hxxps://cdn[.]discordapp[.]com/attachments/1087810794252665014/1166045487556726784/AI_LAB_Converter[.]zip?ex=65490f7c&is=65369a7c&hm=4a7b1393e4a34c715eee6f8f4582dc928a6bcba9f57436c00393984b6c83e86b&

Resubmissions

23/10/2023, 16:28

231023-tyvqnsac9z 1

23/10/2023, 16:24

231023-twmbhsac51 8

23/10/2023, 16:21

231023-ttqk6aca56 7

Analysis

max time kernel
144s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
23/10/2023, 16:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cdn.discordapp.com/attachments/1087810794252665014/1166045487556726784/AI_LAB_Converter.zip?ex=65490f7c&is=65369a7c&hm=4a7b1393e4a34c715eee6f8f4582dc928a6bcba9f57436c00393984b6c83e86b&

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 2 IoCs

pid	Process
5948	NDP472-KB4054530-x86-x64-AllOS-TRK.exe
5264	Setup.exe

Loads dropped DLL 4 IoCs

pid	Process
5264	Setup.exe
5264	Setup.exe
2388	MsiExec.exe
2388	MsiExec.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe

Checks SCSI registry key(s) 3 TTPs 5 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 000000000400000004e6fa88768ff2e40000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff00000000270101000008000004e6fa880000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff00000000070001000068090004e6fa88000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d04e6fa88000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff00000000000000000000000004e6fa8800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Setup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Setup.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
3216	msedge.exe
3216	msedge.exe
3672	msedge.exe
3672	msedge.exe
4788	msedge.exe
4788	msedge.exe
4952	identity_helper.exe
4952	identity_helper.exe
5264	Setup.exe
5264	Setup.exe
5264	Setup.exe
5264	Setup.exe
5264	Setup.exe
5264	Setup.exe
5264	Setup.exe
5264	Setup.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5608	msiexec.exe
Token: SeIncreaseQuotaPrivilege	5608	msiexec.exe
Token: SeShutdownPrivilege	2680	msiexec.exe
Token: SeIncreaseQuotaPrivilege	2680	msiexec.exe
Token: SeSecurityPrivilege	5452	msiexec.exe
Token: SeCreateTokenPrivilege	2680	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	2680	msiexec.exe
Token: SeLockMemoryPrivilege	2680	msiexec.exe
Token: SeIncreaseQuotaPrivilege	2680	msiexec.exe
Token: SeMachineAccountPrivilege	2680	msiexec.exe
Token: SeTcbPrivilege	2680	msiexec.exe
Token: SeSecurityPrivilege	2680	msiexec.exe
Token: SeTakeOwnershipPrivilege	2680	msiexec.exe
Token: SeLoadDriverPrivilege	2680	msiexec.exe
Token: SeSystemProfilePrivilege	2680	msiexec.exe
Token: SeSystemtimePrivilege	2680	msiexec.exe
Token: SeProfSingleProcessPrivilege	2680	msiexec.exe
Token: SeIncBasePriorityPrivilege	2680	msiexec.exe
Token: SeCreatePagefilePrivilege	2680	msiexec.exe
Token: SeCreatePermanentPrivilege	2680	msiexec.exe
Token: SeBackupPrivilege	2680	msiexec.exe
Token: SeRestorePrivilege	2680	msiexec.exe
Token: SeShutdownPrivilege	2680	msiexec.exe
Token: SeDebugPrivilege	2680	msiexec.exe
Token: SeAuditPrivilege	2680	msiexec.exe
Token: SeSystemEnvironmentPrivilege	2680	msiexec.exe
Token: SeChangeNotifyPrivilege	2680	msiexec.exe
Token: SeRemoteShutdownPrivilege	2680	msiexec.exe
Token: SeUndockPrivilege	2680	msiexec.exe
Token: SeSyncAgentPrivilege	2680	msiexec.exe
Token: SeEnableDelegationPrivilege	2680	msiexec.exe
Token: SeManageVolumePrivilege	2680	msiexec.exe
Token: SeImpersonatePrivilege	2680	msiexec.exe
Token: SeCreateGlobalPrivilege	2680	msiexec.exe
Token: SeCreateTokenPrivilege	2680	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	2680	msiexec.exe
Token: SeLockMemoryPrivilege	2680	msiexec.exe
Token: SeIncreaseQuotaPrivilege	2680	msiexec.exe
Token: SeMachineAccountPrivilege	2680	msiexec.exe
Token: SeTcbPrivilege	2680	msiexec.exe
Token: SeSecurityPrivilege	2680	msiexec.exe
Token: SeTakeOwnershipPrivilege	2680	msiexec.exe
Token: SeLoadDriverPrivilege	2680	msiexec.exe
Token: SeSystemProfilePrivilege	2680	msiexec.exe
Token: SeSystemtimePrivilege	2680	msiexec.exe
Token: SeProfSingleProcessPrivilege	2680	msiexec.exe
Token: SeIncBasePriorityPrivilege	2680	msiexec.exe
Token: SeCreatePagefilePrivilege	2680	msiexec.exe
Token: SeCreatePermanentPrivilege	2680	msiexec.exe
Token: SeBackupPrivilege	2680	msiexec.exe
Token: SeRestorePrivilege	2680	msiexec.exe
Token: SeShutdownPrivilege	2680	msiexec.exe
Token: SeDebugPrivilege	2680	msiexec.exe
Token: SeAuditPrivilege	2680	msiexec.exe
Token: SeSystemEnvironmentPrivilege	2680	msiexec.exe
Token: SeChangeNotifyPrivilege	2680	msiexec.exe
Token: SeRemoteShutdownPrivilege	2680	msiexec.exe
Token: SeUndockPrivilege	2680	msiexec.exe
Token: SeSyncAgentPrivilege	2680	msiexec.exe
Token: SeEnableDelegationPrivilege	2680	msiexec.exe
Token: SeManageVolumePrivilege	2680	msiexec.exe
Token: SeImpersonatePrivilege	2680	msiexec.exe
Token: SeCreateGlobalPrivilege	2680	msiexec.exe
Token: SeCreateTokenPrivilege	2680	msiexec.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3672 wrote to memory of 1572	3672	msedge.exe	82
PID 3672 wrote to memory of 1572	3672	msedge.exe	82
PID 3672 wrote to memory of 4252	3672	msedge.exe	90
PID 3672 wrote to memory of 4252	3672	msedge.exe	90
PID 3672 wrote to memory of 4252	3672	msedge.exe	90
PID 3672 wrote to memory of 4252	3672	msedge.exe	90
PID 3672 wrote to memory of 4252	3672	msedge.exe	90
PID 3672 wrote to memory of 4252	3672	msedge.exe	90
PID 3672 wrote to memory of 4252	3672	msedge.exe	90
PID 3672 wrote to memory of 4252	3672	msedge.exe	90
PID 3672 wrote to memory of 4252	3672	msedge.exe	90
PID 3672 wrote to memory of 4252	3672	msedge.exe	90
PID 3672 wrote to memory of 4252	3672	msedge.exe	90
PID 3672 wrote to memory of 4252	3672	msedge.exe	90
PID 3672 wrote to memory of 4252	3672	msedge.exe	90
PID 3672 wrote to memory of 4252	3672	msedge.exe	90
PID 3672 wrote to memory of 4252	3672	msedge.exe	90
PID 3672 wrote to memory of 4252	3672	msedge.exe	90
PID 3672 wrote to memory of 4252	3672	msedge.exe	90
PID 3672 wrote to memory of 4252	3672	msedge.exe	90
PID 3672 wrote to memory of 4252	3672	msedge.exe	90
PID 3672 wrote to memory of 4252	3672	msedge.exe	90
PID 3672 wrote to memory of 4252	3672	msedge.exe	90
PID 3672 wrote to memory of 4252	3672	msedge.exe	90
PID 3672 wrote to memory of 4252	3672	msedge.exe	90
PID 3672 wrote to memory of 4252	3672	msedge.exe	90
PID 3672 wrote to memory of 4252	3672	msedge.exe	90
PID 3672 wrote to memory of 4252	3672	msedge.exe	90
PID 3672 wrote to memory of 4252	3672	msedge.exe	90
PID 3672 wrote to memory of 4252	3672	msedge.exe	90
PID 3672 wrote to memory of 4252	3672	msedge.exe	90
PID 3672 wrote to memory of 4252	3672	msedge.exe	90
PID 3672 wrote to memory of 4252	3672	msedge.exe	90
PID 3672 wrote to memory of 4252	3672	msedge.exe	90
PID 3672 wrote to memory of 4252	3672	msedge.exe	90
PID 3672 wrote to memory of 4252	3672	msedge.exe	90
PID 3672 wrote to memory of 4252	3672	msedge.exe	90
PID 3672 wrote to memory of 4252	3672	msedge.exe	90
PID 3672 wrote to memory of 4252	3672	msedge.exe	90
PID 3672 wrote to memory of 4252	3672	msedge.exe	90
PID 3672 wrote to memory of 4252	3672	msedge.exe	90
PID 3672 wrote to memory of 4252	3672	msedge.exe	90
PID 3672 wrote to memory of 3216	3672	msedge.exe	89
PID 3672 wrote to memory of 3216	3672	msedge.exe	89
PID 3672 wrote to memory of 1700	3672	msedge.exe	91
PID 3672 wrote to memory of 1700	3672	msedge.exe	91
PID 3672 wrote to memory of 1700	3672	msedge.exe	91
PID 3672 wrote to memory of 1700	3672	msedge.exe	91
PID 3672 wrote to memory of 1700	3672	msedge.exe	91
PID 3672 wrote to memory of 1700	3672	msedge.exe	91
PID 3672 wrote to memory of 1700	3672	msedge.exe	91
PID 3672 wrote to memory of 1700	3672	msedge.exe	91
PID 3672 wrote to memory of 1700	3672	msedge.exe	91
PID 3672 wrote to memory of 1700	3672	msedge.exe	91
PID 3672 wrote to memory of 1700	3672	msedge.exe	91
PID 3672 wrote to memory of 1700	3672	msedge.exe	91
PID 3672 wrote to memory of 1700	3672	msedge.exe	91
PID 3672 wrote to memory of 1700	3672	msedge.exe	91
PID 3672 wrote to memory of 1700	3672	msedge.exe	91
PID 3672 wrote to memory of 1700	3672	msedge.exe	91
PID 3672 wrote to memory of 1700	3672	msedge.exe	91
PID 3672 wrote to memory of 1700	3672	msedge.exe	91
PID 3672 wrote to memory of 1700	3672	msedge.exe	91
PID 3672 wrote to memory of 1700	3672	msedge.exe	91

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/1087810794252665014/1166045487556726784/AI_LAB_Converter.zip?ex=65490f7c&is=65369a7c&hm=4a7b1393e4a34c715eee6f8f4582dc928a6bcba9f57436c00393984b6c83e86b&
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff978c646f8,0x7ff978c64708,0x7ff978c64718
  2⤵
  PID:1572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,17310629212678101910,7155326428402117071,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,17310629212678101910,7155326428402117071,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
  2⤵
  PID:4252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,17310629212678101910,7155326428402117071,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
  2⤵
  PID:1700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17310629212678101910,7155326428402117071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:4580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17310629212678101910,7155326428402117071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:1272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17310629212678101910,7155326428402117071,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4092 /prefetch:1
  2⤵
  PID:4848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17310629212678101910,7155326428402117071,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
  2⤵
  PID:3384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17310629212678101910,7155326428402117071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:1
  2⤵
  PID:3356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17310629212678101910,7155326428402117071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4196 /prefetch:1
  2⤵
  PID:4424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2088,17310629212678101910,7155326428402117071,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5488 /prefetch:8
  2⤵
  PID:3832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2088,17310629212678101910,7155326428402117071,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6416 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17310629212678101910,7155326428402117071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1
  2⤵
  PID:3256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17310629212678101910,7155326428402117071,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6556 /prefetch:1
  2⤵
  PID:3208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17310629212678101910,7155326428402117071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4312 /prefetch:1
  2⤵
  PID:4188
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,17310629212678101910,7155326428402117071,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6392 /prefetch:8
  2⤵
  PID:824
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,17310629212678101910,7155326428402117071,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6392 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,17310629212678101910,7155326428402117071,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3372 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4940

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
PID:3232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x120,0x124,0xd4,0x128,0x7ff978c646f8,0x7ff978c64708,0x7ff978c64718
  2⤵
  PID:752

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:564

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4704

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5236

C:\Windows\System32\msiexec.exe
"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\Temp1_AI_LAB_Converter.zip\AI LAB Converter\Debug\AI LAB Converter.msi"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5608

C:\Users\Admin\AppData\Local\Temp\Temp1_AI_LAB_Converter.zip\AI LAB Converter\Debug\setup.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_AI_LAB_Converter.zip\AI LAB Converter\Debug\setup.exe"
1⤵
PID:5640
- C:\Users\Admin\AppData\Local\Temp\VSDCE28.tmp\DotNetFX472\NDP472-KB4054530-x86-x64-AllOS-TRK.exe
  "C:\Users\Admin\AppData\Local\Temp\VSDCE28.tmp\DotNetFX472\NDP472-KB4054530-x86-x64-AllOS-TRK.exe" /q /norestart /skipenucheck /ChainingPackage FullX64ClickOnce
  2⤵
  - Executes dropped EXE
  PID:5948
- - C:\d0b1224ea8a268c078\Setup.exe
    C:\d0b1224ea8a268c078\\Setup.exe /q /norestart /skipenucheck /ChainingPackage FullX64ClickOnce /x86 /x64 /lcid 1055 /lpredist
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks processor information in registry
    - Suspicious behavior: EnumeratesProcesses
    PID:5264

C:\Windows\System32\msiexec.exe
"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\Temp1_AI_LAB_Converter.zip\AI LAB Converter\Debug\AI LAB Converter.msi"
1⤵
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
PID:2680

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
PID:5452
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 167E47732ACF9BEB2FF89F68C9E246D1 C
  2⤵
  - Loads dropped DLL
  PID:2388

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Checks SCSI registry key(s)
PID:2988

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
483924abaaa7ce1345acd8547cfe77f4

SHA1
4190d880b95d9506385087d6c2f5434f0e9f63e8

SHA256
9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684

SHA512
e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
483924abaaa7ce1345acd8547cfe77f4

SHA1
4190d880b95d9506385087d6c2f5434f0e9f63e8

SHA256
9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684

SHA512
e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
483924abaaa7ce1345acd8547cfe77f4

SHA1
4190d880b95d9506385087d6c2f5434f0e9f63e8

SHA256
9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684

SHA512
e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
186B

MD5
094ab275342c45551894b7940ae9ad0d

SHA1
2e7ce26fe2eb9be641ae929d0c9cc0dfa26c018e

SHA256
ef1739b833a1048ee1bd55dcbac5b1397396faca1ad771f4d6c2fe58899495a3

SHA512
19d0c688dc1121569247111e45de732b2ab86c71aecdde34b157cfd1b25c53473ed3ade49a97f8cb2ddc4711be78fa26c9330887094e031e9a71bb5c29080b0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
80d987b4759406205c6a0436a9c1183d

SHA1
cb38df15b968f55ecb6a7f8d1fc1a2cd0b0282f0

SHA256
da6ea379acf48052724561504cb49dc3335fc47ac05ecff73a09e266de923173

SHA512
33b5e3d841cc57b383019e467fbf764ad570961d17a898b0cb6d50bb7a7350426925aa8cf495c158bf88ab380ec9a59c2c430ddbcbe6c4855fb8a7efeb267073

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6bdeeb9fcf8231135cebd780a9f98ab8

SHA1
48097312c2e00ac15eb675c93cc94d799fde5d4d

SHA256
d0fac5fe8be49c9c2fbae974504016a51fb1b901fe5ce19f75afec49570d1d75

SHA512
864048e54f3b4303eadfde6dabb5150db6cd69ba7d24ec7a5fc153b9794fd26205881aa779ed1b0bc030522343ff6779a7dfa5a8796e5e15080bb10616cc4b95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
1c706d53e85fb5321a8396d197051531

SHA1
0d92aa8524fb1d47e7ee5d614e58a398c06141a4

SHA256
80c44553381f37e930f1c82a1dc2e77acd7b955ec0dc99d090d5bd6b32c3c932

SHA512
d43867392c553d4afffa45a1b87a74e819964011fb1226ee54e23a98fc63ca80e266730cec6796a2afa435b1ea28aed72c55eae1ae5d31ec778f53be3e2162fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
4f97276359e8f1ac9ef9f88137c9d9d2

SHA1
0533d52b318119f2174a99063de19104e5a0cdfe

SHA256
e92c644c2d9636223aacfbabde9fd303f6252bb5a6ff5972938bd85de76bef66

SHA512
28a4a7046c739fce98afb28aa262b97c6aed3eb615652a682ab73c6e33be4c351a22b0868bc851604bbc673aef0d643f1ff085b5da31bf9e210d8fc6002e1e24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ccdcc2b353c299d59663f1a1552205d3

SHA1
1e7fbef4f9b4fa434de8a75b950b719596cddbb0

SHA256
0dee61e6b609cea11a687ddb09a22e1b2885c54f1d41d017f413a326c5ad6544

SHA512
f8b93fe449bcf0a5f9fa3779f2e9c197094dd107c5621df2280b06ba15e5dcf899361e3d6ebcbafb2dedf17ca1ced0e81bc2c637d2645e0aea150eeb75e242a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\HFI69E.tmp.html

Filesize
15KB

MD5
cd131d41791a543cc6f6ed1ea5bd257c

SHA1
f42a2708a0b42a13530d26515274d1fcdbfe8490

SHA256
e139af8858fe90127095ac1c4685bcd849437ef0df7c416033554703f5d864bb

SHA512
a6ee9af8f8c2c7acd58dd3c42b8d70c55202b382ffc5a93772af7bf7d7740c1162bb6d38a4307b1802294a18eb52032d410e128072af7d4f9d54f415be020c9a

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI675B.tmp

Filesize
285KB

MD5
b77a2a2768b9cc78a71bbffb9812b978

SHA1
b70e27eb446fe1c3bc8ea03dabbee2739a782e04

SHA256
f74c97b1a53541b059d3bfafe41a79005ce5065f8210d7de9f1b600dc4e28aa0

SHA512
a8b16bc60f8559c78c64ca9e85cd7fd704bba1f55b362465b7accef1bb853d1c9616995a35f972256c57fbe877ce880398ba1fbceaa658604883aa12dcbc4f57

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI675B.tmp

Filesize
285KB

MD5
b77a2a2768b9cc78a71bbffb9812b978

SHA1
b70e27eb446fe1c3bc8ea03dabbee2739a782e04

SHA256
f74c97b1a53541b059d3bfafe41a79005ce5065f8210d7de9f1b600dc4e28aa0

SHA512
a8b16bc60f8559c78c64ca9e85cd7fd704bba1f55b362465b7accef1bb853d1c9616995a35f972256c57fbe877ce880398ba1fbceaa658604883aa12dcbc4f57

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI6837.tmp

Filesize
285KB

MD5
b77a2a2768b9cc78a71bbffb9812b978

SHA1
b70e27eb446fe1c3bc8ea03dabbee2739a782e04

SHA256
f74c97b1a53541b059d3bfafe41a79005ce5065f8210d7de9f1b600dc4e28aa0

SHA512
a8b16bc60f8559c78c64ca9e85cd7fd704bba1f55b362465b7accef1bb853d1c9616995a35f972256c57fbe877ce880398ba1fbceaa658604883aa12dcbc4f57

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI6837.tmp

Filesize
285KB

MD5
b77a2a2768b9cc78a71bbffb9812b978

SHA1
b70e27eb446fe1c3bc8ea03dabbee2739a782e04

SHA256
f74c97b1a53541b059d3bfafe41a79005ce5065f8210d7de9f1b600dc4e28aa0

SHA512
a8b16bc60f8559c78c64ca9e85cd7fd704bba1f55b362465b7accef1bb853d1c9616995a35f972256c57fbe877ce880398ba1fbceaa658604883aa12dcbc4f57

Download Submit
C:\Users\Admin\AppData\Local\Temp\VSDCE28.tmp\DotNetFX472\NDP472-KB4054530-x86-x64-AllOS-TRK.exe

Filesize
5.4MB

MD5
81a2540a1d22ee889e391cc79dae12ac

SHA1
181af08f91a0cb72c798d018e7af3969a2481097

SHA256
08f90d9350af82a90bde09b22ec9c8b0390392734b20cc1b3fcfc7cd814ea3df

SHA512
e746a5563783cb71c9ebb5572eecf64b1aaec0246d65d6aa3b20992c352e998fe7e30f11031c93a6815b828a47128a32ee6c3170b5e6ccc3e29629d33225bbef

Download Submit
C:\Users\Admin\AppData\Local\Temp\VSDCE28.tmp\DotNetFX472\NDP472-KB4054530-x86-x64-AllOS-TRK.exe

Filesize
5.4MB

MD5
81a2540a1d22ee889e391cc79dae12ac

SHA1
181af08f91a0cb72c798d018e7af3969a2481097

SHA256
08f90d9350af82a90bde09b22ec9c8b0390392734b20cc1b3fcfc7cd814ea3df

SHA512
e746a5563783cb71c9ebb5572eecf64b1aaec0246d65d6aa3b20992c352e998fe7e30f11031c93a6815b828a47128a32ee6c3170b5e6ccc3e29629d33225bbef

Download Submit
C:\Users\Admin\AppData\Local\Temp\VSDCE28.tmp\DotNetFX472\NDP472-KB4054530-x86-x64-AllOS-TRK.exe

Filesize
5.4MB

MD5
81a2540a1d22ee889e391cc79dae12ac

SHA1
181af08f91a0cb72c798d018e7af3969a2481097

SHA256
08f90d9350af82a90bde09b22ec9c8b0390392734b20cc1b3fcfc7cd814ea3df

SHA512
e746a5563783cb71c9ebb5572eecf64b1aaec0246d65d6aa3b20992c352e998fe7e30f11031c93a6815b828a47128a32ee6c3170b5e6ccc3e29629d33225bbef

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 31920.crdownload

Filesize
21.5MB

MD5
c3a1436f8bb493ce06f4e8d4433492a0

SHA1
93e9f4ea483fa724592d1bf7f17ec7e84dab82cc

SHA256
1745e2b2a6cbce6ce17838739c32b76de24f4d65b5046c2c368eec8e7285fd8f

SHA512
c01925288c71f4f8f8784c529656adf6e5b8201d960169f72656ab6479abbd8074edc87c58b71af1419426857ee285758fb2f6798a6fb41d14066c8bb76f965b

Download Submit
C:\d0b1224ea8a268c078\1033\LocalizedData.xml

Filesize
80KB

MD5
64767bc621a1e7340b06ce7c3b824948

SHA1
e2c001e6a84d9659e64ddb4952d061c159f0cee5

SHA256
680ef849e3c03088c692f65ccd1bd88c5843077be4256dca61d4aed671927027

SHA512
079653668a6e82429863c52c92d3e94b6e8bf88b2e27006873dd68d1a1bd18246903946f0554d46931d501d3eed682d48608b50606f00c46b5ee50f9f293a8c7

Download Submit
C:\d0b1224ea8a268c078\1055\LocalizedData.xml

Filesize
81KB

MD5
074ad3ee18ba63f2ad82e61b996240c7

SHA1
5f0ee0c2534e56d47d4a676752ab550b294a0ccd

SHA256
ac4766bda5691b5dc25ce0a4b36b6df905c5b13e520a43cf17ca6008a7ac78bb

SHA512
0fb57b2b3ad43823d89d01899d1d4a67cff6ead58fc4c209dace823fd2b20ae164597d2c977fe807043fa3c98f337f845a06f2afe77f06a31e963b8738f3181f

Download Submit
C:\d0b1224ea8a268c078\DHTMLHeader.html

Filesize
15KB

MD5
cd131d41791a543cc6f6ed1ea5bd257c

SHA1
f42a2708a0b42a13530d26515274d1fcdbfe8490

SHA256
e139af8858fe90127095ac1c4685bcd849437ef0df7c416033554703f5d864bb

SHA512
a6ee9af8f8c2c7acd58dd3c42b8d70c55202b382ffc5a93772af7bf7d7740c1162bb6d38a4307b1802294a18eb52032d410e128072af7d4f9d54f415be020c9a

Download Submit
C:\d0b1224ea8a268c078\ParameterInfo.xml

Filesize
1.1MB

MD5
43d3216ac960f4f0b3459698cc9198fc

SHA1
ca3adbf3d591f0a15a4f04f79d3a15b28e7201b4

SHA256
8e3d4d85e83451f153e912cc7a214cc9f3282949a40366f5c00fb0b89cd72b38

SHA512
64788a2dd6660b4e4ae00ad7ca3caa9bfeba1c5ce418f3f5aca2b27876f6de910e1e57a193c44c3d53349b4666163b1c70cdf760bbb6f6dc8d131d48dd7862f6

Download Submit
C:\d0b1224ea8a268c078\Setup.exe

Filesize
80KB

MD5
5b378d6133955269f9ff9571756e68be

SHA1
6ddc7a4179e092e9e7c5815b87df3e5e6a2b557a

SHA256
622ffbd06c57f0ee5e72f58bbab05780153b9cc8918b784597d7f141597e7f29

SHA512
441644895081905d9edc8c8c7ea9514e94390b89e94b5e94a34080c9efa382e3ff5d6edaea9fe03b7d8e1fcbc62b8e656e638d55940c4408046fa2c7ebc727f0

Download Submit
C:\d0b1224ea8a268c078\Setup.exe

Filesize
80KB

MD5
5b378d6133955269f9ff9571756e68be

SHA1
6ddc7a4179e092e9e7c5815b87df3e5e6a2b557a

SHA256
622ffbd06c57f0ee5e72f58bbab05780153b9cc8918b784597d7f141597e7f29

SHA512
441644895081905d9edc8c8c7ea9514e94390b89e94b5e94a34080c9efa382e3ff5d6edaea9fe03b7d8e1fcbc62b8e656e638d55940c4408046fa2c7ebc727f0

Download Submit
C:\d0b1224ea8a268c078\SetupEngine.dll

Filesize
859KB

MD5
62f60fbb153615f0f9854566462afffa

SHA1
b76ac946ae61ef577b12e0165f1ee39c79e05f40

SHA256
80d286407891cd55a6ee0822a9ba85ff9f1ca57e0d71a78049729276ea5f4d38

SHA512
718a5b42c7796eb2b14a26226f2de60bd804960c7c756baf44001d2a7df8faa463deccf9f30a4671c86a2110c225bd4ffad1343ef71a09b471da4132ae7fae19

Download Submit
C:\d0b1224ea8a268c078\SetupEngine.dll

Filesize
859KB

MD5
62f60fbb153615f0f9854566462afffa

SHA1
b76ac946ae61ef577b12e0165f1ee39c79e05f40

SHA256
80d286407891cd55a6ee0822a9ba85ff9f1ca57e0d71a78049729276ea5f4d38

SHA512
718a5b42c7796eb2b14a26226f2de60bd804960c7c756baf44001d2a7df8faa463deccf9f30a4671c86a2110c225bd4ffad1343ef71a09b471da4132ae7fae19

Download Submit
C:\d0b1224ea8a268c078\UiInfo.xml

Filesize
35KB

MD5
8ace169bf65675c089e0327d5b1f7437

SHA1
43646e29c878f58ac4b5d7c192d11b3becd9e9f6

SHA256
8f7847cfc9ec70b6758f6fbe9b98809ca7bf8ecb25bf9b3a8e7e052b83dfa94b

SHA512
3e98f8351e96bab4b8cecf93e590c722233d119d7cec76445a0b170f69de647bd65eafeafecc8888573e986b3f80403480728c7a1e014961fbd60dc169ca5db7

Download Submit
C:\d0b1224ea8a268c078\sqmapi.dll

Filesize
223KB

MD5
0c0e41efeec8e4e78b43d7812857269a

SHA1
846033946013f959e29cd27ff3f0eaa17cb9e33f

SHA256
048d51885874d62952e150d69489bcfb643a5131ce8b70a49f10dfb34832702c

SHA512
e11da01852a92833c1632e121a2f2b6588b58f4f2166339a28dd02dad6af231a2260a7e5fc92e415d05aa65b71e8bbda065e82a2db49bb94b6cf2fe82b646c28

Download Submit
C:\d0b1224ea8a268c078\sqmapi.dll

Filesize
223KB

MD5
0c0e41efeec8e4e78b43d7812857269a

SHA1
846033946013f959e29cd27ff3f0eaa17cb9e33f

SHA256
048d51885874d62952e150d69489bcfb643a5131ce8b70a49f10dfb34832702c

SHA512
e11da01852a92833c1632e121a2f2b6588b58f4f2166339a28dd02dad6af231a2260a7e5fc92e415d05aa65b71e8bbda065e82a2db49bb94b6cf2fe82b646c28

Download Submit