4acada737f2328fb1f3a3fc1d693e089abf9120b898c40a1a97ddbc46ebb085c

Analysis

max time kernel
147s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
05-05-2023 01:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

31fff19c17889fb9e429ccdcb08a5f5e.exe
Size

26.0MB
MD5

31fff19c17889fb9e429ccdcb08a5f5e
SHA1

725e51f848b4cff487a13c3f372cdfa97870dada
SHA256

4acada737f2328fb1f3a3fc1d693e089abf9120b898c40a1a97ddbc46ebb085c
SHA512

dc3f6eef0037027f3508c6cba7d0293eddc7c31760e24b5be26c729504d3d37dfef8ad9d693147cb53dd5dbe8c13394da63082fd9a7107d6ecee61823293db79
SSDEEP

786432:O9Qaa3QROmEpabUgTcnvm4pWyk5yH76k060Lut+QIYPmWhU2:i4QROm0abUGcnvm4Ay56k06D+QvmQN

Score

4^/10

discovery

Malware Config

Signatures

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Executes dropped EXE 1 IoCs

pid	Process
3324	31fff19c17889fb9e429ccdcb08a5f5e.exe

Loads dropped DLL 35 IoCs

pid	Process
3324	31fff19c17889fb9e429ccdcb08a5f5e.exe
3324	31fff19c17889fb9e429ccdcb08a5f5e.exe
3324	31fff19c17889fb9e429ccdcb08a5f5e.exe
3324	31fff19c17889fb9e429ccdcb08a5f5e.exe
3324	31fff19c17889fb9e429ccdcb08a5f5e.exe
3324	31fff19c17889fb9e429ccdcb08a5f5e.exe
3324	31fff19c17889fb9e429ccdcb08a5f5e.exe
3324	31fff19c17889fb9e429ccdcb08a5f5e.exe
3324	31fff19c17889fb9e429ccdcb08a5f5e.exe
3324	31fff19c17889fb9e429ccdcb08a5f5e.exe
3324	31fff19c17889fb9e429ccdcb08a5f5e.exe
3324	31fff19c17889fb9e429ccdcb08a5f5e.exe
3324	31fff19c17889fb9e429ccdcb08a5f5e.exe
3324	31fff19c17889fb9e429ccdcb08a5f5e.exe
3324	31fff19c17889fb9e429ccdcb08a5f5e.exe
3324	31fff19c17889fb9e429ccdcb08a5f5e.exe
3324	31fff19c17889fb9e429ccdcb08a5f5e.exe
3324	31fff19c17889fb9e429ccdcb08a5f5e.exe
3324	31fff19c17889fb9e429ccdcb08a5f5e.exe
3324	31fff19c17889fb9e429ccdcb08a5f5e.exe
3324	31fff19c17889fb9e429ccdcb08a5f5e.exe
3324	31fff19c17889fb9e429ccdcb08a5f5e.exe
3324	31fff19c17889fb9e429ccdcb08a5f5e.exe
3324	31fff19c17889fb9e429ccdcb08a5f5e.exe
3324	31fff19c17889fb9e429ccdcb08a5f5e.exe
3324	31fff19c17889fb9e429ccdcb08a5f5e.exe
3324	31fff19c17889fb9e429ccdcb08a5f5e.exe
3324	31fff19c17889fb9e429ccdcb08a5f5e.exe
3324	31fff19c17889fb9e429ccdcb08a5f5e.exe
3324	31fff19c17889fb9e429ccdcb08a5f5e.exe
3324	31fff19c17889fb9e429ccdcb08a5f5e.exe
3324	31fff19c17889fb9e429ccdcb08a5f5e.exe
3324	31fff19c17889fb9e429ccdcb08a5f5e.exe
3324	31fff19c17889fb9e429ccdcb08a5f5e.exe
3324	31fff19c17889fb9e429ccdcb08a5f5e.exe

Modifies system certificate store 2 TTPs 8 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 5c000000010000000400000000080000190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f6200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa604000000010000001000000087ce0b7b2a0e4900e158719b37a893722000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	31fff19c17889fb9e429ccdcb08a5f5e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13	31fff19c17889fb9e429ccdcb08a5f5e.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd67707390b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b660537f000000010000000e000000300c060a2b0601040182370a03047e000000010000000800000000c001b39667d60168000000010000000800000000409120d035d901030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	31fff19c17889fb9e429ccdcb08a5f5e.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef4240f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd67707390b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b660537f000000010000000e000000300c060a2b0601040182370a03047e000000010000000800000000c001b39667d60168000000010000000800000000409120d035d901030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	31fff19c17889fb9e429ccdcb08a5f5e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43	31fff19c17889fb9e429ccdcb08a5f5e.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	31fff19c17889fb9e429ccdcb08a5f5e.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f6200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	31fff19c17889fb9e429ccdcb08a5f5e.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	31fff19c17889fb9e429ccdcb08a5f5e.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3324	31fff19c17889fb9e429ccdcb08a5f5e.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2056 wrote to memory of 3324	2056	31fff19c17889fb9e429ccdcb08a5f5e.exe	82
PID 2056 wrote to memory of 3324	2056	31fff19c17889fb9e429ccdcb08a5f5e.exe	82
PID 2056 wrote to memory of 3324	2056	31fff19c17889fb9e429ccdcb08a5f5e.exe	82

C:\Users\Admin\AppData\Local\Temp\31fff19c17889fb9e429ccdcb08a5f5e.exe
"C:\Users\Admin\AppData\Local\Temp\31fff19c17889fb9e429ccdcb08a5f5e.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2056
- C:\Windows\Temp\{25F9E382-613A-43D3-80D9-51D39B3F92FD}\.cr\31fff19c17889fb9e429ccdcb08a5f5e.exe
  "C:\Windows\Temp\{25F9E382-613A-43D3-80D9-51D39B3F92FD}\.cr\31fff19c17889fb9e429ccdcb08a5f5e.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\31fff19c17889fb9e429ccdcb08a5f5e.exe" -burn.filehandle.attached=656 -burn.filehandle.self=684
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies system certificate store
  - Suspicious use of AdjustPrivilegeToken
  PID:3324

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\TmpA05B.tmp

Filesize
1KB

MD5
bc814b85fd324ed82a1f6a5489e1ffc9

SHA1
a2ce63f23ba167d9162233dff973a81905ce32a8

SHA256
04493b0c31b139f4373efaec4416e955cd991aad901738d5eb17716616899e96

SHA512
17cfa1502130259bee0671d3fa2a2c0583ac6c14d7f15f12616c55ebf21d40e448829121af2114be84423ba53f481ef644cefef8fa897f9baa55dd477155dfb9

Download Submit
C:\Users\Admin\AppData\Local\Temp\TmpA0AC.tmp

Filesize
1KB

MD5
b75fdcb58153f77358f11c2f21c9cc95

SHA1
bff0d53ad4d8c20f3da759cd9a4ab5874325aaac

SHA256
63bed24f4c3dd97aadfb055cee41af5d15512234e7d353550361c3d7fa5e13e4

SHA512
9a10350c66fdfb99a6689ad1fae0d0a0df094a5dcd1f559bf90c5b1d301551a4adf3152a3cff1bd27f09eee24ea6c0fcc1ac5f40fa246dbff3aa2badc61d2374

Download Submit
C:\Windows\Temp\{25F9E382-613A-43D3-80D9-51D39B3F92FD}\.cr\31fff19c17889fb9e429ccdcb08a5f5e.exe

Filesize
1.9MB

MD5
2a0122104e193c571d0e764d82adb4f2

SHA1
eb29fca65a2c3f769be409da55b5a9be89ed68a7

SHA256
66c9e0caf141e9f1324f4b0a93930510aaaa0b3c2a8026353909f066ce043e8b

SHA512
c6febf0fae9886b78d3e330a244879d50c258b5e7cd143645d2e1b83368c46765d9e9fb74f1b0485aa9b6d37e9120112031844583ae4d4946b4dbbeb7cc4d497

Download Submit
C:\Windows\Temp\{25F9E382-613A-43D3-80D9-51D39B3F92FD}\.cr\31fff19c17889fb9e429ccdcb08a5f5e.exe

Filesize
1.9MB

MD5
2a0122104e193c571d0e764d82adb4f2

SHA1
eb29fca65a2c3f769be409da55b5a9be89ed68a7

SHA256
66c9e0caf141e9f1324f4b0a93930510aaaa0b3c2a8026353909f066ce043e8b

SHA512
c6febf0fae9886b78d3e330a244879d50c258b5e7cd143645d2e1b83368c46765d9e9fb74f1b0485aa9b6d37e9120112031844583ae4d4946b4dbbeb7cc4d497

Download Submit
C:\Windows\Temp\{7C899D74-39C0-402D-83A5-70860C6E7886}\.ba\BootstrapperCore.config

Filesize
625B

MD5
cde4e856103117ead54d724adcb30a48

SHA1
843545c2477cf4444094d0f611ab259a8fe5b78a

SHA256
ba4207b63f5d5b21f5db1330cb681ef3924b70e23f034edd8a6c19a71bd07297

SHA512
97347bbc4733946d5d76863e8b25f4ed4b2fc58734be3b51d12b2eb8534011b1df034b095f26ad0d71c54b5d87799b8c5104cb33387ad776846ec06deda7e1bf

Download Submit
C:\Windows\Temp\{7C899D74-39C0-402D-83A5-70860C6E7886}\.ba\BootstrapperCore.dll

Filesize
87KB

MD5
b0d10a2a622a322788780e7a3cbb85f3

SHA1
04d90b16fa7b47a545c1133d5c0ca9e490f54633

SHA256
f2c2b3ce2df70a3206f3111391ffc7b791b32505fa97aef22c0c2dbf6f3b0426

SHA512
62b0aa09234067e67969c5f785736d92cd7907f1f680a07f6b44a1caf43bfeb2df96f29034016f3345c4580c6c9bc1b04bea932d06e53621da4fcf7b8c0a489f

Download Submit
C:\Windows\Temp\{7C899D74-39C0-402D-83A5-70860C6E7886}\.ba\BootstrapperCore.dll

Filesize
87KB

MD5
b0d10a2a622a322788780e7a3cbb85f3

SHA1
04d90b16fa7b47a545c1133d5c0ca9e490f54633

SHA256
f2c2b3ce2df70a3206f3111391ffc7b791b32505fa97aef22c0c2dbf6f3b0426

SHA512
62b0aa09234067e67969c5f785736d92cd7907f1f680a07f6b44a1caf43bfeb2df96f29034016f3345c4580c6c9bc1b04bea932d06e53621da4fcf7b8c0a489f

Download Submit
C:\Windows\Temp\{7C899D74-39C0-402D-83A5-70860C6E7886}\.ba\Foundation.Composition.LightInject.dll

Filesize
155KB

MD5
b38b49631a598d0a729ee4a8672e1555

SHA1
e2ea4c8d6873dcad8fbf255e3616b401552d1d31

SHA256
c22f7e8d705e9f2ccb248db841da0f03e61be728b5d80a74eb18d508ebef1358

SHA512
6db4d4e8b81db269c8278878722aeafae61dce24a6066749e131a58aae041c6977361e32d1611bee2866b6182206ac6baf359b35e8c82776ada537a07b2a2d35

Download Submit
C:\Windows\Temp\{7C899D74-39C0-402D-83A5-70860C6E7886}\.ba\Foundation.Composition.LightInject.dll

Filesize
155KB

MD5
b38b49631a598d0a729ee4a8672e1555

SHA1
e2ea4c8d6873dcad8fbf255e3616b401552d1d31

SHA256
c22f7e8d705e9f2ccb248db841da0f03e61be728b5d80a74eb18d508ebef1358

SHA512
6db4d4e8b81db269c8278878722aeafae61dce24a6066749e131a58aae041c6977361e32d1611bee2866b6182206ac6baf359b35e8c82776ada537a07b2a2d35

Download Submit
C:\Windows\Temp\{7C899D74-39C0-402D-83A5-70860C6E7886}\.ba\Foundation.Composition.dll

Filesize
44KB

MD5
3cd4a361c38817deadc821991c4f9371

SHA1
347c1203b9c0b7fad83e4f4a10dfdaeabf97d6e4

SHA256
bfe9d87f2a14973cb08191050b241fffa8176805d5af1978bb72b92672021e56

SHA512
871b9765836a76e20d42a10f4209c32016a6d112235d0cedab685c84e64f2870068452c5747f3000ae5b4a7974e515fa211247fa7e9f6e84236491abfc22392e

Download Submit
C:\Windows\Temp\{7C899D74-39C0-402D-83A5-70860C6E7886}\.ba\Foundation.Composition.dll

Filesize
44KB

MD5
3cd4a361c38817deadc821991c4f9371

SHA1
347c1203b9c0b7fad83e4f4a10dfdaeabf97d6e4

SHA256
bfe9d87f2a14973cb08191050b241fffa8176805d5af1978bb72b92672021e56

SHA512
871b9765836a76e20d42a10f4209c32016a6d112235d0cedab685c84e64f2870068452c5747f3000ae5b4a7974e515fa211247fa7e9f6e84236491abfc22392e

Download Submit
C:\Windows\Temp\{7C899D74-39C0-402D-83A5-70860C6E7886}\.ba\Foundation.Installer.Common.dll

Filesize
520KB

MD5
dc6f80a5714a8f107c0d38c3317ae164

SHA1
49cc16b84158e3f59728e8eba1391204619040c1

SHA256
2969ca1dba8ec816cab44f3c65164205d5ed6e8ac58e5e1df2cc6af583df4a28

SHA512
032d9983588fe84fcec67b056503faf051a605e98e3058010cd9df7e77e0387a47eb3fe37617a8b4b57af0d6f9bfe7004bcba5c5639bb9462199b46fb7bc8200

Download Submit
C:\Windows\Temp\{7C899D74-39C0-402D-83A5-70860C6E7886}\.ba\Foundation.Installer.Common.dll

Filesize
520KB

MD5
dc6f80a5714a8f107c0d38c3317ae164

SHA1
49cc16b84158e3f59728e8eba1391204619040c1

SHA256
2969ca1dba8ec816cab44f3c65164205d5ed6e8ac58e5e1df2cc6af583df4a28

SHA512
032d9983588fe84fcec67b056503faf051a605e98e3058010cd9df7e77e0387a47eb3fe37617a8b4b57af0d6f9bfe7004bcba5c5639bb9462199b46fb7bc8200

Download Submit
C:\Windows\Temp\{7C899D74-39C0-402D-83A5-70860C6E7886}\.ba\Foundation.Installer.Diagnostics.dll

Filesize
143KB

MD5
2cb7098cfd5ead2bdfdcca0a10c4efc5

SHA1
6d39b9331c95281ef25f4c9caac57377999438c1

SHA256
ed23c99d9f5175df8b075cfaaaf170a2214dc8aa8285590119e80b3e4559af0f

SHA512
37bb634bc25e5cc00c1dcbdc1f74843f5180120c92e1b668dce9d2c6ec4ff5a26585bcc0c74751c1636fd43a814c29812063c7209512860de968aa0034d7c033

Download Submit
C:\Windows\Temp\{7C899D74-39C0-402D-83A5-70860C6E7886}\.ba\Foundation.Installer.Diagnostics.dll

Filesize
143KB

MD5
2cb7098cfd5ead2bdfdcca0a10c4efc5

SHA1
6d39b9331c95281ef25f4c9caac57377999438c1

SHA256
ed23c99d9f5175df8b075cfaaaf170a2214dc8aa8285590119e80b3e4559af0f

SHA512
37bb634bc25e5cc00c1dcbdc1f74843f5180120c92e1b668dce9d2c6ec4ff5a26585bcc0c74751c1636fd43a814c29812063c7209512860de968aa0034d7c033

Download Submit
C:\Windows\Temp\{7C899D74-39C0-402D-83A5-70860C6E7886}\.ba\Foundation.Installer.UI.dll

Filesize
36KB

MD5
a3301c502ca4d13fc382c655452aad1d

SHA1
d35854ac640dd5d74a6d40332110331e11a2df55

SHA256
32d4ef9f63735d80cdc07c799c336f9c9c76345e04024b0e7a2cfd05150a33a1

SHA512
18ecab88c9cc094cfed47c5bcd48c4c617abb33ad82a4bf52e3d60988e1b0bb53ce3e758e7b737bd753e5561e00e8f0eba2f868bb44f7e26958791be9b695f21

Download Submit
C:\Windows\Temp\{7C899D74-39C0-402D-83A5-70860C6E7886}\.ba\Foundation.Installer.UI.dll

Filesize
36KB

MD5
a3301c502ca4d13fc382c655452aad1d

SHA1
d35854ac640dd5d74a6d40332110331e11a2df55

SHA256
32d4ef9f63735d80cdc07c799c336f9c9c76345e04024b0e7a2cfd05150a33a1

SHA512
18ecab88c9cc094cfed47c5bcd48c4c617abb33ad82a4bf52e3d60988e1b0bb53ce3e758e7b737bd753e5561e00e8f0eba2f868bb44f7e26958791be9b695f21

Download Submit
C:\Windows\Temp\{7C899D74-39C0-402D-83A5-70860C6E7886}\.ba\Foundation.Logging.Dummy.dll

Filesize
15KB

MD5
8845eb5c4699055be55915da11a02fae

SHA1
fedf587aa9be623d46e6ba5af1b25fdce1d46733

SHA256
b510c36b85e97618fecbe400339c5c4ca090914b5d23fcef6a292399a9e226e2

SHA512
073fb3a82fedf49c85e7704529bb61b89fb48e36d12c8994f10315e8a571a41239def802c1e03c41d74b0b46be6c9ea27d8a8f00a37464ba7b80987d9b7d225e

Download Submit
C:\Windows\Temp\{7C899D74-39C0-402D-83A5-70860C6E7886}\.ba\Foundation.Logging.Dummy.dll

Filesize
15KB

MD5
8845eb5c4699055be55915da11a02fae

SHA1
fedf587aa9be623d46e6ba5af1b25fdce1d46733

SHA256
b510c36b85e97618fecbe400339c5c4ca090914b5d23fcef6a292399a9e226e2

SHA512
073fb3a82fedf49c85e7704529bb61b89fb48e36d12c8994f10315e8a571a41239def802c1e03c41d74b0b46be6c9ea27d8a8f00a37464ba7b80987d9b7d225e

Download Submit
C:\Windows\Temp\{7C899D74-39C0-402D-83A5-70860C6E7886}\.ba\Foundation.Logging.dll

Filesize
17KB

MD5
ef8ddfce969e849ceb56213883b1e543

SHA1
3dff41e9ab51ba87cc7b98e422d1517ffac22712

SHA256
975d88bcf07188cbae115d4b195f19010371154c6cf853bd9e31f70c1288d5ce

SHA512
869f6ec7c60c2f0c8193f81e5fe5602dfc0a511a36bbe99d2dfc128a99be6f69a6025373fe7ead4e3a943e4e74330a595d67dd28c255c95922a6141800dcd32c

Download Submit
C:\Windows\Temp\{7C899D74-39C0-402D-83A5-70860C6E7886}\.ba\Foundation.Logging.dll

Filesize
17KB

MD5
ef8ddfce969e849ceb56213883b1e543

SHA1
3dff41e9ab51ba87cc7b98e422d1517ffac22712

SHA256
975d88bcf07188cbae115d4b195f19010371154c6cf853bd9e31f70c1288d5ce

SHA512
869f6ec7c60c2f0c8193f81e5fe5602dfc0a511a36bbe99d2dfc128a99be6f69a6025373fe7ead4e3a943e4e74330a595d67dd28c255c95922a6141800dcd32c

Download Submit
C:\Windows\Temp\{7C899D74-39C0-402D-83A5-70860C6E7886}\.ba\Hss.Setup.Bootstrapper.dll

Filesize
593KB

MD5
17237df23d8c4c6b75cdca558b24c3e7

SHA1
cddb369b93bcc31cbacbc6a02601e7205ccd6eb3

SHA256
5beb6c3a8084e7785bfc48d4d7613d60b4505bad6f597231340e606f05a35467

SHA512
bc9cea47495f257fd2d82ea04a3f893f616dfcb8b607cfaf36e4f8232e1a34073970259352f83e308cd279d8a62dbb2140557bf9b6e5cb55f576baffdf5d81f2

Download Submit
C:\Windows\Temp\{7C899D74-39C0-402D-83A5-70860C6E7886}\.ba\Hss.Setup.Bootstrapper.dll

Filesize
593KB

MD5
17237df23d8c4c6b75cdca558b24c3e7

SHA1
cddb369b93bcc31cbacbc6a02601e7205ccd6eb3

SHA256
5beb6c3a8084e7785bfc48d4d7613d60b4505bad6f597231340e606f05a35467

SHA512
bc9cea47495f257fd2d82ea04a3f893f616dfcb8b607cfaf36e4f8232e1a34073970259352f83e308cd279d8a62dbb2140557bf9b6e5cb55f576baffdf5d81f2

Download Submit
C:\Windows\Temp\{7C899D74-39C0-402D-83A5-70860C6E7886}\.ba\Hss.Setup.Bootstrapper.dll

Filesize
593KB

MD5
17237df23d8c4c6b75cdca558b24c3e7

SHA1
cddb369b93bcc31cbacbc6a02601e7205ccd6eb3

SHA256
5beb6c3a8084e7785bfc48d4d7613d60b4505bad6f597231340e606f05a35467

SHA512
bc9cea47495f257fd2d82ea04a3f893f616dfcb8b607cfaf36e4f8232e1a34073970259352f83e308cd279d8a62dbb2140557bf9b6e5cb55f576baffdf5d81f2

Download Submit
C:\Windows\Temp\{7C899D74-39C0-402D-83A5-70860C6E7886}\.ba\Hss.Setup.Common.dll

Filesize
76KB

MD5
db80b25881d559a07dc348b4dfe40e50

SHA1
81b0c576e442f67fd4a92cc792e2a9320dbfa323

SHA256
d4ab9cc2377eab28c01246b55c450bd414440da3241bf3f044c26a786f182fbd

SHA512
e49b18be745e122cf1240e9a6e7b960927797beedcdf678191e31583efcf18ad3f4dec3172c082c0868799e5e41c66396f825b33ebabf1194e4352e9a54f1149

Download Submit
C:\Windows\Temp\{7C899D74-39C0-402D-83A5-70860C6E7886}\.ba\Hss.Setup.Common.dll

Filesize
76KB

MD5
db80b25881d559a07dc348b4dfe40e50

SHA1
81b0c576e442f67fd4a92cc792e2a9320dbfa323

SHA256
d4ab9cc2377eab28c01246b55c450bd414440da3241bf3f044c26a786f182fbd

SHA512
e49b18be745e122cf1240e9a6e7b960927797beedcdf678191e31583efcf18ad3f4dec3172c082c0868799e5e41c66396f825b33ebabf1194e4352e9a54f1149

Download Submit
C:\Windows\Temp\{7C899D74-39C0-402D-83A5-70860C6E7886}\.ba\Microsoft.Bcl.AsyncInterfaces.dll

Filesize
21KB

MD5
48efe61d6ca3054309907b532d576d2a

SHA1
f36403aabb16540c93fb35245ec0b4e435628aae

SHA256
295af2142d9214f3fd84eafe4778dca119be7e0229f14b6ba8d5269c2f1e2e78

SHA512
778e7c4675d8fde9e083230213d2efa19aa6924fe892ed74fa1ea2ec16743bb14b99b51856e75eaef632d57be7f36dd1bc7ce39a7c2b0435b2f3211bb19836a3

Download Submit
C:\Windows\Temp\{7C899D74-39C0-402D-83A5-70860C6E7886}\.ba\Microsoft.Bcl.AsyncInterfaces.dll

Filesize
21KB

MD5
48efe61d6ca3054309907b532d576d2a

SHA1
f36403aabb16540c93fb35245ec0b4e435628aae

SHA256
295af2142d9214f3fd84eafe4778dca119be7e0229f14b6ba8d5269c2f1e2e78

SHA512
778e7c4675d8fde9e083230213d2efa19aa6924fe892ed74fa1ea2ec16743bb14b99b51856e75eaef632d57be7f36dd1bc7ce39a7c2b0435b2f3211bb19836a3

Download Submit
C:\Windows\Temp\{7C899D74-39C0-402D-83A5-70860C6E7886}\.ba\Microsoft.Deployment.WindowsInstaller.dll

Filesize
179KB

MD5
1a5caea6734fdd07caa514c3f3fb75da

SHA1
f070ac0d91bd337d7952abd1ddf19a737b94510c

SHA256
cf06d4ed4a8baf88c82d6c9ae0efc81c469de6da8788ab35f373b350a4b4cdca

SHA512
a22dd3b7cf1c2edcf5b540f3daa482268d8038d468b8f00ca623d1c254affbbc1446e5bd42adc3d8e274be3ba776b0034e179faccd9ac8612ccd75186d1e3bf1

Download Submit
C:\Windows\Temp\{7C899D74-39C0-402D-83A5-70860C6E7886}\.ba\Microsoft.Deployment.WindowsInstaller.dll

Filesize
179KB

MD5
1a5caea6734fdd07caa514c3f3fb75da

SHA1
f070ac0d91bd337d7952abd1ddf19a737b94510c

SHA256
cf06d4ed4a8baf88c82d6c9ae0efc81c469de6da8788ab35f373b350a4b4cdca

SHA512
a22dd3b7cf1c2edcf5b540f3daa482268d8038d468b8f00ca623d1c254affbbc1446e5bd42adc3d8e274be3ba776b0034e179faccd9ac8612ccd75186d1e3bf1

Download Submit
C:\Windows\Temp\{7C899D74-39C0-402D-83A5-70860C6E7886}\.ba\Newtonsoft.Json.dll

Filesize
695KB

MD5
715a1fbee4665e99e859eda667fe8034

SHA1
e13c6e4210043c4976dcdc447ea2b32854f70cc6

SHA256
c5c83bbc1741be6ff4c490c0aee34c162945423ec577c646538b2d21ce13199e

SHA512
bf9744ccb20f8205b2de39dbe79d34497b4d5c19b353d0f95e87ea7ef7fa1784aea87e10efcef11e4c90451eaa47a379204eb0533aa3018e378dd3511ce0e8ad

Download Submit
C:\Windows\Temp\{7C899D74-39C0-402D-83A5-70860C6E7886}\.ba\Newtonsoft.Json.dll

Filesize
695KB

MD5
715a1fbee4665e99e859eda667fe8034

SHA1
e13c6e4210043c4976dcdc447ea2b32854f70cc6

SHA256
c5c83bbc1741be6ff4c490c0aee34c162945423ec577c646538b2d21ce13199e

SHA512
bf9744ccb20f8205b2de39dbe79d34497b4d5c19b353d0f95e87ea7ef7fa1784aea87e10efcef11e4c90451eaa47a379204eb0533aa3018e378dd3511ce0e8ad

Download Submit
C:\Windows\Temp\{7C899D74-39C0-402D-83A5-70860C6E7886}\.ba\System.IO.Abstractions.dll

Filesize
56KB

MD5
84db31674547371e2b8d2dc227bcaed0

SHA1
c20993be8493c9b4586387f427e163e1b49a39ff

SHA256
a5c1a7368289eb71f7fd17b6b8c0ddb11a31f37c4889eb34016eb85bc52e5d77

SHA512
cb80c55b3c9c888a57d655faae65ffb2f80540f60944413e6d859370cb02c565eb91a832e35d34065bbaf180f20f202507007f8e2253165e7204ad567701354f

Download Submit
C:\Windows\Temp\{7C899D74-39C0-402D-83A5-70860C6E7886}\.ba\System.IO.Abstractions.dll

Filesize
56KB

MD5
84db31674547371e2b8d2dc227bcaed0

SHA1
c20993be8493c9b4586387f427e163e1b49a39ff

SHA256
a5c1a7368289eb71f7fd17b6b8c0ddb11a31f37c4889eb34016eb85bc52e5d77

SHA512
cb80c55b3c9c888a57d655faae65ffb2f80540f60944413e6d859370cb02c565eb91a832e35d34065bbaf180f20f202507007f8e2253165e7204ad567701354f

Download Submit
C:\Windows\Temp\{7C899D74-39C0-402D-83A5-70860C6E7886}\.ba\System.Memory.dll

Filesize
137KB

MD5
6fb95a357a3f7e88ade5c1629e2801f8

SHA1
19bf79600b716523b5317b9a7b68760ae5d55741

SHA256
8e76318e8b06692abf7dab1169d27d15557f7f0a34d36af6463eff0fe21213c7

SHA512
293d8c709bc68d2c980a0df423741ce06d05ff757077e63986d34cb6459f9623a024d12ef35a280f50d3d516d98abe193213b9ca71bfde2a9fe8753b1a6de2f0

Download Submit
C:\Windows\Temp\{7C899D74-39C0-402D-83A5-70860C6E7886}\.ba\System.Memory.dll

Filesize
137KB

MD5
6fb95a357a3f7e88ade5c1629e2801f8

SHA1
19bf79600b716523b5317b9a7b68760ae5d55741

SHA256
8e76318e8b06692abf7dab1169d27d15557f7f0a34d36af6463eff0fe21213c7

SHA512
293d8c709bc68d2c980a0df423741ce06d05ff757077e63986d34cb6459f9623a024d12ef35a280f50d3d516d98abe193213b9ca71bfde2a9fe8753b1a6de2f0

Download Submit
C:\Windows\Temp\{7C899D74-39C0-402D-83A5-70860C6E7886}\.ba\System.Threading.Tasks.Extensions.dll

Filesize
25KB

MD5
e1e9d7d46e5cd9525c5927dc98d9ecc7

SHA1
2242627282f9e07e37b274ea36fac2d3cd9c9110

SHA256
4f81ffd0dc7204db75afc35ea4291769b07c440592f28894260eea76626a23c6

SHA512
da7ab8c0100e7d074f0e680b28d241940733860dfbdc5b8c78428b76e807f27e44d1c5ec95ee80c0b5098e8c5d5da4d48bce86800164f9734a05035220c3ff11

Download Submit
C:\Windows\Temp\{7C899D74-39C0-402D-83A5-70860C6E7886}\.ba\System.Threading.Tasks.Extensions.dll

Filesize
25KB

MD5
e1e9d7d46e5cd9525c5927dc98d9ecc7

SHA1
2242627282f9e07e37b274ea36fac2d3cd9c9110

SHA256
4f81ffd0dc7204db75afc35ea4291769b07c440592f28894260eea76626a23c6

SHA512
da7ab8c0100e7d074f0e680b28d241940733860dfbdc5b8c78428b76e807f27e44d1c5ec95ee80c0b5098e8c5d5da4d48bce86800164f9734a05035220c3ff11

Download Submit
C:\Windows\Temp\{7C899D74-39C0-402D-83A5-70860C6E7886}\.ba\Trinet.Core.IO.Ntfs.dll

Filesize
29KB

MD5
c384a4b02dc71eb8fa10e7444a395903

SHA1
e1920e8dd57fabfc896583b412412a81e1d33aab

SHA256
3066651aafa4f2627c43b880bbb3194c9c647b00c1d8624cbd08e906075313dd

SHA512
5c6fbe08f7eb17270faf21537f89b7c967fea5e3a23a08f9edff0608dbae62c2ed5fc5c4762b42784872d1db29e08e105c4ce5282cb79b50462ffe60a9a7d893

Download Submit
C:\Windows\Temp\{7C899D74-39C0-402D-83A5-70860C6E7886}\.ba\Trinet.Core.IO.Ntfs.dll

Filesize
29KB

MD5
c384a4b02dc71eb8fa10e7444a395903

SHA1
e1920e8dd57fabfc896583b412412a81e1d33aab

SHA256
3066651aafa4f2627c43b880bbb3194c9c647b00c1d8624cbd08e906075313dd

SHA512
5c6fbe08f7eb17270faf21537f89b7c967fea5e3a23a08f9edff0608dbae62c2ed5fc5c4762b42784872d1db29e08e105c4ce5282cb79b50462ffe60a9a7d893

Download Submit
C:\Windows\Temp\{7C899D74-39C0-402D-83A5-70860C6E7886}\.ba\mbahost.dll

Filesize
119KB

MD5
c59832217903ce88793a6c40888e3cae

SHA1
6d9facabf41dcf53281897764d467696780623b8

SHA256
9dfa1bc5d2ab4c652304976978749141b8c312784b05cb577f338a0aa91330db

SHA512
1b1f4cb2e3fa57cb481e28a967b19a6fefa74f3c77a3f3214a6b09e11ceb20ae428d036929f000710b4eb24a2c57d5d7dfe39661d5a1f48ee69a02d83381d1a9

Download Submit
memory/3324-221-0x0000000004580000-0x0000000004590000-memory.dmp

Filesize
64KB

Download
memory/3324-218-0x0000000006D00000-0x0000000006D98000-memory.dmp

Filesize
608KB

Download
memory/3324-263-0x0000000007410000-0x0000000007432000-memory.dmp

Filesize
136KB

Download
memory/3324-261-0x00000000073B0000-0x00000000073DE000-memory.dmp

Filesize
184KB

Download
memory/3324-267-0x0000000007440000-0x0000000007452000-memory.dmp

Filesize
72KB

Download
memory/3324-233-0x0000000006CE0000-0x0000000006CEA000-memory.dmp

Filesize
40KB

Download
memory/3324-255-0x0000000007470000-0x0000000007522000-memory.dmp

Filesize
712KB

Download
memory/3324-237-0x0000000006F30000-0x0000000006FB6000-memory.dmp

Filesize
536KB

Download
memory/3324-271-0x00000000075D0000-0x00000000075F6000-memory.dmp

Filesize
152KB

Download
memory/3324-241-0x0000000006ED0000-0x0000000006EFA000-memory.dmp

Filesize
168KB

Download
memory/3324-229-0x0000000006CD0000-0x0000000006CDA000-memory.dmp

Filesize
40KB

Download
memory/3324-275-0x0000000007600000-0x0000000007616000-memory.dmp

Filesize
88KB

Download
memory/3324-225-0x0000000006CC0000-0x0000000006CCE000-memory.dmp

Filesize
56KB

Download
memory/3324-245-0x0000000006EB0000-0x0000000006EBE000-memory.dmp

Filesize
56KB

Download
memory/3324-279-0x0000000007620000-0x0000000007628000-memory.dmp

Filesize
32KB

Download
memory/3324-220-0x0000000004580000-0x0000000004590000-memory.dmp

Filesize
64KB

Download
memory/3324-283-0x0000000007630000-0x0000000007638000-memory.dmp

Filesize
32KB

Download
memory/3324-219-0x0000000004580000-0x0000000004590000-memory.dmp

Filesize
64KB

Download
memory/3324-284-0x00000000076A0000-0x00000000076B2000-memory.dmp

Filesize
72KB

Download
memory/3324-262-0x0000000007530000-0x0000000007596000-memory.dmp

Filesize
408KB

Download
memory/3324-211-0x0000000006860000-0x0000000006878000-memory.dmp

Filesize
96KB

Download
memory/3324-313-0x00000000081D0000-0x00000000081F2000-memory.dmp

Filesize
136KB

Download
memory/3324-251-0x0000000007310000-0x00000000073A2000-memory.dmp

Filesize
584KB

Download
memory/3324-320-0x0000000004580000-0x0000000004590000-memory.dmp

Filesize
64KB

Download
memory/3324-321-0x0000000008920000-0x000000000892C000-memory.dmp

Filesize
48KB

Download
memory/3324-250-0x00000000076E0000-0x0000000007C84000-memory.dmp

Filesize
5.6MB

Download
memory/3324-249-0x0000000006FC0000-0x0000000006FE8000-memory.dmp

Filesize
160KB

Download
memory/3324-330-0x0000000009460000-0x000000000946C000-memory.dmp

Filesize
48KB

Download
memory/3324-335-0x0000000004580000-0x0000000004590000-memory.dmp

Filesize
64KB

Download
memory/3324-336-0x0000000009DE0000-0x0000000009E9A000-memory.dmp

Filesize
744KB

Download
memory/3324-337-0x0000000009D60000-0x0000000009D68000-memory.dmp

Filesize
32KB

Download
memory/3324-338-0x0000000009FE0000-0x000000000A018000-memory.dmp

Filesize
224KB

Download
memory/3324-339-0x0000000009DD0000-0x0000000009DDE000-memory.dmp

Filesize
56KB

Download
memory/3324-356-0x0000000004580000-0x0000000004590000-memory.dmp

Filesize
64KB

Download
memory/3324-357-0x0000000004580000-0x0000000004590000-memory.dmp

Filesize
64KB

Download
memory/3324-358-0x0000000004580000-0x0000000004590000-memory.dmp

Filesize
64KB

Download
memory/3324-359-0x0000000004580000-0x0000000004590000-memory.dmp

Filesize
64KB

Download
memory/3324-360-0x0000000004580000-0x0000000004590000-memory.dmp

Filesize
64KB

Download