a25edad8dcff7c005d34063392a5ba3e211290800a405c91f78046840522751d

Resubmissions

04/05/2023, 22:33

230504-2gzmashc9z 7

04/05/2023, 20:48

230504-zlfzmsgh7z 7

04/05/2023, 18:37

230504-w9tc4aed69 7

Analysis

max time kernel
479s
max time network
505s
platform
windows10-2004_x64
resource
win10v2004-20230221-en
resource tags

arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
submitted
04/05/2023, 20:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AffinityDesignerInstaller.exe
Size

436.0MB
MD5

330380e25cd4ed381d8bb2aaad76fa32
SHA1

df77a010aeb90ca87283be7f99d5d5447348e8b1
SHA256

a25edad8dcff7c005d34063392a5ba3e211290800a405c91f78046840522751d
SHA512

8d120a13c57d91088b37b9b97061e486e36948fbe03a54e47e088fceb16b95d65468025e623c81a272d7056367aa4788723c4dad946c92965423a189e4daa884
SSDEEP

12582912:kvc0Cvsk4LWlZPrx6ho9phMRbVI53T7wcNd6czg:k00uskJlN0wka53dNd6h

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 10 IoCs

pid	Process
428	MsiExec.exe
4024	MsiExec.exe
4024	MsiExec.exe
4024	MsiExec.exe
4024	MsiExec.exe
4024	MsiExec.exe
4024	MsiExec.exe
3788	MsiExec.exe
3788	MsiExec.exe
3788	MsiExec.exe

Enumerates connected drives 3 TTPs 64 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\Q:	AffinityDesignerInstaller.exe
File opened (read-only)	\??\R:	AffinityDesignerInstaller.exe
File opened (read-only)	\??\S:	AffinityDesignerInstaller.exe
File opened (read-only)	\??\Z:	AffinityDesignerInstaller.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\I:	AffinityDesignerInstaller.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\B:	AffinityDesignerInstaller.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\X:	AffinityDesignerInstaller.exe
File opened (read-only)	\??\P:	AffinityDesignerInstaller.exe
File opened (read-only)	\??\W:	AffinityDesignerInstaller.exe
File opened (read-only)	\??\L:	AffinityDesignerInstaller.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\F:	AffinityDesignerInstaller.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\F:	msiexec.exe
File opened (read-only)	\??\Y:	AffinityDesignerInstaller.exe
File opened (read-only)	\??\M:	AffinityDesignerInstaller.exe
File opened (read-only)	\??\G:	AffinityDesignerInstaller.exe
File opened (read-only)	\??\N:	AffinityDesignerInstaller.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\J:	AffinityDesignerInstaller.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\O:	AffinityDesignerInstaller.exe
File opened (read-only)	\??\K:	AffinityDesignerInstaller.exe
File opened (read-only)	\??\U:	AffinityDesignerInstaller.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\E:	AffinityDesignerInstaller.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\V:	AffinityDesignerInstaller.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\H:	AffinityDesignerInstaller.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\A:	AffinityDesignerInstaller.exe
File opened (read-only)	\??\A:	msiexec.exe

Drops file in Windows directory 7 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI9AD4.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI9BAF.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI9C5C.tmp	msiexec.exe
File opened for modification	C:\Windows\SystemTemp\shiDCA9.tmp	AffinityDesignerInstaller.exe
File created	C:\Windows\Installer\e589a09.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e589a09.msi	msiexec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 5 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 00000000040000008ccb747e6bc781e30000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff0000000027010100000800008ccb747e0000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3f000000ffffffff0000000007000100006809008ccb747e000000000000d0120000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000008ccb747e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000008ccb747e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeSecurityPrivilege	1272	msiexec.exe
Token: SeCreateTokenPrivilege	400	AffinityDesignerInstaller.exe
Token: SeAssignPrimaryTokenPrivilege	400	AffinityDesignerInstaller.exe
Token: SeLockMemoryPrivilege	400	AffinityDesignerInstaller.exe
Token: SeIncreaseQuotaPrivilege	400	AffinityDesignerInstaller.exe
Token: SeMachineAccountPrivilege	400	AffinityDesignerInstaller.exe
Token: SeTcbPrivilege	400	AffinityDesignerInstaller.exe
Token: SeSecurityPrivilege	400	AffinityDesignerInstaller.exe
Token: SeTakeOwnershipPrivilege	400	AffinityDesignerInstaller.exe
Token: SeLoadDriverPrivilege	400	AffinityDesignerInstaller.exe
Token: SeSystemProfilePrivilege	400	AffinityDesignerInstaller.exe
Token: SeSystemtimePrivilege	400	AffinityDesignerInstaller.exe
Token: SeProfSingleProcessPrivilege	400	AffinityDesignerInstaller.exe
Token: SeIncBasePriorityPrivilege	400	AffinityDesignerInstaller.exe
Token: SeCreatePagefilePrivilege	400	AffinityDesignerInstaller.exe
Token: SeCreatePermanentPrivilege	400	AffinityDesignerInstaller.exe
Token: SeBackupPrivilege	400	AffinityDesignerInstaller.exe
Token: SeRestorePrivilege	400	AffinityDesignerInstaller.exe
Token: SeShutdownPrivilege	400	AffinityDesignerInstaller.exe
Token: SeDebugPrivilege	400	AffinityDesignerInstaller.exe
Token: SeAuditPrivilege	400	AffinityDesignerInstaller.exe
Token: SeSystemEnvironmentPrivilege	400	AffinityDesignerInstaller.exe
Token: SeChangeNotifyPrivilege	400	AffinityDesignerInstaller.exe
Token: SeRemoteShutdownPrivilege	400	AffinityDesignerInstaller.exe
Token: SeUndockPrivilege	400	AffinityDesignerInstaller.exe
Token: SeSyncAgentPrivilege	400	AffinityDesignerInstaller.exe
Token: SeEnableDelegationPrivilege	400	AffinityDesignerInstaller.exe
Token: SeManageVolumePrivilege	400	AffinityDesignerInstaller.exe
Token: SeImpersonatePrivilege	400	AffinityDesignerInstaller.exe
Token: SeCreateGlobalPrivilege	400	AffinityDesignerInstaller.exe
Token: SeCreateTokenPrivilege	400	AffinityDesignerInstaller.exe
Token: SeAssignPrimaryTokenPrivilege	400	AffinityDesignerInstaller.exe
Token: SeLockMemoryPrivilege	400	AffinityDesignerInstaller.exe
Token: SeIncreaseQuotaPrivilege	400	AffinityDesignerInstaller.exe
Token: SeMachineAccountPrivilege	400	AffinityDesignerInstaller.exe
Token: SeTcbPrivilege	400	AffinityDesignerInstaller.exe
Token: SeSecurityPrivilege	400	AffinityDesignerInstaller.exe
Token: SeTakeOwnershipPrivilege	400	AffinityDesignerInstaller.exe
Token: SeLoadDriverPrivilege	400	AffinityDesignerInstaller.exe
Token: SeSystemProfilePrivilege	400	AffinityDesignerInstaller.exe
Token: SeSystemtimePrivilege	400	AffinityDesignerInstaller.exe
Token: SeProfSingleProcessPrivilege	400	AffinityDesignerInstaller.exe
Token: SeIncBasePriorityPrivilege	400	AffinityDesignerInstaller.exe
Token: SeCreatePagefilePrivilege	400	AffinityDesignerInstaller.exe
Token: SeCreatePermanentPrivilege	400	AffinityDesignerInstaller.exe
Token: SeBackupPrivilege	400	AffinityDesignerInstaller.exe
Token: SeRestorePrivilege	400	AffinityDesignerInstaller.exe
Token: SeShutdownPrivilege	400	AffinityDesignerInstaller.exe
Token: SeDebugPrivilege	400	AffinityDesignerInstaller.exe
Token: SeAuditPrivilege	400	AffinityDesignerInstaller.exe
Token: SeSystemEnvironmentPrivilege	400	AffinityDesignerInstaller.exe
Token: SeChangeNotifyPrivilege	400	AffinityDesignerInstaller.exe
Token: SeRemoteShutdownPrivilege	400	AffinityDesignerInstaller.exe
Token: SeUndockPrivilege	400	AffinityDesignerInstaller.exe
Token: SeSyncAgentPrivilege	400	AffinityDesignerInstaller.exe
Token: SeEnableDelegationPrivilege	400	AffinityDesignerInstaller.exe
Token: SeManageVolumePrivilege	400	AffinityDesignerInstaller.exe
Token: SeImpersonatePrivilege	400	AffinityDesignerInstaller.exe
Token: SeCreateGlobalPrivilege	400	AffinityDesignerInstaller.exe
Token: SeCreateTokenPrivilege	400	AffinityDesignerInstaller.exe
Token: SeAssignPrimaryTokenPrivilege	400	AffinityDesignerInstaller.exe
Token: SeLockMemoryPrivilege	400	AffinityDesignerInstaller.exe
Token: SeIncreaseQuotaPrivilege	400	AffinityDesignerInstaller.exe
Token: SeMachineAccountPrivilege	400	AffinityDesignerInstaller.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
400	AffinityDesignerInstaller.exe
2236	msiexec.exe

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 1272 wrote to memory of 428	1272	msiexec.exe	84
PID 1272 wrote to memory of 428	1272	msiexec.exe	84
PID 1272 wrote to memory of 428	1272	msiexec.exe	84
PID 400 wrote to memory of 2236	400	AffinityDesignerInstaller.exe	85
PID 400 wrote to memory of 2236	400	AffinityDesignerInstaller.exe	85
PID 400 wrote to memory of 2236	400	AffinityDesignerInstaller.exe	85
PID 1272 wrote to memory of 4024	1272	msiexec.exe	86
PID 1272 wrote to memory of 4024	1272	msiexec.exe	86
PID 1272 wrote to memory of 4024	1272	msiexec.exe	86
PID 1272 wrote to memory of 1000	1272	msiexec.exe	97
PID 1272 wrote to memory of 1000	1272	msiexec.exe	97
PID 1272 wrote to memory of 3788	1272	msiexec.exe	99
PID 1272 wrote to memory of 3788	1272	msiexec.exe	99
PID 1272 wrote to memory of 3788	1272	msiexec.exe	99

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\AffinityDesignerInstaller.exe
"C:\Users\Admin\AppData\Local\Temp\AffinityDesignerInstaller.exe"
1⤵
- Enumerates connected drives
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:400
- C:\Windows\SysWOW64\msiexec.exe
  "C:\Windows\system32\msiexec.exe" /i "C:\Users\Admin\AppData\Roaming\Serif (Europe) Ltd\Affinity Designer 2.0.3\install\0951ACF\AffinityDesignerInstaller.msi" AI_SETUPEXEPATH=C:\Users\Admin\AppData\Local\Temp\AffinityDesignerInstaller.exe SETUPEXEDIR=C:\Users\Admin\AppData\Local\Temp\ EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1683000539 "
  2⤵
  - Enumerates connected drives
  - Suspicious use of FindShellTrayWindow
  PID:2236

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1272
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 0F171C58A4474ED5FD08E96BAD83752C C
  2⤵
  - Loads dropped DLL
  PID:428
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 75124D1071CA5C68B8FB313217C84C94 C
  2⤵
  - Loads dropped DLL
  PID:4024
- C:\Windows\system32\srtasks.exe
  C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
  2⤵
  PID:1000
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 1FF5F24A6A89C28EFE38B0C175C065AD
  2⤵
  - Loads dropped DLL
  PID:3788

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Checks SCSI registry key(s)
PID:1564

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\MSIDD17.tmp

Filesize
557KB

MD5
e1423fc5ddaedc0152a09f4796243e31

SHA1
c92cec1fb6093d6922fe64719e583048fca12153

SHA256
3042d947f0e3accd3307d4d983aba352c4b01f6ca10aa45dbe660ca0a0a107de

SHA512
fc21fadb5b86dc0c4fc8fea5d166b9b8a500df2b662c201626a8bcf6d3f7bd590b8ec3bae31f2f558b74ccb49ca74f51ee48b19bd047a27ef0c794b21cc84b39

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIDD17.tmp

Filesize
557KB

MD5
e1423fc5ddaedc0152a09f4796243e31

SHA1
c92cec1fb6093d6922fe64719e583048fca12153

SHA256
3042d947f0e3accd3307d4d983aba352c4b01f6ca10aa45dbe660ca0a0a107de

SHA512
fc21fadb5b86dc0c4fc8fea5d166b9b8a500df2b662c201626a8bcf6d3f7bd590b8ec3bae31f2f558b74ccb49ca74f51ee48b19bd047a27ef0c794b21cc84b39

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIE043.tmp

Filesize
557KB

MD5
e1423fc5ddaedc0152a09f4796243e31

SHA1
c92cec1fb6093d6922fe64719e583048fca12153

SHA256
3042d947f0e3accd3307d4d983aba352c4b01f6ca10aa45dbe660ca0a0a107de

SHA512
fc21fadb5b86dc0c4fc8fea5d166b9b8a500df2b662c201626a8bcf6d3f7bd590b8ec3bae31f2f558b74ccb49ca74f51ee48b19bd047a27ef0c794b21cc84b39

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIE043.tmp

Filesize
557KB

MD5
e1423fc5ddaedc0152a09f4796243e31

SHA1
c92cec1fb6093d6922fe64719e583048fca12153

SHA256
3042d947f0e3accd3307d4d983aba352c4b01f6ca10aa45dbe660ca0a0a107de

SHA512
fc21fadb5b86dc0c4fc8fea5d166b9b8a500df2b662c201626a8bcf6d3f7bd590b8ec3bae31f2f558b74ccb49ca74f51ee48b19bd047a27ef0c794b21cc84b39

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIE0B1.tmp

Filesize
557KB

MD5
e1423fc5ddaedc0152a09f4796243e31

SHA1
c92cec1fb6093d6922fe64719e583048fca12153

SHA256
3042d947f0e3accd3307d4d983aba352c4b01f6ca10aa45dbe660ca0a0a107de

SHA512
fc21fadb5b86dc0c4fc8fea5d166b9b8a500df2b662c201626a8bcf6d3f7bd590b8ec3bae31f2f558b74ccb49ca74f51ee48b19bd047a27ef0c794b21cc84b39

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIE0B1.tmp

Filesize
557KB

MD5
e1423fc5ddaedc0152a09f4796243e31

SHA1
c92cec1fb6093d6922fe64719e583048fca12153

SHA256
3042d947f0e3accd3307d4d983aba352c4b01f6ca10aa45dbe660ca0a0a107de

SHA512
fc21fadb5b86dc0c4fc8fea5d166b9b8a500df2b662c201626a8bcf6d3f7bd590b8ec3bae31f2f558b74ccb49ca74f51ee48b19bd047a27ef0c794b21cc84b39

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIE0B1.tmp

Filesize
557KB

MD5
e1423fc5ddaedc0152a09f4796243e31

SHA1
c92cec1fb6093d6922fe64719e583048fca12153

SHA256
3042d947f0e3accd3307d4d983aba352c4b01f6ca10aa45dbe660ca0a0a107de

SHA512
fc21fadb5b86dc0c4fc8fea5d166b9b8a500df2b662c201626a8bcf6d3f7bd590b8ec3bae31f2f558b74ccb49ca74f51ee48b19bd047a27ef0c794b21cc84b39

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIE18D.tmp

Filesize
557KB

MD5
e1423fc5ddaedc0152a09f4796243e31

SHA1
c92cec1fb6093d6922fe64719e583048fca12153

SHA256
3042d947f0e3accd3307d4d983aba352c4b01f6ca10aa45dbe660ca0a0a107de

SHA512
fc21fadb5b86dc0c4fc8fea5d166b9b8a500df2b662c201626a8bcf6d3f7bd590b8ec3bae31f2f558b74ccb49ca74f51ee48b19bd047a27ef0c794b21cc84b39

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIE18D.tmp

Filesize
557KB

MD5
e1423fc5ddaedc0152a09f4796243e31

SHA1
c92cec1fb6093d6922fe64719e583048fca12153

SHA256
3042d947f0e3accd3307d4d983aba352c4b01f6ca10aa45dbe660ca0a0a107de

SHA512
fc21fadb5b86dc0c4fc8fea5d166b9b8a500df2b662c201626a8bcf6d3f7bd590b8ec3bae31f2f558b74ccb49ca74f51ee48b19bd047a27ef0c794b21cc84b39

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIE1FB.tmp

Filesize
557KB

MD5
e1423fc5ddaedc0152a09f4796243e31

SHA1
c92cec1fb6093d6922fe64719e583048fca12153

SHA256
3042d947f0e3accd3307d4d983aba352c4b01f6ca10aa45dbe660ca0a0a107de

SHA512
fc21fadb5b86dc0c4fc8fea5d166b9b8a500df2b662c201626a8bcf6d3f7bd590b8ec3bae31f2f558b74ccb49ca74f51ee48b19bd047a27ef0c794b21cc84b39

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIE1FB.tmp

Filesize
557KB

MD5
e1423fc5ddaedc0152a09f4796243e31

SHA1
c92cec1fb6093d6922fe64719e583048fca12153

SHA256
3042d947f0e3accd3307d4d983aba352c4b01f6ca10aa45dbe660ca0a0a107de

SHA512
fc21fadb5b86dc0c4fc8fea5d166b9b8a500df2b662c201626a8bcf6d3f7bd590b8ec3bae31f2f558b74ccb49ca74f51ee48b19bd047a27ef0c794b21cc84b39

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIE3F0.tmp

Filesize
557KB

MD5
e1423fc5ddaedc0152a09f4796243e31

SHA1
c92cec1fb6093d6922fe64719e583048fca12153

SHA256
3042d947f0e3accd3307d4d983aba352c4b01f6ca10aa45dbe660ca0a0a107de

SHA512
fc21fadb5b86dc0c4fc8fea5d166b9b8a500df2b662c201626a8bcf6d3f7bd590b8ec3bae31f2f558b74ccb49ca74f51ee48b19bd047a27ef0c794b21cc84b39

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIE3F0.tmp

Filesize
557KB

MD5
e1423fc5ddaedc0152a09f4796243e31

SHA1
c92cec1fb6093d6922fe64719e583048fca12153

SHA256
3042d947f0e3accd3307d4d983aba352c4b01f6ca10aa45dbe660ca0a0a107de

SHA512
fc21fadb5b86dc0c4fc8fea5d166b9b8a500df2b662c201626a8bcf6d3f7bd590b8ec3bae31f2f558b74ccb49ca74f51ee48b19bd047a27ef0c794b21cc84b39

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIE48E.tmp

Filesize
557KB

MD5
e1423fc5ddaedc0152a09f4796243e31

SHA1
c92cec1fb6093d6922fe64719e583048fca12153

SHA256
3042d947f0e3accd3307d4d983aba352c4b01f6ca10aa45dbe660ca0a0a107de

SHA512
fc21fadb5b86dc0c4fc8fea5d166b9b8a500df2b662c201626a8bcf6d3f7bd590b8ec3bae31f2f558b74ccb49ca74f51ee48b19bd047a27ef0c794b21cc84b39

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIE48E.tmp

Filesize
557KB

MD5
e1423fc5ddaedc0152a09f4796243e31

SHA1
c92cec1fb6093d6922fe64719e583048fca12153

SHA256
3042d947f0e3accd3307d4d983aba352c4b01f6ca10aa45dbe660ca0a0a107de

SHA512
fc21fadb5b86dc0c4fc8fea5d166b9b8a500df2b662c201626a8bcf6d3f7bd590b8ec3bae31f2f558b74ccb49ca74f51ee48b19bd047a27ef0c794b21cc84b39

Download Submit
C:\Users\Admin\AppData\Roaming\Serif (Europe) Ltd\Affinity Designer 2.0.3\install\0951ACF\AffinityDesignerInstaller.msi

Filesize
2.2MB

MD5
9c267b379707ebaa6bdf8e958c40eed0

SHA1
ae1b061a874f611ede9e3713204355f0f93302ea

SHA256
745e9c8485ec22d56d610f042bb7620ef1b3faa3e6acc343f4cd4a2ad626a89a

SHA512
e043f62f10f0a151da0913817a3d79db1871d1f3948315e3531325dac0bfa095608c5c934f29b584b06f48e16e257770b43fa9f4e5e150df790884a55a4111e8

Download Submit
C:\Users\Admin\AppData\Roaming\Serif (Europe) Ltd\Affinity Designer 2.0.3\install\0951ACF\AffinityDesignerInstaller.msi

Filesize
2.2MB

MD5
9c267b379707ebaa6bdf8e958c40eed0

SHA1
ae1b061a874f611ede9e3713204355f0f93302ea

SHA256
745e9c8485ec22d56d610f042bb7620ef1b3faa3e6acc343f4cd4a2ad626a89a

SHA512
e043f62f10f0a151da0913817a3d79db1871d1f3948315e3531325dac0bfa095608c5c934f29b584b06f48e16e257770b43fa9f4e5e150df790884a55a4111e8

Download Submit
C:\Users\Admin\AppData\Roaming\Serif (Europe) Ltd\Affinity Designer 2.0.3\install\0951ACF\ProgramFiles64Folder\Affinity Designer\DesignerHelp\Contents\Resources\shared\adjustment_base05.jpg

Filesize
46KB

MD5
6ea56319ea4c6f5cbae1616ecd6b4b06

SHA1
056917bff6a5f10ec364c264553752a2c7f473c6

SHA256
7cf20d3950c0086c2df257df6f72a6fe3ba1eb7dc9b0b13f105f0afde455b72b

SHA512
66abf5be42c41af9d6a71bdb0e32c3f09a78ffc9645e84d4dca98e355c6a904b0b741be747270f8a0bd8bef9474065a77fddcdf18fcecd72110e8fffa6960987

Download Submit
C:\Windows\Installer\MSI9AD4.tmp

Filesize
557KB

MD5
e1423fc5ddaedc0152a09f4796243e31

SHA1
c92cec1fb6093d6922fe64719e583048fca12153

SHA256
3042d947f0e3accd3307d4d983aba352c4b01f6ca10aa45dbe660ca0a0a107de

SHA512
fc21fadb5b86dc0c4fc8fea5d166b9b8a500df2b662c201626a8bcf6d3f7bd590b8ec3bae31f2f558b74ccb49ca74f51ee48b19bd047a27ef0c794b21cc84b39

Download Submit
C:\Windows\Installer\MSI9AD4.tmp

Filesize
557KB

MD5
e1423fc5ddaedc0152a09f4796243e31

SHA1
c92cec1fb6093d6922fe64719e583048fca12153

SHA256
3042d947f0e3accd3307d4d983aba352c4b01f6ca10aa45dbe660ca0a0a107de

SHA512
fc21fadb5b86dc0c4fc8fea5d166b9b8a500df2b662c201626a8bcf6d3f7bd590b8ec3bae31f2f558b74ccb49ca74f51ee48b19bd047a27ef0c794b21cc84b39

Download Submit
C:\Windows\Installer\MSI9BAF.tmp

Filesize
557KB

MD5
e1423fc5ddaedc0152a09f4796243e31

SHA1
c92cec1fb6093d6922fe64719e583048fca12153

SHA256
3042d947f0e3accd3307d4d983aba352c4b01f6ca10aa45dbe660ca0a0a107de

SHA512
fc21fadb5b86dc0c4fc8fea5d166b9b8a500df2b662c201626a8bcf6d3f7bd590b8ec3bae31f2f558b74ccb49ca74f51ee48b19bd047a27ef0c794b21cc84b39

Download Submit
C:\Windows\Installer\MSI9BAF.tmp

Filesize
557KB

MD5
e1423fc5ddaedc0152a09f4796243e31

SHA1
c92cec1fb6093d6922fe64719e583048fca12153

SHA256
3042d947f0e3accd3307d4d983aba352c4b01f6ca10aa45dbe660ca0a0a107de

SHA512
fc21fadb5b86dc0c4fc8fea5d166b9b8a500df2b662c201626a8bcf6d3f7bd590b8ec3bae31f2f558b74ccb49ca74f51ee48b19bd047a27ef0c794b21cc84b39

Download Submit
C:\Windows\Installer\MSI9C5C.tmp

Filesize
703KB

MD5
59f4b7e8b960987b68b311660c99957a

SHA1
3ba452e27d4bf53e72bf28cde68240290e72e46f

SHA256
3b43d469e1f3656f948eabbd9e1ed99570a7962118fcfc9ccaa309eb657502bf

SHA512
64bd1ddbc90dfae6a7b34b67eaa32a0fd03e5ccff7e25f997dfb488f56b7ab2c7fab867915d05ba40f215216f87942d035e740edd64db7cb6df049a589dde27b

Download Submit
C:\Windows\Installer\MSI9C5C.tmp

Filesize
703KB

MD5
59f4b7e8b960987b68b311660c99957a

SHA1
3ba452e27d4bf53e72bf28cde68240290e72e46f

SHA256
3b43d469e1f3656f948eabbd9e1ed99570a7962118fcfc9ccaa309eb657502bf

SHA512
64bd1ddbc90dfae6a7b34b67eaa32a0fd03e5ccff7e25f997dfb488f56b7ab2c7fab867915d05ba40f215216f87942d035e740edd64db7cb6df049a589dde27b

Download Submit
\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2

Filesize
23.0MB

MD5
9d0e52d3f93e47486196b63f62f22350

SHA1
ca5a0fdffbc1339cf1de6bfb3da3eb05ee610856

SHA256
53890fedae5e94225a8023811a2ccb9c83056854ee0ba7aa2b597d587b716831

SHA512
2d5ddeee14a27b3b291a40cb62aed9eead54c1d56d6dd3dd9a8cb14fd4c05966be2a22508299b6077d1a697c72cc32911acbfc24945b6109543f3967a7148995

Download Submit
\??\Volume{7e74cb8c-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{6461fc05-f2be-41d0-aa73-641b1aeed494}_OnDiskSnapshotProp

Filesize
5KB

MD5
397a41346068843375836a22089cd87f

SHA1
03420a5b240818db090aebcdde0ae7805ed9a9a4

SHA256
fd818ad45109f47523eb918119788fd49d59cf1e2c7754424472ef4fd286b977

SHA512
963190a76b52d7a048562d0ce6985e70aa1bdda2439fc84269012c998c5b94c3dd1e3712f5403774c01cdb4406c78b15ba9fa99563257dbf5f1c63059dd9353d

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads