5f1251f3bc4c36f49b623bef0d45a4805098284753e232263da842fe857793b4

Analysis

max time kernel
152s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
02-10-2023 13:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

BonitSetup.exe
Size

64.0MB
MD5

22bddfd1a372bb47701d241dcc17660b
SHA1

eb6d54834eb0bebbaea3fd052498d41898b28365
SHA256

5f1251f3bc4c36f49b623bef0d45a4805098284753e232263da842fe857793b4
SHA512

5d0c39c11bc417906eda447a74bc1a703bf53c3a39484651e94aa6794c11aeefd8b1dba1b10b294421c3c547588092b421fc7f49ee8a871fc59b7fc49f2b5636
SSDEEP

1572864:P2syXKJyoidBRGQ53ffLogxfj3K3PPAzrvmarBpo4vv7:P2syXFv9UOm3AXSS7

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Control Panel\International\Geo\Nation	BonitSetup.exe
Key value queried	\REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Control Panel\International\Geo\Nation	BonitSetup.exe

Executes dropped EXE 5 IoCs

pid	Process
3868	BonitSetup.exe
4636	BonitSetup.exe
1600	BonitSetup.exe
1484	BonitSetup.exe
1560	BonitSetup.exe

Loads dropped DLL 13 IoCs

pid	Process
3752	BonitSetup.exe
3752	BonitSetup.exe
3752	BonitSetup.exe
3868	BonitSetup.exe
1600	BonitSetup.exe
1484	BonitSetup.exe
4636	BonitSetup.exe
4636	BonitSetup.exe
4636	BonitSetup.exe
4636	BonitSetup.exe
4636	BonitSetup.exe
1560	BonitSetup.exe
1560	BonitSetup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies system certificate store 2 TTPs 8 IoCs

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1368000000010000000800000000409120d035d9017e000000010000000800000000c001b39667d6017f000000010000000e000000300c060a2b0601040182370a03041d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589100b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000006200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703080f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	BonitSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd67707390b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b660537f000000010000000e000000300c060a2b0601040182370a03047e000000010000000800000000c001b39667d60168000000010000000800000000409120d035d901030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	BonitSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 5c0000000100000004000000000800001900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1368000000010000000800000000409120d035d9017e000000010000000800000000c001b39667d6017f000000010000000e000000300c060a2b0601040182370a03041d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589100b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000006200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703080f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d040000000100000010000000410352dc0ff7501b16f0028eba6f45c520000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	BonitSetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	BonitSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	BonitSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	BonitSetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13	BonitSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd67707390b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b660537f000000010000000e000000300c060a2b0601040182370a03047e000000010000000800000000c001b39667d60168000000010000000800000000409120d035d901030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	BonitSetup.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1560	BonitSetup.exe
1560	BonitSetup.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeSecurityPrivilege	3752	BonitSetup.exe
Token: SeShutdownPrivilege	3868	BonitSetup.exe
Token: SeCreatePagefilePrivilege	3868	BonitSetup.exe
Token: SeShutdownPrivilege	3868	BonitSetup.exe
Token: SeCreatePagefilePrivilege	3868	BonitSetup.exe
Token: SeShutdownPrivilege	3868	BonitSetup.exe
Token: SeCreatePagefilePrivilege	3868	BonitSetup.exe
Token: SeShutdownPrivilege	3868	BonitSetup.exe
Token: SeCreatePagefilePrivilege	3868	BonitSetup.exe
Token: SeShutdownPrivilege	3868	BonitSetup.exe
Token: SeCreatePagefilePrivilege	3868	BonitSetup.exe
Token: SeShutdownPrivilege	3868	BonitSetup.exe
Token: SeCreatePagefilePrivilege	3868	BonitSetup.exe
Token: SeShutdownPrivilege	3868	BonitSetup.exe
Token: SeCreatePagefilePrivilege	3868	BonitSetup.exe
Token: SeShutdownPrivilege	3868	BonitSetup.exe
Token: SeCreatePagefilePrivilege	3868	BonitSetup.exe
Token: SeShutdownPrivilege	3868	BonitSetup.exe
Token: SeCreatePagefilePrivilege	3868	BonitSetup.exe
Token: SeShutdownPrivilege	3868	BonitSetup.exe
Token: SeCreatePagefilePrivilege	3868	BonitSetup.exe
Token: SeShutdownPrivilege	3868	BonitSetup.exe
Token: SeCreatePagefilePrivilege	3868	BonitSetup.exe
Token: SeShutdownPrivilege	3868	BonitSetup.exe
Token: SeCreatePagefilePrivilege	3868	BonitSetup.exe
Token: SeShutdownPrivilege	3868	BonitSetup.exe
Token: SeCreatePagefilePrivilege	3868	BonitSetup.exe
Token: SeShutdownPrivilege	3868	BonitSetup.exe
Token: SeCreatePagefilePrivilege	3868	BonitSetup.exe
Token: SeShutdownPrivilege	3868	BonitSetup.exe
Token: SeCreatePagefilePrivilege	3868	BonitSetup.exe
Token: SeShutdownPrivilege	3868	BonitSetup.exe
Token: SeCreatePagefilePrivilege	3868	BonitSetup.exe
Token: SeShutdownPrivilege	3868	BonitSetup.exe
Token: SeCreatePagefilePrivilege	3868	BonitSetup.exe
Token: SeShutdownPrivilege	3868	BonitSetup.exe
Token: SeCreatePagefilePrivilege	3868	BonitSetup.exe
Token: SeShutdownPrivilege	3868	BonitSetup.exe
Token: SeCreatePagefilePrivilege	3868	BonitSetup.exe
Token: SeShutdownPrivilege	3868	BonitSetup.exe
Token: SeCreatePagefilePrivilege	3868	BonitSetup.exe
Token: SeShutdownPrivilege	3868	BonitSetup.exe
Token: SeCreatePagefilePrivilege	3868	BonitSetup.exe
Token: SeShutdownPrivilege	3868	BonitSetup.exe
Token: SeCreatePagefilePrivilege	3868	BonitSetup.exe
Token: SeShutdownPrivilege	3868	BonitSetup.exe
Token: SeCreatePagefilePrivilege	3868	BonitSetup.exe
Token: SeShutdownPrivilege	3868	BonitSetup.exe
Token: SeCreatePagefilePrivilege	3868	BonitSetup.exe
Token: SeShutdownPrivilege	3868	BonitSetup.exe
Token: SeCreatePagefilePrivilege	3868	BonitSetup.exe
Token: SeShutdownPrivilege	3868	BonitSetup.exe
Token: SeCreatePagefilePrivilege	3868	BonitSetup.exe
Token: SeShutdownPrivilege	3868	BonitSetup.exe
Token: SeCreatePagefilePrivilege	3868	BonitSetup.exe
Token: SeShutdownPrivilege	3868	BonitSetup.exe
Token: SeCreatePagefilePrivilege	3868	BonitSetup.exe
Token: SeShutdownPrivilege	3868	BonitSetup.exe
Token: SeCreatePagefilePrivilege	3868	BonitSetup.exe
Token: SeShutdownPrivilege	3868	BonitSetup.exe
Token: SeCreatePagefilePrivilege	3868	BonitSetup.exe
Token: SeShutdownPrivilege	3868	BonitSetup.exe
Token: SeCreatePagefilePrivilege	3868	BonitSetup.exe
Token: SeShutdownPrivilege	3868	BonitSetup.exe

Suspicious use of WriteProcessMemory 47 IoCs

description	pid	Process	procid_target
PID 3752 wrote to memory of 3868	3752	BonitSetup.exe	93
PID 3752 wrote to memory of 3868	3752	BonitSetup.exe	93
PID 3868 wrote to memory of 4636	3868	BonitSetup.exe	96
PID 3868 wrote to memory of 4636	3868	BonitSetup.exe	96
PID 3868 wrote to memory of 4636	3868	BonitSetup.exe	96
PID 3868 wrote to memory of 4636	3868	BonitSetup.exe	96
PID 3868 wrote to memory of 4636	3868	BonitSetup.exe	96
PID 3868 wrote to memory of 4636	3868	BonitSetup.exe	96
PID 3868 wrote to memory of 4636	3868	BonitSetup.exe	96
PID 3868 wrote to memory of 4636	3868	BonitSetup.exe	96
PID 3868 wrote to memory of 4636	3868	BonitSetup.exe	96
PID 3868 wrote to memory of 4636	3868	BonitSetup.exe	96
PID 3868 wrote to memory of 4636	3868	BonitSetup.exe	96
PID 3868 wrote to memory of 4636	3868	BonitSetup.exe	96
PID 3868 wrote to memory of 4636	3868	BonitSetup.exe	96
PID 3868 wrote to memory of 4636	3868	BonitSetup.exe	96
PID 3868 wrote to memory of 4636	3868	BonitSetup.exe	96
PID 3868 wrote to memory of 4636	3868	BonitSetup.exe	96
PID 3868 wrote to memory of 4636	3868	BonitSetup.exe	96
PID 3868 wrote to memory of 4636	3868	BonitSetup.exe	96
PID 3868 wrote to memory of 4636	3868	BonitSetup.exe	96
PID 3868 wrote to memory of 4636	3868	BonitSetup.exe	96
PID 3868 wrote to memory of 4636	3868	BonitSetup.exe	96
PID 3868 wrote to memory of 4636	3868	BonitSetup.exe	96
PID 3868 wrote to memory of 4636	3868	BonitSetup.exe	96
PID 3868 wrote to memory of 4636	3868	BonitSetup.exe	96
PID 3868 wrote to memory of 4636	3868	BonitSetup.exe	96
PID 3868 wrote to memory of 4636	3868	BonitSetup.exe	96
PID 3868 wrote to memory of 4636	3868	BonitSetup.exe	96
PID 3868 wrote to memory of 4636	3868	BonitSetup.exe	96
PID 3868 wrote to memory of 4636	3868	BonitSetup.exe	96
PID 3868 wrote to memory of 4636	3868	BonitSetup.exe	96
PID 3868 wrote to memory of 4636	3868	BonitSetup.exe	96
PID 3868 wrote to memory of 4636	3868	BonitSetup.exe	96
PID 3868 wrote to memory of 4636	3868	BonitSetup.exe	96
PID 3868 wrote to memory of 4636	3868	BonitSetup.exe	96
PID 3868 wrote to memory of 4636	3868	BonitSetup.exe	96
PID 3868 wrote to memory of 4636	3868	BonitSetup.exe	96
PID 3868 wrote to memory of 4636	3868	BonitSetup.exe	96
PID 3868 wrote to memory of 4636	3868	BonitSetup.exe	96
PID 3868 wrote to memory of 4636	3868	BonitSetup.exe	96
PID 3868 wrote to memory of 1600	3868	BonitSetup.exe	98
PID 3868 wrote to memory of 1600	3868	BonitSetup.exe	98
PID 3868 wrote to memory of 1484	3868	BonitSetup.exe	97
PID 3868 wrote to memory of 1484	3868	BonitSetup.exe	97
PID 3868 wrote to memory of 1560	3868	BonitSetup.exe	101
PID 3868 wrote to memory of 1560	3868	BonitSetup.exe	101

C:\Users\Admin\AppData\Local\Temp\BonitSetup.exe
"C:\Users\Admin\AppData\Local\Temp\BonitSetup.exe"
1⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3752
- C:\Users\Admin\AppData\Local\Temp\2LYzSptpSPtrBCmBqiIbdI6Gjc7\BonitSetup.exe
  C:\Users\Admin\AppData\Local\Temp\2LYzSptpSPtrBCmBqiIbdI6Gjc7\BonitSetup.exe
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies system certificate store
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:3868
- - C:\Users\Admin\AppData\Local\Temp\2LYzSptpSPtrBCmBqiIbdI6Gjc7\BonitSetup.exe
    "C:\Users\Admin\AppData\Local\Temp\2LYzSptpSPtrBCmBqiIbdI6Gjc7\BonitSetup.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\BonitSetup" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1588 --field-trial-handle=1720,i,13859799790235667754,4941608460154567697,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:4636
- - C:\Users\Admin\AppData\Local\Temp\2LYzSptpSPtrBCmBqiIbdI6Gjc7\BonitSetup.exe
    "C:\Users\Admin\AppData\Local\Temp\2LYzSptpSPtrBCmBqiIbdI6Gjc7\BonitSetup.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\BonitSetup" --app-path="C:\Users\Admin\AppData\Local\Temp\2LYzSptpSPtrBCmBqiIbdI6Gjc7\resources\app.asar" --no-sandbox --no-zygote --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2320 --field-trial-handle=1720,i,13859799790235667754,4941608460154567697,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1484
- - C:\Users\Admin\AppData\Local\Temp\2LYzSptpSPtrBCmBqiIbdI6Gjc7\BonitSetup.exe
    "C:\Users\Admin\AppData\Local\Temp\2LYzSptpSPtrBCmBqiIbdI6Gjc7\BonitSetup.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\BonitSetup" --mojo-platform-channel-handle=1944 --field-trial-handle=1720,i,13859799790235667754,4941608460154567697,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1600
- - C:\Users\Admin\AppData\Local\Temp\2LYzSptpSPtrBCmBqiIbdI6Gjc7\BonitSetup.exe
    "C:\Users\Admin\AppData\Local\Temp\2LYzSptpSPtrBCmBqiIbdI6Gjc7\BonitSetup.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\BonitSetup" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3480 --field-trial-handle=1720,i,13859799790235667754,4941608460154567697,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    PID:1560

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\2LYzSptpSPtrBCmBqiIbdI6Gjc7\BonitSetup.exe

Filesize
150.4MB

MD5
b3de22c77fbc5af74c3c705ab99709ac

SHA1
c7dee816c91f4dd070934e83121a16cbc06a6568

SHA256
85452b19a973250764679bd14cd9fc6a3b3a36b7e180c52b38be1a0e440c99b7

SHA512
e31796544197f9af0fd63913a4b70d46267e634d864c4178e929aac45ef2f453228dd77bddd390823f2da2a2246d4e82aaf18c42cbea81f93dc194c1e7723a70

Download Submit
C:\Users\Admin\AppData\Local\Temp\2LYzSptpSPtrBCmBqiIbdI6Gjc7\BonitSetup.exe

Filesize
150.4MB

MD5
b3de22c77fbc5af74c3c705ab99709ac

SHA1
c7dee816c91f4dd070934e83121a16cbc06a6568

SHA256
85452b19a973250764679bd14cd9fc6a3b3a36b7e180c52b38be1a0e440c99b7

SHA512
e31796544197f9af0fd63913a4b70d46267e634d864c4178e929aac45ef2f453228dd77bddd390823f2da2a2246d4e82aaf18c42cbea81f93dc194c1e7723a70

Download Submit
C:\Users\Admin\AppData\Local\Temp\2LYzSptpSPtrBCmBqiIbdI6Gjc7\BonitSetup.exe

Filesize
150.4MB

MD5
b3de22c77fbc5af74c3c705ab99709ac

SHA1
c7dee816c91f4dd070934e83121a16cbc06a6568

SHA256
85452b19a973250764679bd14cd9fc6a3b3a36b7e180c52b38be1a0e440c99b7

SHA512
e31796544197f9af0fd63913a4b70d46267e634d864c4178e929aac45ef2f453228dd77bddd390823f2da2a2246d4e82aaf18c42cbea81f93dc194c1e7723a70

Download Submit
C:\Users\Admin\AppData\Local\Temp\2LYzSptpSPtrBCmBqiIbdI6Gjc7\BonitSetup.exe

Filesize
150.4MB

MD5
b3de22c77fbc5af74c3c705ab99709ac

SHA1
c7dee816c91f4dd070934e83121a16cbc06a6568

SHA256
85452b19a973250764679bd14cd9fc6a3b3a36b7e180c52b38be1a0e440c99b7

SHA512
e31796544197f9af0fd63913a4b70d46267e634d864c4178e929aac45ef2f453228dd77bddd390823f2da2a2246d4e82aaf18c42cbea81f93dc194c1e7723a70

Download Submit
C:\Users\Admin\AppData\Local\Temp\2LYzSptpSPtrBCmBqiIbdI6Gjc7\BonitSetup.exe

Filesize
150.4MB

MD5
b3de22c77fbc5af74c3c705ab99709ac

SHA1
c7dee816c91f4dd070934e83121a16cbc06a6568

SHA256
85452b19a973250764679bd14cd9fc6a3b3a36b7e180c52b38be1a0e440c99b7

SHA512
e31796544197f9af0fd63913a4b70d46267e634d864c4178e929aac45ef2f453228dd77bddd390823f2da2a2246d4e82aaf18c42cbea81f93dc194c1e7723a70

Download Submit
C:\Users\Admin\AppData\Local\Temp\2LYzSptpSPtrBCmBqiIbdI6Gjc7\BonitSetup.exe

Filesize
150.4MB

MD5
b3de22c77fbc5af74c3c705ab99709ac

SHA1
c7dee816c91f4dd070934e83121a16cbc06a6568

SHA256
85452b19a973250764679bd14cd9fc6a3b3a36b7e180c52b38be1a0e440c99b7

SHA512
e31796544197f9af0fd63913a4b70d46267e634d864c4178e929aac45ef2f453228dd77bddd390823f2da2a2246d4e82aaf18c42cbea81f93dc194c1e7723a70

Download Submit
C:\Users\Admin\AppData\Local\Temp\2LYzSptpSPtrBCmBqiIbdI6Gjc7\BonitSetup.exe

Filesize
150.4MB

MD5
b3de22c77fbc5af74c3c705ab99709ac

SHA1
c7dee816c91f4dd070934e83121a16cbc06a6568

SHA256
85452b19a973250764679bd14cd9fc6a3b3a36b7e180c52b38be1a0e440c99b7

SHA512
e31796544197f9af0fd63913a4b70d46267e634d864c4178e929aac45ef2f453228dd77bddd390823f2da2a2246d4e82aaf18c42cbea81f93dc194c1e7723a70

Download Submit
C:\Users\Admin\AppData\Local\Temp\2LYzSptpSPtrBCmBqiIbdI6Gjc7\D3DCompiler_47.dll

Filesize
4.7MB

MD5
cb9807f6cf55ad799e920b7e0f97df99

SHA1
bb76012ded5acd103adad49436612d073d159b29

SHA256
5653bc7b0e2701561464ef36602ff6171c96bffe96e4c3597359cd7addcba88a

SHA512
f7c65bae4ede13616330ae46a197ebad106920dce6a31fd5a658da29ed1473234ca9e2b39cc9833ff903fb6b52ff19e39e6397fac02f005823ed366ca7a34f62

Download Submit
C:\Users\Admin\AppData\Local\Temp\2LYzSptpSPtrBCmBqiIbdI6Gjc7\chrome_100_percent.pak

Filesize
126KB

MD5
d31f3439e2a3f7bee4ddd26f46a2b83f

SHA1
c5a26f86eb119ae364c5bf707bebed7e871fc214

SHA256
9f79f46ca911543ead096a5ee28a34bf1fbe56ec9ba956032a6a2892b254857e

SHA512
aa27c97bf5581eb3f5e88f112df8bfb6a5283ce44eb13fbc41855008f84fb5b111dfe0616c310c3642b7f8ac99623d7c217aecc353f54f4d8f7042840099abc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\2LYzSptpSPtrBCmBqiIbdI6Gjc7\chrome_200_percent.pak

Filesize
175KB

MD5
5604b67e3f03ab2741f910a250c91137

SHA1
a4bb15ac7914c22575f1051a29c448f215fe027f

SHA256
1408387e87cb5308530def6ce57bdc4e0abbbaa9e70f687fd6c3a02a56a0536c

SHA512
5e6f875068792e862b1fc8bb7b340ac0f1f4c51e53e50be81a5af8575ca3591f4e7eb9239890178b17c5a8ff4ebb23719190d7db0bd8a9aa6dcb4308ffa9a34d

Download Submit
C:\Users\Admin\AppData\Local\Temp\2LYzSptpSPtrBCmBqiIbdI6Gjc7\d3dcompiler_47.dll

Filesize
4.7MB

MD5
cb9807f6cf55ad799e920b7e0f97df99

SHA1
bb76012ded5acd103adad49436612d073d159b29

SHA256
5653bc7b0e2701561464ef36602ff6171c96bffe96e4c3597359cd7addcba88a

SHA512
f7c65bae4ede13616330ae46a197ebad106920dce6a31fd5a658da29ed1473234ca9e2b39cc9833ff903fb6b52ff19e39e6397fac02f005823ed366ca7a34f62

Download Submit
C:\Users\Admin\AppData\Local\Temp\2LYzSptpSPtrBCmBqiIbdI6Gjc7\ffmpeg.dll

Filesize
2.6MB

MD5
0b003a4518c24a426554920171f7a842

SHA1
d64f248f642373c899011a6f0e125335b067a56f

SHA256
d4caab8ba7c39c32d88408b96622c065c31b7c5578a3d58c591b0dba609c4535

SHA512
9581b6473cdb52f8735f0ad92b01caffd95646e6231e20f0b0919aa89faec01561052ed9a0b650a79dfe915bcd3036095e761c87e02bd384b37417e4e7c59298

Download Submit
C:\Users\Admin\AppData\Local\Temp\2LYzSptpSPtrBCmBqiIbdI6Gjc7\ffmpeg.dll

Filesize
2.6MB

MD5
0b003a4518c24a426554920171f7a842

SHA1
d64f248f642373c899011a6f0e125335b067a56f

SHA256
d4caab8ba7c39c32d88408b96622c065c31b7c5578a3d58c591b0dba609c4535

SHA512
9581b6473cdb52f8735f0ad92b01caffd95646e6231e20f0b0919aa89faec01561052ed9a0b650a79dfe915bcd3036095e761c87e02bd384b37417e4e7c59298

Download Submit
C:\Users\Admin\AppData\Local\Temp\2LYzSptpSPtrBCmBqiIbdI6Gjc7\ffmpeg.dll

Filesize
2.6MB

MD5
0b003a4518c24a426554920171f7a842

SHA1
d64f248f642373c899011a6f0e125335b067a56f

SHA256
d4caab8ba7c39c32d88408b96622c065c31b7c5578a3d58c591b0dba609c4535

SHA512
9581b6473cdb52f8735f0ad92b01caffd95646e6231e20f0b0919aa89faec01561052ed9a0b650a79dfe915bcd3036095e761c87e02bd384b37417e4e7c59298

Download Submit
C:\Users\Admin\AppData\Local\Temp\2LYzSptpSPtrBCmBqiIbdI6Gjc7\ffmpeg.dll

Filesize
2.6MB

MD5
0b003a4518c24a426554920171f7a842

SHA1
d64f248f642373c899011a6f0e125335b067a56f

SHA256
d4caab8ba7c39c32d88408b96622c065c31b7c5578a3d58c591b0dba609c4535

SHA512
9581b6473cdb52f8735f0ad92b01caffd95646e6231e20f0b0919aa89faec01561052ed9a0b650a79dfe915bcd3036095e761c87e02bd384b37417e4e7c59298

Download Submit
C:\Users\Admin\AppData\Local\Temp\2LYzSptpSPtrBCmBqiIbdI6Gjc7\ffmpeg.dll

Filesize
2.6MB

MD5
0b003a4518c24a426554920171f7a842

SHA1
d64f248f642373c899011a6f0e125335b067a56f

SHA256
d4caab8ba7c39c32d88408b96622c065c31b7c5578a3d58c591b0dba609c4535

SHA512
9581b6473cdb52f8735f0ad92b01caffd95646e6231e20f0b0919aa89faec01561052ed9a0b650a79dfe915bcd3036095e761c87e02bd384b37417e4e7c59298

Download Submit
C:\Users\Admin\AppData\Local\Temp\2LYzSptpSPtrBCmBqiIbdI6Gjc7\ffmpeg.dll

Filesize
2.6MB

MD5
0b003a4518c24a426554920171f7a842

SHA1
d64f248f642373c899011a6f0e125335b067a56f

SHA256
d4caab8ba7c39c32d88408b96622c065c31b7c5578a3d58c591b0dba609c4535

SHA512
9581b6473cdb52f8735f0ad92b01caffd95646e6231e20f0b0919aa89faec01561052ed9a0b650a79dfe915bcd3036095e761c87e02bd384b37417e4e7c59298

Download Submit
C:\Users\Admin\AppData\Local\Temp\2LYzSptpSPtrBCmBqiIbdI6Gjc7\icudtl.dat

Filesize
10.0MB

MD5
76bef9b8bb32e1e54fe1054c97b84a10

SHA1
05dfea2a3afeda799ab01bb7fbce628cacd596f4

SHA256
97b978a19edd4746e9a44d9a44bb4bc519e127a203c247837ec0922f573449e3

SHA512
7330df8129e7a0b7b3655498b2593321595ec29445ea193c8f473c593590f5701eb7125ff6e5cde970c54765f9565fa51c2c54af6e2127f582ab45efa7a3a0f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\2LYzSptpSPtrBCmBqiIbdI6Gjc7\libEGL.dll

Filesize
473KB

MD5
234a6b1f55ff509b67798fc035c0d630

SHA1
4d7bc13a6c496a055aeb3575435a539362041fb8

SHA256
18437c020fc37011e276a9780d8941482195632489a6afca47302132e2cb66c4

SHA512
d77147a65a28da132144f6f47bd6b86fb9679f247fbe7e75bc36d8e91a81b9db8ef2ba9a42a2e277b746ff66e056af3592fbe24ae56bd20139419f2eb8b44ef5

Download Submit
C:\Users\Admin\AppData\Local\Temp\2LYzSptpSPtrBCmBqiIbdI6Gjc7\libGLESv2.dll

Filesize
7.2MB

MD5
7a846681e19d07fd1b77ef5ddf4c1249

SHA1
c38a8dbc51d1ee6a7826e70e4f1da1b6e9bb795e

SHA256
2d7367f7457044588826d19887edbc2070368cb9754c4b638c93b4ad19ea5ce7

SHA512
08dba2f13660a152bb4028c49be3809c3a6a437fd44d537efd0841cc00fb4869c74016a0227e65accee0f0412d9741e7783fb639f07983ccd39817c89a5d08b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\2LYzSptpSPtrBCmBqiIbdI6Gjc7\libegl.dll

Filesize
473KB

MD5
234a6b1f55ff509b67798fc035c0d630

SHA1
4d7bc13a6c496a055aeb3575435a539362041fb8

SHA256
18437c020fc37011e276a9780d8941482195632489a6afca47302132e2cb66c4

SHA512
d77147a65a28da132144f6f47bd6b86fb9679f247fbe7e75bc36d8e91a81b9db8ef2ba9a42a2e277b746ff66e056af3592fbe24ae56bd20139419f2eb8b44ef5

Download Submit
C:\Users\Admin\AppData\Local\Temp\2LYzSptpSPtrBCmBqiIbdI6Gjc7\libglesv2.dll

Filesize
7.2MB

MD5
7a846681e19d07fd1b77ef5ddf4c1249

SHA1
c38a8dbc51d1ee6a7826e70e4f1da1b6e9bb795e

SHA256
2d7367f7457044588826d19887edbc2070368cb9754c4b638c93b4ad19ea5ce7

SHA512
08dba2f13660a152bb4028c49be3809c3a6a437fd44d537efd0841cc00fb4869c74016a0227e65accee0f0412d9741e7783fb639f07983ccd39817c89a5d08b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\2LYzSptpSPtrBCmBqiIbdI6Gjc7\locales\en-US.pak

Filesize
313KB

MD5
3f6f4b2c2f24e3893882cdaa1ccfe1a3

SHA1
b021cca30e774e0b91ee21b5beb030fea646098f

SHA256
bb165eaa51456b52fcbdf7639ee727280e335a1f6b4cfb91afc45222895b564f

SHA512
bd80ddaa87f41cde20527ff34817d98605f11b30a291e129478712ebebe47956dbd49a317d3eeb223adf736c34750b59b68ad9d646c661474ad69866d5a53c5c

Download Submit
C:\Users\Admin\AppData\Local\Temp\2LYzSptpSPtrBCmBqiIbdI6Gjc7\resources.pak

Filesize
5.1MB

MD5
bd17bd87b4a2f1fc2ba31e6f58b19a32

SHA1
838294ed3d4d0cb11ea14ff6c200f33e75156e22

SHA256
d4297566631f6addf3492559462ece0c2e9b42f29faf873ebd01fc424f9f8e6f

SHA512
1b9970dc73b4e647841712542c9751c727e6d33b45e987c42b49741e1873d540406f47bb9b869d334786191844071aac66043435f09510be5a141f518ca1f28d

Download Submit
C:\Users\Admin\AppData\Local\Temp\2LYzSptpSPtrBCmBqiIbdI6Gjc7\resources\app.asar

Filesize
28.0MB

MD5
93f6f7378eefa6c9f42324e0661907b3

SHA1
a51957e2ba8f5fe281348d0c92df96a3a73ce1cf

SHA256
7a912c7a7cf0a7d6dc66b470eaee266b006313df82fd7e12a0756002c738e072

SHA512
97362872b0518f6ff000b29c2a72c3dec477cc4aaebd2141b8315b40947bb26972b506da129c1c50ae6a16b2219470a3de5a9f6aa094406f8e433530a8a291f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\2LYzSptpSPtrBCmBqiIbdI6Gjc7\v8_context_snapshot.bin

Filesize
471KB

MD5
0e92bb66ea722338663d6d2d891b5d35

SHA1
b73c8560c974dc9b17488a7b50895dc03f43bc6f

SHA256
e795edcbe49ef9dbe4ad88c4fce19076fafc13f56353753a39e35a3355c3d2d1

SHA512
cc8e28d47f1298382645e658deecf784fcdb9e4eca44537eff878d090be215c437d87e709c186947f798a46580517bac76bb9d69c09830991ed1d94d29e2a367

Download Submit
C:\Users\Admin\AppData\Local\Temp\2LYzSptpSPtrBCmBqiIbdI6Gjc7\vk_swiftshader.dll

Filesize
4.9MB

MD5
bc275a1ce7b513901b58851ec5786819

SHA1
37d71b37e7293c0159c4efdc4e7a20733c9e5c7a

SHA256
88ccc0b3221e46fe13055839e5c5623ee219894b947e2e01e83a0fd12e7a34f7

SHA512
1b643a0c12385fd4fe212af07eeb214ab9b09938f67b83e9442a562fdf73cdb6da289d2323eb126d535518f9f55a9a2b704cde29f96f8c38f710944bd705cf1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\2LYzSptpSPtrBCmBqiIbdI6Gjc7\vk_swiftshader.dll

Filesize
4.9MB

MD5
bc275a1ce7b513901b58851ec5786819

SHA1
37d71b37e7293c0159c4efdc4e7a20733c9e5c7a

SHA256
88ccc0b3221e46fe13055839e5c5623ee219894b947e2e01e83a0fd12e7a34f7

SHA512
1b643a0c12385fd4fe212af07eeb214ab9b09938f67b83e9442a562fdf73cdb6da289d2323eb126d535518f9f55a9a2b704cde29f96f8c38f710944bd705cf1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\2LYzSptpSPtrBCmBqiIbdI6Gjc7\vk_swiftshader.dll

Filesize
4.9MB

MD5
bc275a1ce7b513901b58851ec5786819

SHA1
37d71b37e7293c0159c4efdc4e7a20733c9e5c7a

SHA256
88ccc0b3221e46fe13055839e5c5623ee219894b947e2e01e83a0fd12e7a34f7

SHA512
1b643a0c12385fd4fe212af07eeb214ab9b09938f67b83e9442a562fdf73cdb6da289d2323eb126d535518f9f55a9a2b704cde29f96f8c38f710944bd705cf1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst7698.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst7698.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst7698.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
C:\Users\Admin\AppData\Roaming\BonitSetup\Network\Network Persistent State

Filesize
1KB

MD5
2f5bec88285b2a25656914badf4ba16f

SHA1
9023b90cdca8da74ffd0d9ec375020a97883ded9

SHA256
1e70ffc919b025e6ac06ca0f89d1ded86c15d93f947a43bc7e90e5c7e7dad3e3

SHA512
6af6f0c457307bdfdf18b3acf89454ecfb74294a8da4769348d24bad02795da8772b4021811bc7598fe1bead3c1380632eb5a0c80df93eb15f165a373eb4e968

Download Submit
C:\Users\Admin\AppData\Roaming\BonitSetup\Network\Network Persistent State~RFe58d1f1.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
memory/1560-283-0x000001B969970000-0x000001B969971000-memory.dmp

Filesize
4KB

Download
memory/1560-274-0x000001B969970000-0x000001B969971000-memory.dmp

Filesize
4KB

Download
memory/1560-273-0x000001B969970000-0x000001B969971000-memory.dmp

Filesize
4KB

Download
memory/1560-272-0x000001B969970000-0x000001B969971000-memory.dmp

Filesize
4KB

Download
memory/1560-278-0x000001B969970000-0x000001B969971000-memory.dmp

Filesize
4KB

Download
memory/1560-282-0x000001B969970000-0x000001B969971000-memory.dmp

Filesize
4KB

Download
memory/1560-281-0x000001B969970000-0x000001B969971000-memory.dmp

Filesize
4KB

Download
memory/1560-280-0x000001B969970000-0x000001B969971000-memory.dmp

Filesize
4KB

Download
memory/1560-279-0x000001B969970000-0x000001B969971000-memory.dmp

Filesize
4KB

Download
memory/1560-284-0x000001B969970000-0x000001B969971000-memory.dmp

Filesize
4KB

Download
memory/4636-184-0x00007FFCB2790000-0x00007FFCB2791000-memory.dmp

Filesize
4KB

Download