78e4bbd109f8fa1a87b91769320650acd17bd09b623e4557fb9832ba1a0702d6

Analysis

max time kernel
106s
max time network
140s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
16/04/2023, 05:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

winzip27-p003.exe
Size

2.8MB
MD5

4ab9bed90bedaace02bb997063a81a2a
SHA1

5778d4dbf5bcf1fd52717c4709de6a3bf9e2c127
SHA256

78e4bbd109f8fa1a87b91769320650acd17bd09b623e4557fb9832ba1a0702d6
SHA512

0463a63dea0b4c81b1f38ca7eb31aad1935e7f1ebcfa7b9878ee62df50e68b2e4695c49a7a2afd14f926ceecd136e90c26a947df8a0c66c669c2f3dd779f9c00
SSDEEP

49152:38csPJkaaLdj1vptksRov0amNesLcYqQJawYLonZkyo7I9+upXrWXld:3TC+HBj1BtksRW0XNPywYLonqyo7I9+h

Score

8^/10

Malware Config

Signatures

Blocklisted process makes network request 1 IoCs

flow	pid	Process
37	1320	msiexec.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Control Panel\International\Geo\Nation	winzip27-p003.exe

Executes dropped EXE 1 IoCs

pid	Process
2028	winzip27-p003.exe

Loads dropped DLL 2 IoCs

pid	Process
2044	winzip27-p003.exe
1344	MsiExec.exe

Enumerates connected drives 3 TTPs 48 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\N:	winzip27-p003.exe
File opened (read-only)	\??\Q:	winzip27-p003.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\G:	winzip27-p003.exe
File opened (read-only)	\??\J:	winzip27-p003.exe
File opened (read-only)	\??\R:	winzip27-p003.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\Z:	winzip27-p003.exe
File opened (read-only)	\??\F:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\I:	winzip27-p003.exe
File opened (read-only)	\??\M:	winzip27-p003.exe
File opened (read-only)	\??\V:	winzip27-p003.exe
File opened (read-only)	\??\X:	winzip27-p003.exe
File opened (read-only)	\??\Y:	winzip27-p003.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\H:	winzip27-p003.exe
File opened (read-only)	\??\K:	winzip27-p003.exe
File opened (read-only)	\??\L:	winzip27-p003.exe
File opened (read-only)	\??\S:	winzip27-p003.exe
File opened (read-only)	\??\U:	winzip27-p003.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\A:	winzip27-p003.exe
File opened (read-only)	\??\B:	winzip27-p003.exe
File opened (read-only)	\??\F:	winzip27-p003.exe
File opened (read-only)	\??\P:	winzip27-p003.exe
File opened (read-only)	\??\W:	winzip27-p003.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\E:	winzip27-p003.exe
File opened (read-only)	\??\O:	winzip27-p003.exe
File opened (read-only)	\??\T:	winzip27-p003.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe

Drops file in Windows directory 6 IoCs

description	ioc	Process
File opened for modification	C:\Windows\INF\setupapi.ev1	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File created	C:\Windows\Installer\6d30a3.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\6d30a3.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI368E.tmp	msiexec.exe
File opened for modification	C:\Windows\INF\setupapi.ev3	DrvInst.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Main	winzip27-p003.exe

Modifies data under HKEY_USERS 43 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe

Modifies system certificate store 2 TTPs 18 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc41560858910090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000000f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	winzip27-p003.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	winzip27-p003.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	winzip27-p003.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 040000000100000010000000a923759bba49366e31c2dbf2e766ba870f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca619000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	winzip27-p003.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	winzip27-p003.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	winzip27-p003.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 19000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca61d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e4090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f006700690065007300000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a92000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	winzip27-p003.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A	winzip27-p003.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e260f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a040000000100000010000000324a4bbbc863699bbe749ac6dd1d46242000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	winzip27-p003.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	winzip27-p003.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	winzip27-p003.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	winzip27-p003.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6	winzip27-p003.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 0f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	winzip27-p003.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13	winzip27-p003.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43	winzip27-p003.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	winzip27-p003.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 040000000100000010000000324a4bbbc863699bbe749ac6dd1d4624030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e709000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	winzip27-p003.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeRestorePrivilege	1320	msiexec.exe
Token: SeTakeOwnershipPrivilege	1320	msiexec.exe
Token: SeSecurityPrivilege	1320	msiexec.exe
Token: SeCreateTokenPrivilege	2028	winzip27-p003.exe
Token: SeAssignPrimaryTokenPrivilege	2028	winzip27-p003.exe
Token: SeLockMemoryPrivilege	2028	winzip27-p003.exe
Token: SeIncreaseQuotaPrivilege	2028	winzip27-p003.exe
Token: SeMachineAccountPrivilege	2028	winzip27-p003.exe
Token: SeTcbPrivilege	2028	winzip27-p003.exe
Token: SeSecurityPrivilege	2028	winzip27-p003.exe
Token: SeTakeOwnershipPrivilege	2028	winzip27-p003.exe
Token: SeLoadDriverPrivilege	2028	winzip27-p003.exe
Token: SeSystemProfilePrivilege	2028	winzip27-p003.exe
Token: SeSystemtimePrivilege	2028	winzip27-p003.exe
Token: SeProfSingleProcessPrivilege	2028	winzip27-p003.exe
Token: SeIncBasePriorityPrivilege	2028	winzip27-p003.exe
Token: SeCreatePagefilePrivilege	2028	winzip27-p003.exe
Token: SeCreatePermanentPrivilege	2028	winzip27-p003.exe
Token: SeBackupPrivilege	2028	winzip27-p003.exe
Token: SeRestorePrivilege	2028	winzip27-p003.exe
Token: SeShutdownPrivilege	2028	winzip27-p003.exe
Token: SeDebugPrivilege	2028	winzip27-p003.exe
Token: SeAuditPrivilege	2028	winzip27-p003.exe
Token: SeSystemEnvironmentPrivilege	2028	winzip27-p003.exe
Token: SeChangeNotifyPrivilege	2028	winzip27-p003.exe
Token: SeRemoteShutdownPrivilege	2028	winzip27-p003.exe
Token: SeUndockPrivilege	2028	winzip27-p003.exe
Token: SeSyncAgentPrivilege	2028	winzip27-p003.exe
Token: SeEnableDelegationPrivilege	2028	winzip27-p003.exe
Token: SeManageVolumePrivilege	2028	winzip27-p003.exe
Token: SeImpersonatePrivilege	2028	winzip27-p003.exe
Token: SeCreateGlobalPrivilege	2028	winzip27-p003.exe
Token: SeShutdownPrivilege	2028	winzip27-p003.exe
Token: SeIncreaseQuotaPrivilege	2028	winzip27-p003.exe
Token: SeCreateTokenPrivilege	2028	winzip27-p003.exe
Token: SeAssignPrimaryTokenPrivilege	2028	winzip27-p003.exe
Token: SeLockMemoryPrivilege	2028	winzip27-p003.exe
Token: SeIncreaseQuotaPrivilege	2028	winzip27-p003.exe
Token: SeMachineAccountPrivilege	2028	winzip27-p003.exe
Token: SeTcbPrivilege	2028	winzip27-p003.exe
Token: SeSecurityPrivilege	2028	winzip27-p003.exe
Token: SeTakeOwnershipPrivilege	2028	winzip27-p003.exe
Token: SeLoadDriverPrivilege	2028	winzip27-p003.exe
Token: SeSystemProfilePrivilege	2028	winzip27-p003.exe
Token: SeSystemtimePrivilege	2028	winzip27-p003.exe
Token: SeProfSingleProcessPrivilege	2028	winzip27-p003.exe
Token: SeIncBasePriorityPrivilege	2028	winzip27-p003.exe
Token: SeCreatePagefilePrivilege	2028	winzip27-p003.exe
Token: SeCreatePermanentPrivilege	2028	winzip27-p003.exe
Token: SeBackupPrivilege	2028	winzip27-p003.exe
Token: SeRestorePrivilege	2028	winzip27-p003.exe
Token: SeShutdownPrivilege	2028	winzip27-p003.exe
Token: SeDebugPrivilege	2028	winzip27-p003.exe
Token: SeAuditPrivilege	2028	winzip27-p003.exe
Token: SeSystemEnvironmentPrivilege	2028	winzip27-p003.exe
Token: SeChangeNotifyPrivilege	2028	winzip27-p003.exe
Token: SeRemoteShutdownPrivilege	2028	winzip27-p003.exe
Token: SeUndockPrivilege	2028	winzip27-p003.exe
Token: SeSyncAgentPrivilege	2028	winzip27-p003.exe
Token: SeEnableDelegationPrivilege	2028	winzip27-p003.exe
Token: SeManageVolumePrivilege	2028	winzip27-p003.exe
Token: SeImpersonatePrivilege	2028	winzip27-p003.exe
Token: SeCreateGlobalPrivilege	2028	winzip27-p003.exe
Token: SeBackupPrivilege	1804	vssvc.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2028	winzip27-p003.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2028	winzip27-p003.exe
2028	winzip27-p003.exe
2028	winzip27-p003.exe

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 2044 wrote to memory of 2028	2044	winzip27-p003.exe	27
PID 2044 wrote to memory of 2028	2044	winzip27-p003.exe	27
PID 2044 wrote to memory of 2028	2044	winzip27-p003.exe	27
PID 2044 wrote to memory of 2028	2044	winzip27-p003.exe	27
PID 2044 wrote to memory of 2028	2044	winzip27-p003.exe	27
PID 2044 wrote to memory of 2028	2044	winzip27-p003.exe	27
PID 2044 wrote to memory of 2028	2044	winzip27-p003.exe	27
PID 1320 wrote to memory of 1344	1320	msiexec.exe	35
PID 1320 wrote to memory of 1344	1320	msiexec.exe	35
PID 1320 wrote to memory of 1344	1320	msiexec.exe	35
PID 1320 wrote to memory of 1344	1320	msiexec.exe	35
PID 1320 wrote to memory of 1344	1320	msiexec.exe	35
PID 1320 wrote to memory of 1344	1320	msiexec.exe	35
PID 1320 wrote to memory of 1344	1320	msiexec.exe	35

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\winzip27-p003.exe
"C:\Users\Admin\AppData\Local\Temp\winzip27-p003.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2044
- C:\Users\Admin\AppData\Local\Temp\6c0d6a\winzip27-p003.exe
  run=1 shortcut="C:\Users\Admin\AppData\Local\Temp\winzip27-p003.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Enumerates connected drives
  - Modifies Internet Explorer settings
  - Modifies system certificate store
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  PID:2028

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1320
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding F1273400F8F529A185AA22C2C9DBFC54
  2⤵
  - Loads dropped DLL
  PID:1344

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1804

C:\Windows\system32\DrvInst.exe
DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "00000000000003B0" "00000000000005B4"
1⤵
- Drops file in Windows directory
- Modifies data under HKEY_USERS
PID:1064

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

Filesize
471B

MD5
c6c20457dd07a09cc4cece7ec18e47ac

SHA1
a62892eda5f7230afa68c7bddfd5f632d2132d48

SHA256
f20fc237da685d77196f8c5e8863346184946e892d27eeab65e5c9c030fd1cf7

SHA512
e66163763fac1f653de031cd543088a458837266c26dee2e3994bcc2f8f255e90e54a67c035fd67ede9e2928935256897811dca81e28d184d6954190d46379c0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_E2B2C48F2C378D0C3347FECCD57676BA

Filesize
727B

MD5
15f46245407241369f0ee530ccb0ca03

SHA1
dc55c709c7880b6d3ce84259f46b3fccd162854b

SHA256
ef25e2acc61a7b42074fd23d6d3055747b44f849a984ed4ab41dba9e067cca7a

SHA512
b6ab64661aaa70acc01ad1d05cb1ce3a24dd618f61a89c43bbe5dc2929650422da126efcfd73a25d3f61cd8504dca2dd74abe903355bad442d920babaaad229e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
61KB

MD5
e71c8443ae0bc2e282c73faead0a6dd3

SHA1
0c110c1b01e68edfacaeae64781a37b1995fa94b

SHA256
95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

SHA512
b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
61KB

MD5
e71c8443ae0bc2e282c73faead0a6dd3

SHA1
0c110c1b01e68edfacaeae64781a37b1995fa94b

SHA256
95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

SHA512
b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

Filesize
727B

MD5
78106bca531f87de9426515fd4455d66

SHA1
4504e47f412e28be2ae7d64d3811783869d1675e

SHA256
2033c5f9f0f77fba7ed6001ce4077bcc96438f3f3628dc09deaa6b1c0da5af59

SHA512
b2c9b5c39ff6716201d234dfa0714ffe07a767764eaaba6595b4e25cbfd0e04cdc02b89af3d70c88e8fe29fa9397c809ca829cd79e0a9edfe605fc9058c4d233

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

Filesize
430B

MD5
d8a6f8b53cfd1f74968e9eb20ecf5469

SHA1
7028d38b807f5784c47507acb10630bbabdeb28a

SHA256
0dc63e787d4282855cca333cc9707897f902123f535e88b9fb3a2764a887d4a3

SHA512
642f6ae8f7ad01f05dc4dc71558ec8086d1cd7f12e611ca9d889ae45993555ec0b70d8cb551490d0906954d501f1e04a19f7f56a7e3d1b216358e7d7380fc9e9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_E2B2C48F2C378D0C3347FECCD57676BA

Filesize
404B

MD5
9e540e20282ba1955f076532e869114d

SHA1
f28f8ffc48637e24d0c1c0f2efb03ba3fef7dc8d

SHA256
da8c28ac687cca0e317dd0e1d4811256ca8f1e4f577e9b7836d52a8cd1e90448

SHA512
ba2fa3ea2259634ca04efcee5c8df08702987da45acb3e8d90c2a1b2a8bf9c11bb823816d20941ac79ee325e5cd71c4123be60d7e9928e5d120cc971828e39a5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
aac96cf4bc340cafa40561f9b6932deb

SHA1
53b0f1cdfd585c78045768e95545d90841141c9f

SHA256
3458a9474b0e9bd730eb9b4b2ef35e83761e9b9a3595566cbdc0c1b73eeab4e0

SHA512
aa973931de65a8bd7660a572d2d428c7f516e372003ade64e4174a2601a4810e750e743dd59f56b44a82e48f4adce2b160336f71f574f970ef2d60dfd28ebc64

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c988bf9e28f3abe3755e705b7dcb14e3

SHA1
e675fa5f318ba5a90916e3271184332043c29f03

SHA256
433eecd67ab705a12f08d86c3a1ec4d68780cdafd4bb82380a420499d238c5c4

SHA512
05a23fc37414199d7a03e79f36f00bae88d13eb3877c87b798e6af3bed886107f37e0877099e04ac17420324b19b902a211f2023627d763b4dd193fe8363c42e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
68facc6a62c3659f9fd83f91310ef1ef

SHA1
5db90d62dc468e59d416eaabaaab68c874437d1e

SHA256
5187c59f2f6490d3afd52ade5b3f759d64cf9e7be278e1debc95078d2d963ef4

SHA512
806f724731f317d6d79435898e0b8c64890bbe69e3f8c19adb0e0625f8ff1cba7bebd3248c6bcc5c19d4c96a74c3083c8b457a8946e23946a870631a4a36b714

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
39995fec7ba9abda998777e2d50ec9e6

SHA1
30dc27d115d9d66c99bd182dc0023d50c1920c3a

SHA256
0dc70b8d000157966ca303d8fb06aef5c86e34332bb4660f86809afa1347e22b

SHA512
ad5f1baaa7d1b404cc2457249c51fa7ed757dfb83b78d3d8af1c57be15895817ec734ce74748ca8118c8213ee0836fde7fd2654290a2ee0e30ec5b59035a5430

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

Filesize
412B

MD5
feebb07786cf475e6b595bf2254a41c1

SHA1
50ed10d6115f22a3111e23d2fd22c6ea64f7f5ac

SHA256
7c3a585bca6baf3aeea00376070fdb176b3869e6ae6ae3884bc6bac439e5ed4b

SHA512
a35159f3312062ca52c60624bff9d7fa05445c36854c62660b9ae54fab4d8e765dd720c86b4ad2a25381067b7011243ffc20b6f22746417a3218133413cc07d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\6c0d6a\winzip27-p003.exe

Filesize
2.8MB

MD5
4ab9bed90bedaace02bb997063a81a2a

SHA1
5778d4dbf5bcf1fd52717c4709de6a3bf9e2c127

SHA256
78e4bbd109f8fa1a87b91769320650acd17bd09b623e4557fb9832ba1a0702d6

SHA512
0463a63dea0b4c81b1f38ca7eb31aad1935e7f1ebcfa7b9878ee62df50e68b2e4695c49a7a2afd14f926ceecd136e90c26a947df8a0c66c669c2f3dd779f9c00

Download Submit
C:\Users\Admin\AppData\Local\Temp\6c0d6a\winzip27-p003.exe

Filesize
2.8MB

MD5
4ab9bed90bedaace02bb997063a81a2a

SHA1
5778d4dbf5bcf1fd52717c4709de6a3bf9e2c127

SHA256
78e4bbd109f8fa1a87b91769320650acd17bd09b623e4557fb9832ba1a0702d6

SHA512
0463a63dea0b4c81b1f38ca7eb31aad1935e7f1ebcfa7b9878ee62df50e68b2e4695c49a7a2afd14f926ceecd136e90c26a947df8a0c66c669c2f3dd779f9c00

Download Submit
C:\Users\Admin\AppData\Local\Temp\6c1160\Load.html

Filesize
2KB

MD5
1757c2d0841f85052f85d8d3cd03a827

SHA1
801b085330505bad85e7a5af69e6d15d962a7c3a

SHA256
3cf5674efaaf74beccd16d1b9bcf3ffb35c174d6d93375bc532b46d9b4b4ed35

SHA512
4a12a55aac846f137c18849302e74d34df70ea5aaff78d57fce05b4776bedcde9e1b1032734e29650bcbac3e6932dfef75d97931443446a23e21cf5b3072dd9a

Download Submit
C:\Users\Admin\AppData\Local\Temp\6c1160\common\css\common.css

Filesize
2KB

MD5
33b1c68fff898cbf19c44e486c856282

SHA1
4bcae82469404701498583903ccad307c64e2aa5

SHA256
265d280bad44060c22a6caef0140bb8085b994cdd8d76789f3a43a6e7f2a16ea

SHA512
e8ee2691c3b5c6542873e804f6ba7b13b9230de0bd28944a18bc25c529afe1a11d452988387aa3edddfd2bf65b02e293e549415b0a6a961285d50b3cd2d46a7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\6c1160\common\css\jquery-ui.css

Filesize
20KB

MD5
1ce4eb3e5153f4c9b93a3cfdf3ef2e77

SHA1
03b04e1e31c9c355e7caf71ba0ecb12e741d9aea

SHA256
95f4c300d84eedd0c43a30a1b6f0dfbbf7b8c47725511981e4cfe12dfaeb0e93

SHA512
75b272ef0d474be75aa19226a60a9c6d0370cfbd40276a274460391dbbe0350c17849aa21f375e46bacb7cf7cb3052be5862569f5a196e15b8ca49baa82436a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\6c1160\common\img\button-normal.png

Filesize
14KB

MD5
4b618927fabd5bfea9cf228c9e3f4428

SHA1
7dbd0ebee22f43e831bfdd6f523d64e4fa3b3bac

SHA256
a768c604ae9ef96d0f26d8e6c46b0c24515ada8945c9bd8a86b8173eea730653

SHA512
7bacb6b475317b1b576f7be9f88838896a66b134dd8ede5f33c03b30b8f028c2f221e4c424fe94ed97a1d580cfc5894a4e60c3db48a9548b53ecd264803b423f

Download Submit
C:\Users\Admin\AppData\Local\Temp\6c1160\common\img\close-normal.png

Filesize
16KB

MD5
c9f970b77486b6c60f583de55b82ebb2

SHA1
ac80263df2a6706ceef401b55b0e3f35d14985a7

SHA256
dd727b90f3c6b053fa5b4c8401440e5d120dac6b93305573caaefecedc5f0c5e

SHA512
b33b7cabbce1469c41a2f5ddaea7c3ced9d4d0239edabbd37931d53ddfe7c50d5a9bba101b702d8367ecdfa4df6bdd6bb614d8cf6c639e3239cef69a8d434942

Download Submit
C:\Users\Admin\AppData\Local\Temp\6c1160\common\img\footerImg.png

Filesize
124KB

MD5
59068c9a357b259a32c5acf1eae1b6ca

SHA1
cc30ade1b55ca43070ddce5cc9d613bfb28a1115

SHA256
ea52a6f973100cbdd3217a609ef3737dae42597dd112165fc8a0c42fbd37a517

SHA512
3c57bb3494757aa9badbd77f3e5f84f680104bea9778dc8e0875ae18eac0595d8da5aea13643a81ba154633afc25412a2e12f843858d978f8233380c25fdce9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\6c1160\common\img\headerImg.png

Filesize
205KB

MD5
79f3461a48f669ef914eefbd83925820

SHA1
ef791b21f2de9a9b80f4bd9523b037b6432f41dc

SHA256
a9b420a106adb6b09e5dd39a864dd00519aade91ce6f500c179e9e6652b0fc51

SHA512
20cdb62ae15343f82081629df3e92f0fbb9dd61d793a1d1f73d9a37fd1c0c6265d574372d25de2857c279b5097858598cc6494ca272106fa67664479152b17f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\6c1160\common\img\header_logo.png

Filesize
5KB

MD5
9f74dffb0fea380b891a7b1596109a22

SHA1
256c884dae9a58ecb5ec7525721a78321f75547d

SHA256
ec9d030b3f64cedc4645f8efea56baff55f1b13dfb0db6eececdb9612676f893

SHA512
8defba25f67895fd2481bce885a9cd8318f0a0d3f95082758c2907c1ca75f93d78a541c0105ce018cc457570cc63e0cb8691fabaf10222482b430179cbd4f37c

Download Submit
C:\Users\Admin\AppData\Local\Temp\6c1160\common\js\common.js

Filesize
45KB

MD5
8327a3e34961e36c0e7d5834add0a104

SHA1
762c9d75863e9432803a6f9871357d279a3cc1bf

SHA256
9d1483d12009e62d2e7259cfc4e2674d1a16a47fac1b819017d1d2d2abd9ee6c

SHA512
dfddafcf86ae1e537a995ea29d3ff1ff99975c6426c8fd5dd747bd7411865f14adeeeb61fa0b75e1ef63050b513368110b9c9891eed0afe3510d00c8ed76fca4

Download Submit
C:\Users\Admin\AppData\Local\Temp\6c1160\common\js\external.js

Filesize
36B

MD5
140918feded87fe0a5563a4080071258

SHA1
9a45488c130eba3a9279393d27d4a81080d9b96a

SHA256
25df7ab9509d4e8760f1fdc99684e0e72aac6e885cbdd3396febc405ea77e7f6

SHA512
56f5771db6f0f750ae60a1bb04e187a75fbee1210e1381831dcc2d9d0d4669ef4e58858945c1d5935e1f2d2f2e02fe4d2f08dd2ab27a14be10280b2dd4d8a7c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\6c1160\common\js\jquery-1.11.2.min.js

Filesize
93KB

MD5
5790ead7ad3ba27397aedfa3d263b867

SHA1
8130544c215fe5d1ec081d83461bf4a711e74882

SHA256
2ecd295d295bec062cedebe177e54b9d6b19fc0a841dc5c178c654c9ccff09c0

SHA512
781acedc99de4ce8d53d9b43a158c645eab1b23dfdfd6b57b3c442b11acc4a344e0d5b0067d4b78bb173abbded75fb91c410f2b5a58f71d438aa6266d048d98a

Download Submit
C:\Users\Admin\AppData\Local\Temp\6c1160\common\js\jquery-ui.min.js

Filesize
12KB

MD5
97753710dc6fc2f47616d0578e991eb5

SHA1
b28a9c0b217aefd5c43ac26cd1d2a45a44184f15

SHA256
2e5f9b159be16a83d09c1dc654c73737e10d2a6f8372b51be480b1ba42b7273c

SHA512
ed9aff4ed084eafa0fcaf213f10e5ba2a57b1b18eed4410d6c1a714e6f02b1dc0e94ea5cb45ee70f4556d8a9196a8f606b1e058821ac1673acdcffda18161465

Download Submit
C:\Users\Admin\AppData\Local\Temp\6c1160\config\config.js

Filesize
5KB

MD5
34f8eb4ea7d667d961dccfa7cfd8d194

SHA1
80ca002efed52a92daeed1477f40c437a6541a07

SHA256
30c3d0e8bb3620fe243a75a10f23d83436ff4b15acb65f4f016258314581b73d

SHA512
b773b49c0bbd904f9f87b0b488ed38c23fc64b0bdd51ab78375a444ea656d929b3976808e715a62962503b0d579d791f9a21c45a53038ed7ae8263bd63bc0d50

Download Submit
C:\Users\Admin\AppData\Local\Temp\6c1160\config\installerlist.js

Filesize
2KB

MD5
f90f74ad5b513b0c863f2a5d1c381c0b

SHA1
7ef91f2c0a7383bd4e76fd38c8dd2467abb41db7

SHA256
df2f68a1db705dc49b25faf1c04d69e84e214142389898110f6abb821a980dcc

SHA512
4e95032c4d3dbd5c5531d96a0e4c4688c4205255566a775679c5187422762a17cbca3e4b0068918dbf5e9bf148fc8594f8b747930e0634d10cc710bea9e6ff5d

Download Submit
C:\Users\Admin\AppData\Local\Temp\6c1160\config\installparams.js

Filesize
580B

MD5
2737fd95a9352c89430915a7e8be7cbe

SHA1
238918829ae79d506f50264549147756081d82b5

SHA256
d7d8da3dc29649e10c235dd1b1c49069707d74f1c6c0ec542c54fa50cb007f6b

SHA512
a3afc66bc7f32e669f5cdf61934cefb91ac269620aa73d7f08cb7446a051b01de54ee0d483bc96896585103a377f1e11680184fab280b1139dfb02fcbd2d43e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\6c1160\config\stubparams.js

Filesize
34KB

MD5
d450a4f8c85c8bc04329c1290f7d040c

SHA1
850b598bc3ac3ff47629fbb2d0bd2c793edcacba

SHA256
05ceacef18474cb3a939efb608e14483f386f97a8178f9ebfcf49850e61370d7

SHA512
8e2aff86412a4eda4d4b95fc338e4c6ad0142ca95ca8d55f3fb7b91ab31feecaeb2f6301be1301bbcbe9edf239e400470601467ad8c7c23cc2db0e0a11b5fb2c

Download Submit
C:\Users\Admin\AppData\Local\Temp\6c1160\pages\Agreement\features.js

Filesize
1KB

MD5
d6c9af2359b6d2b70f5952362d97d8c5

SHA1
bad5a4f26a1c3e03d7aed0b1a2302f6976968936

SHA256
2a1591b93cd0b7c8795b04aa47404c4a1c0b8857e7adfdaa2590aada61133802

SHA512
0653839d20ca7baa94af04bcf09289cfb480c0e2b5202060e9d966fa6a79f0d618ec22ad75cd76b97df4cd939e27357b1aeb9527453180c100dc43282bcc6ed2

Download Submit
C:\Users\Admin\AppData\Local\Temp\6c1160\pages\Agreement\page.css

Filesize
429B

MD5
29bdd72e463c39cf131b664c77325f2f

SHA1
9cebfacca0587379482312140f5e9f907b3c3e0e

SHA256
cc2c612878921b73e3b8e0058fb6e638dd21ad4df684c1824d2b013fe773be09

SHA512
eca5bc7ce4b203368f1234871163262611d51b1018ede3d65f7d8682c497b18d2cb0ab51235c4eec72dec24d1254f61f83c065a0f631ab3c6fdb423b0b437e30

Download Submit
C:\Users\Admin\AppData\Local\Temp\6c1160\pages\Agreement\page.html

Filesize
2KB

MD5
9866262066431a37850ee51677473bc3

SHA1
90fdfe4f61294ef4cc9dd0d25ae482b6ebe5784d

SHA256
41700cceb0226f9198b1e09be78e0a2942cfcb71529f679cca390f7385502a2c

SHA512
9b5a991f06490bae36cce22c01c56357ff71cfedebb1e8b6910eabb0671bafca54bf5040a0c56d138e4e5f752f012b918f5b0cb594fb4e9bfa68fc97dc4d5229

Download Submit
C:\Users\Admin\AppData\Local\Temp\6c1160\pages\Agreement\page.js

Filesize
3KB

MD5
c6439dbc2eb9d5b026ba205932958cbf

SHA1
2ddb7e7e09260a9138f4e282985a8f26ba7b7a09

SHA256
934c949b9369958c7c2fb293283fce40f08dafd63841f7ca46d7e46c552e9c03

SHA512
c5fd1cd91a0d19e95b56ed06f625923176faddfbf91c668e76755420da3691f18fa3ee38190908066b6b55da54543ca9ba53b53a199e1b7e9e38a016c24ee185

Download Submit
C:\Users\Admin\AppData\Local\Temp\6c1160\pages\Analytics\features.js

Filesize
267B

MD5
4ae15c449669ebcb864ed45637c3e3cb

SHA1
467a81a8e3f044a5b7f7369ed63c430d83a84b48

SHA256
7b19373f0e1b5bfc2499da6c4e0d8584b0371ead066f09aa5df132528334deaf

SHA512
8ea665748bc574b162ada5f3f535969ba286ff18b49c3414f95f84621c92ab4ee8ae5c27598138acd5429bdbba9f85af45b46b89e66546cd312f00bc2999f9b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\6c1160\pages\Analytics\page.css

Filesize
609B

MD5
af4b32d23820c5781ea56b460676d21a

SHA1
fc5e6c096a187932a1236a4d481a71c6ab10c4cb

SHA256
f2c24a684a60d7345664f8f34103bafdde952ecd93925411d380314d7e6d9532

SHA512
01f7e10a94aacc29c208423f20e221429579d2e2c4e1bb8fce680e4b294d015ec50081e814217df22246f4b3a10de35ef5bc465010677a70c7d53d2c9f7a11dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\6c1160\pages\Analytics\page.html

Filesize
2KB

MD5
7b278f2ca126e16376800d6b5dd947b6

SHA1
c86c7b8d46dccd49688489a748535226526c63fe

SHA256
ca8c664cbb210ebd14e92853ec9f6067512744158c795cc4dd510e99fb32e036

SHA512
114fd77749d08cb28241743054bc06fa36cc3189c10e789c0f960a08e29600fa7c3253928dc111da8684b4d3f4142722a082ff1efd4b2ab884290c7c774de79a

Download Submit
C:\Users\Admin\AppData\Local\Temp\6c1160\pages\Analytics\page.js

Filesize
1KB

MD5
c52f9696d2dbb145633a7ed1eadeb083

SHA1
a04c1b23882af287d1f53331ab8e493982ab58bc

SHA256
dccd51191cd0c6a31e5692944b394f8f2c6596d4dd44982a362db26342d373d5

SHA512
c82bb2559dccf7c6795987e1bf400745433bf183f70be0efa71a68d3592a7feaa97d768e988eeb6d69df2879667f9afc2b0b498c7593a59558c1c465182f9b76

Download Submit
C:\Users\Admin\AppData\Local\Temp\6c1160\pages\Downloading\features.js

Filesize
1KB

MD5
40d07e37e26ee54a57b18c70c3e63d04

SHA1
847ff3c3fdb4188feb1cb86034086543831bf75d

SHA256
f234498755b699a077ef73c1c82973d39078818bfb7f68c35f2ed0202807cfe8

SHA512
dec4c2327da5323b24914dcf8211b7a9d31524e57f10898401005449aab8dc67f28f160e94b8fcac4c0640a24b24233684048f19a81c513e376ed430be28b7f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\6c1160\pages\Downloading\page.html

Filesize
3KB

MD5
5bf37181edaf9d4051264105a0bc593f

SHA1
7590c29aac79246969416a102f4926a4f06f117b

SHA256
c4d316dc0b7988a7e4bfd8dfa9f69670132a4fb3918ebe38306f75c6c63b93d9

SHA512
dd3ddd878f2e46f0c5fa50c56fc6d9fd0f179eafc17ba40b405fec0c899d8cbf0d9a80f15a8f0da02234d3e2eddee6df2bb03d061dc7113c39888fba012b1dcf

Download Submit
C:\Users\Admin\AppData\Local\Temp\6c1160\pages\Downloading\page.js

Filesize
11KB

MD5
3f40b2af35b435425b58271dc800351e

SHA1
989ece231ec4e0b2dfb3f5297b4bbd2f5ef7f7b5

SHA256
b9695fcfb5fbe953ed0bece14a8d5dedf6e5dba2cd76cfd533494c536bfcf9b2

SHA512
af30ad451022d2f55f881f877d7ae4fe0ca1e713563144f731ba1823d6e18ee515ba35849d80f2c8fc79b56e2a7cebb9301ae6b83ad52b111138a599a581585c

Download Submit
C:\Users\Admin\AppData\Local\Temp\6c1160\pages\Initialization\features.js

Filesize
506B

MD5
7e20d80564b5d02568a8c9f00868b863

SHA1
15391f96e1b003f3c790a460965ebce9fce40b8a

SHA256
cba5152c525188a27394b48761362a9e119ef3d79761358a1e42c879c2fe08cc

SHA512
74d333f518cabb97a84aab98fbc72da9ce07dd74d8aab877e749815c17c1b836db63061b7ac5928dc0bb3ffd54f9a1d14b8be7ed3a1ba7b86ee1776f82ba78e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\6c1160\pages\Initialization\page.html

Filesize
2KB

MD5
b23411777957312ec2a28cf8da6bcb4a

SHA1
6dd3bdf8be0abb5cb8bf63a35de95c8304f5e7c7

SHA256
4d0bdf44125e8be91eecaba44c9b965be9b0d2cb8897f3f35e94f2a74912f074

SHA512
e520b4096949a6d7648c197a57f8ce5462adb2cc260ccac712e5b939e7d259f1eee0dfc782959f3ea689befce99cddf38b56a2cc140566870b045114e9b240dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\6c1160\pages\Initialization\page.js

Filesize
2KB

MD5
50c3c85a9b0a5a57c534c48763f9d17e

SHA1
0455f60e056146082fd36d4aafe24fdbb61e2611

SHA256
0135163476d0eb025e0b26e9d6b673730b76b61d3fd7c8ffcd064fc2c0c0682a

SHA512
01fb800963516fd5b9f59a73e397f80daba1065c3d7186891523162b08559e93abf936f154fc84191bbadec0fa947d54b5b74c6981cebc987c8e90f83ddf22c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\6c1160\pages\Installing\page.js

Filesize
11KB

MD5
5d678c703857fc2c298e25ade4c90f54

SHA1
1eb392b5fa61c835ee32e8b9c6d89c6ff37bdfce

SHA256
b6f888c26b19fb28a0a9ad35eaac763d53e888c600d3811c9c06042bee8c4c6f

SHA512
84b5bc8e64591e737f2aec815badfa9c1a47622ed4c6dfdf794eede481d33d0d874ad13e93c9d205e302054859175c6753bab9360f630b3856222dcdb74592c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\6c1160\pages\Welcome\features.js

Filesize
2KB

MD5
07a983653f6ff14da5a355eda093ea6b

SHA1
60aefe57052cd14cbaa28f22bc18a7a6933503d3

SHA256
a3dead0aa2b886493733f48ada2c20aa3185fadd9d696104b1e3d6c21c37d433

SHA512
6b8079913ccb26b003c620889d33059beff45dec6ca8ab5617457716db4b2cbcc21effb403c1bbab72db0e9bbe32bd41274b6d486fdac8016d7303555b259892

Download Submit
C:\Users\Admin\AppData\Local\Temp\6c1160\pages\Welcome\page.css

Filesize
549B

MD5
4409b32e730d40c01b77d91e28ae3ae2

SHA1
2a9510313e6950237d5c9c43ba60537cc5cf8a4a

SHA256
559f1924daf943ec970017cb008f34108eb829d3ced1c47f0602a27919476895

SHA512
45d714c309361980c7a21eb8e5e6c02ed3c6f7e3f13a2ca7b436bf4905b32cb701bdb91b1e7fea037249055f282d84e551da52acd5ad50e224f04ad213f76b84

Download Submit
C:\Users\Admin\AppData\Local\Temp\6c1160\pages\Welcome\page.html

Filesize
2KB

MD5
bcc519c4b8ef7e26aa39681687ffcb7f

SHA1
c59c36dc00e283553e45efdab2eecbb9b5d830db

SHA256
308d7eb472a0af7f045ef22ca108c7ac7eba002ca4b9d31cc0a0854afbeb7542

SHA512
852e01ba2629d2093b37e93b5b0b75123cae153d45c349ad2f67867aec77b2886199ab6c32415f41a80409bb4619c0c11d020b884cc780ee8d1651cf55ebdcc0

Download Submit
C:\Users\Admin\AppData\Local\Temp\6c1160\pages\Welcome\page.js

Filesize
9KB

MD5
fda79e06c6495f84d59e1a26449336b7

SHA1
9882828ef3f934e059d602d120317547b5e975ed

SHA256
fb50127f5669e8f32762b734267487c3fe572c598afebe7a948921e60281e7c2

SHA512
74c65d17ce61ddf8901c84f2df07d935c1bc9ff8302cfc42cd660a0e0261027fa182f21e12b2bf64700c512c2a9706a91f0653eb999572d22fef1ad2ce53385e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1DC6.tmp

Filesize
161KB

MD5
be2bec6e8c5653136d3e72fe53c98aa3

SHA1
a8182d6db17c14671c3d5766c72e58d87c0810de

SHA256
1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd

SHA512
0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\WNZP\winzip_en_64.msi

Filesize
73.7MB

MD5
419ed743a5a2cf9693246c9d65ba834d

SHA1
160973ebd85a33cbb1ad29696a3c8813e120b992

SHA256
2cd6f38161d8713f6c874b4142f987b18b84df63e5b6645510427911a033d9d1

SHA512
931ea40d5158c8808450e04c519e0811e0fec0e1777e6120bcede658aa937557a7208a495b67f7b3ee62282e94110a398d47084e56d89d6655c1122920626c90

Download Submit
C:\Users\Admin\AppData\Local\Temp\WNZP\winzip_en_64.msi

Filesize
73.7MB

MD5
419ed743a5a2cf9693246c9d65ba834d

SHA1
160973ebd85a33cbb1ad29696a3c8813e120b992

SHA256
2cd6f38161d8713f6c874b4142f987b18b84df63e5b6645510427911a033d9d1

SHA512
931ea40d5158c8808450e04c519e0811e0fec0e1777e6120bcede658aa937557a7208a495b67f7b3ee62282e94110a398d47084e56d89d6655c1122920626c90

Download Submit
C:\Users\Admin\AppData\Local\Temp\WNZP_log\log_20230416055323.txt

Filesize
2KB

MD5
47c2c7feae9ebf1685d6b9228fc97382

SHA1
913458ecb5bb305204eb1f088643fe3442934e2c

SHA256
c99d6b77385f47d443e35f5b7b342aa1ff3079499e887866117550ef8b6e6d80

SHA512
f5053ad528e7e8bde44b048dcb3a96c5b29bbbb39dcf0d60c06b8abf64a4fcc862af10ad73c6a0ca0cf0b7ea7adf30efc24524deb152bc7b1963c41cd501aed6

Download Submit
C:\Windows\Installer\MSI368E.tmp

Filesize
153KB

MD5
a1b7850763af9593b66ee459a081bddf

SHA1
6e45955fae2b2494902a1b55a3873e542f0f5ce4

SHA256
41b8e92deba5206c78817236ed7f44df95636ca748d95fab05f032f5aec186af

SHA512
a87a302a9a0d19d7ce293b42f5e7bc09664b21307a5321f226157fcc57eb2df2b59c6651878cb23969a182c82b55e8671ff00f8462194b81a907974a49cb25b1

Download Submit
\Users\Admin\AppData\Local\Temp\6c0d6a\winzip27-p003.exe

Filesize
2.8MB

MD5
4ab9bed90bedaace02bb997063a81a2a

SHA1
5778d4dbf5bcf1fd52717c4709de6a3bf9e2c127

SHA256
78e4bbd109f8fa1a87b91769320650acd17bd09b623e4557fb9832ba1a0702d6

SHA512
0463a63dea0b4c81b1f38ca7eb31aad1935e7f1ebcfa7b9878ee62df50e68b2e4695c49a7a2afd14f926ceecd136e90c26a947df8a0c66c669c2f3dd779f9c00

Download Submit
\Windows\Installer\MSI368E.tmp

Filesize
153KB

MD5
a1b7850763af9593b66ee459a081bddf

SHA1
6e45955fae2b2494902a1b55a3873e542f0f5ce4

SHA256
41b8e92deba5206c78817236ed7f44df95636ca748d95fab05f032f5aec186af

SHA512
a87a302a9a0d19d7ce293b42f5e7bc09664b21307a5321f226157fcc57eb2df2b59c6651878cb23969a182c82b55e8671ff00f8462194b81a907974a49cb25b1

Download Submit
memory/2028-850-0x000000007EF60000-0x000000007EF70000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads