9d4943e3acb28183f335fb1614dfffc4df8b23b5066089c868e36f721ffc48a7

Resubmissions

15-04-2023 16:21

230415-tt44jsgc8s 8

15-04-2023 16:17

230415-trr17seg43 8

Analysis

max time kernel
197s
max time network
213s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
15-04-2023 16:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Setup for cm2demo_oWTv-t1.exe
Size

1.7MB
MD5

99a9fbd5fee72ce51585309390a46717
SHA1

ff39c56312090a909c2c0c82629c552a3b252a98
SHA256

833064195b0c96bce9a8c00dc95df6bd9fce1092c1260ba0e877810bfc44b0aa
SHA512

97f9a98fb48c8281818163d3dbe66fa246e1fe6a5a67f15175419992b0ca389cbe086e457177c21ce9c99ff05a1e0b508812cdf30220090a438dd8c94f73c6b7
SSDEEP

24576:R4nXubIQGyxbPV0db26Wmd0l4sv1Et9uGpckT52zedlq89Ws5uIzk5aM/phdO7:Rqe3f61mZSffPMWrQ0ZkA

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file
Executes dropped EXE 3 IoCs

Processes:

Setup for cm2demo_oWTv-t1.tmpfile_oWTv-t1.exefile_oWTv-t1.tmp

pid process

1996 Setup for cm2demo_oWTv-t1.tmp
668 file_oWTv-t1.exe
576 file_oWTv-t1.tmp
Loads dropped DLL 5 IoCs

Processes:

Setup for cm2demo_oWTv-t1.exeSetup for cm2demo_oWTv-t1.tmpfile_oWTv-t1.exefile_oWTv-t1.tmp

pid process

2008 Setup for cm2demo_oWTv-t1.exe
1996 Setup for cm2demo_oWTv-t1.tmp
668 file_oWTv-t1.exe
576 file_oWTv-t1.tmp
576 file_oWTv-t1.tmp
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

pid	process
1996	Setup for cm2demo_oWTv-t1.tmp
668	file_oWTv-t1.exe
576	file_oWTv-t1.tmp

pid	process
2008	Setup for cm2demo_oWTv-t1.exe
1996	Setup for cm2demo_oWTv-t1.tmp
668	file_oWTv-t1.exe
576	file_oWTv-t1.tmp
576	file_oWTv-t1.tmp

Modifies Internet Explorer settings 1 TTPs 45 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "388347703"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\DOMStorage\fileplanet.com	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 700afcd6c66fd901	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000dbb59ddc676e394a83d3f942d26f43ca00000000020000000000106600000001000020000000dc60cbe23f8094fc1505b1b95406ae46101024f8365e2719736dac4fdf1dcc31000000000e8000000002000020000000436f8c8a5bfd6f7fb4766b8c830a71c73f91f020300e483ae5f6f0b069e3143b2000000076a06cd66686d003555beeada62e79a09c6996ff8326cfde9f3c75a389e2ac4f4000000046484b299870cc4fa303ad5a76ff7de296c251972569b4ea5dd2609cd9604babb2f16e1d4c94c4fd460061d376a1a3df4fe4be7bafe4c757f9fe005432e0dabd	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ITBar7Height = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000dbb59ddc676e394a83d3f942d26f43ca000000000200000000001066000000010000200000003bad5955496d53ea91b966e3bc737349a02f58cde4849374c87165486f5f8212000000000e8000000002000020000000db650663d1f48549ef024faf06d21f4727f33b817672e9c5237d5842dc615e4690000000caf8d141b715e68bb48b9fdbf901571e237d6418d9d06999b3b32ddfe2363e0aec01656c419a6117776c4c2322caac23ce7b453ee77f644132a79d2c767e259f4707084173c214e63bb8875fc2efb6b9a1a042ef2836c58592efa54406f24dccfa6f1c53b46dade6e23faf9c25b254405a7e0002dbe5c9c35e49707e1ee1c6dcc90339cd59f0b58cd2ecace6eb6e814640000000892eadfe83808da6bf61733dc2f26024dc3bb5f7642e71b90a827bca33804cf2802cf64eda23f1b9a89a252d1eddd73a6aabecd8ffd80453594a98cb8cde7247	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\DOMStorage\fileplanet.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ITBar7Height = "21"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F6EE1441-DBB9-11ED-A9BE-C6A949C40DC2} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe

Modifies system certificate store 2 TTPs 14 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

Processes:

file_oWTv-t1.tmpSetup for cm2demo_oWTv-t1.tmp

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13	file_oWTv-t1.tmp
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc41560858910090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000000f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	file_oWTv-t1.tmp
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	file_oWTv-t1.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6	Setup for cm2demo_oWTv-t1.tmp
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 040000000100000010000000324a4bbbc863699bbe749ac6dd1d4624030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e709000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	file_oWTv-t1.tmp
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 19000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca61d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e4090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f006700690065007300000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a92000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	Setup for cm2demo_oWTv-t1.tmp
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 0f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	Setup for cm2demo_oWTv-t1.tmp
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e260f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a040000000100000010000000324a4bbbc863699bbe749ac6dd1d46242000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	file_oWTv-t1.tmp
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	file_oWTv-t1.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	file_oWTv-t1.tmp
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	file_oWTv-t1.tmp
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	file_oWTv-t1.tmp
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 040000000100000010000000a923759bba49366e31c2dbf2e766ba870f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca619000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	Setup for cm2demo_oWTv-t1.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A	file_oWTv-t1.tmp

Script User-Agent 1 IoCs
Uses user-agent string associated with script host/environment.

Processes:

description flow ioc

HTTP User-Agent header 9 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)

description	flow	ioc
HTTP User-Agent header	9	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)

Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes:

AUDIODG.EXE

description	pid	process
Token: 33	1660	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1660	AUDIODG.EXE
Token: 33	1660	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1660	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 3 IoCs

Processes:

Setup for cm2demo_oWTv-t1.tmpfile_oWTv-t1.tmpiexplore.exe

pid process

1996 Setup for cm2demo_oWTv-t1.tmp
576 file_oWTv-t1.tmp
1584 iexplore.exe
Suspicious use of SetWindowsHookEx 7 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

1584 iexplore.exe
1584 iexplore.exe
1012 IEXPLORE.EXE
1012 IEXPLORE.EXE
1012 IEXPLORE.EXE
1012 IEXPLORE.EXE
1012 IEXPLORE.EXE

pid	process
1996	Setup for cm2demo_oWTv-t1.tmp
576	file_oWTv-t1.tmp
1584	iexplore.exe

pid	process
1584	iexplore.exe
1584	iexplore.exe
1012	IEXPLORE.EXE
1012	IEXPLORE.EXE
1012	IEXPLORE.EXE
1012	IEXPLORE.EXE
1012	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 26 IoCs

Processes:

Setup for cm2demo_oWTv-t1.exeSetup for cm2demo_oWTv-t1.tmpfile_oWTv-t1.exefile_oWTv-t1.tmpiexplore.exe

description	pid	process	target process
PID 2008 wrote to memory of 1996	2008	Setup for cm2demo_oWTv-t1.exe	Setup for cm2demo_oWTv-t1.tmp
PID 2008 wrote to memory of 1996	2008	Setup for cm2demo_oWTv-t1.exe	Setup for cm2demo_oWTv-t1.tmp
PID 2008 wrote to memory of 1996	2008	Setup for cm2demo_oWTv-t1.exe	Setup for cm2demo_oWTv-t1.tmp
PID 2008 wrote to memory of 1996	2008	Setup for cm2demo_oWTv-t1.exe	Setup for cm2demo_oWTv-t1.tmp
PID 2008 wrote to memory of 1996	2008	Setup for cm2demo_oWTv-t1.exe	Setup for cm2demo_oWTv-t1.tmp
PID 2008 wrote to memory of 1996	2008	Setup for cm2demo_oWTv-t1.exe	Setup for cm2demo_oWTv-t1.tmp
PID 2008 wrote to memory of 1996	2008	Setup for cm2demo_oWTv-t1.exe	Setup for cm2demo_oWTv-t1.tmp
PID 1996 wrote to memory of 668	1996	Setup for cm2demo_oWTv-t1.tmp	file_oWTv-t1.exe
PID 1996 wrote to memory of 668	1996	Setup for cm2demo_oWTv-t1.tmp	file_oWTv-t1.exe
PID 1996 wrote to memory of 668	1996	Setup for cm2demo_oWTv-t1.tmp	file_oWTv-t1.exe
PID 1996 wrote to memory of 668	1996	Setup for cm2demo_oWTv-t1.tmp	file_oWTv-t1.exe
PID 668 wrote to memory of 576	668	file_oWTv-t1.exe	file_oWTv-t1.tmp
PID 668 wrote to memory of 576	668	file_oWTv-t1.exe	file_oWTv-t1.tmp
PID 668 wrote to memory of 576	668	file_oWTv-t1.exe	file_oWTv-t1.tmp
PID 668 wrote to memory of 576	668	file_oWTv-t1.exe	file_oWTv-t1.tmp
PID 668 wrote to memory of 576	668	file_oWTv-t1.exe	file_oWTv-t1.tmp
PID 668 wrote to memory of 576	668	file_oWTv-t1.exe	file_oWTv-t1.tmp
PID 668 wrote to memory of 576	668	file_oWTv-t1.exe	file_oWTv-t1.tmp
PID 576 wrote to memory of 1584	576	file_oWTv-t1.tmp	iexplore.exe
PID 576 wrote to memory of 1584	576	file_oWTv-t1.tmp	iexplore.exe
PID 576 wrote to memory of 1584	576	file_oWTv-t1.tmp	iexplore.exe
PID 576 wrote to memory of 1584	576	file_oWTv-t1.tmp	iexplore.exe
PID 1584 wrote to memory of 1012	1584	iexplore.exe	IEXPLORE.EXE
PID 1584 wrote to memory of 1012	1584	iexplore.exe	IEXPLORE.EXE
PID 1584 wrote to memory of 1012	1584	iexplore.exe	IEXPLORE.EXE
PID 1584 wrote to memory of 1012	1584	iexplore.exe	IEXPLORE.EXE

C:\Users\Admin\AppData\Local\Temp\Setup for cm2demo_oWTv-t1.exe
"C:\Users\Admin\AppData\Local\Temp\Setup for cm2demo_oWTv-t1.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2008

C:\Users\Admin\AppData\Local\Temp\is-R7IHP.tmp\Setup for cm2demo_oWTv-t1.tmp
"C:\Users\Admin\AppData\Local\Temp\is-R7IHP.tmp\Setup for cm2demo_oWTv-t1.tmp" /SL5="$70124,831488,831488,C:\Users\Admin\AppData\Local\Temp\Setup for cm2demo_oWTv-t1.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies system certificate store
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1996

C:\Users\Admin\AppData\Local\Temp\is-GBEUC.tmp\file_oWTv-t1.exe
"C:\Users\Admin\AppData\Local\Temp\is-GBEUC.tmp\file_oWTv-t1.exe" /LANG=en /NA=Rh85hR64
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:668

C:\Users\Admin\AppData\Local\Temp\is-RJ740.tmp\file_oWTv-t1.tmp
"C:\Users\Admin\AppData\Local\Temp\is-RJ740.tmp\file_oWTv-t1.tmp" /SL5="$201B8,1559708,780800,C:\Users\Admin\AppData\Local\Temp\is-GBEUC.tmp\file_oWTv-t1.exe" /LANG=en /NA=Rh85hR64
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies system certificate store
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:576

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://www.fileplanet.com/archive
5⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1584

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1584 CREDAT:275457 /prefetch:2
6⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1012

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x524
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1660

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
61KB

MD5
e71c8443ae0bc2e282c73faead0a6dd3

SHA1
0c110c1b01e68edfacaeae64781a37b1995fa94b

SHA256
95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

SHA512
b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
61KB

MD5
e71c8443ae0bc2e282c73faead0a6dd3

SHA1
0c110c1b01e68edfacaeae64781a37b1995fa94b

SHA256
95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

SHA512
b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a21dda35335634b49c991774cb235a73

SHA1
0a5b072266bd298d62ed80e2cd333cd750615062

SHA256
ab8084c6cbc4eb6e36ef8601ea1e0d965124658291f20ca1076adbe979cf752a

SHA512
d43d04de12258cd87723d4a25325bb1218a5d54b6102c06e4e044b3b046014907122e7bd8c8fb05cec9fd4a654ceede27e8a86840f5bf070a2062e6c79ed162c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
270550ecb7ed82c4ea511afe55d8d7ad

SHA1
240a05a272d31e8e3974151209e96801042afe80

SHA256
57f8923e0371c478737e718488c245bca9439cd6ea26dfab19cf26de6d42667e

SHA512
b0fff9eed434232ad44da5cb21fc50d8508ed80def300300d8761cd7c6d79d79c488a879a18211bdec0e65a978b4a04ac882d66e14f60c8626b05f967b4c6922

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cece3dacc51955261fe11fc760053b7e

SHA1
2867d57943bf81fd37f4ac6ca2c73679e44006f1

SHA256
079545813562ffe7cc3fb83055a589455f8601cd20a47a1fd72df4437306d379

SHA512
0e03b3d8b61e6f988b0ee6f3892a66ae50deba89949686fd6a17dbb26ded0a2bbeb0fb38358ebf30eb9e5127f5085af17dc7c14d552789ffaca936c2bd3db1e8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
82f72cc4ec1a5387e89624e157326299

SHA1
12e6f9e9fa392892d54eb1b5087a9d28d1c9506f

SHA256
05794d15010c582dd1b6dd3f23346e8ea830f311f5f16d3f326bc7a7550a559a

SHA512
7e026d66b4f8eb4466ac5b1f4e596e1bc200f218bf1677d680ecf46880dcf8b6c796bcaddd5b7ae2b7dd98f5c44d59e60c5ec832c46e226250f99fed5781cbd4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
71eeeae410658a5c22e6f19c5a666b68

SHA1
2c53b8c4b0b4a18c8f082a10e5044598903f5341

SHA256
58a637e2b812550a1e7ffb21ba173359fc11f767f2046cba7e04e1c3983c4abd

SHA512
516cfce30efcb1aff91e1bdaffcf2b266a7cd250b4fb125a6ef5384cecf5bc78123bf4a575c0df6578c9979750ddf4d96593564b46fdd7d28e22e92a45bae5fb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8b8091de16ae434b5af25ff8d0b8260a

SHA1
b819fa193dc5f57bb10d521755d935e7514161fb

SHA256
58f3e5df6fb75d4942f882e70554d93a7a032ea32244977ee507aaaea272e7b6

SHA512
efd438ec0822c275184a7ef890578738152de7403ae802f845dba4a9fda518bc8aa29a8e0587efbd44086a0bb824cb8daf29cb6bb0f7c928c29d83ad65d8b43e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5d56374523255197cffdb707c600bfd4

SHA1
37b632a1fa418bddc79390c804ce97da563f5f3a

SHA256
d076d56f925c86f3d84afd190fe61f63777f4a90b5ea8e29e927ff397e05e7cb

SHA512
d41f6660475db2827e5c23c53f5583dbe2261e8db56af3720019d0614afd072e47f616dfafe01198bbda7afb1fb55365042f799d3e4baad3524f3b873fc7e980

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c91f4fa3f0c2b0fda494dbf016348e09

SHA1
15ff71d4384fe0fb55523cd3f0dd1603bec027a6

SHA256
8d6d523de693625deb6b96fae86f315d6bf2f384dd4fe53cc6ce67243b6cd3e4

SHA512
d57757001fbc10a1b0b6c38eb52128de8b440e5a966e18a22fe7ccf6867436a0f52719e72d0e9265bccd5c1933caca3aa0890df0754267c7205191ab55371e8f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dbeea90d02eb62fbfd74067d729b46dd

SHA1
2443d27a739ce84d409c92e6a191305ff470b6aa

SHA256
427215e8f290263b94d7c5b4ecaeb1b77a4864f993562cd004bcac121d8c6c0d

SHA512
749a9547cf3c65744ad7f04dd3d92a5d5757cb6aab0a27ad7dda4f212d70236e647a77c8552e5790848eb180c5e7b85df0a69da886859af05e19c9bf2e81300c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
78a46dd62775931c41bc45bb3ca26676

SHA1
89ad3a282b50aaaf6e15b990d937277cd67b1d1c

SHA256
4418006365f4d0167e42d13a49b1b054c72d0929f750dd6e207ded6e14d34de0

SHA512
30c7e8ac085bffa678c5f9a239b60ac360b89f6d9fbc1675d0bb0af9a6cf221fdd0058bfeef51d5d1ca19884de1d6c3be1c7fe085e04b19e7c0bb4e6dc9a8e86

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2dfbad8b8adc6740800f59e316d99be3

SHA1
176c3399abfff62739a6e7c4ae04e365102c51f6

SHA256
e62933c43e1c3c5e182f4e9b35a087cba31027cbf7e8b811b4715b0b79a5702a

SHA512
fd182ea95acba3e23a9bd4383995ac7f8058ecdff722601e3cd01016eb4edd57c391c4792224563f1283a9fcb0b7b20167a52588f6028241b136aadd553536c3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f7ad8614c5078f64bea536be12054488

SHA1
bc6c1c295dd2f316045b67ebd87553cbb7dff33e

SHA256
9d5cf8186244aa1583678d992b2ddbc1e13adbc7784f8de87ce447b7933b6f02

SHA512
8109cc4a0cb8444b9aa5c3006153f2efff1fe72cacfa135a791f2a999ff706c54b141fff827f9d5989ebc6b1b533e5cd1b9ad486636851ecee3ad9c82c0de829

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
06ea6226aa2c688470e04330ee8adb31

SHA1
01c721e9b3730be1c84040e7832f28b91926d5c3

SHA256
1c48d1b2f4cfd4791a4a9fbbc85561bf6f6e8f85e18fd4178f037252df91cae8

SHA512
c44fd9990540a3fc02015dd8f77836a16592e6dd1bac0d8e443fd67f736c79c94926be241e81f5b2a14c56f1000bb1c62f6e7a3a121a73cd7926748a337b6d65

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0b1ddb1e7b8c33394eb3e4cf0b9b9c88

SHA1
237f47d68d2d85fad13d33e2641ba4bae1a5a9a3

SHA256
ce4d62c803b38d028a454fd01d79eb1b0b5fdae60dd091dedc1bc18eb7d63365

SHA512
99e92ed4130875e40f469b4a8c730409d5a540f743e539fec7a3d99135b9c569cdce4cd39606303295983924824e1ce6038d412ea8f0c9b8967997b726f28f9e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
31b45f655069dddc6cd35e3302298129

SHA1
06a074fe523e8d45708b0352a0e092ac331bc345

SHA256
17c5b48bc42e85ff6f855895ed75cf66468a68ce159ccc3ad938ae0f43ce7799

SHA512
f2169afcaf0aa1c1a00b1da6024bb41526cc11cf97617876cc90a8d51be13a2259df4321e02fe9af944f05c60e0dccecf68ea323b3d84995e18e3b65e04ca86d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2ea28a71276f5befb5e8a7fc316a3a0d

SHA1
43351e1d2c2d67142fbd813f5905f5737c8b7214

SHA256
ea719834a450b3992673fdbe4d4228dc216cada0fa35dc43ee03c66a443e20cb

SHA512
b83bb4fb3f0de6191092153636bfbadde97dcad652d3cc039643288b230fccdc603c349222db730fa05c629abb06684ea66385326b9af397f93bd55b7426bff6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b25af15ce45592e2401814bf3e7092db

SHA1
c0453141ad6f511c22108cbc543daba2cf5d36cc

SHA256
c54d03513987917bd0e93f650c637054e773fef85936d7481ee98096d7fcd75b

SHA512
41b9378f989ba2627ee9358341e1315b4da10a1eb167d36d3a43c968d112fae055e7a1b80fdcc65b3f1aeafb168097f8345377644a7e6e798f78f86e7c3feea3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1feac5a7cc62c4ee6ce491eb056ce036

SHA1
79462fcd34a38f40e5e8c0ae43a0a07f77c36e71

SHA256
476e9f9d2f77004e048b795dd9b60929fe680867753d2522d154246c7e77f1e1

SHA512
34f85141482d4f09bd6b99403267fddd86673320942e3cf808f14dbf9e3f2339d45e3a5fe36f42f3abfbe3dcb9fe9a8966a10cbf9250a2ec24ba13c35a3619bc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f5a7129b3adcc241da0fa763db9ce31c

SHA1
ad3b76201dbec8896ceaec691299fa222606b3e6

SHA256
364f1b703e7242d9576d5bed34ec91b659a33bea8a13192981c0e00dfd79cd31

SHA512
1207f46c89b7c961fea1268830a86e33e9bf5ad78b091e25beb9ae7940a3e9b7055e35307f83553c0c170c26492dff6469dddf4fbbf8eb8e25f96412cf73344d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
68f77edce57e3e61b3e4d14ee025a64f

SHA1
0b4e3c19813e922c5a5a387cc2516fac37ddc468

SHA256
b25e6126557cb85ae872abbc706fcaae75ce9600674f0b07d624a7dec126eaa4

SHA512
3493fb66b32ed9e70cdd6ceb9a9554f90bf1c2817900463d8cc0400e2d49db828a2bd40c7e58c511e3457dfa272423bad2aaf27f1e7ff198c77265baeb21a726

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cc6012e6724b45fc367ebb20742dea8f

SHA1
7597c32ee440fe8204e4388db0204220d9e3a3ee

SHA256
d546b4955492dda2102be44b7e0f70f582b41e55cb8c7b51c6e40f23cf001384

SHA512
cab77cd4a97457dc8b5a7200b922c39a0956e8e304fcc34b7f225e6d37cbe161d1edb2d1847eb1f86fe08494d8abd7d8de880ac20e8bc1e6ba01015eaf5372c8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fed0d8e805e02d014cd7374310915f35

SHA1
1f293c75ee4825a2d7011880d10e3101668b317c

SHA256
e5feb8590ce6b7c70e2bd506956bff2d98b0bd85eb529ba9ef85cb59f86af9c3

SHA512
93314c29a9ca03c9ac5f944e17e347dc9a65bb7d5b57cd95407205698a6d0bc90d8655ebd7666f2a49b1d03d478b97987a92a8cb35c66605f75768fc27440724

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e6e3357d1b8b75ae1f255d12c512e5cb

SHA1
fe301a0bcc7b654ae238608f83d784bf162987a3

SHA256
da4624c416826ef9b4b42322a64902d95d73eb9fe77e7f12f630dd4a593e5243

SHA512
c572a0aad1b32110dfd12d8942eb34ccbef68906c765abbd10f61900b66af25d1c49f401631462c3bb0407bf88f223a70502f3bd64b4a61ab43e5520d817ae47

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a70ba4421e36105b16035270282ef69a

SHA1
648c43ab91fd9d42f62305f8accd88d940899827

SHA256
538c34f3120529977110735f65bb9e52e80da76fcbbbab651a967e322bf19b3a

SHA512
8f035f7099c8ff2e52488fe946d465f6b7c56bf6a1b261054e85f1d0f041215ae85b48e9639a23b3cbe17a55c6678fb63914210d0dbccec4675290660a5524b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TF0W5LQL\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar28DD.tmp

Filesize
161KB

MD5
be2bec6e8c5653136d3e72fe53c98aa3

SHA1
a8182d6db17c14671c3d5766c72e58d87c0810de

SHA256
1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd

SHA512
0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-GBEUC.tmp\file_oWTv-t1.exe

Filesize
2.3MB

MD5
20e7817860584d82adfba3acaf368ed1

SHA1
3faecf1643bec7781feac4184c6eae606ecf2958

SHA256
69bbd536793cf4d7e1deee84eb74ca9d19e8e4a6b15c22df4288a9c9dd15e9da

SHA512
bd214e04aa79a99ca61158971559abd9a02d4137ac0e443f1eee685ec3743ce0522838ff286811d8d5defd974e7a037d9132a85bda4311e88eda2c0249dfaa9e

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-GBEUC.tmp\file_oWTv-t1.exe

Filesize
2.3MB

MD5
20e7817860584d82adfba3acaf368ed1

SHA1
3faecf1643bec7781feac4184c6eae606ecf2958

SHA256
69bbd536793cf4d7e1deee84eb74ca9d19e8e4a6b15c22df4288a9c9dd15e9da

SHA512
bd214e04aa79a99ca61158971559abd9a02d4137ac0e443f1eee685ec3743ce0522838ff286811d8d5defd974e7a037d9132a85bda4311e88eda2c0249dfaa9e

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-R7IHP.tmp\Setup for cm2demo_oWTv-t1.tmp

Filesize
3.0MB

MD5
0c229cd26910820581b5809c62fe5619

SHA1
28c0630385b21f29e3e2bcc34865e5d15726eaa0

SHA256
abfa49a915d2e0a82561ca440365e6a2d59f228533b56a8f78addf000a1081b3

SHA512
b8ff3dc65f7c0e03721572af738ec4886ba895dc70c1a41a3ce8c8abe0946d167cec71913017fd11d5892452db761ea88901a5a09a681ae779dd531edbb83a2a

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-RJ740.tmp\file_oWTv-t1.tmp

Filesize
2.9MB

MD5
623a3abd7b318e1f410b1e12a42c7b71

SHA1
88e34041850ec4019dae469adc608e867b936d21

SHA256
fe1a4555d18617532248d2eaa8d3fcc2c74182f994a964a62cf418295e8554d3

SHA512
9afea88e4617e0f11416c2a2c416a6aa2d5d1f702d98d2cc223b399736191a6d002d1b717020ca6aae09e835c6356b7ddafad71e101dacab15967d89a105e391

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-USLL0.tmp\finish.png

Filesize
2KB

MD5
7afaf9e0e99fd80fa1023a77524f5587

SHA1
e20c9c27691810b388c73d2ca3e67e109c2b69b6

SHA256
760b70612bb9bd967c2d15a5133a50ccce8c0bd46a6464d76875298dcc45dea0

SHA512
a090626e7b7f67fb5aa207aae0cf65c3a27e1b85e22c9728eee7475bd9bb7375ca93baaecc662473f9a427b4f505d55f2c61ba36bda460e4e6947fe22eedb044

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-USLL0.tmp\mainlogo.png

Filesize
7KB

MD5
c552e74a342cb35fa8b45ed4190c1609

SHA1
1e914f5a79af3bc1dc990a9f2d1ebdb41edc82d5

SHA256
d386a1220f26de84d3b9a220db6a058e94d82b2403c8f70103ee20fa5579407f

SHA512
80837907c8febe9306b149114b637b491bedede7c49d426e6ce9c1b416014c4beb4de57da1bef39a3783a345971b92532ce374f9138255588ebae6d15232a081

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\UYNLEE6Q.txt

Filesize
602B

MD5
cf5bf0d022fc2d58787adf24b29e6a43

SHA1
75460ab97f1e6ec7a8fdb716714cc0feb7441060

SHA256
9947fafa07534fb3bbe92f60270f8da9e277adfa3eb46bc4f6e8fb9551dce8ea

SHA512
85a1f73f7ee9f8a569f689c3f85b57d1e7de3e17226f21fe910ffaa74d019746132fbed4e1f8ca43446c3b2b8584a59d756b31ed4e024aac0b805a9d9fa2fcf6

Download Submit
C:\Users\Admin\Downloads\cm2demo.zip

Filesize
1.9MB

MD5
54803cf42ba84f17ad77eb066a1b51f5

SHA1
130b1736fc5c5d32f17829b605209dbb7bf034a2

SHA256
cdb7930dcb5e99eac92b8ddd8ab7f8301f07a68b3ea1ced8067141943fc2484e

SHA512
d67b8b17fcf2794d3298ea5e3ba278333164caa39ccef55e284f27febdadf442ae52578f632b4c75f53c6e5efe7a4948036875fcdeac5aa83fea82720cd3ce20

Download Submit
\Users\Admin\AppData\Local\Temp\is-GBEUC.tmp\file_oWTv-t1.exe

Filesize
2.3MB

MD5
20e7817860584d82adfba3acaf368ed1

SHA1
3faecf1643bec7781feac4184c6eae606ecf2958

SHA256
69bbd536793cf4d7e1deee84eb74ca9d19e8e4a6b15c22df4288a9c9dd15e9da

SHA512
bd214e04aa79a99ca61158971559abd9a02d4137ac0e443f1eee685ec3743ce0522838ff286811d8d5defd974e7a037d9132a85bda4311e88eda2c0249dfaa9e

Download Submit
\Users\Admin\AppData\Local\Temp\is-R7IHP.tmp\Setup for cm2demo_oWTv-t1.tmp

Filesize
3.0MB

MD5
0c229cd26910820581b5809c62fe5619

SHA1
28c0630385b21f29e3e2bcc34865e5d15726eaa0

SHA256
abfa49a915d2e0a82561ca440365e6a2d59f228533b56a8f78addf000a1081b3

SHA512
b8ff3dc65f7c0e03721572af738ec4886ba895dc70c1a41a3ce8c8abe0946d167cec71913017fd11d5892452db761ea88901a5a09a681ae779dd531edbb83a2a

Download Submit
\Users\Admin\AppData\Local\Temp\is-RJ740.tmp\file_oWTv-t1.tmp

Filesize
2.9MB

MD5
623a3abd7b318e1f410b1e12a42c7b71

SHA1
88e34041850ec4019dae469adc608e867b936d21

SHA256
fe1a4555d18617532248d2eaa8d3fcc2c74182f994a964a62cf418295e8554d3

SHA512
9afea88e4617e0f11416c2a2c416a6aa2d5d1f702d98d2cc223b399736191a6d002d1b717020ca6aae09e835c6356b7ddafad71e101dacab15967d89a105e391

Download Submit
\Users\Admin\AppData\Local\Temp\is-USLL0.tmp\Helper.dll

Filesize
2.0MB

MD5
4eb0347e66fa465f602e52c03e5c0b4b

SHA1
fdfedb72614d10766565b7f12ab87f1fdca3ea81

SHA256
c73e53cbb7b98feafe27cc7de8fdad51df438e2235e91891461c5123888f73cc

SHA512
4c909a451059628119f92b2f0c8bcd67b31f63b57d5339b6ce8fd930be5c9baf261339fdd9da820321be497df8889ce7594b7bfaadbaa43c694156651bf6c1fd

Download Submit
\Users\Admin\AppData\Local\Temp\is-USLL0.tmp\botva2.dll

Filesize
37KB

MD5
67965a5957a61867d661f05ae1f4773e

SHA1
f14c0a4f154dc685bb7c65b2d804a02a0fb2360d

SHA256
450b9b0ba25bf068afbc2b23d252585a19e282939bf38326384ea9112dfd0105

SHA512
c6942818b9026dc5db2d62999d32cf99fe7289f79a28b8345af17acf9d13b2229a5e917a48ff1f6d59715bdbcb00c1625e0302abcfe10ca7e0475762e0a3f41b

Download Submit
memory/576-315-0x0000000000400000-0x00000000006EE000-memory.dmp

Filesize
2.9MB

Download
memory/576-303-0x00000000074F0000-0x00000000074FF000-memory.dmp

Filesize
60KB

Download
memory/576-302-0x0000000000400000-0x00000000006EE000-memory.dmp

Filesize
2.9MB

Download
memory/576-213-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/576-219-0x00000000074F0000-0x00000000074FF000-memory.dmp

Filesize
60KB

Download
memory/668-301-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/668-317-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/668-197-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/1996-271-0x0000000000400000-0x000000000071A000-memory.dmp

Filesize
3.1MB

Download
memory/1996-893-0x0000000000400000-0x000000000071A000-memory.dmp

Filesize
3.1MB

Download
memory/1996-188-0x0000000000400000-0x000000000071A000-memory.dmp

Filesize
3.1MB

Download
memory/1996-186-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/1996-175-0x0000000000400000-0x000000000071A000-memory.dmp

Filesize
3.1MB

Download
memory/1996-61-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2008-895-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/2008-54-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/2008-174-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download