hxxps://automox-policy-files[.]s3[.]us-west-2[.]amazonaws[.]com/106250/Sensor-KDD-14510-2464-1613490256[.]exe?X-Amz-Content-Sha256=UNSIGNED-PAYLOAD&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIPAW26RZ5JT7Y3WA/20230103/us-west-2/s3/aws4_request&X-Amz-Date=20230103T075748Z&X-Amz-SignedHeaders=host&X-Amz-Expires=90000&X-Amz-Signature=42d31177333a3fc6173a6d8e461721deec7b3068c30c9a00838d465a98a1253c

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03/01/2023, 08:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://automox-policy-files.s3.us-west-2.amazonaws.com/106250/Sensor-KDD-14510-2464-1613490256.exe?X-Amz-Content-Sha256=UNSIGNED-PAYLOAD&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIPAW26RZ5JT7Y3WA/20230103/us-west-2/s3/aws4_request&X-Amz-Date=20230103T075748Z&X-Amz-SignedHeaders=host&X-Amz-Expires=90000&X-Amz-Signature=42d31177333a3fc6173a6d8e461721deec7b3068c30c9a00838d465a98a1253c

Score

8^/10

Malware Config

Signatures

Blocklisted process makes network request 6 IoCs

flow	pid	Process
107	4600	msiexec.exe
109	4600	msiexec.exe
111	2232	MsiExec.exe
112	2232	MsiExec.exe
114	2232	MsiExec.exe
116	2232	MsiExec.exe

Executes dropped EXE 11 IoCs

pid	Process
872	Sensor-KDD-14510-2464-1613490256.exe
1820	ISBEW64.exe
2860	ISBEW64.exe
1428	ISBEW64.exe
2228	ISBEW64.exe
4636	ISBEW64.exe
1796	ISBEW64.exe
1068	ISBEW64.exe
2216	ISBEW64.exe
1388	ISBEW64.exe
4952	ISBEW64.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	Sensor-KDD-14510-2464-1613490256.exe

Loads dropped DLL 12 IoCs

pid	Process
2232	MsiExec.exe
2232	MsiExec.exe
2232	MsiExec.exe
2232	MsiExec.exe
2232	MsiExec.exe
2232	MsiExec.exe
2232	MsiExec.exe
2232	MsiExec.exe
2232	MsiExec.exe
2232	MsiExec.exe
2232	MsiExec.exe
2232	MsiExec.exe

Enumerates connected drives 3 TTPs 48 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\F:	msiexec.exe
File opened (read-only)	\??\F:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings	Sensor-KDD-14510-2464-1613490256.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
3580	chrome.exe
3580	chrome.exe
5008	chrome.exe
5008	chrome.exe
4628	chrome.exe
4628	chrome.exe
916	chrome.exe
916	chrome.exe
1820	chrome.exe
1820	chrome.exe
4300	chrome.exe
4300	chrome.exe
3548	chrome.exe
3548	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4600	msiexec.exe
Token: SeIncreaseQuotaPrivilege	4600	msiexec.exe
Token: SeSecurityPrivilege	4828	msiexec.exe
Token: SeCreateTokenPrivilege	4600	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	4600	msiexec.exe
Token: SeLockMemoryPrivilege	4600	msiexec.exe
Token: SeIncreaseQuotaPrivilege	4600	msiexec.exe
Token: SeMachineAccountPrivilege	4600	msiexec.exe
Token: SeTcbPrivilege	4600	msiexec.exe
Token: SeSecurityPrivilege	4600	msiexec.exe
Token: SeTakeOwnershipPrivilege	4600	msiexec.exe
Token: SeLoadDriverPrivilege	4600	msiexec.exe
Token: SeSystemProfilePrivilege	4600	msiexec.exe
Token: SeSystemtimePrivilege	4600	msiexec.exe
Token: SeProfSingleProcessPrivilege	4600	msiexec.exe
Token: SeIncBasePriorityPrivilege	4600	msiexec.exe
Token: SeCreatePagefilePrivilege	4600	msiexec.exe
Token: SeCreatePermanentPrivilege	4600	msiexec.exe
Token: SeBackupPrivilege	4600	msiexec.exe
Token: SeRestorePrivilege	4600	msiexec.exe
Token: SeShutdownPrivilege	4600	msiexec.exe
Token: SeDebugPrivilege	4600	msiexec.exe
Token: SeAuditPrivilege	4600	msiexec.exe
Token: SeSystemEnvironmentPrivilege	4600	msiexec.exe
Token: SeChangeNotifyPrivilege	4600	msiexec.exe
Token: SeRemoteShutdownPrivilege	4600	msiexec.exe
Token: SeUndockPrivilege	4600	msiexec.exe
Token: SeSyncAgentPrivilege	4600	msiexec.exe
Token: SeEnableDelegationPrivilege	4600	msiexec.exe
Token: SeManageVolumePrivilege	4600	msiexec.exe
Token: SeImpersonatePrivilege	4600	msiexec.exe
Token: SeCreateGlobalPrivilege	4600	msiexec.exe
Token: SeCreateTokenPrivilege	4600	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	4600	msiexec.exe
Token: SeLockMemoryPrivilege	4600	msiexec.exe
Token: SeIncreaseQuotaPrivilege	4600	msiexec.exe
Token: SeMachineAccountPrivilege	4600	msiexec.exe
Token: SeTcbPrivilege	4600	msiexec.exe
Token: SeSecurityPrivilege	4600	msiexec.exe
Token: SeTakeOwnershipPrivilege	4600	msiexec.exe
Token: SeLoadDriverPrivilege	4600	msiexec.exe
Token: SeSystemProfilePrivilege	4600	msiexec.exe
Token: SeSystemtimePrivilege	4600	msiexec.exe
Token: SeProfSingleProcessPrivilege	4600	msiexec.exe
Token: SeIncBasePriorityPrivilege	4600	msiexec.exe
Token: SeCreatePagefilePrivilege	4600	msiexec.exe
Token: SeCreatePermanentPrivilege	4600	msiexec.exe
Token: SeBackupPrivilege	4600	msiexec.exe
Token: SeRestorePrivilege	4600	msiexec.exe
Token: SeShutdownPrivilege	4600	msiexec.exe
Token: SeDebugPrivilege	4600	msiexec.exe
Token: SeAuditPrivilege	4600	msiexec.exe
Token: SeSystemEnvironmentPrivilege	4600	msiexec.exe
Token: SeChangeNotifyPrivilege	4600	msiexec.exe
Token: SeRemoteShutdownPrivilege	4600	msiexec.exe
Token: SeUndockPrivilege	4600	msiexec.exe
Token: SeSyncAgentPrivilege	4600	msiexec.exe
Token: SeEnableDelegationPrivilege	4600	msiexec.exe
Token: SeManageVolumePrivilege	4600	msiexec.exe
Token: SeImpersonatePrivilege	4600	msiexec.exe
Token: SeCreateGlobalPrivilege	4600	msiexec.exe
Token: SeCreateTokenPrivilege	4600	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	4600	msiexec.exe
Token: SeLockMemoryPrivilege	4600	msiexec.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
4600	msiexec.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5008 wrote to memory of 1120	5008	chrome.exe	82
PID 5008 wrote to memory of 1120	5008	chrome.exe	82
PID 5008 wrote to memory of 1456	5008	chrome.exe	85
PID 5008 wrote to memory of 1456	5008	chrome.exe	85
PID 5008 wrote to memory of 1456	5008	chrome.exe	85
PID 5008 wrote to memory of 1456	5008	chrome.exe	85
PID 5008 wrote to memory of 1456	5008	chrome.exe	85
PID 5008 wrote to memory of 1456	5008	chrome.exe	85
PID 5008 wrote to memory of 1456	5008	chrome.exe	85
PID 5008 wrote to memory of 1456	5008	chrome.exe	85
PID 5008 wrote to memory of 1456	5008	chrome.exe	85
PID 5008 wrote to memory of 1456	5008	chrome.exe	85
PID 5008 wrote to memory of 1456	5008	chrome.exe	85
PID 5008 wrote to memory of 1456	5008	chrome.exe	85
PID 5008 wrote to memory of 1456	5008	chrome.exe	85
PID 5008 wrote to memory of 1456	5008	chrome.exe	85
PID 5008 wrote to memory of 1456	5008	chrome.exe	85
PID 5008 wrote to memory of 1456	5008	chrome.exe	85
PID 5008 wrote to memory of 1456	5008	chrome.exe	85
PID 5008 wrote to memory of 1456	5008	chrome.exe	85
PID 5008 wrote to memory of 1456	5008	chrome.exe	85
PID 5008 wrote to memory of 1456	5008	chrome.exe	85
PID 5008 wrote to memory of 1456	5008	chrome.exe	85
PID 5008 wrote to memory of 1456	5008	chrome.exe	85
PID 5008 wrote to memory of 1456	5008	chrome.exe	85
PID 5008 wrote to memory of 1456	5008	chrome.exe	85
PID 5008 wrote to memory of 1456	5008	chrome.exe	85
PID 5008 wrote to memory of 1456	5008	chrome.exe	85
PID 5008 wrote to memory of 1456	5008	chrome.exe	85
PID 5008 wrote to memory of 1456	5008	chrome.exe	85
PID 5008 wrote to memory of 1456	5008	chrome.exe	85
PID 5008 wrote to memory of 1456	5008	chrome.exe	85
PID 5008 wrote to memory of 1456	5008	chrome.exe	85
PID 5008 wrote to memory of 1456	5008	chrome.exe	85
PID 5008 wrote to memory of 1456	5008	chrome.exe	85
PID 5008 wrote to memory of 1456	5008	chrome.exe	85
PID 5008 wrote to memory of 1456	5008	chrome.exe	85
PID 5008 wrote to memory of 1456	5008	chrome.exe	85
PID 5008 wrote to memory of 1456	5008	chrome.exe	85
PID 5008 wrote to memory of 1456	5008	chrome.exe	85
PID 5008 wrote to memory of 1456	5008	chrome.exe	85
PID 5008 wrote to memory of 1456	5008	chrome.exe	85
PID 5008 wrote to memory of 3580	5008	chrome.exe	86
PID 5008 wrote to memory of 3580	5008	chrome.exe	86
PID 5008 wrote to memory of 1056	5008	chrome.exe	87
PID 5008 wrote to memory of 1056	5008	chrome.exe	87
PID 5008 wrote to memory of 1056	5008	chrome.exe	87
PID 5008 wrote to memory of 1056	5008	chrome.exe	87
PID 5008 wrote to memory of 1056	5008	chrome.exe	87
PID 5008 wrote to memory of 1056	5008	chrome.exe	87
PID 5008 wrote to memory of 1056	5008	chrome.exe	87
PID 5008 wrote to memory of 1056	5008	chrome.exe	87
PID 5008 wrote to memory of 1056	5008	chrome.exe	87
PID 5008 wrote to memory of 1056	5008	chrome.exe	87
PID 5008 wrote to memory of 1056	5008	chrome.exe	87
PID 5008 wrote to memory of 1056	5008	chrome.exe	87
PID 5008 wrote to memory of 1056	5008	chrome.exe	87
PID 5008 wrote to memory of 1056	5008	chrome.exe	87
PID 5008 wrote to memory of 1056	5008	chrome.exe	87
PID 5008 wrote to memory of 1056	5008	chrome.exe	87
PID 5008 wrote to memory of 1056	5008	chrome.exe	87
PID 5008 wrote to memory of 1056	5008	chrome.exe	87
PID 5008 wrote to memory of 1056	5008	chrome.exe	87
PID 5008 wrote to memory of 1056	5008	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" https://automox-policy-files.s3.us-west-2.amazonaws.com/106250/Sensor-KDD-14510-2464-1613490256.exe?X-Amz-Content-Sha256=UNSIGNED-PAYLOAD&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIPAW26RZ5JT7Y3WA/20230103/us-west-2/s3/aws4_request&X-Amz-Date=20230103T075748Z&X-Amz-SignedHeaders=host&X-Amz-Expires=90000&X-Amz-Signature=42d31177333a3fc6173a6d8e461721deec7b3068c30c9a00838d465a98a1253c
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8304a4f50,0x7ff8304a4f60,0x7ff8304a4f70
  2⤵
  PID:1120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1688,11330225101333832392,8766823003201785709,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1712 /prefetch:2
  2⤵
  PID:1456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1688,11330225101333832392,8766823003201785709,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=2032 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1688,11330225101333832392,8766823003201785709,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2328 /prefetch:8
  2⤵
  PID:1056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1688,11330225101333832392,8766823003201785709,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3084 /prefetch:1
  2⤵
  PID:3020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1688,11330225101333832392,8766823003201785709,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3052 /prefetch:1
  2⤵
  PID:1968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1688,11330225101333832392,8766823003201785709,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4336 /prefetch:8
  2⤵
  PID:1028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1688,11330225101333832392,8766823003201785709,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5328 /prefetch:8
  2⤵
  PID:2332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1688,11330225101333832392,8766823003201785709,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5340 /prefetch:8
  2⤵
  PID:4972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1688,11330225101333832392,8766823003201785709,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4580 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1688,11330225101333832392,8766823003201785709,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5496 /prefetch:8
  2⤵
  PID:1108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1688,11330225101333832392,8766823003201785709,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5396 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1688,11330225101333832392,8766823003201785709,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5372 /prefetch:8
  2⤵
  PID:2184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1688,11330225101333832392,8766823003201785709,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5768 /prefetch:8
  2⤵
  PID:4968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1688,11330225101333832392,8766823003201785709,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5408 /prefetch:8
  2⤵
  PID:2408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1688,11330225101333832392,8766823003201785709,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
  2⤵
  PID:2220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1688,11330225101333832392,8766823003201785709,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1624 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1688,11330225101333832392,8766823003201785709,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2628 /prefetch:8
  2⤵
  PID:4320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1688,11330225101333832392,8766823003201785709,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5332 /prefetch:8
  2⤵
  PID:3536
- C:\Users\Admin\Downloads\Sensor-KDD-14510-2464-1613490256.exe
  "C:\Users\Admin\Downloads\Sensor-KDD-14510-2464-1613490256.exe"
  2⤵
  - Executes dropped EXE
  - Checks computer location settings
  - Modifies registry class
  PID:872
- - C:\Windows\SysWOW64\msiexec.exe
    "C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\7zSCB5E.tmp\EventTrackerSensor.msi" CUSTOMCONFIG=3 CA=1 EM=MDR14.EVENTTRACKER.COM EP=14510 MIN_GUI=1 IR=1 LS=MDR14.EVENTTRACKER.COM SUPPORT_CONTACTS="866-559-2210 option 2: option 3:" LP=14503 PIP=198.17.119.101 PKG_UID=77c27c9a21d340648ca1cd302c8e18ff6901b7b9 CM=LOCALHOST IS_SUFFIX=2 SUFFIX=KINDEVA_DRUG_DELIVERY FOR_SILENT=Yes
    3⤵
    - Blocklisted process makes network request
    - Enumerates connected drives
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    PID:4600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1688,11330225101333832392,8766823003201785709,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5756 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1688,11330225101333832392,8766823003201785709,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4800 /prefetch:8
  2⤵
  PID:2316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1688,11330225101333832392,8766823003201785709,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6088 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1688,11330225101333832392,8766823003201785709,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1588 /prefetch:8
  2⤵
  PID:3976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1688,11330225101333832392,8766823003201785709,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6048 /prefetch:8
  2⤵
  PID:2180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1688,11330225101333832392,8766823003201785709,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4560 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1688,11330225101333832392,8766823003201785709,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4320 /prefetch:8
  2⤵
  PID:2380

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4492

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
PID:4828
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding C3D32A00BACB5F6DCB7CD0BF903A13F8 C
  2⤵
  - Blocklisted process makes network request
  - Loads dropped DLL
  PID:2232
- - C:\Users\Admin\AppData\Local\Temp\{DE0EF5A0-FC73-436F-A692-6758E39FE22E}\ISBEW64.exe
    C:\Users\Admin\AppData\Local\Temp\{DE0EF5A0-FC73-436F-A692-6758E39FE22E}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{4D7C9CB2-F3D3-4B4F-BB6B-90F642983DF0}
    3⤵
    - Executes dropped EXE
    PID:1820
- - C:\Users\Admin\AppData\Local\Temp\{DE0EF5A0-FC73-436F-A692-6758E39FE22E}\ISBEW64.exe
    C:\Users\Admin\AppData\Local\Temp\{DE0EF5A0-FC73-436F-A692-6758E39FE22E}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{46F02597-A33A-48F0-B938-A6AF38F2C1E7}
    3⤵
    - Executes dropped EXE
    PID:4636
- - C:\Users\Admin\AppData\Local\Temp\{DE0EF5A0-FC73-436F-A692-6758E39FE22E}\ISBEW64.exe
    C:\Users\Admin\AppData\Local\Temp\{DE0EF5A0-FC73-436F-A692-6758E39FE22E}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{C44F3C9C-F2CF-44A4-BDFA-890C26FA34B1}
    3⤵
    - Executes dropped EXE
    PID:1796
- - C:\Users\Admin\AppData\Local\Temp\{DE0EF5A0-FC73-436F-A692-6758E39FE22E}\ISBEW64.exe
    C:\Users\Admin\AppData\Local\Temp\{DE0EF5A0-FC73-436F-A692-6758E39FE22E}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{B70BE27A-732B-4ED6-A91D-07A833F695CE}
    3⤵
    - Executes dropped EXE
    PID:1068
- - C:\Users\Admin\AppData\Local\Temp\{DE0EF5A0-FC73-436F-A692-6758E39FE22E}\ISBEW64.exe
    C:\Users\Admin\AppData\Local\Temp\{DE0EF5A0-FC73-436F-A692-6758E39FE22E}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{1ECAB9A5-4597-46F4-890B-F5A1E1298452}
    3⤵
    - Executes dropped EXE
    PID:2216
- - C:\Users\Admin\AppData\Local\Temp\{DE0EF5A0-FC73-436F-A692-6758E39FE22E}\ISBEW64.exe
    C:\Users\Admin\AppData\Local\Temp\{DE0EF5A0-FC73-436F-A692-6758E39FE22E}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{CCD94957-15C6-4861-B6AC-DC60CCBE3F08}
    3⤵
    - Executes dropped EXE
    PID:2228
- - C:\Users\Admin\AppData\Local\Temp\{DE0EF5A0-FC73-436F-A692-6758E39FE22E}\ISBEW64.exe
    C:\Users\Admin\AppData\Local\Temp\{DE0EF5A0-FC73-436F-A692-6758E39FE22E}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{FA8858DF-87C6-446F-A0F7-09FB8699D9A7}
    3⤵
    - Executes dropped EXE
    PID:4952
- - C:\Users\Admin\AppData\Local\Temp\{DE0EF5A0-FC73-436F-A692-6758E39FE22E}\ISBEW64.exe
    C:\Users\Admin\AppData\Local\Temp\{DE0EF5A0-FC73-436F-A692-6758E39FE22E}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{88A3D948-101E-476C-BEB6-1A3E7F2894B9}
    3⤵
    - Executes dropped EXE
    PID:1388
- - C:\Users\Admin\AppData\Local\Temp\{DE0EF5A0-FC73-436F-A692-6758E39FE22E}\ISBEW64.exe
    C:\Users\Admin\AppData\Local\Temp\{DE0EF5A0-FC73-436F-A692-6758E39FE22E}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{99AF1B11-2A08-4685-9441-8BCE45B85135}
    3⤵
    - Executes dropped EXE
    PID:1428
- - C:\Users\Admin\AppData\Local\Temp\{DE0EF5A0-FC73-436F-A692-6758E39FE22E}\ISBEW64.exe
    C:\Users\Admin\AppData\Local\Temp\{DE0EF5A0-FC73-436F-A692-6758E39FE22E}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{C03A978A-E8F2-4FD2-B175-8312D8701B93}
    3⤵
    - Executes dropped EXE
    PID:2860

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zSCB5E.tmp\Agent.ini

Filesize
2KB

MD5
c2d38db31bee98f3cfe79330ec8f1556

SHA1
1d7b5c80816e1d091fbcf8b61d8fcce1a1eb4525

SHA256
af4a0c29ec72414f8e23eaa189cdd98e9baa6bbc8b873464d6baa778e39b8cc5

SHA512
e71538f284c39430c224505c5e852466621a6c4d5f379837d2162256022ffc06753449ce40c3f738e56a8b5df6eaf07b764033389d026c074b8735b9fa1258b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCB5E.tmp\EventTrackerSensor.msi

Filesize
43.5MB

MD5
eeeffe4641f84bd37b5e4b6d6dd319af

SHA1
7ee990d292987ea5b4c18e575eb6656b31b9362f

SHA256
6388cf223e18ba55cf5b5458278c2df19a01e71ea37f2a8fdd9324aedea5a529

SHA512
c2a253c186bb3b347fe796767d49f3f7503a0cc62c47974b014b205940a4e6ab57c010cb7a81041f2a4caf2272d4beebfb9e39f871459325c26d5c8a48650a9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI89.tmp

Filesize
1.8MB

MD5
2a516bf3cf28f18a663bc076fd694dd0

SHA1
d9cc9a36a78919be96fab4e4cf4ea8743a4c6190

SHA256
228f476e3c86690725da033ad5bf204aa3379bd59f4f9c864bb735dd9b1549cc

SHA512
a1457508a9eeb796a102481fd04de558ecaded8073c3b586b2b087a2de0839b91c9f44e51c9804f21c5b27d9a9b7ca916bc728c9c30670fb38c3a739f0a00c0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI89.tmp

Filesize
1.8MB

MD5
2a516bf3cf28f18a663bc076fd694dd0

SHA1
d9cc9a36a78919be96fab4e4cf4ea8743a4c6190

SHA256
228f476e3c86690725da033ad5bf204aa3379bd59f4f9c864bb735dd9b1549cc

SHA512
a1457508a9eeb796a102481fd04de558ecaded8073c3b586b2b087a2de0839b91c9f44e51c9804f21c5b27d9a9b7ca916bc728c9c30670fb38c3a739f0a00c0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIFC13.tmp

Filesize
168KB

MD5
60050e5719ac81c0a1f941b2fc4e3cee

SHA1
26829cf747a5dfdcf2c8b6503a06f075167a38f6

SHA256
d850c1a06bbf846fdc91ac626de9c37b421daeec61af76ddfa474fd03a7e03cd

SHA512
dfd9380357df576b99a7654c71af32576e7c70363b4398fea70f1c433993524395bbac3c156072581cfed9c002006b5b3e77f6160a9995438f3012780757add9

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIFC13.tmp

Filesize
168KB

MD5
60050e5719ac81c0a1f941b2fc4e3cee

SHA1
26829cf747a5dfdcf2c8b6503a06f075167a38f6

SHA256
d850c1a06bbf846fdc91ac626de9c37b421daeec61af76ddfa474fd03a7e03cd

SHA512
dfd9380357df576b99a7654c71af32576e7c70363b4398fea70f1c433993524395bbac3c156072581cfed9c002006b5b3e77f6160a9995438f3012780757add9

Download Submit
C:\Users\Admin\AppData\Local\Temp\{56641C61-6F67-4E53-AFC2-41B173EAD9AF}\Data Encryption.dll

Filesize
85KB

MD5
1f18bb7ee97adcc995ccc287bdb49b0d

SHA1
85a48bd9c7671c493ff272033c4e73113c18ba45

SHA256
30791c4f1a77a8290351ffd336b0cfe058656077603de2c655cf27f630b23bbd

SHA512
7e9c61fbe986fd533d2b2b3c6fca7ece4ed10f8a7672097a91363643e1b6299db94ceecf5f52b1297d859eadb5a12574ed31fb670719fa180b9ca59580976ee5

Download Submit
C:\Users\Admin\AppData\Local\Temp\{56641C61-6F67-4E53-AFC2-41B173EAD9AF}\Data Encryption.dll

Filesize
85KB

MD5
1f18bb7ee97adcc995ccc287bdb49b0d

SHA1
85a48bd9c7671c493ff272033c4e73113c18ba45

SHA256
30791c4f1a77a8290351ffd336b0cfe058656077603de2c655cf27f630b23bbd

SHA512
7e9c61fbe986fd533d2b2b3c6fca7ece4ed10f8a7672097a91363643e1b6299db94ceecf5f52b1297d859eadb5a12574ed31fb670719fa180b9ca59580976ee5

Download Submit
C:\Users\Admin\AppData\Local\Temp\{56641C61-6F67-4E53-AFC2-41B173EAD9AF}\EtsIns.dll

Filesize
402KB

MD5
7d7ae703b58feb0fafa6ca271bcdd701

SHA1
1a628df83e14299083bd58781316ee06d9428011

SHA256
995f0cd4b5524424c8aaae404e5ddd721469bf48309748604c81cd657d4cdac0

SHA512
b6813e856e176d423f7e5f4d43c1c2f7d7186a659914f082a25477f415a0354f1d85e5c04897178e72cd5944cff096325ad5cda7f56a135e5dff635f45148296

Download Submit
C:\Users\Admin\AppData\Local\Temp\{56641C61-6F67-4E53-AFC2-41B173EAD9AF}\EtsIns.dll

Filesize
402KB

MD5
7d7ae703b58feb0fafa6ca271bcdd701

SHA1
1a628df83e14299083bd58781316ee06d9428011

SHA256
995f0cd4b5524424c8aaae404e5ddd721469bf48309748604c81cd657d4cdac0

SHA512
b6813e856e176d423f7e5f4d43c1c2f7d7186a659914f082a25477f415a0354f1d85e5c04897178e72cd5944cff096325ad5cda7f56a135e5dff635f45148296

Download Submit
C:\Users\Admin\AppData\Local\Temp\{56641C61-6F67-4E53-AFC2-41B173EAD9AF}\EvtTrkList.dll

Filesize
57KB

MD5
2ef25df12f76df9005b519def824b641

SHA1
39f05fa95b2d38e13d44a39546cef09da7c52404

SHA256
2dba4ce487dbacfd316ad531c5f30358eb36983d1428f1e75649b5f38d7324e8

SHA512
e13c39013253a9bee9c5ec186b9210c5997c2714c5c2661f7a5c0508164a895043473b238d2a79104402a7bccc2ad3142c4e44a085196088e286f2e1ef50c86b

Download Submit
C:\Users\Admin\AppData\Local\Temp\{56641C61-6F67-4E53-AFC2-41B173EAD9AF}\EvtTrkList.dll

Filesize
57KB

MD5
2ef25df12f76df9005b519def824b641

SHA1
39f05fa95b2d38e13d44a39546cef09da7c52404

SHA256
2dba4ce487dbacfd316ad531c5f30358eb36983d1428f1e75649b5f38d7324e8

SHA512
e13c39013253a9bee9c5ec186b9210c5997c2714c5c2661f7a5c0508164a895043473b238d2a79104402a7bccc2ad3142c4e44a085196088e286f2e1ef50c86b

Download Submit
C:\Users\Admin\AppData\Local\Temp\{DE0EF5A0-FC73-436F-A692-6758E39FE22E}\ISBEW64.exe

Filesize
177KB

MD5
3036cd127feebb6a14aeeb775036b1da

SHA1
2e1532a0c4c815930351c7b959577bec31b6dbf2

SHA256
1947cabbf8ffcead2a1629c51c028c93f74a5a28cf3e9725dc98231d392b82be

SHA512
197d0e64ee142c1f14c49d9a7755f347900cc5a927d07b6b21f8afb6912553385434363022ef1c51af388adabe13a3f7437ed2452e6d70f4f5b45ca2fb4bbd4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\{DE0EF5A0-FC73-436F-A692-6758E39FE22E}\ISBEW64.exe

Filesize
177KB

MD5
3036cd127feebb6a14aeeb775036b1da

SHA1
2e1532a0c4c815930351c7b959577bec31b6dbf2

SHA256
1947cabbf8ffcead2a1629c51c028c93f74a5a28cf3e9725dc98231d392b82be

SHA512
197d0e64ee142c1f14c49d9a7755f347900cc5a927d07b6b21f8afb6912553385434363022ef1c51af388adabe13a3f7437ed2452e6d70f4f5b45ca2fb4bbd4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\{DE0EF5A0-FC73-436F-A692-6758E39FE22E}\ISBEW64.exe

Filesize
177KB

MD5
3036cd127feebb6a14aeeb775036b1da

SHA1
2e1532a0c4c815930351c7b959577bec31b6dbf2

SHA256
1947cabbf8ffcead2a1629c51c028c93f74a5a28cf3e9725dc98231d392b82be

SHA512
197d0e64ee142c1f14c49d9a7755f347900cc5a927d07b6b21f8afb6912553385434363022ef1c51af388adabe13a3f7437ed2452e6d70f4f5b45ca2fb4bbd4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\{DE0EF5A0-FC73-436F-A692-6758E39FE22E}\ISBEW64.exe

Filesize
177KB

MD5
3036cd127feebb6a14aeeb775036b1da

SHA1
2e1532a0c4c815930351c7b959577bec31b6dbf2

SHA256
1947cabbf8ffcead2a1629c51c028c93f74a5a28cf3e9725dc98231d392b82be

SHA512
197d0e64ee142c1f14c49d9a7755f347900cc5a927d07b6b21f8afb6912553385434363022ef1c51af388adabe13a3f7437ed2452e6d70f4f5b45ca2fb4bbd4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\{DE0EF5A0-FC73-436F-A692-6758E39FE22E}\ISBEW64.exe

Filesize
177KB

MD5
3036cd127feebb6a14aeeb775036b1da

SHA1
2e1532a0c4c815930351c7b959577bec31b6dbf2

SHA256
1947cabbf8ffcead2a1629c51c028c93f74a5a28cf3e9725dc98231d392b82be

SHA512
197d0e64ee142c1f14c49d9a7755f347900cc5a927d07b6b21f8afb6912553385434363022ef1c51af388adabe13a3f7437ed2452e6d70f4f5b45ca2fb4bbd4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\{DE0EF5A0-FC73-436F-A692-6758E39FE22E}\ISBEW64.exe

Filesize
177KB

MD5
3036cd127feebb6a14aeeb775036b1da

SHA1
2e1532a0c4c815930351c7b959577bec31b6dbf2

SHA256
1947cabbf8ffcead2a1629c51c028c93f74a5a28cf3e9725dc98231d392b82be

SHA512
197d0e64ee142c1f14c49d9a7755f347900cc5a927d07b6b21f8afb6912553385434363022ef1c51af388adabe13a3f7437ed2452e6d70f4f5b45ca2fb4bbd4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\{DE0EF5A0-FC73-436F-A692-6758E39FE22E}\ISBEW64.exe

Filesize
177KB

MD5
3036cd127feebb6a14aeeb775036b1da

SHA1
2e1532a0c4c815930351c7b959577bec31b6dbf2

SHA256
1947cabbf8ffcead2a1629c51c028c93f74a5a28cf3e9725dc98231d392b82be

SHA512
197d0e64ee142c1f14c49d9a7755f347900cc5a927d07b6b21f8afb6912553385434363022ef1c51af388adabe13a3f7437ed2452e6d70f4f5b45ca2fb4bbd4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\{DE0EF5A0-FC73-436F-A692-6758E39FE22E}\ISBEW64.exe

Filesize
177KB

MD5
3036cd127feebb6a14aeeb775036b1da

SHA1
2e1532a0c4c815930351c7b959577bec31b6dbf2

SHA256
1947cabbf8ffcead2a1629c51c028c93f74a5a28cf3e9725dc98231d392b82be

SHA512
197d0e64ee142c1f14c49d9a7755f347900cc5a927d07b6b21f8afb6912553385434363022ef1c51af388adabe13a3f7437ed2452e6d70f4f5b45ca2fb4bbd4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\{DE0EF5A0-FC73-436F-A692-6758E39FE22E}\ISBEW64.exe

Filesize
177KB

MD5
3036cd127feebb6a14aeeb775036b1da

SHA1
2e1532a0c4c815930351c7b959577bec31b6dbf2

SHA256
1947cabbf8ffcead2a1629c51c028c93f74a5a28cf3e9725dc98231d392b82be

SHA512
197d0e64ee142c1f14c49d9a7755f347900cc5a927d07b6b21f8afb6912553385434363022ef1c51af388adabe13a3f7437ed2452e6d70f4f5b45ca2fb4bbd4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\{DE0EF5A0-FC73-436F-A692-6758E39FE22E}\ISBEW64.exe

Filesize
177KB

MD5
3036cd127feebb6a14aeeb775036b1da

SHA1
2e1532a0c4c815930351c7b959577bec31b6dbf2

SHA256
1947cabbf8ffcead2a1629c51c028c93f74a5a28cf3e9725dc98231d392b82be

SHA512
197d0e64ee142c1f14c49d9a7755f347900cc5a927d07b6b21f8afb6912553385434363022ef1c51af388adabe13a3f7437ed2452e6d70f4f5b45ca2fb4bbd4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\{DE0EF5A0-FC73-436F-A692-6758E39FE22E}\ISBEW64.exe

Filesize
177KB

MD5
3036cd127feebb6a14aeeb775036b1da

SHA1
2e1532a0c4c815930351c7b959577bec31b6dbf2

SHA256
1947cabbf8ffcead2a1629c51c028c93f74a5a28cf3e9725dc98231d392b82be

SHA512
197d0e64ee142c1f14c49d9a7755f347900cc5a927d07b6b21f8afb6912553385434363022ef1c51af388adabe13a3f7437ed2452e6d70f4f5b45ca2fb4bbd4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\{DE0EF5A0-FC73-436F-A692-6758E39FE22E}\ISRT.dll

Filesize
421KB

MD5
24d9b9f394ea5cdfc061c82d52ebcdae

SHA1
04e779f221fbc43d6acb51b33545dce17833a0e8

SHA256
a35baeced3df5415d2e64dd9855571ace4e5e7168b6e05d235187fc85863d663

SHA512
b114b7f93974bf1aa70f910f5fb934b465f6874b4aa3a1c130f0d1bf6221ac2d92cfc3b13fdfad2192d0c651b6abb5354b0c3122487aa959af20603b57607055

Download Submit
C:\Users\Admin\AppData\Local\Temp\{DE0EF5A0-FC73-436F-A692-6758E39FE22E}\ISRT.dll

Filesize
421KB

MD5
24d9b9f394ea5cdfc061c82d52ebcdae

SHA1
04e779f221fbc43d6acb51b33545dce17833a0e8

SHA256
a35baeced3df5415d2e64dd9855571ace4e5e7168b6e05d235187fc85863d663

SHA512
b114b7f93974bf1aa70f910f5fb934b465f6874b4aa3a1c130f0d1bf6221ac2d92cfc3b13fdfad2192d0c651b6abb5354b0c3122487aa959af20603b57607055

Download Submit
C:\Users\Admin\AppData\Local\Temp\{DE0EF5A0-FC73-436F-A692-6758E39FE22E}\_isres_0x0409.dll

Filesize
1.8MB

MD5
5b1b1a2673556c0252b313a6f9fc8334

SHA1
eae258838e473a8ef8eb2fb25747d6897237ec18

SHA256
2feffefcbec6ea9006c0ea3cb1043432c87b214bb175b7f8d2676762f097d817

SHA512
5d293dd84aa0aa84b8450cc7770aa464f795e28758f89b53d07f37054a0a1c354237e492c638d3a88faa008f107421082427f267f9654479bbb39b7ff417d889

Download Submit
C:\Users\Admin\AppData\Local\Temp\{DE0EF5A0-FC73-436F-A692-6758E39FE22E}\_isres_0x0409.dll

Filesize
1.8MB

MD5
5b1b1a2673556c0252b313a6f9fc8334

SHA1
eae258838e473a8ef8eb2fb25747d6897237ec18

SHA256
2feffefcbec6ea9006c0ea3cb1043432c87b214bb175b7f8d2676762f097d817

SHA512
5d293dd84aa0aa84b8450cc7770aa464f795e28758f89b53d07f37054a0a1c354237e492c638d3a88faa008f107421082427f267f9654479bbb39b7ff417d889

Download Submit
C:\Users\Admin\Downloads\Sensor-KDD-14510-2464-1613490256.exe

Filesize
29.3MB

MD5
c6aaddfcb089dbf605c49cc98df55078

SHA1
058f1bba04901e217f8c821061c64291c478aa2a

SHA256
99fbb881b80e705b413e3b4555f6a16c6b3bd20edc9c4e16fe78b0d875cccc42

SHA512
b90320338deed358155ae48ec992c40feff0b628cde20e1e39d0919ff4288a5920a24eb51fa35ec23f03e63b697100f92e1d267133f7184ab65e28cc535a5df0

Download Submit
C:\Users\Admin\Downloads\Sensor-KDD-14510-2464-1613490256.exe

Filesize
29.3MB

MD5
c6aaddfcb089dbf605c49cc98df55078

SHA1
058f1bba04901e217f8c821061c64291c478aa2a

SHA256
99fbb881b80e705b413e3b4555f6a16c6b3bd20edc9c4e16fe78b0d875cccc42

SHA512
b90320338deed358155ae48ec992c40feff0b628cde20e1e39d0919ff4288a5920a24eb51fa35ec23f03e63b697100f92e1d267133f7184ab65e28cc535a5df0

Download Submit
memory/2232-164-0x0000000002960000-0x0000000002A71000-memory.dmp

Filesize
1.1MB

Download
memory/2232-176-0x0000000002E90000-0x0000000002EA7000-memory.dmp

Filesize
92KB

Download
memory/2232-179-0x0000000002EC0000-0x0000000002F2F000-memory.dmp

Filesize
444KB

Download
memory/2232-143-0x0000000010000000-0x0000000010244000-memory.dmp

Filesize
2.3MB

Download
memory/2232-173-0x0000000002E70000-0x0000000002E7E000-memory.dmp

Filesize
56KB

Download
memory/2232-159-0x0000000002C50000-0x0000000002E17000-memory.dmp

Filesize
1.8MB

Download
memory/2232-182-0x0000000010000000-0x0000000010244000-memory.dmp

Filesize
2.3MB

Download
memory/2232-183-0x0000000002960000-0x0000000002A71000-memory.dmp

Filesize
1.1MB

Download