefetch:2
  2⤵
  PID:1228
- C:\Program Files\draw.io\draw.io.exe
  "C:\Program Files\draw.io\draw.io.exe" --type=renderer --field-trial-handle=976,3422835706857449898,7175595767374947996,131072 --enable-features=WebComponentsV0Enabled --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --lang=en-US --app-path="C:\Program Files\draw.io\resources\app.asar" --node-integration --node-integration-in-worker --no-sandbox --no-zygote --enable-remote-module --background-color=#fff --enable-spellcheck --enable-websql --disable-electron-site-instance-overrides --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1404 /prefetch:1
  2⤵
  PID:1348
- C:\Program Files\draw.io\draw.io.exe
  "C:\Program Files\draw.io\draw.io.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=976,3422835706857449898,7175595767374947996,131072 --enable-features=WebComponentsV0Enabled --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1352 /prefetch:8
  2⤵
  PID:1740

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

T1053

Persistence

Scheduled Task

T1053

Privilege Escalation

Scheduled Task

T1053

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Quick Driver Updater\qdu.exe

Filesize
4.0MB

MD5
dfe06df90a37a45b23e33f510dda9554

SHA1
370edde62c86c1cdae423e966c6e31d5f0bffb58

SHA256
68e15d06d36f57bb45c819e0a3aada7023493bfbea1d2cbd1f3c1f421fe4b546

SHA512
c3a5589006c4e194f2cc7d5c053cd1ddcd4f0a4cdc76d104c0a32c64f0fb0103755523c90e8cba4c3818b49f0b9e144d010d4b97003cf66b9779e0e776220d70

Download Submit
C:\Program Files\Quick Driver Updater\qdu.exe

Filesize
4.0MB

MD5
dfe06df90a37a45b23e33f510dda9554

SHA1
370edde62c86c1cdae423e966c6e31d5f0bffb58

SHA256
68e15d06d36f57bb45c819e0a3aada7023493bfbea1d2cbd1f3c1f421fe4b546

SHA512
c3a5589006c4e194f2cc7d5c053cd1ddcd4f0a4cdc76d104c0a32c64f0fb0103755523c90e8cba4c3818b49f0b9e144d010d4b97003cf66b9779e0e776220d70

Download Submit
C:\Program Files\Quick Driver Updater\qdu.exe.config

Filesize
3KB

MD5
b6cd223552358a991d62398d8a769bda

SHA1
21c4455118aabf5064f4743007ea31795f07ceac

SHA256
1d890e3d22dbd0177acb4d307b98e5ec491b8085b7ca70c08ef5bd666489b619

SHA512
a019eeefba7672e13891a3ce1c29dbe781535e7e5bb9d035c50bcc1de67c37f4dfa8a46f0972c3f88c8da8db21cc9b1fda139c31350ec9672dd5ee2d685c3b0e

Download Submit
C:\Program Files\draw.io\chrome_100_percent.pak

Filesize
176KB

MD5
d5719b1f791ac999c3cfda2e4405bdce

SHA1
c5d94054bcb271dee08714c313476abd67be28ca

SHA256
7cb9d93a16e5621ab765e3f3b459f4698ae496035e283f2c0c390b188a487741

SHA512
ce75bde78ddf6bc394662c5d0ce107ba375b13bf75a31ba1888dffa74900fa86babd65ce222c38db73a11c8d54b3c6f6046b8f71ce80281eec884fd7f0cd1583

Download Submit
C:\Program Files\draw.io\chrome_200_percent.pak

Filesize
313KB

MD5
0649df49260e18326c9a54545131aaec

SHA1
76de40e3b828cb42cb8b9beb31808ea2145eda56

SHA256
070a6cb68318a032ec17cd7b07f8af8bd6983f16997f50a231d232396a2f570f

SHA512
c196726564ea218c1e58121f43ab6f138a676a47cd53ad9099daec4cc3a491cf7f9127c56f31f8ec460080ba5f2f56eb2f6c7d37e286e05c4dbd9592552185d4

Download Submit
C:\Program Files\draw.io\draw.io.exe

Filesize
29.2MB

MD5
88737ff08ec88613ec856f4c219b0e7d

SHA1
107793460ecb2ff8d05baab91101e10d1a95fb75

SHA256
7ad26a1c006f4d961f5c9c1ead3b072b7dbe1bbe03cddda14e11bdaad3484688

SHA512
c4273ea61afc9780e05c240d5daf120037c52d98177e953f60668c2de0bd91b33faab09188053365dfe43cde1368812ec50f8558df873ed999ac9667051fa40e

Download Submit
C:\Program Files\draw.io\draw.io.exe

Filesize
256KB

MD5
753ec052e21ece291a79396f08fc3e42

SHA1
0df99fd362d341ac8331217db6a2c575d9804a39

SHA256
7935c13b14228f5ade6d6304b12c269c7c22091246724fd003ffec43584c247f

SHA512
c47522d6784fbed379685039c4c78da8629fff77958cf486fa52198fab10b8ab086a560688d893c64545cdbf092446b9640e497c62cd5952fa91659d4beba4e9

Download Submit
C:\Program Files\draw.io\draw.io.exe

Filesize
14.4MB

MD5
d666ddc441f79a2fff4de7c8e14e704d

SHA1
5efff815d03c9735bce5f03d7b5581da785d0658

SHA256
cce5d4175e1083cf7db5635a051bc1a8e2d468f5f624816335c2d0ef758497fb

SHA512
d4535c266bb83c87239e35677825889d17d87d59a9503664ba66f17b03b05e05bf82fcec04836338d78bf7fbda05ad103b5fadefb29ee3975ab85fabb0397ca7

Download Submit
C:\Program Files\draw.io\draw.io.exe

Filesize
2.6MB

MD5
eb083075a8b2f2533f19b803894a66cb

SHA1
f22286b63247d7c1318118f865df26ab4f29024c

SHA256
2390c2c4de0e763f9cc8344b073e382ec6879c139e5453977c4b5b6b05b6bb72

SHA512
5a22c75395390a1f921eebe5e0695a7d06e428edcd636fb27c01015454a9e92cee0adca43b7ea22930088329bca9b131d4c6a660c83e0fdc60c7eb5f4c62b4b5

Download Submit
C:\Program Files\draw.io\ffmpeg.dll

Filesize
2.7MB

MD5
e1197e74621313b2597792f61355314e

SHA1
2c7999023cd7051805fc196a865986b01fdeef45

SHA256
a3d1b9c673d242c2d862c30acb308cfb89b19e1cfb0db1f79daf69cf0d78dfe7

SHA512
ebb4d025a7622aedde7a32bbb4a3c6f05c48fee32fb1839b50a3145660c71112273af152b5290c0a92ecbc52d12f81420dd032e685ae84cf1b578978fc16a35c

Download Submit
C:\Program Files\draw.io\icudtl.dat

Filesize
10.0MB

MD5
9732e28c054db1e042cd306a7bc9227a

SHA1
6bab2e77925515888808c1ef729c5bb1323100dd

SHA256
27993e2079711d5f0f04a72f48fee88b269604c8e3fbdf50a7f7bb3f5bfc8d8e

SHA512
3eb67ab896a56dab4a2d6eea98f251affd6864c5f5b24f22b61b6acc1df4460d86f0a448f1983aac019e79ff930286c3510891be9d48ef07a93ff975a0e55335

Download Submit
C:\Program Files\draw.io\locales\en-US.pak

Filesize
80KB

MD5
69d7c5168de6b4311a36c39ca7ca60f0

SHA1
40ff72437b51677065d68a6486e3b03e0a27102d

SHA256
fdeb2723f423dfe7ee4c19cc052398cbe796bfce7d432d0abe4ea40e6c6e3dab

SHA512
4e1fd01bd7d5f65f8aa2f0b2f4845106df916a53dd4898d0cec7fc538c2908d22f4ffd3dacf023c7854f4854534468a9bc93763be21075661501c6ceca2ca0e7

Download Submit
C:\Program Files\draw.io\resources.pak

Filesize
4.1MB

MD5
977bdf44c3bd2fa5ece6f23915a7acc6

SHA1
df371edc31eb80fe0899447deac2921f519c8cc5

SHA256
2fe8dd43b377a908df6454ec3005b3e25409a82bfb45c35ba871f05cc578c21e

SHA512
d437bcc48bec3ad66a5cd0e6d6c3948276b897f6eca034b3c221ea1dc00fe7b27425d1491a1634b6ac843fc1f12aecd20bf2a7da5fe8023aac824adc0f791639

Download Submit
C:\Program Files\draw.io\resources\app.asar

Filesize
28.8MB

MD5
668de3007603dad34f065b185a7b8134

SHA1
8db25db2515c0927167ed441fef430a132f69fbf

SHA256
4992421988d39cf9baf36d1618cb3f2e1d53f37f11d90455bef1cfa5c1e619e5

SHA512
fda1cb8613acae762dad462c935a7ebe5be95aa0863b9233c0ccdbf132751df18e73b0321ce555fdc211d338020f8320915d9cc024d482ce96ed66e91d70252c

Download Submit
C:\Program Files\draw.io\v8_context_snapshot.bin

Filesize
167KB

MD5
e6206aadd29eb87ab1d398266885b5a4

SHA1
6bdb54ed5fe55c9a1977cf2f3b27bc0ed560a889

SHA256
e55f6e08ff8baed84b5de903466311ae08b15e99dbbea2b5764d855a52e6fad8

SHA512
82739ccbf1823dce179eba73948f1f2263213d12d684282dfaaed3f147528074df82468453ed33b504d10d84357d834c0f29d928274d45ddfdc69a88989f2522

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
60KB

MD5
d15aaa7c9be910a9898260767e2490e1

SHA1
2090c53f8d9fc3fbdbafd3a1e4dc25520eb74388

SHA256
f8ebaaf487cba0c81a17c8cd680bdd2dd8e90d2114ecc54844cffc0cc647848e

SHA512
7e1c1a683914b961b5cc2fe5e4ae288b60bab43bfaa21ce4972772aa0589615c19f57e672e1d93e50a7ed7b76fbd2f1b421089dcaed277120b93f8e91b18af94

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7edce996a99fbda8fdd5ce454a7d23ea

SHA1
12a967d58b43314d38e709d3a79c13963b423010

SHA256
5affe510961f9aac05653cec7d0f5ff5637e6cfc091c50a0e5be1cc340d3ad05

SHA512
112b271d0ad2426c75c2092c207c5ff5b4ea39d41e1b9486ccc01c09ced446fb60e7ddbb402d66048314ee7c991ac7ac6d645b3f125b2f8d5da3b1d483978ffb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
da9709a6b2251d46a6d1684ac30ab5d6

SHA1
af781b72ebcb54a255191a6cab2099bc3084cc63

SHA256
cfe834ca52a94126c8eef7a11f253b497b48e531d17210bf9543458f4f73fa29

SHA512
6ddb100de97bc912424606e234e8af5a4cf98bccfa6974b39e4a27e18be248946cc7cdbcfe9f48db789355d550133b9a7b0ed67d37ad8f89d3cb2eefa1694f26

Download Submit
C:\Users\Admin\AppData\Local\Temp\Quick_Driver_Updater_exe_5101820221109291327051947\Quick_Driver_Updater.exe

Filesize
6.4MB

MD5
4aae3da061f772f90bae6902c72f7cf2

SHA1
c27cbebaa722793d0208e9908079d2caea70dace

SHA256
4df4c5e467ca99103d85bb250cda1279240bc2a7e892a0b174d32d8efe18b903

SHA512
068fa6af3e7e7ab862ae7789d7fea5a6e748f7e8a9268e43bedbb26f6fce99d97ae9915907319ae1482e67cfd0fdfddfa01c0e74070624c51369bd61316d17bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Quick_Driver_Updater_exe_5101820221109291327051947\Quick_Driver_Updater.exe

Filesize
6.4MB

MD5
4aae3da061f772f90bae6902c72f7cf2

SHA1
c27cbebaa722793d0208e9908079d2caea70dace

SHA256
4df4c5e467ca99103d85bb250cda1279240bc2a7e892a0b174d32d8efe18b903

SHA512
068fa6af3e7e7ab862ae7789d7fea5a6e748f7e8a9268e43bedbb26f6fce99d97ae9915907319ae1482e67cfd0fdfddfa01c0e74070624c51369bd61316d17bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\draw_io-13_9_9-windows-installer_exe_1101820221109164704703562\draw.io-13.9.9-windows-installer.exe

Filesize
70.7MB

MD5
6383382cf2950ec6dab0255ad3426982

SHA1
2df82de8fd8408f0a7b96596f01cd1021ad816bf

SHA256
6adbe273b47867fa881e44e17549214741039be1db9fd1f51f23fab6727ea053

SHA512
00b08fda74d68c62867de01059f45a246a8294e534f36b40b6b5602bf2371ebebe800aa0260625a3ae7922a8c8e3289ba683c0a5d2db581e39c591e028e192ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\draw_io-13_9_9-windows-installer_exe_1101820221109164704703562\draw.io-13.9.9-windows-installer.exe

Filesize
70.7MB

MD5
6383382cf2950ec6dab0255ad3426982

SHA1
2df82de8fd8408f0a7b96596f01cd1021ad816bf

SHA256
6adbe273b47867fa881e44e17549214741039be1db9fd1f51f23fab6727ea053

SHA512
00b08fda74d68c62867de01059f45a246a8294e534f36b40b6b5602bf2371ebebe800aa0260625a3ae7922a8c8e3289ba683c0a5d2db581e39c591e028e192ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-DLOTC.tmp\Quick_Driver_Updater.tmp

Filesize
2.7MB

MD5
348e9aad9e445392ba5c9fe96daf6f8b

SHA1
e04d450778d05cabb111903892dda0cdb288cd98

SHA256
5bae7f43baa254ce2eba9018e11c575730427d4fdf3146165755cd4bb07c3e53

SHA512
c19e21b4ce0908bd5b0d7f606f6ee44d0b8839ddcab7067933092a707d21131b7379a1850e35475e57be62cba1b61abde61331bd1bccdd875e756bb296f34024

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-DLOTC.tmp\Quick_Driver_Updater.tmp

Filesize
2.7MB

MD5
348e9aad9e445392ba5c9fe96daf6f8b

SHA1
e04d450778d05cabb111903892dda0cdb288cd98

SHA256
5bae7f43baa254ce2eba9018e11c575730427d4fdf3146165755cd4bb07c3e53

SHA512
c19e21b4ce0908bd5b0d7f606f6ee44d0b8839ddcab7067933092a707d21131b7379a1850e35475e57be62cba1b61abde61331bd1bccdd875e756bb296f34024

Download Submit
\Program Files\Quick Driver Updater\qdu.exe

Filesize
4.0MB

MD5
dfe06df90a37a45b23e33f510dda9554

SHA1
370edde62c86c1cdae423e966c6e31d5f0bffb58

SHA256
68e15d06d36f57bb45c819e0a3aada7023493bfbea1d2cbd1f3c1f421fe4b546

SHA512
c3a5589006c4e194f2cc7d5c053cd1ddcd4f0a4cdc76d104c0a32c64f0fb0103755523c90e8cba4c3818b49f0b9e144d010d4b97003cf66b9779e0e776220d70

Download Submit
\Program Files\Quick Driver Updater\qdu.exe

Filesize
4.0MB

MD5
dfe06df90a37a45b23e33f510dda9554

SHA1
370edde62c86c1cdae423e966c6e31d5f0bffb58

SHA256
68e15d06d36f57bb45c819e0a3aada7023493bfbea1d2cbd1f3c1f421fe4b546

SHA512
c3a5589006c4e194f2cc7d5c053cd1ddcd4f0a4cdc76d104c0a32c64f0fb0103755523c90e8cba4c3818b49f0b9e144d010d4b97003cf66b9779e0e776220d70

Download Submit
\Program Files\Quick Driver Updater\qdu.exe

Filesize
4.0MB

MD5
dfe06df90a37a45b23e33f510dda9554

SHA1
370edde62c86c1cdae423e966c6e31d5f0bffb58

SHA256
68e15d06d36f57bb45c819e0a3aada7023493bfbea1d2cbd1f3c1f421fe4b546

SHA512
c3a5589006c4e194f2cc7d5c053cd1ddcd4f0a4cdc76d104c0a32c64f0fb0103755523c90e8cba4c3818b49f0b9e144d010d4b97003cf66b9779e0e776220d70

Download Submit
\Program Files\Quick Driver Updater\unins000.exe

Filesize
2.7MB

MD5
348e9aad9e445392ba5c9fe96daf6f8b

SHA1
e04d450778d05cabb111903892dda0cdb288cd98

SHA256
5bae7f43baa254ce2eba9018e11c575730427d4fdf3146165755cd4bb07c3e53

SHA512
c19e21b4ce0908bd5b0d7f606f6ee44d0b8839ddcab7067933092a707d21131b7379a1850e35475e57be62cba1b61abde61331bd1bccdd875e756bb296f34024

Download Submit
\Program Files\draw.io\draw.io.exe

Filesize
72.8MB

MD5
202fe07ec150efa20374f020414e9e2e

SHA1
ad817e1256d8b4920e97ea1f101fe6605b86c052

SHA256
29a769d28f6a9b518a5ea7fe3ef8d2037dd62c99261f97b2bcd9acb3fd3dd1ee

SHA512
0614db0a3fcef25ad08b076e72571afbea07efafd682f740101f6269ea0262a419d303765592b44aeeab0b38ecbff0e10b6a92210d0d267cbc9b8bfa9a4cbda4

Download Submit
\Program Files\draw.io\draw.io.exe

Filesize
74.1MB

MD5
bf9ea6f1c3b5bee6f14e1d59284cba2c

SHA1
da1a89e5c91a10753aa5f18be527c2129ad11f3c

SHA256
bc24fd79b542dfca873b1b20b6c623d106a0b73689597ba6bc398b78d73d8e02

SHA512
aeb8732913ea70b83487df41f246cff600278afefe057509108973e90450a1c8f84ce06816024e60db0087e17e3815e66474c474bc003e1695b258896b828f66

Download Submit
\Program Files\draw.io\draw.io.exe

Filesize
72.9MB

MD5
a13d0f88a307182f89dfa4a4c5cc55bb

SHA1
eb5e187278bbafce917c1dcb2100cdf126c4629e

SHA256
10de96dee7e19b54fa8ef38974b3b24c38366636498f758224ddd38ff8ea2eac

SHA512
e4c6cbf07634824371f9f165dcee12cbe85dfc6f684f31b2ccd33c8150b543f557f01dd4a3bce2e9810be76cb11736fce006985a3d1093d02d20c28e4f666058

Download Submit
\Program Files\draw.io\draw.io.exe

Filesize
72.5MB

MD5
9e9640edd54f7a6e7ec156bf41b9cb7f

SHA1
58170ca7150fe7485b1932eee52d94665c691919

SHA256
82dcdc60d99e80e6bfba906840db357dd9357e1b8e66ee75e8607e29dbd1fe57

SHA512
8399cca1b7f0ec655931d8386703f3d7d545b912406c303b73d29d2bce0a5e2eb3a354b3145c641c395724b5bb415e5158c9b7343bf73b5730c60022f7c55139

Download Submit
\Program Files\draw.io\draw.io.exe

Filesize
70.6MB

MD5
1e010e1b0037b7c5bc9f07388b2c64de

SHA1
4eefaad47f826422da89c137af7d17e2c64b375e

SHA256
fafbbb30fa7c0ee479553aed3de6d98478ede171f56fc596be4fe440dbeeef27

SHA512
b51a1adc50d203eea7d52cd724c361fca7392cabd59f7c04bc4071f3b01757e13c7092c1576358064bf561a72b79236a70b01d903d1da1f75402568fdcd43c07

Download Submit
\Program Files\draw.io\draw.io.exe

Filesize
70.5MB

MD5
9b3f25b040a7d4b9cbfbbfc225b64648

SHA1
fd864726737f18a39b76fc9e01db03459d434955

SHA256
aff53c5b603114a8e768215adeefd05d6717af802e187dfdc51abdad5d76389f

SHA512
604bacc1fc2362845e3d14aa19e38f3a0cd0bcc20b09e84e6a458e69a87ed0bd63c765fb7cab248c0d6af9f5bcd8bfb3863a459a3cfdec6e7284ed79b54083ab

Download Submit
\Program Files\draw.io\draw.io.exe

Filesize
70.8MB

MD5
5f828270a16277a2a8d929cdc162f96b

SHA1
41446f221a972c33ba5454d99bc27edf0a674a4f

SHA256
3c341a1b575189a651cb94d928feaa999d716ecd94a9056f0689e5f57b415dff

SHA512
55d3f9ad48a0a8133cd16d0c5e4f3a756a9efaf13fcc2e1525dbf482f9f4fcf97a9b4730916a2de1cef020d0d7ffa5f5d71d2d5c166bc3506d6fd08fc812fe73

Download Submit
\Program Files\draw.io\draw.io.exe

Filesize
26.6MB

MD5
b98757dac7ad09a488c9f3801ab17338

SHA1
3182142b5f5eaf7a2e854d5941d9368b59ac4baf

SHA256
bfa5447f22b2503373603d95bf9203aef994db53c4ffb5afb9cd99b916cee40f

SHA512
b1c41ff7bb3784815805ea1c61b14eab35ce26a7cffc501fc33b8fdf76e0ce754e88f567af094735294afc850e60c05f2cb67c5ca611178c3085e12afa8d4ff2

Download Submit
\Program Files\draw.io\draw.io.exe

Filesize
3.4MB

MD5
30c29eef059915c3db482c8d25d5ae65

SHA1
affe5048e87631ae41688a601a74fcd532881b7f

SHA256
0e87dffd954600af2e1229853316ea4acd45fbe1d6292d2b29b950222f682954

SHA512
eb6e183c520a645e3c4f4a6a1b179c32e5cf8198fca59f4cdc7656d67be7356c65dc4fc2e725a3c93bb080675b1b8b7d09a4fce70d8fe6224550ba0bd431a028

Download Submit
\Program Files\draw.io\ffmpeg.dll

Filesize
2.7MB

MD5
e1197e74621313b2597792f61355314e

SHA1
2c7999023cd7051805fc196a865986b01fdeef45

SHA256
a3d1b9c673d242c2d862c30acb308cfb89b19e1cfb0db1f79daf69cf0d78dfe7

SHA512
ebb4d025a7622aedde7a32bbb4a3c6f05c48fee32fb1839b50a3145660c71112273af152b5290c0a92ecbc52d12f81420dd032e685ae84cf1b578978fc16a35c

Download Submit
\Program Files\draw.io\ffmpeg.dll

Filesize
2.1MB

MD5
b30cfa989a714f0bb14ccd52ce62cfbe

SHA1
7ed4d85cfd4fa3f940ae33fd130dc0fe59eabdb6

SHA256
e91e27ff9fc6428367c1312c2b7c0a156e45960b30b63b46b80fc92615a93358

SHA512
13a57e674ff54e6a1fc22f93b4b1c07eb7fc67125807cb4e6ea1a67ad9eece0508bfb1c56e1f3ad34b0fb29552d7c5fdb7344063cbe95020d081f178106a8320

Download Submit
\Program Files\draw.io\ffmpeg.dll

Filesize
2.7MB

MD5
e1197e74621313b2597792f61355314e

SHA1
2c7999023cd7051805fc196a865986b01fdeef45

SHA256
a3d1b9c673d242c2d862c30acb308cfb89b19e1cfb0db1f79daf69cf0d78dfe7

SHA512
ebb4d025a7622aedde7a32bbb4a3c6f05c48fee32fb1839b50a3145660c71112273af152b5290c0a92ecbc52d12f81420dd032e685ae84cf1b578978fc16a35c

Download Submit
\Users\Admin\AppData\Local\Temp\is-DLOTC.tmp\Quick_Driver_Updater.tmp

Filesize
2.7MB

MD5
348e9aad9e445392ba5c9fe96daf6f8b

SHA1
e04d450778d05cabb111903892dda0cdb288cd98

SHA256
5bae7f43baa254ce2eba9018e11c575730427d4fdf3146165755cd4bb07c3e53

SHA512
c19e21b4ce0908bd5b0d7f606f6ee44d0b8839ddcab7067933092a707d21131b7379a1850e35475e57be62cba1b61abde61331bd1bccdd875e756bb296f34024

Download Submit
\Users\Admin\AppData\Local\Temp\nsoAF35.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
\Users\Admin\AppData\Local\Temp\nsoAF35.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
\Users\Admin\AppData\Local\Temp\nsoAF35.tmp\UAC.dll

Filesize
14KB

MD5
adb29e6b186daa765dc750128649b63d

SHA1
160cbdc4cb0ac2c142d361df138c537aa7e708c9

SHA256
2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08

SHA512
b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada

Download Submit
\Users\Admin\AppData\Local\Temp\nsoAF35.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
\Users\Admin\AppData\Local\Temp\nsoAF35.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
\Users\Admin\AppData\Local\Temp\nsoAF35.tmp\nsDialogs.dll

Filesize
9KB

MD5
466179e1c8ee8a1ff5e4427dbb6c4a01

SHA1
eb607467009074278e4bd50c7eab400e95ae48f7

SHA256
1e40211af65923c2f4fd02ce021458a7745d28e2f383835e3015e96575632172

SHA512
7508a29c722d45297bfb090c8eb49bd1560ef7d4b35413f16a8aed62d3b1030a93d001a09de98c2b9fea9acf062dc99a7278786f4ece222e7436b261d14ca817

Download Submit
\Users\Admin\AppData\Local\Temp\nsoAF35.tmp\nsProcess.dll

Filesize
4KB

MD5
f0438a894f3a7e01a4aae8d1b5dd0289

SHA1
b058e3fcfb7b550041da16bf10d8837024c38bf6

SHA256
30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

SHA512
f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

Download Submit
\Users\Admin\AppData\Local\Temp\nsoAF35.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
memory/436-73-0x0000000074DA1000-0x0000000074DA3000-memory.dmp

Filesize
8KB

Download
memory/436-67-0x0000000000000000-mapping.dmp

Download
memory/1156-78-0x0000000000000000-mapping.dmp

Download
memory/1228-154-0x0000000000000000-mapping.dmp

Download
memory/1348-161-0x0000000000000000-mapping.dmp

Download
memory/1400-95-0x000007FEECB00000-0x000007FEEDACA000-memory.dmp

Filesize
15.8MB

Download
memory/1400-94-0x000007FEF2950000-0x000007FEF2E10000-memory.dmp

Filesize
4.8MB

Download
memory/1400-93-0x000007FEEDAD0000-0x000007FEEE4F3000-memory.dmp

Filesize
10.1MB

Download
memory/1400-80-0x0000000000000000-mapping.dmp

Download
memory/1400-97-0x000007FEEB8A0000-0x000007FEECAF3000-memory.dmp

Filesize
18.3MB

Download
memory/1436-54-0x000007FEFC331000-0x000007FEFC333000-memory.dmp

Filesize
8KB

Download
memory/1608-86-0x0000000000000000-mapping.dmp

Download
memory/1740-158-0x0000000000000000-mapping.dmp

Download
memory/1808-71-0x0000000000000000-mapping.dmp

Download
memory/1940-70-0x0000000000400000-0x000000000050A000-memory.dmp

Filesize
1.0MB

Download
memory/1940-96-0x0000000000400000-0x000000000050A000-memory.dmp

Filesize
1.0MB

Download
memory/1940-63-0x0000000000400000-0x000000000050A000-memory.dmp

Filesize
1.0MB

Download
memory/1940-62-0x0000000075711000-0x0000000075713000-memory.dmp

Filesize
8KB

Download
memory/1940-60-0x0000000000000000-mapping.dmp

Download
memory/1968-72-0x0000000000000000-mapping.dmp

Download