32038c39a23ee694515ad1026fca7223b86532499239ffe78ed9e800d25c59ba

Analysis

max time kernel
34s
max time network
19s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
25/04/2024, 12:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Contentieux-Setup V1.2.1.exe
Size

11.5MB
MD5

27fe73451f91b30b7077dc07f9c35c91
SHA1

4199652fe5103f2a15e6c8e1673607a7b90cd2cb
SHA256

32038c39a23ee694515ad1026fca7223b86532499239ffe78ed9e800d25c59ba
SHA512

e5a5822c7a25e1d24fdecebfba9532be37ff928b40b17d646ac849b747419787794e1ad0ea7be89a5f84c41a5843c109282ebc0a406ab5cb0aa97d7765da5eb3
SSDEEP

196608:CWFsTuRN2zahf1Y7EaCqhShPcqfZzzEKwzVL/J6SbRjqcBdoTplu3Ww3Qd:hFsTuRN2zsmEm4cqp4KwpB6eRjqcBKlv

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
340	Project-Cnas.exe

Loads dropped DLL 16 IoCs

pid	Process
2476	Contentieux-Setup V1.2.1.exe
2520	MsiExec.exe
2520	MsiExec.exe
2520	MsiExec.exe
2520	MsiExec.exe
2520	MsiExec.exe
2520	MsiExec.exe
2520	MsiExec.exe
2520	MsiExec.exe
2520	MsiExec.exe
2520	MsiExec.exe
1400	MsiExec.exe
1400	MsiExec.exe
1400	MsiExec.exe
768	MsiExec.exe
340	Project-Cnas.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\Z:	Contentieux-Setup V1.2.1.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\R:	Contentieux-Setup V1.2.1.exe
File opened (read-only)	\??\Y:	Contentieux-Setup V1.2.1.exe
File opened (read-only)	\??\P:	Contentieux-Setup V1.2.1.exe
File opened (read-only)	\??\S:	Contentieux-Setup V1.2.1.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\A:	Contentieux-Setup V1.2.1.exe
File opened (read-only)	\??\E:	Contentieux-Setup V1.2.1.exe
File opened (read-only)	\??\Q:	Contentieux-Setup V1.2.1.exe
File opened (read-only)	\??\T:	Contentieux-Setup V1.2.1.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\J:	Contentieux-Setup V1.2.1.exe
File opened (read-only)	\??\O:	Contentieux-Setup V1.2.1.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\G:	Contentieux-Setup V1.2.1.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\W:	Contentieux-Setup V1.2.1.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\B:	Contentieux-Setup V1.2.1.exe
File opened (read-only)	\??\I:	Contentieux-Setup V1.2.1.exe
File opened (read-only)	\??\N:	Contentieux-Setup V1.2.1.exe
File opened (read-only)	\??\X:	Contentieux-Setup V1.2.1.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\K:	Contentieux-Setup V1.2.1.exe
File opened (read-only)	\??\M:	Contentieux-Setup V1.2.1.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\H:	Contentieux-Setup V1.2.1.exe
File opened (read-only)	\??\V:	Contentieux-Setup V1.2.1.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\L:	Contentieux-Setup V1.2.1.exe
File opened (read-only)	\??\U:	Contentieux-Setup V1.2.1.exe

Drops file in Program Files directory 20 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Tahar Layachi\Contentieux Archive\cnas.ico	msiexec.exe
File opened for modification	C:\Program Files (x86)\Tahar Layachi\Contentieux Archive\Password.txt	msiexec.exe
File opened for modification	C:\Program Files (x86)\Tahar Layachi\Contentieux Archive\Trial.dll	msiexec.exe
File opened for modification	C:\Program Files (x86)\Tahar Layachi\Contentieux Archive\dbschema.ini	msiexec.exe
File opened for modification	C:\Program Files (x86)\Tahar Layachi\Contentieux Archive\Project-Cnas.vdb	msiexec.exe
File opened for modification	C:\Program Files (x86)\Tahar Layachi\Contentieux Archive\sqlite.db	msiexec.exe
File opened for modification	C:\Program Files (x86)\Tahar Layachi\Contentieux Archive\tables.ini	msiexec.exe
File opened for modification	C:\Program Files (x86)\Tahar Layachi\Contentieux Archive\Script\script.pas	msiexec.exe
File opened for modification	C:\Program Files (x86)\Tahar Layachi\Contentieux Archive\cnas.png	msiexec.exe
File opened for modification	C:\Program Files (x86)\Tahar Layachi\Contentieux Archive\CNAS_logo.png	msiexec.exe
File opened for modification	C:\Program Files (x86)\Tahar Layachi\Contentieux Archive\forms.xml	msiexec.exe
File opened for modification	C:\Program Files (x86)\Tahar Layachi\Contentieux Archive\graphics.dll	msiexec.exe
File opened for modification	C:\Program Files (x86)\Tahar Layachi\Contentieux Archive\m.txt	msiexec.exe
File opened for modification	C:\Program Files (x86)\Tahar Layachi\Contentieux Archive\Project-Cnas.exe	msiexec.exe
File opened for modification	C:\Program Files (x86)\Tahar Layachi\Contentieux Archive\style.vsf	msiexec.exe
File opened for modification	C:\Program Files (x86)\Tahar Layachi\Contentieux Archive\ETS ..gif	msiexec.exe
File opened for modification	C:\Program Files (x86)\Tahar Layachi\Contentieux Archive\settings.ini	msiexec.exe
File opened for modification	C:\Program Files (x86)\Tahar Layachi\Contentieux Archive\sqlite3.dll	msiexec.exe
File opened for modification	C:\Program Files (x86)\Tahar Layachi\Contentieux Archive\Script\script.dcu	msiexec.exe
File opened for modification	C:\Program Files (x86)\Tahar Layachi\Contentieux Archive\sqlite.db	Project-Cnas.exe

Drops file in Windows directory 13 IoCs

description	ioc	Process
File created	C:\Windows\Installer\f765090.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\f765090.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI50DE.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI516C.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\Installer\{36280F18-1187-43A0-B42F-2B1180C291B2}\CNAS_logo.exe	msiexec.exe
File opened for modification	C:\Windows\Installer\f765091.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI5351.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\{36280F18-1187-43A0-B42F-2B1180C291B2}\CNAS_logo.exe	msiexec.exe
File created	C:\Windows\Installer\f765093.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI513D.tmp	msiexec.exe
File created	C:\Windows\Installer\f765091.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI540E.tmp	msiexec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E	msiexec.exe

Modifies registry class 49 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F5245C13-8051-F55D-984D-2142F178C80C}\3220029980	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F5245C13-8051-F55D-984D-2142F178C80C}	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\81F0826378110A344BF2B211082C192B\MainFeature	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\81F0826378110A344BF2B211082C192B\Assignment = "1"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\81F0826378110A344BF2B211082C192B\InstanceType = "0"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\81F0826378110A344BF2B211082C192B\DeploymentFlags = "3"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{039EBC99-9D1D-D4BE-0C34-81E64963D24E}\4008353651\{039EBC99-9D1D-D4BE-0C34-81E64963D24E} = "zMDg"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\81F0826378110A344BF2B211082C192B\ProductName = "Contentieux Archive"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\81F0826378110A344BF2B211082C192B\SourceList\Media\4 = ";"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID	MsiExec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\81F0826378110A344BF2B211082C192B\Version = "16777216"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\81F0826378110A344BF2B211082C192B\ProductIcon = "C:\\Windows\\Installer\\{36280F18-1187-43A0-B42F-2B1180C291B2}\\CNAS_logo.exe"	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\Interface\{039EBC99-9D1D-D4BE-0C34-81E64963D24E}\4008353651\{039EBC99-9D1D-D4BE-0C34-81E64963D24E} = "zMDg"	MsiExec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\Interface\{039EBC99-9D1D-D4BE-0C34-81E64963D24E}\4008353651\ = "Ta1szBtNJ8N"	MsiExec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\81F0826378110A344BF2B211082C192B\AuthorizedLUAApp = "0"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node	MsiExec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\CLSID\{F5245C13-8051-F55D-984D-2142F178C80C}\3220029980\ = "J3EMK5A7KSS8G"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\B92108D0BA225424DB1A5FF19787578F\81F0826378110A344BF2B211082C192B	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\CLSID\{F5245C13-8051-F55D-984D-2142F178C80C}\3220029980\3220029980 = "J3EMK5A7KSS8G"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\81F0826378110A344BF2B211082C192B\Transforms = ":1033"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\81F0826378110A344BF2B211082C192B	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\Interface\{039EBC99-9D1D-D4BE-0C34-81E64963D24E}	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\81F0826378110A344BF2B211082C192B	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node	MsiExec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\81F0826378110A344BF2B211082C192B\Language = "1036"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\CLSID	MsiExec.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\Interface\{039EBC99-9D1D-D4BE-0C34-81E64963D24E}\4008353651	MsiExec.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\Interface	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\81F0826378110A344BF2B211082C192B\PackageCode = "56C08D1D3A0B55E469B6D68418DB85E7"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F5245C13-8051-F55D-984D-2142F178C80C}\3220029980\{F5245C13-8051-F55D-984D-2142F178C80C} = "4RSNMXD2D77S"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\81F0826378110A344BF2B211082C192B\SourceList\Media	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\81F0826378110A344BF2B211082C192B\SourceList\Media\2 = ";"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F5245C13-8051-F55D-984D-2142F178C80C}\3220029980\ = "J3EMK5A7KSS8G"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F5245C13-8051-F55D-984D-2142F178C80C}\3220029980\3220029980 = "J3EMK5A7KSS8G"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{039EBC99-9D1D-D4BE-0C34-81E64963D24E}\4008353651	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{039EBC99-9D1D-D4BE-0C34-81E64963D24E}	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\B92108D0BA225424DB1A5FF19787578F	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\CLSID\{F5245C13-8051-F55D-984D-2142F178C80C}	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\81F0826378110A344BF2B211082C192B\SourceList\PackageName = "Contentieux Archive.msi"	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\CLSID\{F5245C13-8051-F55D-984D-2142F178C80C}\3220029980\{F5245C13-8051-F55D-984D-2142F178C80C} = "4RSNMXD2D77S"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{039EBC99-9D1D-D4BE-0C34-81E64963D24E}\4008353651\ = "Ta1szBtNJ8N"	MsiExec.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\CLSID\{F5245C13-8051-F55D-984D-2142F178C80C}\3220029980	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\81F0826378110A344BF2B211082C192B\SourceList\Media\1 = ";"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\81F0826378110A344BF2B211082C192B\SourceList\Media\3 = ";"	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\81F0826378110A344BF2B211082C192B\Clients = 3a0000000000	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\81F0826378110A344BF2B211082C192B\AdvertiseFlags = "388"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\81F0826378110A344BF2B211082C192B\SourceList	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\81F0826378110A344BF2B211082C192B\SourceList\Media\DiskPrompt = "[1]"	msiexec.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeRestorePrivilege	2592	msiexec.exe
Token: SeTakeOwnershipPrivilege	2592	msiexec.exe
Token: SeSecurityPrivilege	2592	msiexec.exe
Token: SeCreateTokenPrivilege	2476	Contentieux-Setup V1.2.1.exe
Token: SeAssignPrimaryTokenPrivilege	2476	Contentieux-Setup V1.2.1.exe
Token: SeLockMemoryPrivilege	2476	Contentieux-Setup V1.2.1.exe
Token: SeIncreaseQuotaPrivilege	2476	Contentieux-Setup V1.2.1.exe
Token: SeMachineAccountPrivilege	2476	Contentieux-Setup V1.2.1.exe
Token: SeTcbPrivilege	2476	Contentieux-Setup V1.2.1.exe
Token: SeSecurityPrivilege	2476	Contentieux-Setup V1.2.1.exe
Token: SeTakeOwnershipPrivilege	2476	Contentieux-Setup V1.2.1.exe
Token: SeLoadDriverPrivilege	2476	Contentieux-Setup V1.2.1.exe
Token: SeSystemProfilePrivilege	2476	Contentieux-Setup V1.2.1.exe
Token: SeSystemtimePrivilege	2476	Contentieux-Setup V1.2.1.exe
Token: SeProfSingleProcessPrivilege	2476	Contentieux-Setup V1.2.1.exe
Token: SeIncBasePriorityPrivilege	2476	Contentieux-Setup V1.2.1.exe
Token: SeCreatePagefilePrivilege	2476	Contentieux-Setup V1.2.1.exe
Token: SeCreatePermanentPrivilege	2476	Contentieux-Setup V1.2.1.exe
Token: SeBackupPrivilege	2476	Contentieux-Setup V1.2.1.exe
Token: SeRestorePrivilege	2476	Contentieux-Setup V1.2.1.exe
Token: SeShutdownPrivilege	2476	Contentieux-Setup V1.2.1.exe
Token: SeDebugPrivilege	2476	Contentieux-Setup V1.2.1.exe
Token: SeAuditPrivilege	2476	Contentieux-Setup V1.2.1.exe
Token: SeSystemEnvironmentPrivilege	2476	Contentieux-Setup V1.2.1.exe
Token: SeChangeNotifyPrivilege	2476	Contentieux-Setup V1.2.1.exe
Token: SeRemoteShutdownPrivilege	2476	Contentieux-Setup V1.2.1.exe
Token: SeUndockPrivilege	2476	Contentieux-Setup V1.2.1.exe
Token: SeSyncAgentPrivilege	2476	Contentieux-Setup V1.2.1.exe
Token: SeEnableDelegationPrivilege	2476	Contentieux-Setup V1.2.1.exe
Token: SeManageVolumePrivilege	2476	Contentieux-Setup V1.2.1.exe
Token: SeImpersonatePrivilege	2476	Contentieux-Setup V1.2.1.exe
Token: SeCreateGlobalPrivilege	2476	Contentieux-Setup V1.2.1.exe
Token: SeCreateTokenPrivilege	2476	Contentieux-Setup V1.2.1.exe
Token: SeAssignPrimaryTokenPrivilege	2476	Contentieux-Setup V1.2.1.exe
Token: SeLockMemoryPrivilege	2476	Contentieux-Setup V1.2.1.exe
Token: SeIncreaseQuotaPrivilege	2476	Contentieux-Setup V1.2.1.exe
Token: SeMachineAccountPrivilege	2476	Contentieux-Setup V1.2.1.exe
Token: SeTcbPrivilege	2476	Contentieux-Setup V1.2.1.exe
Token: SeSecurityPrivilege	2476	Contentieux-Setup V1.2.1.exe
Token: SeTakeOwnershipPrivilege	2476	Contentieux-Setup V1.2.1.exe
Token: SeLoadDriverPrivilege	2476	Contentieux-Setup V1.2.1.exe
Token: SeSystemProfilePrivilege	2476	Contentieux-Setup V1.2.1.exe
Token: SeSystemtimePrivilege	2476	Contentieux-Setup V1.2.1.exe
Token: SeProfSingleProcessPrivilege	2476	Contentieux-Setup V1.2.1.exe
Token: SeIncBasePriorityPrivilege	2476	Contentieux-Setup V1.2.1.exe
Token: SeCreatePagefilePrivilege	2476	Contentieux-Setup V1.2.1.exe
Token: SeCreatePermanentPrivilege	2476	Contentieux-Setup V1.2.1.exe
Token: SeBackupPrivilege	2476	Contentieux-Setup V1.2.1.exe
Token: SeRestorePrivilege	2476	Contentieux-Setup V1.2.1.exe
Token: SeShutdownPrivilege	2476	Contentieux-Setup V1.2.1.exe
Token: SeDebugPrivilege	2476	Contentieux-Setup V1.2.1.exe
Token: SeAuditPrivilege	2476	Contentieux-Setup V1.2.1.exe
Token: SeSystemEnvironmentPrivilege	2476	Contentieux-Setup V1.2.1.exe
Token: SeChangeNotifyPrivilege	2476	Contentieux-Setup V1.2.1.exe
Token: SeRemoteShutdownPrivilege	2476	Contentieux-Setup V1.2.1.exe
Token: SeUndockPrivilege	2476	Contentieux-Setup V1.2.1.exe
Token: SeSyncAgentPrivilege	2476	Contentieux-Setup V1.2.1.exe
Token: SeEnableDelegationPrivilege	2476	Contentieux-Setup V1.2.1.exe
Token: SeManageVolumePrivilege	2476	Contentieux-Setup V1.2.1.exe
Token: SeImpersonatePrivilege	2476	Contentieux-Setup V1.2.1.exe
Token: SeCreateGlobalPrivilege	2476	Contentieux-Setup V1.2.1.exe
Token: SeCreateTokenPrivilege	2476	Contentieux-Setup V1.2.1.exe
Token: SeAssignPrimaryTokenPrivilege	2476	Contentieux-Setup V1.2.1.exe
Token: SeLockMemoryPrivilege	2476	Contentieux-Setup V1.2.1.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
2476	Contentieux-Setup V1.2.1.exe
2476	Contentieux-Setup V1.2.1.exe
340	Project-Cnas.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
340	Project-Cnas.exe

Suspicious use of WriteProcessMemory 35 IoCs

description	pid	Process	procid_target
PID 2592 wrote to memory of 2520	2592	msiexec.exe	29
PID 2592 wrote to memory of 2520	2592	msiexec.exe	29
PID 2592 wrote to memory of 2520	2592	msiexec.exe	29
PID 2592 wrote to memory of 2520	2592	msiexec.exe	29
PID 2592 wrote to memory of 2520	2592	msiexec.exe	29
PID 2592 wrote to memory of 2520	2592	msiexec.exe	29
PID 2592 wrote to memory of 2520	2592	msiexec.exe	29
PID 2476 wrote to memory of 1608	2476	Contentieux-Setup V1.2.1.exe	30
PID 2476 wrote to memory of 1608	2476	Contentieux-Setup V1.2.1.exe	30
PID 2476 wrote to memory of 1608	2476	Contentieux-Setup V1.2.1.exe	30
PID 2476 wrote to memory of 1608	2476	Contentieux-Setup V1.2.1.exe	30
PID 2476 wrote to memory of 1608	2476	Contentieux-Setup V1.2.1.exe	30
PID 2476 wrote to memory of 1608	2476	Contentieux-Setup V1.2.1.exe	30
PID 2476 wrote to memory of 1608	2476	Contentieux-Setup V1.2.1.exe	30
PID 1608 wrote to memory of 2212	1608	Contentieux-Setup V1.2.1.exe	31
PID 1608 wrote to memory of 2212	1608	Contentieux-Setup V1.2.1.exe	31
PID 1608 wrote to memory of 2212	1608	Contentieux-Setup V1.2.1.exe	31
PID 1608 wrote to memory of 2212	1608	Contentieux-Setup V1.2.1.exe	31
PID 1608 wrote to memory of 2212	1608	Contentieux-Setup V1.2.1.exe	31
PID 1608 wrote to memory of 2212	1608	Contentieux-Setup V1.2.1.exe	31
PID 1608 wrote to memory of 2212	1608	Contentieux-Setup V1.2.1.exe	31
PID 2592 wrote to memory of 1400	2592	msiexec.exe	32
PID 2592 wrote to memory of 1400	2592	msiexec.exe	32
PID 2592 wrote to memory of 1400	2592	msiexec.exe	32
PID 2592 wrote to memory of 1400	2592	msiexec.exe	32
PID 2592 wrote to memory of 1400	2592	msiexec.exe	32
PID 2592 wrote to memory of 1400	2592	msiexec.exe	32
PID 2592 wrote to memory of 1400	2592	msiexec.exe	32
PID 2592 wrote to memory of 768	2592	msiexec.exe	33
PID 2592 wrote to memory of 768	2592	msiexec.exe	33
PID 2592 wrote to memory of 768	2592	msiexec.exe	33
PID 2592 wrote to memory of 768	2592	msiexec.exe	33
PID 2592 wrote to memory of 768	2592	msiexec.exe	33
PID 2592 wrote to memory of 768	2592	msiexec.exe	33
PID 2592 wrote to memory of 768	2592	msiexec.exe	33

C:\Users\Admin\AppData\Local\Temp\Contentieux-Setup V1.2.1.exe
"C:\Users\Admin\AppData\Local\Temp\Contentieux-Setup V1.2.1.exe"
1⤵
- Loads dropped DLL
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2476
- C:\Users\Admin\AppData\Local\Temp\Contentieux-Setup V1.2.1.exe
  "C:\Users\Admin\AppData\Local\Temp\Contentieux-Setup V1.2.1.exe" /i "C:\Users\Admin\AppData\Roaming\Tahar Layachi\Contentieux Archive 1.0.0\install\0C291B2\Contentieux Archive.msi" AI_EUIMSI=1 APPDIR="C:\Program Files (x86)\Tahar Layachi\Contentieux Archive" SHORTCUTDIR="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Contentieux Archive" SECONDSEQUENCE="1" CLIENTPROCESSID="2476" CHAINERUIPROCESSID="2476Chainer" ACTION="INSTALL" EXECUTEACTION="INSTALL" CLIENTUILEVEL="0" ADDLOCAL="MainFeature" AGREE_CHECKBOX="Yes" PIDKEY="539-499" SERIAL_VALIDATION="TRUE" PRIMARYFOLDER="APPDIR" ROOTDRIVE="C:\" TRANSFORMS=":1033" AI_SETUPEXEPATH="C:\Users\Admin\AppData\Local\Temp\Contentieux-Setup V1.2.1.exe" SETUPEXEDIR="C:\Users\Admin\AppData\Local\Temp\" EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1713789368 " AI_SETUPEXEPATH_ORIGINAL="C:\Users\Admin\AppData\Local\Temp\Contentieux-Setup V1.2.1.exe" AI_INSTALL="1" AI_BOOTSTRAPPERLANG="1033" USERNAME="Admin" TARGETDIR="C:\" ARPSIZE=22448 AiProductCode={36280F18-1187-43A0-B42F-2B1180C291B2} FASTOEM=1 /qn
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1608
- - C:\Windows\SysWOW64\msiexec.exe
    "C:\Windows\system32\msiexec.exe" /i "C:\Users\Admin\AppData\Roaming\Tahar Layachi\Contentieux Archive 1.0.0\install\0C291B2\Contentieux Archive.msi" AI_EUIMSI=1 APPDIR="C:\Program Files (x86)\Tahar Layachi\Contentieux Archive" SHORTCUTDIR="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Contentieux Archive" SECONDSEQUENCE=1 CLIENTPROCESSID=2476 CHAINERUIPROCESSID=2476Chainer ACTION=INSTALL EXECUTEACTION=INSTALL CLIENTUILEVEL=0 ADDLOCAL=MainFeature AGREE_CHECKBOX=Yes PIDKEY=539-499 SERIAL_VALIDATION=TRUE PRIMARYFOLDER=APPDIR ROOTDRIVE=C:\ TRANSFORMS=:1033 AI_SETUPEXEPATH="C:\Users\Admin\AppData\Local\Temp\Contentieux-Setup V1.2.1.exe" SETUPEXEDIR=C:\Users\Admin\AppData\Local\Temp\ EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1713789368 " AI_SETUPEXEPATH_ORIGINAL="C:\Users\Admin\AppData\Local\Temp\Contentieux-Setup V1.2.1.exe" AI_INSTALL=1 AI_BOOTSTRAPPERLANG=1033 USERNAME=Admin TARGETDIR=C:\ ARPSIZE=22448 AiProductCode={36280F18-1187-43A0-B42F-2B1180C291B2} FASTOEM=1 /qn
    3⤵
    PID:2212

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2592
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 99D0F5155FCE815EB624F80032932727 C
  2⤵
  - Loads dropped DLL
  PID:2520
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 33A0CAC9B25286AD42DFA5D924DE43C1
  2⤵
  - Loads dropped DLL
  PID:1400
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding ADE1037138185105DB960E2414BB4DA8 M Global\MSI0000
  2⤵
  - Loads dropped DLL
  - Modifies registry class
  PID:768

C:\Program Files (x86)\Tahar Layachi\Contentieux Archive\Project-Cnas.exe
"C:\Program Files (x86)\Tahar Layachi\Contentieux Archive\Project-Cnas.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:340

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\f765092.rbs

Filesize
13KB

MD5
d24a773ca19cfea9794e805f346e4fbb

SHA1
be38fbfedeea61c329f7346c381472729cfce104

SHA256
328dceb993aefe11b6c117e44862ac26f0d49f79c8ae61b027b413d812eefb13

SHA512
619235d2c05cee7cb54dfe4c69e7b0b9d75ce366ae80380d3901432328d01a6ab5d2fe0efd8ef9ebb4e087995b6dcffd8dbdf6ccdac4cf20c0b2aa44f32df4cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2476\CNAS_logo.png_1

Filesize
274KB

MD5
c3a01fd47fb03f16c5a4b1b077a409a3

SHA1
b6a4c773d953cedb59923d3824a4924a0b8c2c63

SHA256
0caf1dd2832d5c50b5bf46cdab517f59418198510b83aadeddde43bdbf3451cd

SHA512
26e45afe8360776591e7c5281ffa7afb04e7bc708c21ebf0d54a1a1b6df3e631aa2e171d2de21040ead543b37ac464375cfa08bb44a56cff18be02876ee244b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2476\PrepareDlgProgress.gif

Filesize
83KB

MD5
5b220ed3af6506b13e81b96cfb58bf10

SHA1
0cc134ba8b94374ea37109623a25abe65cc68c0b

SHA256
48cfcdd1a4215c4a3ec17b198c1f67b555434cb4e4221ff3e908e94eb8af77df

SHA512
c79382c9830d2eec93686a0053c8de0d3001f81f7fba3ee99d5e24df0bb1649a255fccf0d6e3eb73e177008d6d7dc5dc17677b648464988c87278a5b41b70979

Download Submit
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2476\ProgressImage.png

Filesize
1KB

MD5
660d0d51a40373917bdea7af347178b4

SHA1
b7c58a285accacc385740b0ab0d1f58c04c4efec

SHA256
c086a35cecddc71d31ce8eec77eacacca7371933e3a394738b1f1e8a99d3e18d

SHA512
44eb7806387dc076cc6ab881007eddfec774789afb1abc1132059aa0a444b0d6cb6552b7b57b253dd6051f8787f3a6c86699d68dc48fe9f02a1e61f6d6f2611f

Download Submit
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2476\backbutton

Filesize
1KB

MD5
33e7154f73fc7ab232b5d708a819afe5

SHA1
99f5e313c25cf0f3f38affbec5cde005ae3dc73c

SHA256
7302ecb1976b7c45e04d29b9a1577f4f687d20be5c859a8da3f8e37a2ad3e4d0

SHA512
b15c669d0b80e6c7219fa2e5d8080b3ae4fc46816b1c33d5dbc26eb38b046521a0be1f7be7aa416af9352ae26205d9a9709baf90d612d761675aa05f07be3b38

Download Submit
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2476\background

Filesize
15KB

MD5
dd080b5c2ad07f1c28c0ba363bf1c8a3

SHA1
e4d1fa39b6dcc59483b6f0ac347279aca17be2bc

SHA256
607105bfd33883d74fb67e8daf7af8a2e4d4cb03f1ea50b0e1f296e0baf2a591

SHA512
c6a4c8cd2e729a822f1a6d1bef1de2637b6d4a5c404275607678c214ba24495d57fd0ebc00c73f930c3e17f225202287ae516d74a9ccd6d10a9added0858544f

Download Submit
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2476\backgroundprepare

Filesize
1KB

MD5
a56562e529ec8ace4299b6ca58f48d29

SHA1
48b23d0c88524b1797a7fac97f90e523b922abd6

SHA256
523c9a5db636bb6d98a8c40b0464b6badb136e271e1a2c6afb0a5bdcadb3a5f3

SHA512
04c8a79a73edd238ae69257b9b56910060817c9571c040dac0a0da0c1f38ce7f79b30d73cfb24b34196d6c6269d0e787c62245caa8e8ed62c4fa6652d71deb30

Download Submit
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2476\browsebutton

Filesize
1KB

MD5
675c848fa02c9296259a8a42ea31f3e3

SHA1
c708e6cd80415a1a17034dbd12d18a044fe1753d

SHA256
811c37fc0d1df4f12555d0f5063255c19b2c7c282668b4ad67359719fa337f91

SHA512
ae448a271de22a9d5990e0d43cb0fd06d32a4b95f10734642b80f8b01cf61b8149102540f7f01729c5f7c5522353551381cd9e8bf231084fcbd5a7100b54cfa8

Download Submit
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2476\checkbox

Filesize
1KB

MD5
bae77a0a593f9bff787cc39850fe2014

SHA1
3299fad33abd7f53b6255c62d858711e8eefd3c9

SHA256
3d23e74921dd9392670b5778eb618ac53d662d085028874ce46a54312598698a

SHA512
afc973e2091aa703e819826b40770af90838a33155b696d400e46137edf6e99406afcc8551928f323e4efad730e0374693d0ac7db4a69d4fd6c989c8208f683b

Download Submit
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2476\frame_bottom_left.bmp

Filesize
68B

MD5
1cef5b3ff43a4e87e58088cbe3e7851e

SHA1
470d1b47e3e60686f3293f7bdb124b18efddc55d

SHA256
5b5b95289382e7def584161b81b82efea12e972c826d7aaf1dee736fd057801b

SHA512
0038930c9c88e906a7d22d08ce389274ff18a2479fc7404c849fa9002b816349f2289f7b1e91cca80d22b1df26ec0f489490dac26981d660e462a0d7ae6cc188

Download Submit
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2476\frame_caption.bmp

Filesize
88KB

MD5
4a0f94765bb7cc50221ae0f66880a7d7

SHA1
cc32997399a6d143b44d8c39f4b516815bbc74fd

SHA256
1ea7778f177b6a636d39a071eff09dca26060f553629a2c8ab819a0b5835c9ab

SHA512
ded501d83a632c50e2d7203cbf8630f02001db31cae0a7bf7015b57d9f898a92aeb52c8cb8c408732a9393fd2101d2e9a79414abb1968b055a8bf7b8b310e46c

Download Submit
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2476\frame_caption.bmp_2

Filesize
206B

MD5
bb8ce281f6ca88c0a8b6313cafb85104

SHA1
b4f24a8ccb7a8c73b05ce5e9d218fb994aa4f343

SHA256
7653de9f798df64b3851330f6676bc7079cbee10fc26e107bec39e912ad500d2

SHA512
9a390cae4dde1aefabb17192a8d52ca7830df99e1765e00bc4e57ac40b8ac94076d01e2d836719d7de2cf0d91bdb02c7731f1f8da92dff35dd1b1dd6b0316634

Download Submit
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2476\frame_left.bmp

Filesize
68B

MD5
5db185cdc1e0735a4af93ff49c550bae

SHA1
33ee079b1f395d463e84ba0408c97a3b61efbfee

SHA256
b6e2b93cedf7b43a07e64a3838446061d57119a961909097bdc8c1bcb000dc19

SHA512
ef8b969dec103f3e106c21b5c27d86f94112b689360413e161618e3e252e03e060d0b7cdf1e8adf764066ebc7257a35171891423871319a28993efd98d3444ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2476\frame_right.bmp

Filesize
68B

MD5
e0a3a0b360a40beeda10be0da33f0503

SHA1
dfb72f6db6b74dff95fd9d9c4a3b0bdc5c9f1d48

SHA256
c512ead7464f8318f63d54e7264f1e9733d785c40acf01fa9ccd8eab3dac91ad

SHA512
443ed37054b2f7512b1a8b3e08a89f26947fb09bfe3abbc104a365e2447eb05273a944ae2bf03fe0d33a1cc7cc6616398ea754acbf635af30d28a1b55db5ea39

Download Submit
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2476\frame_top_left.bmp

Filesize
156B

MD5
c412607c70f5d9e0a0f872c0739305f0

SHA1
fd4f0671b53cffd735ad66ade9817d0c0c9c4fa1

SHA256
8a4350b8f23ebc0c51d0d84fa16958e0acf5ebc0f7b0dbf29eaa069e1dab7d61

SHA512
f9e573ab64f0a85e85f068ca72549c1d6c99be6d92b64bb5077db6c93d193c0bfa7d7d7fe698c429e3714dc55fd6c5f5077426c16849af6048173aaaf9e65ea1

Download Submit
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2476\frame_top_left_inactive.bmp

Filesize
156B

MD5
e13ed3570b2128949468dc9daa75f192

SHA1
1356b4b7199389fd66fe1b23d2df8f9806e7616b

SHA256
c4d82103587a6dd28f8cfd991d8ac28ba01c01ea9c73731c6605b62b46079e27

SHA512
6261361213e8c90d73b5f08e7e3ee9350ef901e362ba64aa0ab911da9a244695100c54e15f35eb1fa600aa1a4478b4e9e45710243aa2d5abdd63aa98a9a077e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2476\frame_top_mid.bmp

Filesize
68B

MD5
2d980e9bd3325d02cf4afcbb58c3577d

SHA1
7c215812ca0eea29a7918b1286458f1d5f12f11a

SHA256
d30d36a69debea730e8da799323ab1e1c1073865a7280dbf8a9890a869672e9c

SHA512
4ab6f2bb796c5509cf48212efeac378c90e077c017c87141e8aeff1978df3f5da477006f1cdb454bbb08b7642eba4624c3735ecc9f1655dcd108b2531fb4eadb

Download Submit
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2476\frame_top_mid.bmp_2

Filesize
7KB

MD5
e438ff5a6b5efa8441c7a61d69d0ee51

SHA1
e867f5e54db466cbd58b61b93c3bdca025c6e031

SHA256
ce7276d242136e4016e61606745806971d5a2a09bfdff3f615720d60398b6266

SHA512
33abbd4d7d8b33c2e647798bc9897e7ed2d70d903524b3f287f5c6435829d6765ba4ac70ec9466ae96a8b379954450cc4052f15a72a4ff0de2da555cef815031

Download Submit
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2476\frame_top_right.bmp

Filesize
156B

MD5
10c2ed5eabc7695aca82ae2126169f5f

SHA1
b00f5d30267525a394384ad7ff4df3888640340d

SHA256
28055d7d441a9e92cfc12123d434bfb71c1144469cedc69f586046c430015df4

SHA512
2e26580d6124025085b9f109bb0932c9c23b9ddddac8035c963102f6819a24b359e8c8cfdc2d042832051f4822b41c3aa6a81fbaf840fe53e7ba4d8bea8c2fdd

Download Submit
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2476\frame_top_right_inactive.bmp

Filesize
156B

MD5
2d18426a7059b8dfc2ca1993b57393a3

SHA1
57501741193dc9a955ad146bb17f91897556bf39

SHA256
7cb038122acbcc4f73841f848d09d421c737118346e778ecf9264b97803c8869

SHA512
d2ba34e2012ae633410c406a3ed306043b2902ed3ad4037a068e6ab4379b63fdcaca4878758fe3d3fd91d1bffa756d27f8b32820df2c256dee057fd726749cd1

Download Submit
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2476\metrobuttonimage

Filesize
1KB

MD5
66d40451b410083704c371bb57054a8e

SHA1
3d13dd054bd64a71afc9dc07f44f6996bcb25f93

SHA256
a32e2971cae322090cd27561cf085a78ace833bde8b3f2e24995648208123161

SHA512
5e4f1611f03cbbc07d9ced9d7ec039e002081e65a31ef0f542c82657a0cbfce2f6a196dcfbb8afec0d3b40475ba23a649a7b8cf48e7e92fcd4529001c91f7616

Download Submit
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2476\metroinstallbutton

Filesize
1KB

MD5
5522d0b26476ef23f9070b83858bb212

SHA1
8903e25010335d1891e1372758144e271a906699

SHA256
ff014495dccc52793019e028349c9b76151f0e5a0adf8c87d0e603eee226aec9

SHA512
2264c3b4d7813a6870eea74a46b24c33cd78257de8318f2d6a7467c0e1adcba9e47962a0686ae5af23fb6c3a346d038432568dd2b8058b85d1dc12f3abbb1cfe

Download Submit
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2476\metrorunapplicationbutton

Filesize
5KB

MD5
59ecd86187f8c34b5f810ec01e76d177

SHA1
df3803a83386d1ad602bde1f08a2037f547ea094

SHA256
c90e145c7f16a79b43a02cad4747b2e9d7befa7c4d7b3f50bd80db7db552d4ad

SHA512
ccf0355ad64724d3b794a0c0e14896e51bbe1941d8143e78701cc940a5565ff541ff7d10508ed446c53d99bd470e51e6873a59a9ef33444e7dcb10b88684fbd2

Download Submit
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2476\nextcancelbuttons

Filesize
1KB

MD5
c13bb1ddb666449d5c956007b1c9232e

SHA1
158d61d0c990cae73fa840316bcdcf0a74feeace

SHA256
14103760f6d3209939360ff63f19d40391db26a9188dff91629865c890c1fef1

SHA512
7dad2c2f3bed0c483baf3f0a9700dcae8a71f0f57dc84b32a6f66ff4cb07916fb041ee3262e2e35537e6586de3c3701d28b18bf9065d0a14f3296da8c56aeb3d

Download Submit
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2476\runapplicationbutton

Filesize
2KB

MD5
c8cdae1fb8344adb8a2a86195ea9b404

SHA1
a0acc09b6fd469a10c5ddbb1c2f99fdaf54b104d

SHA256
fc8bf7646b06c0d68976ca45d7df4fb0f80b2cc71c3f191b35c78c1dda647f95

SHA512
822e18a6e15b105dc5547c22d219752e5d8b01432589282f12cfafec4d022a974387952a618a1d643b138fe80cf389fef37b0a88731d62ab2a7e15fd0b4e5e61

Download Submit
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2476\sys_close_down.png

Filesize
1KB

MD5
6547095238169a8996005594fe8155fc

SHA1
1e15547310658f97192c1eb92b18c1bb7f502407

SHA256
60513ded8390b9aa54df3a84ca1e6b6c3cdc3b8fe5c6d00dc1b82f921c9ce433

SHA512
cc592c5261104fa30d2fe3150bea13c513fbe72186531221e047ebf136c297d858034562f656a2b8b6798369d764c867c578f7578f85fa2ec9c110061cedc44d

Download Submit
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2476\sys_close_hot.png

Filesize
1KB

MD5
abbad19ebed15a77b083fce3b2a517ec

SHA1
20a243823f5b5e1b8ff11ed62ad37f9727163d0b

SHA256
c79462341b58b6a6cf2ecf43ade8161d75143e46f98e6539b402c045ef669146

SHA512
3f554316904e9ff2f980991dd6df706ce96800d0a2b180e907a8c117c774fdceddfe92ba6116c2ce3c6f359d47d2a61c60f4952cff0ba15db936a3727c2a7ef7

Download Submit
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2476\sys_close_inactive.png

Filesize
1KB

MD5
aaa567b83727fc40b9231ac1e3920dc8

SHA1
e7981226cbbd55db81b7790e2c5b571f5bb31828

SHA256
339645bc241b0d791ae499521c83c5f3559d16c063d2b77f40abba5fbd5044bd

SHA512
b88dad2b8048ea25130c4f741799d21060efa8e95ab81e5a61a8058e687d3c30e8c7c752056cea9878d44b003e530d4bf6cf26506246f65843bee8807ff9b4b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2476\sys_close_normal.png

Filesize
1KB

MD5
ec2e2e864b793c3ae5c7f6f1b55df503

SHA1
a200a74a1d11fd1c1bb8ec754e7dcd13167720fd

SHA256
5a95b93f98e0312fe3d33b333f9a2f0a7e96f90ccfc186c9015bded802d35f7b

SHA512
73adf1d2c141a8fd40fe2afac153b9e03148a6fcb1f5fa8d48fd9c4571558f573bb7dedd85f91dace82830f312f4bf8bd0446829732ee52b5b7c13d9b5a5e9bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2476\sys_min_down.png

Filesize
1KB

MD5
cc9bdb3c4f1adadb5c805d621ee999d7

SHA1
094052ce56c3b399b3563036e94b0d09d16197f6

SHA256
f4477eace83dac5c587375cc025eacf4bd2823010eefb57dc9258b2df4fd5a41

SHA512
88a27db9e4450db9f3ca848d79bc8035e7c5e52e051214caf625f5c90716187d677e757374afe9f9fdbad29a6228fab8d0f10877573cd118629a4cc8d7354d43

Download Submit
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2476\sys_min_hot.png

Filesize
1KB

MD5
6853f33402f224fd3315305a2427e4fb

SHA1
e4a193fe67bd2c544b17f2068cad47e7b990d4d5

SHA256
41085ab3743448f20af63ac18e195f1c63e0c340e6a1be7cc63536186f708db7

SHA512
05cd4881a5e28559966e7dec514e5a320d613e4339a0df3f7b6837f98f77bdbf08e4d4c2ec14c79f97db9d337e962454eacbd2c3bc053eaf6a53b2eb28721793

Download Submit
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2476\sys_min_inactive.png

Filesize
1KB

MD5
763976675af158ac99badb49ef6b960c

SHA1
a9d40aca71ac746ddda9f42a72a7f5e1beb2597a

SHA256
6c2ad1bcf49a2764a9c635816b9c0bb6f6aa7d1350b2db5df4545d5b12e28e1e

SHA512
2193a827c8b22c3381e706d77212567a24b4723ef30dccf46ed523b20698d4a56e697b5563cc721cc1c3502fe71bbf6063dbb2e0494ae6a216a3e1eac2a8ca50

Download Submit
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2476\sys_min_normal.png

Filesize
1KB

MD5
cdf163781d4badf4ab644554829d0826

SHA1
87f7c4801eccffd83aacac159854d0176b3601a8

SHA256
923036eb5a02e6c255abf05105af02a64c2bfe6e1a7d386a93130ce2747b852b

SHA512
102a79e8829399c8762364d2d24d42748095d0bc0b69cfb368ac3c882970c731e3412989d1e99382701c7718c0ac7b3e2fbabd74576a8904c16edc7b4a2cf903

Download Submit
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2476\viewreadmebutton

Filesize
3KB

MD5
4855d9c07a7b2d04fbcdea0b28a9d046

SHA1
2fb30180c98b84929f7b41c2945fc61f72f7e82e

SHA256
adc7b43c693607672a8026cae904857d5c305eb9718ae250fd558f488b42a68d

SHA512
d2e43f483065e92fd0401eb8ee914f5945adf2a5e2d9808da1f5075d4a62752dac37ce8043f316534ef87e60c0aac0e1cbf618bed9ed6f46cf51b4579f672a11

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI17E4.tmp

Filesize
738KB

MD5
36cd2870d577ff917ba93c9f50f86374

SHA1
e51baf257f5a3c3cd7b68690e36945fa3284e710

SHA256
8d3e94c47af3da706a9fe9e4428b2fefd5e9e6c7145e96927fffdf3dd5e472b8

SHA512
426fe493a25e99ca9630ad4706ca5ac062445391ab2087793637339f3742a5e1af2cedb4682babc0c4e7f9e06fed0b4ed543ddeb6f4e6f75c50349c0354aceda

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI4F51.tmp

Filesize
402KB

MD5
6a66fa74e5a5fffe1661955dd4abaabb

SHA1
7c060b49b21a8f5e29cf878b89c03a75bd0d2882

SHA256
15a404485f416680ad8d2e730fd7b132a295d89378cb320d5ecbd5208d3b214f

SHA512
449ba20101357df98fb4e7cb76379078fd06698c9b36fe762f5896b235c272ae7d7e84d5bb1d96f596c5ebcf8213e0f50d994e12c54c652e6df55e5927f4507d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2297530677-1229052932-2803917579-1000\292214a3400be3313442dbbfa90ab4a9_63be8c66-23f0-4400-84bb-c1a439222555

Filesize
59B

MD5
02974fbe5a9437ab54509ab540d1ccc2

SHA1
acd9c185673ed8f1c77204a9eae0170aeb22d478

SHA256
90ab4c87d9e4c2158731ebc2bacb0baa4216cf2f3897407be151873b4880814a

SHA512
1bb7edbb76235d9205ff3000df23bd41d2e373ada9fa050a6402ecc070fef557fd161350758f29e854ef94270a1c938a10399cb6339640ecf5652334278f94e6

Download Submit
C:\Users\Admin\AppData\Roaming\Tahar Layachi\Contentieux Archive 1.0.0\install\0C291B2\Contentieux Archive.msi

Filesize
3.6MB

MD5
92969aca5543a28d6c18d418e47decc3

SHA1
05fd41a862bf0f6dd3d1d72e8e20c29ceadce26c

SHA256
c2c2b15977de4973c25d6da4658be21227ccb395a0a5e3e4e6a59725d043f783

SHA512
bafec79250e34a12b0dde9803cee88ba644d910cd338bc4bc92b25258613018130ccf5dacd82893d70aacf300ebd4c5f4a1204fa2df94c31478099f7c3afb49e

Download Submit
C:\Users\Admin\AppData\Roaming\Tahar Layachi\Contentieux Archive 1.0.0\install\0C291B2\ETS ..gif

Filesize
7KB

MD5
e015894ea6724605a77bf4ced9a42260

SHA1
ece7a914b07626594b46dff01b946b649674b542

SHA256
594eaf85d7768f2a6bf8f60eb6a26c5f0391722e7ad1a37e3bd6ca7e17c35713

SHA512
80465d07ad0a7c6983ee95ad43c90ef1c162a7f4d2495a5c582d6d3ae36cba4bff529afa341c122671c92c5942c03e41db412b2b055d0ecada8c5e4bc64d9d40

Download Submit
C:\Users\Admin\AppData\Roaming\Tahar Layachi\Contentieux Archive 1.0.0\install\0C291B2\Password.txt

Filesize
37B

MD5
ebbfd22721495eaf5cc85c2c03384fdd

SHA1
15c298b12a444a16103ef5919550212136723392

SHA256
f4a34685bd1b65d42b3d8f997cf326e46794e3ecbb5b375fece958068d188715

SHA512
453f874bfc1dc24436b589b150b7f16123f0468746de4afcac288350434318407cedf117e74164de22a6bcac7209166838bdd7086f4b681c8251eb4254f29bec

Download Submit
C:\Users\Admin\AppData\Roaming\Tahar Layachi\Contentieux Archive 1.0.0\install\0C291B2\Project-Cnas.exe

Filesize
19.2MB

MD5
c4ee58aa296c185b2c2db21ec05a5111

SHA1
59cd0021148102db8b0a3d28e1beed24d06eaaec

SHA256
456e603c11ac1dc431f2c459b132b590b1b0efc3186df8b5504ad001399580f2

SHA512
c77d19c8f8cabb3e675d807ceb6a7a6a046b97863c9a398e68e2639f4240c3ee04fe66472358b91772f9d86d05c572bc5d6b009009c489fb44021724caabab06

Download Submit
C:\Users\Admin\AppData\Roaming\Tahar Layachi\Contentieux Archive 1.0.0\install\0C291B2\Project-Cnas.vdb

Filesize
59B

MD5
a60378948b0783841ee1d1f0fd847e7e

SHA1
75ed4ecd33d31a350c8aeaaabe879d015bf54757

SHA256
0ab139af924d469dcfbc0397a41779ccb1a7c177d388886a03655a791ab88c18

SHA512
a03558e98e9be7cb4483999f86db99035dbd9df24dec16960abef2d961178d2297b499735daa875746992781568c044e5a02b3e4fb8ebdab71956768ef03f60a

Download Submit
C:\Users\Admin\AppData\Roaming\Tahar Layachi\Contentieux Archive 1.0.0\install\0C291B2\Script\script.dcu

Filesize
5KB

MD5
e8db8666e84588b428eae52664938abc

SHA1
b74ea1433d8b7219265c4a42ce10f40b5ae5e14c

SHA256
cff61a470cf0fa0106dc6243e03c3690e31b18ac98ff411d6bed88b9c4abbadb

SHA512
dddd0a3c27ed200c2c7507c06f77b010d071a5ec01b8902e898846b5291e4e42db38f338b9859f316d9c0ff448868c2006f5a57d1f2a29ede4a2fbbecd8e91ae

Download Submit
C:\Users\Admin\AppData\Roaming\Tahar Layachi\Contentieux Archive 1.0.0\install\0C291B2\Script\script.pas

Filesize
1KB

MD5
a70eb7834f2641413a1daedc64653c51

SHA1
31782b49d9effda1b5e5ec16b29ee6155878ab63

SHA256
9601052bcb1e89210f2c8f826c5eeaf94ca2886d4003664c002ff5a5511efd0b

SHA512
a00692c12e33c1291304ce6f8a11a9d99433d598e22a7023beebd2050330bfe7761173740b298aa93173c46083ca7fb0cfd2b180a4d5fe41f396d80ff08c435b

Download Submit
C:\Users\Admin\AppData\Roaming\Tahar Layachi\Contentieux Archive 1.0.0\install\0C291B2\Trial.dll

Filesize
760KB

MD5
1af2f4e5e4ea5ba52d548f54cefd2ad5

SHA1
4fd06b4e4ce72997ffe0994809197e4c4b9f8eae

SHA256
5c34b270915f27d8f9388c0ba0ecb01cffb6182f340645d966d564c0d423dce0

SHA512
00dff337dcf233f30ffdbcc2cb3e7fcf2315ba698fd20b391d2d421bcb1be22cd1222dc8a4182ab867eb74bfb02a272a6f3af0786d5166e90f8c2a88ae08d9b2

Download Submit
C:\Users\Admin\AppData\Roaming\Tahar Layachi\Contentieux Archive 1.0.0\install\0C291B2\cnas.ico

Filesize
131KB

MD5
a5935daed4e0a78b752c7490b1e3815b

SHA1
9b2be4d531805ebd480ea9189e028817d1d09278

SHA256
7160fce9087df836945b093fa2efc5ce357334faaaaadd729cd79ee7269b322e

SHA512
a189454c965bb685257d2c48c4dac4001e9e00ac95b573aa38962c2a03f3647374d24702c1dfd531c9accbee73b05a9aace803e1a129e0869d63cb7d9f0252c2

Download Submit
C:\Users\Admin\AppData\Roaming\Tahar Layachi\Contentieux Archive 1.0.0\install\0C291B2\cnas.png

Filesize
117KB

MD5
92ef9fc3434088f98b39cdc62d1379cf

SHA1
f2fbae1dd293d456630c23909858996f777ec9d4

SHA256
c9ee64a1c9fe984fbb4ed44712ff67057f5fb803ab011061dac27ca185eec05e

SHA512
596ab0634f03bd1d87ca628daae409cc899e40afc62005ce097546fd3464ef6a47a48b41da4ae9c76b39a9525088c101fc99d5132b3c34a561d6841c06a768ac

Download Submit
C:\Users\Admin\AppData\Roaming\Tahar Layachi\Contentieux Archive 1.0.0\install\0C291B2\dbschema.ini

Filesize
190B

MD5
3e971f1ecc2f44b31a7b5ded06aa9183

SHA1
f2519eb24a6fd16285d5be0e52f2b0eeb2d340de

SHA256
a732bd0664c05b42534faabf369758619f4a835f95316a1215092080e75f3d1d

SHA512
4659cdb8a0554e53317e6f630c5a6848aee4720db0f3b89d2e429776460e80a6d56d424e5659abee7edb5d653e5d870577cbbe2aaf111e205d96082ddb478e2a

Download Submit
C:\Users\Admin\AppData\Roaming\Tahar Layachi\Contentieux Archive 1.0.0\install\0C291B2\forms.xml

Filesize
94KB

MD5
7ffd4c344ee068da47bd5c0325d9a291

SHA1
b190d62e996b51eae5db817468613433b44e33f8

SHA256
975e797ab450d67b9afd991e385b7ff6082edb5321e22a67f04a772a7999ff71

SHA512
babffbcd7008c95505cea69cee211826f0ae06087f3473e803771106aa6a3cfdab77c23e630635ab10604271c4bc1027694504c84ae8e55122be514fd6c9195a

Download Submit
C:\Users\Admin\AppData\Roaming\Tahar Layachi\Contentieux Archive 1.0.0\install\0C291B2\graphics.dll

Filesize
799KB

MD5
f3aaf1ed4e22926f8e5ab70066adf04b

SHA1
c590a2b824d09ab6e38c20c5b3bc86ca69da9631

SHA256
f3aa1d388bbce07f368fbc5f5ca73d60d521a348a4ec9c187d0cd68bed157082

SHA512
2b9556586cc56d6b8ab9a04185067d30b64514a9e38b95bd4658ed420786277ad60be167431519d4a8f0299394f34c24c414943aa19d3c3afd498d3c56119f10

Download Submit
C:\Users\Admin\AppData\Roaming\Tahar Layachi\Contentieux Archive 1.0.0\install\0C291B2\m.txt

Filesize
28B

MD5
a6092b41b74f55b9191540a9edb64948

SHA1
eb54733f259a828464e7eac39a595ea210d882dd

SHA256
2fd377c49a26cd33f5219d2787a71c72e561dd3d30278d85e6c98fb28a971a7b

SHA512
ec34551becd21082aa1cbaf2dfe21ae3aa36a4fdf8aff9f5603be197a7f8fa4e9227ccbdc43caea258580922dcb2f5402e5fa39c19a81073d460f6257093a89b

Download Submit
C:\Users\Admin\AppData\Roaming\Tahar Layachi\Contentieux Archive 1.0.0\install\0C291B2\settings.ini

Filesize
280B

MD5
b5bbd1b76bfa9d74ce896c814a9f7785

SHA1
d59354d2a388a83564b7cef75454e3817f763fea

SHA256
45bd49cabed795c1e46bb60ab0c9070d3856ce8b3bc1ae12a0145148c063fda4

SHA512
9dc624b0f433449ae5013828e7575eae0af9f235e83f647d88cbd2880fdb467b452d40ff2145cb65893daf4556a44f4cc4214f5ed8f017361360441edef024d2

Download Submit
C:\Users\Admin\AppData\Roaming\Tahar Layachi\Contentieux Archive 1.0.0\install\0C291B2\sqlite.db

Filesize
5KB

MD5
f184a9151f7a158844b5f4868ec0b23a

SHA1
73a08f178121ab466d3ecebeaabc96c8a5c42325

SHA256
3a0f96f3528a01e1ef49fe03ac9c856d1865c99bdde3baf768933112d9fd8e9b

SHA512
f401ab8f011076c2ebc043a814baec442adaf66111dee6a73e765160f57b8936cfbff12daa244783844b7e9a9dc77672fb84240221291e142fe47dbcb29f8282

Download Submit
C:\Users\Admin\AppData\Roaming\Tahar Layachi\Contentieux Archive 1.0.0\install\0C291B2\sqlite3.dll

Filesize
586KB

MD5
a57c9da0ee299d7d0e3eb87af50e304c

SHA1
23f48468d74c5646c5a9ca3af02f61609217e508

SHA256
60cafd1664aa3ee18cdf652b5cee4995ca444fe2d0a742e213686aba10f88831

SHA512
f784f35c81cba84ac2b4e239a64dca9c685bdc16834256086b7fbb8b440c0d35423dad3ed0491fb25de5fd85238f2c836eed1bf34ff33a99ac5602c96a99f910

Download Submit
C:\Users\Admin\AppData\Roaming\Tahar Layachi\Contentieux Archive 1.0.0\install\0C291B2\style.vsf

Filesize
48KB

MD5
3c11f5e998c338c45bca6331c10df5f0

SHA1
fac1736eea965951390ffaa4bc31d1110b602e95

SHA256
9e9f9c5d54ad9e96f0c4f39268075446b7e1506fbd82b2f0f05a083d91a265f8

SHA512
ab7c7e226e676527de263ccf530ecd1c9bece9fbbb3d09e9855932ae5af4080c3a7c8d3e19d83a9929322a8dca87631086cb4b9cd1b0727beb7fc961b8cb28dd

Download Submit
C:\Users\Admin\AppData\Roaming\Tahar Layachi\Contentieux Archive 1.0.0\install\0C291B2\tables.ini

Filesize
342B

MD5
d9019b46670e959e82e9cd0c2a73f782

SHA1
c6bec04fbffef71fbaa0c033cdd3cf157d3db738

SHA256
5ec6c91813e2069d69b1f1a2ba23c79838f7f6867fade995d8ee995e3d5d9a5e

SHA512
4bdff2cd9185cd17a99d976796ac107dedac0d3fdd52f93bbfae22d720a7c01fd17024bb72d693de3abebb26f11813b3b199102dfa00c60806878b9af83bfecc

Download Submit
C:\Windows\Installer\MSI516C.tmp

Filesize
870KB

MD5
65b853552e16654c53ab4d16920a9182

SHA1
9f8182ef1b58d0d52f4faf1688d4f4e9dd8af5c5

SHA256
80c5e769470bb98c5b1ec3be0a9a51f0821c67e9adc7e3e254bbc41183ceb76f

SHA512
b56c00e78ca901738a4a067709c772cfbdf10d3a049af4e7eb6bd7a0cb0629472d7798dabb0eb82958ae90cd71acc79e5cbc3d26b0f42d3cc7cc8ec2236aa54a

Download Submit
\Users\Admin\AppData\Roaming\Tahar Layachi\Contentieux Archive 1.0.0\install\1033.dll

Filesize
60KB

MD5
1c0550798b5e063860b6f28d70465a2c

SHA1
3fefaf53baaa369c3d44ab4669b189637bbaf81a

SHA256
f61720a9981bafd04f1d1bf6bd654e4d15660290931f620439976ccfe1c75a13

SHA512
f53f471363b29167b31ba43f8797a61bb480debd44da3ca0ccdaabc021e288e4bf32d4b0350fc0682d3ba0392574cf17174353def96565bf61f22ad3309be455

Download Submit
\Windows\Installer\MSI540E.tmp

Filesize
228KB

MD5
a8a277bbfd1fe54fd8804f4316f0ef68

SHA1
c7bd4be13365cd2b990a5fb96152ebd4ca90909c

SHA256
be32b3cc00278159f91f461dbdc2a704071ea32d6e42462eb3544afa46858423

SHA512
836efd4a55b3d329d8ebe6c019f678db1c1fb0decb20092f9587d3f965b9aff9122980d1d47b8248de8137874fd342334dcfca50ce351f134d7fd9a880ea9374

Download Submit
memory/340-749-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/340-751-0x0000000000400000-0x000000000174B000-memory.dmp

Filesize
19.3MB

Download
memory/340-752-0x0000000061C00000-0x0000000061C96000-memory.dmp

Filesize
600KB

Download
memory/2476-3-0x0000000000210000-0x0000000000211000-memory.dmp

Filesize
4KB

Download