5f1251f3bc4c36f49b623bef0d45a4805098284753e232263da842fe857793b4

Analysis

max time kernel
14s
max time network
136s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
02-10-2023 13:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

BonitSetup.exe
Size

64.0MB
MD5

22bddfd1a372bb47701d241dcc17660b
SHA1

eb6d54834eb0bebbaea3fd052498d41898b28365
SHA256

5f1251f3bc4c36f49b623bef0d45a4805098284753e232263da842fe857793b4
SHA512

5d0c39c11bc417906eda447a74bc1a703bf53c3a39484651e94aa6794c11aeefd8b1dba1b10b294421c3c547588092b421fc7f49ee8a871fc59b7fc49f2b5636
SSDEEP

1572864:P2syXKJyoidBRGQ53ffLogxfj3K3PPAzrvmarBpo4vv7:P2syXFv9UOm3AXSS7

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1644	BonitSetup.exe

Loads dropped DLL 6 IoCs

pid	Process
2116	BonitSetup.exe
2116	BonitSetup.exe
2116	BonitSetup.exe
2116	BonitSetup.exe
1644	BonitSetup.exe
1644	BonitSetup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeSecurityPrivilege	2116	BonitSetup.exe
Token: SeShutdownPrivilege	1644	BonitSetup.exe
Token: SeShutdownPrivilege	1644	BonitSetup.exe
Token: SeShutdownPrivilege	1644	BonitSetup.exe
Token: SeShutdownPrivilege	1644	BonitSetup.exe

Suspicious use of WriteProcessMemory 18 IoCs

description	pid	Process	procid_target
PID 2116 wrote to memory of 1644	2116	BonitSetup.exe	28
PID 2116 wrote to memory of 1644	2116	BonitSetup.exe	28
PID 2116 wrote to memory of 1644	2116	BonitSetup.exe	28
PID 2116 wrote to memory of 1644	2116	BonitSetup.exe	28
PID 1644 wrote to memory of 800	1644	BonitSetup.exe	29
PID 1644 wrote to memory of 800	1644	BonitSetup.exe	29
PID 1644 wrote to memory of 800	1644	BonitSetup.exe	29
PID 1644 wrote to memory of 800	1644	BonitSetup.exe	29
PID 1644 wrote to memory of 800	1644	BonitSetup.exe	29
PID 1644 wrote to memory of 800	1644	BonitSetup.exe	29
PID 1644 wrote to memory of 800	1644	BonitSetup.exe	29
PID 1644 wrote to memory of 800	1644	BonitSetup.exe	29
PID 1644 wrote to memory of 800	1644	BonitSetup.exe	29
PID 1644 wrote to memory of 800	1644	BonitSetup.exe	29
PID 1644 wrote to memory of 800	1644	BonitSetup.exe	29
PID 1644 wrote to memory of 800	1644	BonitSetup.exe	29
PID 1644 wrote to memory of 800	1644	BonitSetup.exe	29
PID 1644 wrote to memory of 800	1644	BonitSetup.exe	29

C:\Users\Admin\AppData\Local\Temp\BonitSetup.exe
"C:\Users\Admin\AppData\Local\Temp\BonitSetup.exe"
1⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2116
- C:\Users\Admin\AppData\Local\Temp\2LYzSptpSPtrBCmBqiIbdI6Gjc7\BonitSetup.exe
  C:\Users\Admin\AppData\Local\Temp\2LYzSptpSPtrBCmBqiIbdI6Gjc7\BonitSetup.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:1644
- - C:\Users\Admin\AppData\Local\Temp\2LYzSptpSPtrBCmBqiIbdI6Gjc7\BonitSetup.exe
    "C:\Users\Admin\AppData\Local\Temp\2LYzSptpSPtrBCmBqiIbdI6Gjc7\BonitSetup.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\BonitSetup" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=956 --field-trial-handle=1152,i,8201694231048036003,2083776296571601444,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:800
- - C:\Users\Admin\AppData\Local\Temp\2LYzSptpSPtrBCmBqiIbdI6Gjc7\BonitSetup.exe
    "C:\Users\Admin\AppData\Local\Temp\2LYzSptpSPtrBCmBqiIbdI6Gjc7\BonitSetup.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\BonitSetup" --app-path="C:\Users\Admin\AppData\Local\Temp\2LYzSptpSPtrBCmBqiIbdI6Gjc7\resources\app.asar" --no-sandbox --no-zygote --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=1440 --field-trial-handle=1152,i,8201694231048036003,2083776296571601444,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    PID:1924
- - C:\Users\Admin\AppData\Local\Temp\2LYzSptpSPtrBCmBqiIbdI6Gjc7\BonitSetup.exe
    "C:\Users\Admin\AppData\Local\Temp\2LYzSptpSPtrBCmBqiIbdI6Gjc7\BonitSetup.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\BonitSetup" --mojo-platform-channel-handle=1260 --field-trial-handle=1152,i,8201694231048036003,2083776296571601444,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    PID:2384
- - C:\Users\Admin\AppData\Local\Temp\2LYzSptpSPtrBCmBqiIbdI6Gjc7\BonitSetup.exe
    "C:\Users\Admin\AppData\Local\Temp\2LYzSptpSPtrBCmBqiIbdI6Gjc7\BonitSetup.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\BonitSetup" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=956 --field-trial-handle=1152,i,8201694231048036003,2083776296571601444,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    PID:2404

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
51ad2aeb5472fdf809d5c42cba0dbe4c

SHA1
d9c8ccecb61ee431a90e36e544859a2bf59d7efa

SHA256
a0685f4346b0f3c749dfc64f7b9f688059ce335a2c6735a2bfa4fb02b9c3416a

SHA512
d13ee82e4e78729ffd4e7cd6669f2c424cd8a6543f1110e71349b3d89afe937b6e31199ce5b2a5bebb763ab902cd343d7c1ce63705bd9db8e3d00ace3cdf305b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
14a0c4a90f6db0a5d1d7cb793e38fea8

SHA1
7db126dbb57e05a0ef470abf1f6af8f98a240bec

SHA256
1fb361a22fb99426d563522452d3fc5a19e375bca892746f867ed701d52d09cd

SHA512
8afaf90cc4c92fd1e80f10a0329f687d641c3c76092f61031c4264d98e72f617fcde109d91be52de7e671c9be290b11e9f54b6b55fb7bec7209a8a66ab938bb0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
85f93a014957171414079b8e8aef321c

SHA1
37aedb9f5e746480e4f9f3091a5c7bf90fb87a50

SHA256
c2f764734ac62218162a61174555d0f677a0fdfd76b4b6e53ef5f9fe1df7f4f5

SHA512
e1002206e75ac21aa53132f4c74558de7aa16d10655b7ae87c8e47175971bd73cc71ac99970a855498077a0610d836540087638a571ac122c5d05fbc508282e1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6431d9a5d7c468592f16daed7301c4a0

SHA1
ac0275d6101356d51d97e5962e7d104d143d2b37

SHA256
26c3ecc67d58d2593ea5672c896d6ca32b22c05ada0df9af95bf09a7518f2919

SHA512
df73681ae7e8eae9319ce5d70fa357cbe1ea990885142029ece72751f2195615112db6f430d7f17c729d683386d072e94147a93adb1b0dc80090fa5011aaf008

Download Submit
C:\Users\Admin\AppData\Local\Temp\2LYzSptpSPtrBCmBqiIbdI6Gjc7\BonitSetup.exe

Filesize
150.4MB

MD5
b3de22c77fbc5af74c3c705ab99709ac

SHA1
c7dee816c91f4dd070934e83121a16cbc06a6568

SHA256
85452b19a973250764679bd14cd9fc6a3b3a36b7e180c52b38be1a0e440c99b7

SHA512
e31796544197f9af0fd63913a4b70d46267e634d864c4178e929aac45ef2f453228dd77bddd390823f2da2a2246d4e82aaf18c42cbea81f93dc194c1e7723a70

Download Submit
C:\Users\Admin\AppData\Local\Temp\2LYzSptpSPtrBCmBqiIbdI6Gjc7\BonitSetup.exe

Filesize
150.4MB

MD5
b3de22c77fbc5af74c3c705ab99709ac

SHA1
c7dee816c91f4dd070934e83121a16cbc06a6568

SHA256
85452b19a973250764679bd14cd9fc6a3b3a36b7e180c52b38be1a0e440c99b7

SHA512
e31796544197f9af0fd63913a4b70d46267e634d864c4178e929aac45ef2f453228dd77bddd390823f2da2a2246d4e82aaf18c42cbea81f93dc194c1e7723a70

Download Submit
C:\Users\Admin\AppData\Local\Temp\2LYzSptpSPtrBCmBqiIbdI6Gjc7\BonitSetup.exe

Filesize
150.4MB

MD5
b3de22c77fbc5af74c3c705ab99709ac

SHA1
c7dee816c91f4dd070934e83121a16cbc06a6568

SHA256
85452b19a973250764679bd14cd9fc6a3b3a36b7e180c52b38be1a0e440c99b7

SHA512
e31796544197f9af0fd63913a4b70d46267e634d864c4178e929aac45ef2f453228dd77bddd390823f2da2a2246d4e82aaf18c42cbea81f93dc194c1e7723a70

Download Submit
C:\Users\Admin\AppData\Local\Temp\2LYzSptpSPtrBCmBqiIbdI6Gjc7\BonitSetup.exe

Filesize
101.6MB

MD5
8eb774489e893bcd97c35fcc6a1a3685

SHA1
7b17b7ac3825db73aa7566ee5a8e76a2460e679a

SHA256
074ac0855c90c58b9e05ea8b7248ff5c3d0c488479c4800dc88a07cf8b6b3c8f

SHA512
4af37f2a8b182e50491e4a2d2b8c332e30c0b161f0f56e46c515e93fb96375f2458764eb3d425356723693bb415e2f0b4de46d72d1b7d7c3b998f5ba27da39cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\2LYzSptpSPtrBCmBqiIbdI6Gjc7\BonitSetup.exe

Filesize
101.7MB

MD5
ffedcbeec02a56dfcfb4be8c0f07f9c0

SHA1
1bd3a1ab1be2d79b7f4f5c49d702a5b1f0619f8e

SHA256
85ad9d8f4edb579b2607f0f78e5825add2202ee9105837845c7c25ffd4f96993

SHA512
1c9f68814fea74a5b568cac24894d2a1e8a8e0e59bf71343488dfe381859be6e1f6dde162a0fdb70b3c87cc6f92564ebca52d85216ad2f97eeda36e5ca276807

Download Submit
C:\Users\Admin\AppData\Local\Temp\2LYzSptpSPtrBCmBqiIbdI6Gjc7\BonitSetup.exe

Filesize
104.2MB

MD5
87b1363719bdc08f3a60f6bfcdfb83e7

SHA1
4f729240ccadec3f46a6bec947180bb495e41865

SHA256
a9ea1be4f3452b75f565f89869745caf6370378a78805796df1df68fd82f7481

SHA512
01d086c185980792dfa29489d5d7f964073a5a425424355290ac1da61e6568c707e94f9d082efa2e211dec47a4dbeb7fb045df7350851186bafc2a27912ab011

Download Submit
C:\Users\Admin\AppData\Local\Temp\2LYzSptpSPtrBCmBqiIbdI6Gjc7\BonitSetup.exe

Filesize
150.4MB

MD5
b3de22c77fbc5af74c3c705ab99709ac

SHA1
c7dee816c91f4dd070934e83121a16cbc06a6568

SHA256
85452b19a973250764679bd14cd9fc6a3b3a36b7e180c52b38be1a0e440c99b7

SHA512
e31796544197f9af0fd63913a4b70d46267e634d864c4178e929aac45ef2f453228dd77bddd390823f2da2a2246d4e82aaf18c42cbea81f93dc194c1e7723a70

Download Submit
C:\Users\Admin\AppData\Local\Temp\2LYzSptpSPtrBCmBqiIbdI6Gjc7\D3DCompiler_47.dll

Filesize
4.7MB

MD5
cb9807f6cf55ad799e920b7e0f97df99

SHA1
bb76012ded5acd103adad49436612d073d159b29

SHA256
5653bc7b0e2701561464ef36602ff6171c96bffe96e4c3597359cd7addcba88a

SHA512
f7c65bae4ede13616330ae46a197ebad106920dce6a31fd5a658da29ed1473234ca9e2b39cc9833ff903fb6b52ff19e39e6397fac02f005823ed366ca7a34f62

Download Submit
C:\Users\Admin\AppData\Local\Temp\2LYzSptpSPtrBCmBqiIbdI6Gjc7\chrome_100_percent.pak

Filesize
126KB

MD5
d31f3439e2a3f7bee4ddd26f46a2b83f

SHA1
c5a26f86eb119ae364c5bf707bebed7e871fc214

SHA256
9f79f46ca911543ead096a5ee28a34bf1fbe56ec9ba956032a6a2892b254857e

SHA512
aa27c97bf5581eb3f5e88f112df8bfb6a5283ce44eb13fbc41855008f84fb5b111dfe0616c310c3642b7f8ac99623d7c217aecc353f54f4d8f7042840099abc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\2LYzSptpSPtrBCmBqiIbdI6Gjc7\chrome_200_percent.pak

Filesize
175KB

MD5
5604b67e3f03ab2741f910a250c91137

SHA1
a4bb15ac7914c22575f1051a29c448f215fe027f

SHA256
1408387e87cb5308530def6ce57bdc4e0abbbaa9e70f687fd6c3a02a56a0536c

SHA512
5e6f875068792e862b1fc8bb7b340ac0f1f4c51e53e50be81a5af8575ca3591f4e7eb9239890178b17c5a8ff4ebb23719190d7db0bd8a9aa6dcb4308ffa9a34d

Download Submit
C:\Users\Admin\AppData\Local\Temp\2LYzSptpSPtrBCmBqiIbdI6Gjc7\ffmpeg.dll

Filesize
2.6MB

MD5
0b003a4518c24a426554920171f7a842

SHA1
d64f248f642373c899011a6f0e125335b067a56f

SHA256
d4caab8ba7c39c32d88408b96622c065c31b7c5578a3d58c591b0dba609c4535

SHA512
9581b6473cdb52f8735f0ad92b01caffd95646e6231e20f0b0919aa89faec01561052ed9a0b650a79dfe915bcd3036095e761c87e02bd384b37417e4e7c59298

Download Submit
C:\Users\Admin\AppData\Local\Temp\2LYzSptpSPtrBCmBqiIbdI6Gjc7\icudtl.dat

Filesize
10.0MB

MD5
76bef9b8bb32e1e54fe1054c97b84a10

SHA1
05dfea2a3afeda799ab01bb7fbce628cacd596f4

SHA256
97b978a19edd4746e9a44d9a44bb4bc519e127a203c247837ec0922f573449e3

SHA512
7330df8129e7a0b7b3655498b2593321595ec29445ea193c8f473c593590f5701eb7125ff6e5cde970c54765f9565fa51c2c54af6e2127f582ab45efa7a3a0f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\2LYzSptpSPtrBCmBqiIbdI6Gjc7\libegl.dll

Filesize
473KB

MD5
234a6b1f55ff509b67798fc035c0d630

SHA1
4d7bc13a6c496a055aeb3575435a539362041fb8

SHA256
18437c020fc37011e276a9780d8941482195632489a6afca47302132e2cb66c4

SHA512
d77147a65a28da132144f6f47bd6b86fb9679f247fbe7e75bc36d8e91a81b9db8ef2ba9a42a2e277b746ff66e056af3592fbe24ae56bd20139419f2eb8b44ef5

Download Submit
C:\Users\Admin\AppData\Local\Temp\2LYzSptpSPtrBCmBqiIbdI6Gjc7\libglesv2.dll

Filesize
7.2MB

MD5
7a846681e19d07fd1b77ef5ddf4c1249

SHA1
c38a8dbc51d1ee6a7826e70e4f1da1b6e9bb795e

SHA256
2d7367f7457044588826d19887edbc2070368cb9754c4b638c93b4ad19ea5ce7

SHA512
08dba2f13660a152bb4028c49be3809c3a6a437fd44d537efd0841cc00fb4869c74016a0227e65accee0f0412d9741e7783fb639f07983ccd39817c89a5d08b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\2LYzSptpSPtrBCmBqiIbdI6Gjc7\locales\en-US.pak

Filesize
313KB

MD5
3f6f4b2c2f24e3893882cdaa1ccfe1a3

SHA1
b021cca30e774e0b91ee21b5beb030fea646098f

SHA256
bb165eaa51456b52fcbdf7639ee727280e335a1f6b4cfb91afc45222895b564f

SHA512
bd80ddaa87f41cde20527ff34817d98605f11b30a291e129478712ebebe47956dbd49a317d3eeb223adf736c34750b59b68ad9d646c661474ad69866d5a53c5c

Download Submit
C:\Users\Admin\AppData\Local\Temp\2LYzSptpSPtrBCmBqiIbdI6Gjc7\resources.pak

Filesize
5.1MB

MD5
bd17bd87b4a2f1fc2ba31e6f58b19a32

SHA1
838294ed3d4d0cb11ea14ff6c200f33e75156e22

SHA256
d4297566631f6addf3492559462ece0c2e9b42f29faf873ebd01fc424f9f8e6f

SHA512
1b9970dc73b4e647841712542c9751c727e6d33b45e987c42b49741e1873d540406f47bb9b869d334786191844071aac66043435f09510be5a141f518ca1f28d

Download Submit
C:\Users\Admin\AppData\Local\Temp\2LYzSptpSPtrBCmBqiIbdI6Gjc7\resources\app.asar

Filesize
28.0MB

MD5
93f6f7378eefa6c9f42324e0661907b3

SHA1
a51957e2ba8f5fe281348d0c92df96a3a73ce1cf

SHA256
7a912c7a7cf0a7d6dc66b470eaee266b006313df82fd7e12a0756002c738e072

SHA512
97362872b0518f6ff000b29c2a72c3dec477cc4aaebd2141b8315b40947bb26972b506da129c1c50ae6a16b2219470a3de5a9f6aa094406f8e433530a8a291f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\2LYzSptpSPtrBCmBqiIbdI6Gjc7\v8_context_snapshot.bin

Filesize
471KB

MD5
0e92bb66ea722338663d6d2d891b5d35

SHA1
b73c8560c974dc9b17488a7b50895dc03f43bc6f

SHA256
e795edcbe49ef9dbe4ad88c4fce19076fafc13f56353753a39e35a3355c3d2d1

SHA512
cc8e28d47f1298382645e658deecf784fcdb9e4eca44537eff878d090be215c437d87e709c186947f798a46580517bac76bb9d69c09830991ed1d94d29e2a367

Download Submit
C:\Users\Admin\AppData\Local\Temp\2LYzSptpSPtrBCmBqiIbdI6Gjc7\vk_swiftshader.dll

Filesize
4.9MB

MD5
bc275a1ce7b513901b58851ec5786819

SHA1
37d71b37e7293c0159c4efdc4e7a20733c9e5c7a

SHA256
88ccc0b3221e46fe13055839e5c5623ee219894b947e2e01e83a0fd12e7a34f7

SHA512
1b643a0c12385fd4fe212af07eeb214ab9b09938f67b83e9442a562fdf73cdb6da289d2323eb126d535518f9f55a9a2b704cde29f96f8c38f710944bd705cf1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\2LYzSptpSPtrBCmBqiIbdI6Gjc7\vk_swiftshader_icd.json

Filesize
106B

MD5
8642dd3a87e2de6e991fae08458e302b

SHA1
9c06735c31cec00600fd763a92f8112d085bd12a

SHA256
32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9

SHA512
f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

Download Submit
C:\Users\Admin\AppData\Local\Temp\2LYzSptpSPtrBCmBqiIbdI6Gjc7\vulkan-1.dll

Filesize
894KB

MD5
7855fc788b036bb11f98ca53bd7d23d3

SHA1
abb06e806e9ef55440a6499636c134dfd9dcaa04

SHA256
54e6de3b228c5e265498f4c21663cf51a113d53eac9c08f621f7213b0d57a378

SHA512
964d1d37f231684dc38edfc3ed78b90f466619f2ca885d13da4349addabf39d233e647c3faa95875161d18781f0f090f67b40a5f77dbd5a018a82867b77f4bc4

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabF7C9.tmp

Filesize
61KB

MD5
f3441b8572aae8801c04f3060b550443

SHA1
4ef0a35436125d6821831ef36c28ffaf196cda15

SHA256
6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

SHA512
5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarC65.tmp

Filesize
163KB

MD5
9441737383d21192400eca82fda910ec

SHA1
725e0d606a4fc9ba44aa8ffde65bed15e65367e4

SHA256
bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

SHA512
7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi497F.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Roaming\BonitSetup\DawnCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Roaming\BonitSetup\DawnCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Roaming\BonitSetup\DawnCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Roaming\BonitSetup\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Roaming\BonitSetup\Local Storage\leveldb\CURRENT~RFf767629.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Roaming\BonitSetup\Network\28c6fd0b-b808-47a6-b095-d39238d2c775.tmp

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Roaming\BonitSetup\Network\Network Persistent State

Filesize
59B

MD5
78bfcecb05ed1904edce3b60cb5c7e62

SHA1
bf77a7461de9d41d12aa88fba056ba758793d9ce

SHA256
c257f929cff0e4380bf08d9f36f310753f7b1ccb5cb2ab811b52760dd8cb9572

SHA512
2420dff6eb853f5e1856cdab99561a896ea0743fcff3e04b37cb87eddf063770608a30c6ffb0319e5d353b0132c5f8135b7082488e425666b2c22b753a6a4d73

Download Submit
\Users\Admin\AppData\Local\Temp\2LYzSptpSPtrBCmBqiIbdI6Gjc7\BonitSetup.exe

Filesize
150.4MB

MD5
b3de22c77fbc5af74c3c705ab99709ac

SHA1
c7dee816c91f4dd070934e83121a16cbc06a6568

SHA256
85452b19a973250764679bd14cd9fc6a3b3a36b7e180c52b38be1a0e440c99b7

SHA512
e31796544197f9af0fd63913a4b70d46267e634d864c4178e929aac45ef2f453228dd77bddd390823f2da2a2246d4e82aaf18c42cbea81f93dc194c1e7723a70

Download Submit
\Users\Admin\AppData\Local\Temp\2LYzSptpSPtrBCmBqiIbdI6Gjc7\BonitSetup.exe

Filesize
117.1MB

MD5
ec59425c337c38a64b223f704dd51036

SHA1
3e9deda2848873e9f3ad886229589217ed45c3bb

SHA256
8eceb566813927491e672bb3b7f852d6843a36b57ea995b37d69ef921313885e

SHA512
168b491db3395d85bd1312ed2868ed9c97ae4a1be4e479d5112a0d293422648502a91065d337d54c4dcd093397f46730ce5fd618806b6e4796c4f58b5c9600d4

Download Submit
\Users\Admin\AppData\Local\Temp\2LYzSptpSPtrBCmBqiIbdI6Gjc7\BonitSetup.exe

Filesize
150.4MB

MD5
b3de22c77fbc5af74c3c705ab99709ac

SHA1
c7dee816c91f4dd070934e83121a16cbc06a6568

SHA256
85452b19a973250764679bd14cd9fc6a3b3a36b7e180c52b38be1a0e440c99b7

SHA512
e31796544197f9af0fd63913a4b70d46267e634d864c4178e929aac45ef2f453228dd77bddd390823f2da2a2246d4e82aaf18c42cbea81f93dc194c1e7723a70

Download Submit
\Users\Admin\AppData\Local\Temp\2LYzSptpSPtrBCmBqiIbdI6Gjc7\BonitSetup.exe

Filesize
106.2MB

MD5
b06c69420132fd0fc352fe7488fb1ab6

SHA1
44406dd95ca21a33a670c3624e2ed28d846cad7d

SHA256
f01947fc46912525af0dd1914b39bf7f6b3b0e687a6ca18a14773a602fc46708

SHA512
74bc8a77ab3d63e61086be9369ca1b4ded1cb2aa7677682755bce013177ba9a7b757e041a65fcec0aa86966e27b7fabc713966cee4259ae6f6586047ff30edc3

Download Submit
\Users\Admin\AppData\Local\Temp\2LYzSptpSPtrBCmBqiIbdI6Gjc7\BonitSetup.exe

Filesize
150.4MB

MD5
b3de22c77fbc5af74c3c705ab99709ac

SHA1
c7dee816c91f4dd070934e83121a16cbc06a6568

SHA256
85452b19a973250764679bd14cd9fc6a3b3a36b7e180c52b38be1a0e440c99b7

SHA512
e31796544197f9af0fd63913a4b70d46267e634d864c4178e929aac45ef2f453228dd77bddd390823f2da2a2246d4e82aaf18c42cbea81f93dc194c1e7723a70

Download Submit
\Users\Admin\AppData\Local\Temp\2LYzSptpSPtrBCmBqiIbdI6Gjc7\d3dcompiler_47.dll

Filesize
4.7MB

MD5
cb9807f6cf55ad799e920b7e0f97df99

SHA1
bb76012ded5acd103adad49436612d073d159b29

SHA256
5653bc7b0e2701561464ef36602ff6171c96bffe96e4c3597359cd7addcba88a

SHA512
f7c65bae4ede13616330ae46a197ebad106920dce6a31fd5a658da29ed1473234ca9e2b39cc9833ff903fb6b52ff19e39e6397fac02f005823ed366ca7a34f62

Download Submit
\Users\Admin\AppData\Local\Temp\2LYzSptpSPtrBCmBqiIbdI6Gjc7\d3dcompiler_47.dll

Filesize
4.7MB

MD5
cb9807f6cf55ad799e920b7e0f97df99

SHA1
bb76012ded5acd103adad49436612d073d159b29

SHA256
5653bc7b0e2701561464ef36602ff6171c96bffe96e4c3597359cd7addcba88a

SHA512
f7c65bae4ede13616330ae46a197ebad106920dce6a31fd5a658da29ed1473234ca9e2b39cc9833ff903fb6b52ff19e39e6397fac02f005823ed366ca7a34f62

Download Submit
\Users\Admin\AppData\Local\Temp\2LYzSptpSPtrBCmBqiIbdI6Gjc7\ffmpeg.dll

Filesize
2.6MB

MD5
0b003a4518c24a426554920171f7a842

SHA1
d64f248f642373c899011a6f0e125335b067a56f

SHA256
d4caab8ba7c39c32d88408b96622c065c31b7c5578a3d58c591b0dba609c4535

SHA512
9581b6473cdb52f8735f0ad92b01caffd95646e6231e20f0b0919aa89faec01561052ed9a0b650a79dfe915bcd3036095e761c87e02bd384b37417e4e7c59298

Download Submit
\Users\Admin\AppData\Local\Temp\2LYzSptpSPtrBCmBqiIbdI6Gjc7\ffmpeg.dll

Filesize
2.6MB

MD5
0b003a4518c24a426554920171f7a842

SHA1
d64f248f642373c899011a6f0e125335b067a56f

SHA256
d4caab8ba7c39c32d88408b96622c065c31b7c5578a3d58c591b0dba609c4535

SHA512
9581b6473cdb52f8735f0ad92b01caffd95646e6231e20f0b0919aa89faec01561052ed9a0b650a79dfe915bcd3036095e761c87e02bd384b37417e4e7c59298

Download Submit
\Users\Admin\AppData\Local\Temp\2LYzSptpSPtrBCmBqiIbdI6Gjc7\ffmpeg.dll

Filesize
2.6MB

MD5
0b003a4518c24a426554920171f7a842

SHA1
d64f248f642373c899011a6f0e125335b067a56f

SHA256
d4caab8ba7c39c32d88408b96622c065c31b7c5578a3d58c591b0dba609c4535

SHA512
9581b6473cdb52f8735f0ad92b01caffd95646e6231e20f0b0919aa89faec01561052ed9a0b650a79dfe915bcd3036095e761c87e02bd384b37417e4e7c59298

Download Submit
\Users\Admin\AppData\Local\Temp\2LYzSptpSPtrBCmBqiIbdI6Gjc7\ffmpeg.dll

Filesize
2.6MB

MD5
0b003a4518c24a426554920171f7a842

SHA1
d64f248f642373c899011a6f0e125335b067a56f

SHA256
d4caab8ba7c39c32d88408b96622c065c31b7c5578a3d58c591b0dba609c4535

SHA512
9581b6473cdb52f8735f0ad92b01caffd95646e6231e20f0b0919aa89faec01561052ed9a0b650a79dfe915bcd3036095e761c87e02bd384b37417e4e7c59298

Download Submit
\Users\Admin\AppData\Local\Temp\2LYzSptpSPtrBCmBqiIbdI6Gjc7\ffmpeg.dll

Filesize
2.6MB

MD5
0b003a4518c24a426554920171f7a842

SHA1
d64f248f642373c899011a6f0e125335b067a56f

SHA256
d4caab8ba7c39c32d88408b96622c065c31b7c5578a3d58c591b0dba609c4535

SHA512
9581b6473cdb52f8735f0ad92b01caffd95646e6231e20f0b0919aa89faec01561052ed9a0b650a79dfe915bcd3036095e761c87e02bd384b37417e4e7c59298

Download Submit
\Users\Admin\AppData\Local\Temp\2LYzSptpSPtrBCmBqiIbdI6Gjc7\libEGL.dll

Filesize
473KB

MD5
234a6b1f55ff509b67798fc035c0d630

SHA1
4d7bc13a6c496a055aeb3575435a539362041fb8

SHA256
18437c020fc37011e276a9780d8941482195632489a6afca47302132e2cb66c4

SHA512
d77147a65a28da132144f6f47bd6b86fb9679f247fbe7e75bc36d8e91a81b9db8ef2ba9a42a2e277b746ff66e056af3592fbe24ae56bd20139419f2eb8b44ef5

Download Submit
\Users\Admin\AppData\Local\Temp\2LYzSptpSPtrBCmBqiIbdI6Gjc7\libEGL.dll

Filesize
473KB

MD5
234a6b1f55ff509b67798fc035c0d630

SHA1
4d7bc13a6c496a055aeb3575435a539362041fb8

SHA256
18437c020fc37011e276a9780d8941482195632489a6afca47302132e2cb66c4

SHA512
d77147a65a28da132144f6f47bd6b86fb9679f247fbe7e75bc36d8e91a81b9db8ef2ba9a42a2e277b746ff66e056af3592fbe24ae56bd20139419f2eb8b44ef5

Download Submit
\Users\Admin\AppData\Local\Temp\2LYzSptpSPtrBCmBqiIbdI6Gjc7\libGLESv2.dll

Filesize
7.2MB

MD5
7a846681e19d07fd1b77ef5ddf4c1249

SHA1
c38a8dbc51d1ee6a7826e70e4f1da1b6e9bb795e

SHA256
2d7367f7457044588826d19887edbc2070368cb9754c4b638c93b4ad19ea5ce7

SHA512
08dba2f13660a152bb4028c49be3809c3a6a437fd44d537efd0841cc00fb4869c74016a0227e65accee0f0412d9741e7783fb639f07983ccd39817c89a5d08b8

Download Submit
\Users\Admin\AppData\Local\Temp\2LYzSptpSPtrBCmBqiIbdI6Gjc7\libGLESv2.dll

Filesize
7.2MB

MD5
7a846681e19d07fd1b77ef5ddf4c1249

SHA1
c38a8dbc51d1ee6a7826e70e4f1da1b6e9bb795e

SHA256
2d7367f7457044588826d19887edbc2070368cb9754c4b638c93b4ad19ea5ce7

SHA512
08dba2f13660a152bb4028c49be3809c3a6a437fd44d537efd0841cc00fb4869c74016a0227e65accee0f0412d9741e7783fb639f07983ccd39817c89a5d08b8

Download Submit
\Users\Admin\AppData\Local\Temp\2LYzSptpSPtrBCmBqiIbdI6Gjc7\vk_swiftshader.dll

Filesize
4.9MB

MD5
bc275a1ce7b513901b58851ec5786819

SHA1
37d71b37e7293c0159c4efdc4e7a20733c9e5c7a

SHA256
88ccc0b3221e46fe13055839e5c5623ee219894b947e2e01e83a0fd12e7a34f7

SHA512
1b643a0c12385fd4fe212af07eeb214ab9b09938f67b83e9442a562fdf73cdb6da289d2323eb126d535518f9f55a9a2b704cde29f96f8c38f710944bd705cf1e

Download Submit
\Users\Admin\AppData\Local\Temp\2LYzSptpSPtrBCmBqiIbdI6Gjc7\vk_swiftshader.dll

Filesize
4.9MB

MD5
bc275a1ce7b513901b58851ec5786819

SHA1
37d71b37e7293c0159c4efdc4e7a20733c9e5c7a

SHA256
88ccc0b3221e46fe13055839e5c5623ee219894b947e2e01e83a0fd12e7a34f7

SHA512
1b643a0c12385fd4fe212af07eeb214ab9b09938f67b83e9442a562fdf73cdb6da289d2323eb126d535518f9f55a9a2b704cde29f96f8c38f710944bd705cf1e

Download Submit
\Users\Admin\AppData\Local\Temp\2LYzSptpSPtrBCmBqiIbdI6Gjc7\vk_swiftshader.dll

Filesize
4.9MB

MD5
bc275a1ce7b513901b58851ec5786819

SHA1
37d71b37e7293c0159c4efdc4e7a20733c9e5c7a

SHA256
88ccc0b3221e46fe13055839e5c5623ee219894b947e2e01e83a0fd12e7a34f7

SHA512
1b643a0c12385fd4fe212af07eeb214ab9b09938f67b83e9442a562fdf73cdb6da289d2323eb126d535518f9f55a9a2b704cde29f96f8c38f710944bd705cf1e

Download Submit
\Users\Admin\AppData\Local\Temp\2LYzSptpSPtrBCmBqiIbdI6Gjc7\vk_swiftshader.dll

Filesize
4.9MB

MD5
bc275a1ce7b513901b58851ec5786819

SHA1
37d71b37e7293c0159c4efdc4e7a20733c9e5c7a

SHA256
88ccc0b3221e46fe13055839e5c5623ee219894b947e2e01e83a0fd12e7a34f7

SHA512
1b643a0c12385fd4fe212af07eeb214ab9b09938f67b83e9442a562fdf73cdb6da289d2323eb126d535518f9f55a9a2b704cde29f96f8c38f710944bd705cf1e

Download Submit
\Users\Admin\AppData\Local\Temp\2LYzSptpSPtrBCmBqiIbdI6Gjc7\vulkan-1.dll

Filesize
894KB

MD5
7855fc788b036bb11f98ca53bd7d23d3

SHA1
abb06e806e9ef55440a6499636c134dfd9dcaa04

SHA256
54e6de3b228c5e265498f4c21663cf51a113d53eac9c08f621f7213b0d57a378

SHA512
964d1d37f231684dc38edfc3ed78b90f466619f2ca885d13da4349addabf39d233e647c3faa95875161d18781f0f090f67b40a5f77dbd5a018a82867b77f4bc4

Download Submit
\Users\Admin\AppData\Local\Temp\nsi497F.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
\Users\Admin\AppData\Local\Temp\nsi497F.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
\Users\Admin\AppData\Local\Temp\nsi497F.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
memory/800-242-0x0000000077C90000-0x0000000077C91000-memory.dmp

Filesize
4KB

Download
memory/800-179-0x0000000000060000-0x0000000000061000-memory.dmp

Filesize
4KB

Download
memory/1644-207-0x0000000000130000-0x0000000000131000-memory.dmp

Filesize
4KB

Download