e8d675c128547fd3a9a4da2f80dd027af01c54232a9aa814301db795028de4db

Analysis

max time kernel
495s
max time network
443s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
21-05-2024 10:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ziath-mohawk.2.1.297-en-release.exe
Size

535.4MB
MD5

418096224384dec1f270c228a09758e1
SHA1

2202658231093f524f01a5f7ce656e348599dcb5
SHA256

e8d675c128547fd3a9a4da2f80dd027af01c54232a9aa814301db795028de4db
SHA512

ac56b7113b99ea9fc479afe435e077c5e572e2a1d3dbab826fd73867eeb24e0ff5b80cb99477c4755d0550703239b5ff011587dadba188de3d7bbcd46080aa34
SSDEEP

12582912:kcX/fDlH5W+xH3KszFqMKP02D4ksXi748fZo0MCmFbkbDLLeyasJM:pfDN7qMK7sXm4yo0MCmFwbXLeyasi

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 4 IoCs

pid	Process
540	ziath-mohawk.2.1.297-en-release.tmp
2736	_setup64.tmp
1616	mohawk.exe
4608	mohawk.exe

Loads dropped DLL 64 IoCs

pid	Process
540	ziath-mohawk.2.1.297-en-release.tmp
4608	mohawk.exe
4608	mohawk.exe
4608	mohawk.exe
4608	mohawk.exe
4608	mohawk.exe
4608	mohawk.exe
4608	mohawk.exe
4608	mohawk.exe
4608	mohawk.exe
4608	mohawk.exe
4608	mohawk.exe
4608	mohawk.exe
4608	mohawk.exe
4608	mohawk.exe
4608	mohawk.exe
4608	mohawk.exe
4608	mohawk.exe
4608	mohawk.exe
4608	mohawk.exe
4608	mohawk.exe
4608	mohawk.exe
4608	mohawk.exe
4608	mohawk.exe
4608	mohawk.exe
4608	mohawk.exe
4608	mohawk.exe
4608	mohawk.exe
4608	mohawk.exe
4608	mohawk.exe
4608	mohawk.exe
4608	mohawk.exe
4608	mohawk.exe
4608	mohawk.exe
4608	mohawk.exe
4608	mohawk.exe
4608	mohawk.exe
4608	mohawk.exe
4608	mohawk.exe
4608	mohawk.exe
4608	mohawk.exe
4608	mohawk.exe
4608	mohawk.exe
4608	mohawk.exe
4608	mohawk.exe
4608	mohawk.exe
4608	mohawk.exe
4608	mohawk.exe
4608	mohawk.exe
4608	mohawk.exe
4608	mohawk.exe
4608	mohawk.exe
4608	mohawk.exe
4608	mohawk.exe
4608	mohawk.exe
4608	mohawk.exe
4608	mohawk.exe
4608	mohawk.exe
4608	mohawk.exe
4608	mohawk.exe
4608	mohawk.exe
4608	mohawk.exe
4608	mohawk.exe
4608	mohawk.exe

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
3272	icacls.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Ziath\Mohawk\jre\bin\fxplugins.dll	ziath-mohawk.2.1.297-en-release.tmp
File opened for modification	C:\Program Files\Ziath\Mohawk\jre\bin\policytool.exe	ziath-mohawk.2.1.297-en-release.tmp
File created	C:\Program Files\Ziath\Mohawk\jre\bin\is-FJ8OM.tmp	ziath-mohawk.2.1.297-en-release.tmp
File created	C:\Program Files\Ziath\Mohawk\libs\is-8TJQ8.tmp	ziath-mohawk.2.1.297-en-release.tmp
File created	C:\Program Files\Ziath\Mohawk\libs\is-G13QI.tmp	ziath-mohawk.2.1.297-en-release.tmp
File created	C:\Program Files\Ziath\Mohawk\jre\bin\is-OQJ9I.tmp	ziath-mohawk.2.1.297-en-release.tmp
File created	C:\Program Files\Ziath\Mohawk\jre\lib\images\cursors\is-NB0SS.tmp	ziath-mohawk.2.1.297-en-release.tmp
File created	C:\Program Files\Ziath\Mohawk\libs\is-FS3F8.tmp	ziath-mohawk.2.1.297-en-release.tmp
File created	C:\Program Files\Ziath\Mohawk\libs\is-OF1U5.tmp	ziath-mohawk.2.1.297-en-release.tmp
File created	C:\Program Files\Ziath\Mohawk\jre\lib\deploy\is-4NL6H.tmp	ziath-mohawk.2.1.297-en-release.tmp
File created	C:\Program Files\Ziath\Mohawk\jre\lib\ext\is-PRO3E.tmp	ziath-mohawk.2.1.297-en-release.tmp
File created	C:\Program Files\Ziath\Mohawk\jre\lib\security\policy\unlimited\is-3I0HF.tmp	ziath-mohawk.2.1.297-en-release.tmp
File created	C:\Program Files\Ziath\Mohawk\libs\is-AF9A5.tmp	ziath-mohawk.2.1.297-en-release.tmp
File opened for modification	C:\Program Files\Ziath\Mohawk\jre\bin\api-ms-win-core-handle-l1-1-0.dll	ziath-mohawk.2.1.297-en-release.tmp
File opened for modification	C:\Program Files\Ziath\Mohawk\jre\bin\java.dll	ziath-mohawk.2.1.297-en-release.tmp
File opened for modification	C:\Program Files\Ziath\Mohawk\jre\bin\javaw.exe	ziath-mohawk.2.1.297-en-release.tmp
File created	C:\Program Files\Ziath\Mohawk\jre\bin\is-4S7JV.tmp	ziath-mohawk.2.1.297-en-release.tmp
File created	C:\Program Files\Ziath\Mohawk\libs\is-H30VM.tmp	ziath-mohawk.2.1.297-en-release.tmp
File created	C:\Program Files\Ziath\Mohawk\libs\is-4QHDV.tmp	ziath-mohawk.2.1.297-en-release.tmp
File created	C:\Program Files\Ziath\Mohawk\libs\is-B3GOV.tmp	ziath-mohawk.2.1.297-en-release.tmp
File opened for modification	C:\Program Files\Ziath\Mohawk\jre\bin\dt_socket.dll	ziath-mohawk.2.1.297-en-release.tmp
File created	C:\Program Files\Ziath\Mohawk\is-7O29V.tmp	ziath-mohawk.2.1.297-en-release.tmp
File created	C:\Program Files\Ziath\Mohawk\libs\is-29BKV.tmp	ziath-mohawk.2.1.297-en-release.tmp
File created	C:\Program Files\Ziath\Mohawk\libs\is-JBANS.tmp	ziath-mohawk.2.1.297-en-release.tmp
File opened for modification	C:\Program Files\Ziath\Mohawk\jre\bin\api-ms-win-core-memory-l1-1-0.dll	ziath-mohawk.2.1.297-en-release.tmp
File created	C:\Program Files\Ziath\Mohawk\jre\bin\is-3KSP3.tmp	ziath-mohawk.2.1.297-en-release.tmp
File created	C:\Program Files\Ziath\Mohawk\jre\bin\is-TGET1.tmp	ziath-mohawk.2.1.297-en-release.tmp
File created	C:\Program Files\Ziath\Mohawk\jre\bin\is-OHEGV.tmp	ziath-mohawk.2.1.297-en-release.tmp
File created	C:\Program Files\Ziath\Mohawk\libs\is-H40SF.tmp	ziath-mohawk.2.1.297-en-release.tmp
File created	C:\Program Files\Ziath\Mohawk\libs\is-8T50P.tmp	ziath-mohawk.2.1.297-en-release.tmp
File created	C:\Program Files\Ziath\Mohawk\libs\is-KRM6M.tmp	ziath-mohawk.2.1.297-en-release.tmp
File created	C:\Program Files\Ziath\Mohawk\libs\is-0MUFT.tmp	ziath-mohawk.2.1.297-en-release.tmp
File opened for modification	C:\Program Files\Ziath\Mohawk\jre\bin\zip.dll	ziath-mohawk.2.1.297-en-release.tmp
File created	C:\Program Files\Ziath\Mohawk\jre\lib\deploy\is-K2VLP.tmp	ziath-mohawk.2.1.297-en-release.tmp
File created	C:\Program Files\Ziath\Mohawk\jre\lib\security\policy\limited\is-60KHL.tmp	ziath-mohawk.2.1.297-en-release.tmp
File created	C:\Program Files\Ziath\Mohawk\libs\is-GDTVI.tmp	ziath-mohawk.2.1.297-en-release.tmp
File opened for modification	C:\Program Files\Ziath\Mohawk\jre\bin\api-ms-win-core-synch-l1-1-0.dll	ziath-mohawk.2.1.297-en-release.tmp
File opened for modification	C:\Program Files\Ziath\Mohawk\libs\WinFoldersJava_x64.dll	ziath-mohawk.2.1.297-en-release.tmp
File created	C:\Program Files\Ziath\Mohawk\libs\is-P8F9U.tmp	ziath-mohawk.2.1.297-en-release.tmp
File created	C:\Program Files\Ziath\Mohawk\libs\is-6KCK3.tmp	ziath-mohawk.2.1.297-en-release.tmp
File opened for modification	C:\Program Files\Ziath\Mohawk\jre\bin\j2pcsc.dll	ziath-mohawk.2.1.297-en-release.tmp
File created	C:\Program Files\Ziath\Mohawk\jre\bin\is-SNF1J.tmp	ziath-mohawk.2.1.297-en-release.tmp
File created	C:\Program Files\Ziath\Mohawk\jre\lib\is-4KBK8.tmp	ziath-mohawk.2.1.297-en-release.tmp
File created	C:\Program Files\Ziath\Mohawk\libs\is-NRCGO.tmp	ziath-mohawk.2.1.297-en-release.tmp
File created	C:\Program Files\Ziath\Mohawk\libs\is-IRCEN.tmp	ziath-mohawk.2.1.297-en-release.tmp
File created	C:\Program Files\Ziath\Mohawk\libs\is-5MQ8I.tmp	ziath-mohawk.2.1.297-en-release.tmp
File opened for modification	C:\Program Files\Ziath\Mohawk\jre\bin\api-ms-win-crt-convert-l1-1-0.dll	ziath-mohawk.2.1.297-en-release.tmp
File opened for modification	C:\Program Files\Ziath\Mohawk\jre\bin\api-ms-win-core-string-l1-1-0.dll	ziath-mohawk.2.1.297-en-release.tmp
File created	C:\Program Files\Ziath\Mohawk\jre\bin\is-LIVCH.tmp	ziath-mohawk.2.1.297-en-release.tmp
File created	C:\Program Files\Ziath\Mohawk\jre\lib\security\is-690P6.tmp	ziath-mohawk.2.1.297-en-release.tmp
File created	C:\Program Files\Ziath\Mohawk\jre\lib\images\cursors\is-G0L2B.tmp	ziath-mohawk.2.1.297-en-release.tmp
File created	C:\Program Files\Ziath\Mohawk\libs\is-EJBH0.tmp	ziath-mohawk.2.1.297-en-release.tmp
File opened for modification	C:\Program Files\Ziath\Mohawk\jre\bin\server\jvm.dll	ziath-mohawk.2.1.297-en-release.tmp
File created	C:\Program Files\Ziath\Mohawk\jre\is-364EE.tmp	ziath-mohawk.2.1.297-en-release.tmp
File created	C:\Program Files\Ziath\Mohawk\jre\bin\is-IKSSL.tmp	ziath-mohawk.2.1.297-en-release.tmp
File created	C:\Program Files\Ziath\Mohawk\jre\lib\cmm\is-5AE7H.tmp	ziath-mohawk.2.1.297-en-release.tmp
File created	C:\Program Files\Ziath\Mohawk\jre\bin\is-8FCHB.tmp	ziath-mohawk.2.1.297-en-release.tmp
File created	C:\Program Files\Ziath\Mohawk\libs\is-8ECGO.tmp	ziath-mohawk.2.1.297-en-release.tmp
File created	C:\Program Files\Ziath\Mohawk\libs\is-54U1P.tmp	ziath-mohawk.2.1.297-en-release.tmp
File created	C:\Program Files\Ziath\Mohawk\libs\is-K41V6.tmp	ziath-mohawk.2.1.297-en-release.tmp
File opened for modification	C:\Program Files\Ziath\Mohawk\jre\bin\api-ms-win-core-file-l2-1-0.dll	ziath-mohawk.2.1.297-en-release.tmp
File created	C:\Program Files\Ziath\Mohawk\jre\bin\is-NKHTP.tmp	ziath-mohawk.2.1.297-en-release.tmp
File created	C:\Program Files\Ziath\Mohawk\jre\bin\is-DLNMU.tmp	ziath-mohawk.2.1.297-en-release.tmp
File created	C:\Program Files\Ziath\Mohawk\jre\bin\is-HTQTP.tmp	ziath-mohawk.2.1.297-en-release.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 32 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Device Parameters	mohawk.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Device Parameters	mohawk.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	mohawk.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	mohawk.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	mohawk.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Device Parameters\PortName	mohawk.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Device Parameters	mohawk.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Device Parameters\PortName	mohawk.exe
Key enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM	mohawk.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK	mohawk.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	mohawk.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM	mohawk.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK	mohawk.exe
Key enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK	mohawk.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	mohawk.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	mohawk.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM	mohawk.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Device Parameters	mohawk.exe
Key enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM	mohawk.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Device Parameters	mohawk.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000	mohawk.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	mohawk.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\PortName	mohawk.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	mohawk.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	mohawk.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	mohawk.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM	mohawk.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM	mohawk.exe
Key enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	mohawk.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Device Parameters	mohawk.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000	mohawk.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Device Parameters\PortName	mohawk.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
540	ziath-mohawk.2.1.297-en-release.tmp
540	ziath-mohawk.2.1.297-en-release.tmp
540	ziath-mohawk.2.1.297-en-release.tmp
540	ziath-mohawk.2.1.297-en-release.tmp

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
540	ziath-mohawk.2.1.297-en-release.tmp
4608	mohawk.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
4608	mohawk.exe
4608	mohawk.exe
4608	mohawk.exe
4608	mohawk.exe
4608	mohawk.exe

Suspicious use of WriteProcessMemory 26 IoCs

description	pid	Process	procid_target
PID 2460 wrote to memory of 540	2460	ziath-mohawk.2.1.297-en-release.exe	88
PID 2460 wrote to memory of 540	2460	ziath-mohawk.2.1.297-en-release.exe	88
PID 2460 wrote to memory of 540	2460	ziath-mohawk.2.1.297-en-release.exe	88
PID 540 wrote to memory of 2736	540	ziath-mohawk.2.1.297-en-release.tmp	96
PID 540 wrote to memory of 2736	540	ziath-mohawk.2.1.297-en-release.tmp	96
PID 540 wrote to memory of 1616	540	ziath-mohawk.2.1.297-en-release.tmp	101
PID 540 wrote to memory of 1616	540	ziath-mohawk.2.1.297-en-release.tmp	101
PID 540 wrote to memory of 1616	540	ziath-mohawk.2.1.297-en-release.tmp	101
PID 1616 wrote to memory of 4608	1616	mohawk.exe	102
PID 1616 wrote to memory of 4608	1616	mohawk.exe	102
PID 4608 wrote to memory of 3272	4608	mohawk.exe	103
PID 4608 wrote to memory of 3272	4608	mohawk.exe	103
PID 4608 wrote to memory of 3412	4608	mohawk.exe	105
PID 4608 wrote to memory of 3412	4608	mohawk.exe	105
PID 4608 wrote to memory of 3524	4608	mohawk.exe	107
PID 4608 wrote to memory of 3524	4608	mohawk.exe	107
PID 4608 wrote to memory of 548	4608	mohawk.exe	109
PID 4608 wrote to memory of 548	4608	mohawk.exe	109
PID 4608 wrote to memory of 2908	4608	mohawk.exe	111
PID 4608 wrote to memory of 2908	4608	mohawk.exe	111
PID 4608 wrote to memory of 4156	4608	mohawk.exe	113
PID 4608 wrote to memory of 4156	4608	mohawk.exe	113
PID 4608 wrote to memory of 4868	4608	mohawk.exe	122
PID 4608 wrote to memory of 4868	4608	mohawk.exe	122
PID 4608 wrote to memory of 2728	4608	mohawk.exe	127
PID 4608 wrote to memory of 2728	4608	mohawk.exe	127

C:\Users\Admin\AppData\Local\Temp\ziath-mohawk.2.1.297-en-release.exe
"C:\Users\Admin\AppData\Local\Temp\ziath-mohawk.2.1.297-en-release.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2460
- C:\Users\Admin\AppData\Local\Temp\is-B897Q.tmp\ziath-mohawk.2.1.297-en-release.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-B897Q.tmp\ziath-mohawk.2.1.297-en-release.tmp" /SL5="$50212,561107073,56832,C:\Users\Admin\AppData\Local\Temp\ziath-mohawk.2.1.297-en-release.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:540
- - C:\Users\Admin\AppData\Local\Temp\is-NV5J1.tmp\_isetup\_setup64.tmp
    helper 105 0x420
    3⤵
    - Executes dropped EXE
    PID:2736
- - C:\Program Files\Ziath\Mohawk\mohawk.exe
    "C:\Program Files\Ziath\Mohawk\mohawk.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:1616
  - - C:\Program Files\Ziath\Mohawk\jre\launch4j-tmp\mohawk.exe
      "C:\Program Files\Ziath\Mohawk\jre\launch4j-tmp\mohawk.exe" -Xms128m -Xmx720m -Djava.library.path=libs -classpath "picker-deploy.jar;libs\.;libs\..;libs\animal-sniffer-annotations.jar;libs\ant-contrib.jar;libs\ant-git-tasks.jar;libs\ant-launcher.jar;libs\ant.jar;libs\artoolkitplus-android-arm.jar;libs\artoolkitplus-android-arm64.jar;libs\artoolkitplus-android-x86.jar;libs\artoolkitplus-android-x86_64.jar;libs\artoolkitplus-linux-armhf.jar;libs\artoolkitplus-linux-ppc64le.jar;libs\artoolkitplus-linux-x86.jar;libs\artoolkitplus-linux-x86_64.jar;libs\artoolkitplus-macosx-x86_64.jar;libs\artoolkitplus-platform.jar;libs\artoolkitplus-windows-x86.jar;libs\artoolkitplus-windows-x86_64.jar;libs\artoolkitplus.jar;libs\aspose-barcode.jar;libs\bridj.jar;libs\cameraiterator.jar;libs\comm.jar;libs\commons-beanutils-core.jar;libs\commons-beanutils.jar;libs\commons-codec.jar;libs\commons-collections.jar;libs\commons-collections4.jar;libs\commons-configuration.jar;libs\commons-csv.jar;libs\commons-digester.jar;libs\commons-io.jar;libs\commons-lang.jar;libs\commons-lang3.jar;libs\commons-logging.jar;libs\core.jar;libs\css-helper.jar;libs\curvesapi.jar;libs\datapaqremote.jar;libs\DJNativeSwing-SWT.jar;libs\DJNativeSwing.jar;libs\driver.jar;libs\error_prone_annotations.jar;libs\ffmpeg-android-arm.jar;libs\ffmpeg-android-arm64.jar;libs\ffmpeg-android-x86.jar;libs\ffmpeg-android-x86_64.jar;libs\ffmpeg-linux-armhf.jar;libs\ffmpeg-linux-ppc64le.jar;libs\ffmpeg-linux-x86.jar;libs\ffmpeg-linux-x86_64.jar;libs\ffmpeg-macosx-x86_64.jar;libs\ffmpeg-platform.jar;libs\ffmpeg-windows-x86.jar;libs\ffmpeg-windows-x86_64.jar;libs\ffmpeg.jar;libs\flandmark-android-arm.jar;libs\flandmark-android-arm64.jar;libs\flandmark-android-x86.jar;libs\flandmark-android-x86_64.jar;libs\flandmark-linux-armhf.jar;libs\flandmark-linux-ppc64le.jar;libs\flandmark-linux-x86.jar;libs\flandmark-linux-x86_64.jar;libs\flandmark-macosx-x86_64.jar;libs\flandmark-platform.jar;libs\flandmark-windows-x86.jar;libs\flandmark-windows-x86_64.jar;libs\flandmark.jar;libs\flycapture-linux-armhf.jar;libs\flycapture-linux-x86.jar;libs\flycapture-linux-x86_64.jar;libs\flycapture-platform.jar;libs\flycapture-windows-x86.jar;libs\flycapture-windows-x86_64.jar;libs\flycapture.jar;libs\gson.jar;libs\guava.jar;libs\hamcrest-core.jar;libs\httpclient.jar;libs\httpcore.jar;libs\iso9660-ant-tasks.jar;libs\iso9660-writer.jar;libs\j2objc-annotations.jar;libs\jai-imageio-core.jar;libs\javacpp.jar;libs\javacv-platform.jar;libs\javacv.jar;libs\JavaEWAH.jar;libs\javase.jar;libs\javax.json.jar;libs\jcommander.jar;libs\jdom.jar;libs\jfoenix.jar;libs\jna.jar;libs\jsch.jar;libs\jSerialComm.jar;libs\jsr305.jar;libs\junit.jar;libs\leptonica-android-arm.jar;libs\leptonica-android-arm64.jar;libs\leptonica-android-x86.jar;libs\leptonica-android-x86_64.jar;libs\leptonica-linux-armhf.jar;libs\leptonica-linux-ppc64le.jar;libs\leptonica-linux-x86.jar;libs\leptonica-linux-x86_64.jar;libs\leptonica-macosx-x86_64.jar;libs\leptonica-platform.jar;libs\leptonica-windows-x86.jar;libs\leptonica-windows-x86_64.jar;libs\leptonica.jar;libs\libdc1394-linux-armhf.jar;libs\libdc1394-linux-ppc64le.jar;libs\libdc1394-linux-x86.jar;libs\libdc1394-linux-x86_64.jar;libs\libdc1394-macosx-x86_64.jar;libs\libdc1394-platform.jar;libs\libdc1394-windows-x86.jar;libs\libdc1394-windows-x86_64.jar;libs\libdc1394.jar;libs\libfreenect-linux-armhf.jar;libs\libfreenect-linux-ppc64le.jar;libs\libfreenect-linux-x86.jar;libs\libfreenect-linux-x86_64.jar;libs\libfreenect-macosx-x86_64.jar;libs\libfreenect-platform.jar;libs\libfreenect-windows-x86.jar;libs\libfreenect-windows-x86_64.jar;libs\libfreenect.jar;libs\libfreenect2-linux-x86.jar;libs\libfreenect2-linux-x86_64.jar;libs\libfreenect2-macosx-x86_64.jar;libs\libfreenect2-platform.jar;libs\libfreenect2-windows-x86_64.jar;libs\libfreenect2.jar;libs\librealsense-linux-x86.jar;libs\librealsense-linux-x86_64.jar;libs\librealsense-macosx-x86_64.jar;libs\librealsense-platform.jar;libs\librealsense-windows-x86.jar;libs\librealsense-windows-x86_64.jar;libs\librealsense.jar;libs\libusb4java-linux-arm.jar;libs\libusb4java-linux-x86.jar;libs\libusb4java-linux-x86_64.jar;libs\libusb4java-osx-x86.jar;libs\libusb4java-osx-x86_64.jar;libs\libusb4java-windows-x86.jar;libs\libusb4java-windows-x86_64.jar;libs\licencemanager.jar;libs\linearbarcodereader.jar;libs\log4j-api.jar;libs\log4j-core.jar;libs\log4j-over-slf4j.jar;libs\log4j-slf4j-impl.jar;libs\log4j.jar;libs\opencv-android-arm.jar;libs\opencv-android-arm64.jar;libs\opencv-android-x86.jar;libs\opencv-android-x86_64.jar;libs\opencv-ios-arm64.jar;libs\opencv-ios-x86_64.jar;libs\opencv-linux-armhf.jar;libs\opencv-linux-ppc64le.jar;libs\opencv-linux-x86.jar;libs\opencv-linux-x86_64.jar;libs\opencv-macosx-x86_64.jar;libs\opencv-platform.jar;libs\opencv-windows-x86.jar;libs\opencv-windows-x86_64.jar;libs\opencv.jar;libs\opencvutils.jar;libs\org.eclipse.jgit.ant.jar;libs\org.eclipse.jgit.jar;libs\org.eclipse.persistence.asm.jar;libs\org.eclipse.persistence.core.jar;libs\org.eclipse.persistence.moxy.jar;libs\poi-ooxml-schemas.jar;libs\poi-ooxml.jar;libs\poi.jar;libs\purejavacomm.jar;libs\rack.jar;libs\rackimagedomain.jar;libs\rxtx.jar;libs\rxtxParallel.dll;libs\rxtxSerial.dll;libs\sabre.jar;libs\slf4j-api.jar;libs\SplashScreenCreator.jar;libs\stax-api.jar;libs\swt.jar;libs\tesseract-android-arm.jar;libs\tesseract-android-arm64.jar;libs\tesseract-android-x86.jar;libs\tesseract-android-x86_64.jar;libs\tesseract-linux-armhf.jar;libs\tesseract-linux-ppc64le.jar;libs\tesseract-linux-x86.jar;libs\tesseract-linux-x86_64.jar;libs\tesseract-macosx-x86_64.jar;libs\tesseract-platform.jar;libs\tesseract-windows-x86.jar;libs\tesseract-windows-x86_64.jar;libs\tesseract.jar;libs\usb4java.jar;libs\utils.jar;libs\validation-api.jar;libs\valueobjects.jar;libs\videoinput-platform.jar;libs\videoinput-windows-x86.jar;libs\videoinput-windows-x86_64.jar;libs\videoinput.jar;libs\webcam-capture.jar;libs\WinFoldersJava.dll;libs\WinFoldersJava.jar;libs\WinFoldersJava_x64.dll;libs\xmlbeans.jar;libs\yguard.jar" com.ziath.picker.PickerApplicationController
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Checks SCSI registry key(s)
      Suspicious use of FindShellTrayWindow
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4608
    - - C:\Windows\system32\icacls.exe
        
        C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
        5⤵
        Modifies file permissions
        
        PID:3272
    - - C:\Windows\SYSTEM32\cacls.exe
        
        cacls C:\ProgramData\Ziath\Mohawk\logs /E /T /G BUILTIN\Users:F
        5⤵
        
        PID:3412
    - - C:\Windows\SYSTEM32\reg.exe
        
        reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DataPaq_is1" /v InstallLocation
        5⤵
        
        PID:3524
    - - C:\Windows\SYSTEM32\reg.exe
        
        reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DataPaq_is1" /v InstallLocation
        5⤵
        
        PID:548
    - - C:\Windows\SYSTEM32\reg.exe
        
        reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DataPaq_is1" /v InstallLocation
        5⤵
        
        PID:2908
    - - C:\Windows\SYSTEM32\reg.exe
        
        reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DataPaq_is1" /v InstallLocation
        5⤵
        
        PID:4156
    - - C:\Windows\SYSTEM32\reg.exe
        
        reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DataPaq_is1" /v InstallLocation
        5⤵
        
        PID:4868
    - - C:\Windows\SYSTEM32\reg.exe
        
        reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DataPaq_is1" /v InstallLocation
        5⤵
        
        PID:2728

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Ziath\Mohawk\Mohawk.exe

Filesize
462KB

MD5
8cf91bec3bd2ab061c52c7655b7564af

SHA1
1d7621f9b010474765e08c247c4336a0078a896d

SHA256
acf967e8450c9e4c592ba442c2fc3411b43132506186d9f0523672426cfa61eb

SHA512
77f8d33efcd98b49fd6771aca52411496a4470e9e1ebd9858444d070d16bd97eaf32bf354a2050273155250732402c27e89db6482dbfd1f26fef7f637c33ee97

Download Submit
C:\Program Files\Ziath\Mohawk\jre\bin\java.dll

Filesize
155KB

MD5
3babde4636984b6dbe3ae98e7704e8ab

SHA1
086e17c550f84013a201adeca32c367de445f710

SHA256
3bb7d137052c9dbcf4e93b1c4df8093876601ac1f6067dac46c20456183b3d02

SHA512
09f9299f39abf198924ecc37bd858a0ecdbbeff88b644295c7219598e7e3c6d7156d14312162f4ee7d2438b48adacee2f1a8ead9ff71d9d3d1e49461d3c248ca

Download Submit
C:\Program Files\Ziath\Mohawk\jre\bin\javaw.exe

Filesize
203KB

MD5
215a26ae499d128cc660abe988cf616a

SHA1
2e1ce5e46bb9fe7febe2136914e9c6bc17db7680

SHA256
9cbcacfc0fb98e7782ded64c4751056af45cab0ce221659795b81d46fefb0eee

SHA512
e09207970a9cbb485af8646092f8fe9061b5fd89ec53df4e13ebf6a9a11728fb90266c5d40f0d1e33be162976924322324ca11c33fef15d0c5d74cd7650739ba

Download Submit
C:\Program Files\Ziath\Mohawk\jre\bin\msvcr100.dll

Filesize
808KB

MD5
aed6d63cfa5a3ef7021af9c457fee994

SHA1
f6ad746ef520b03df6cf0f5a2512d0df964c4688

SHA256
b4bfa27f677295b00a1df9a7e14db4b75cac2dd41b898d4e9a378eccce3699f0

SHA512
5573b17eb19d13cc96df5d66ef60cc8ff98e1ac9d8582a870ed2befa28ee271fb41741a92aa703234150fceadf4a436d10b8a6518c1816d0c804eb1261650d2d

Download Submit
C:\Program Files\Ziath\Mohawk\jre\bin\server\jvm.dll

Filesize
8.4MB

MD5
1a42efa00e56921be7ef3116623ed719

SHA1
0e10fae2dabd370c8c3e006e510c6be824adabb3

SHA256
70ebd059ab72fe56e1073695a1aed272e72e7f349860876aa502f55e6d348100

SHA512
b5a2dfb9b2dae1f9ddd681a01f22e7ab817d7128b9bf8e07b413f8f0d0277d0db510cbcc6fa6ef93751d61fdcd093da66113bcbc7cbeff8392fa56831148c77c

Download Submit
C:\Program Files\Ziath\Mohawk\jre\bin\verify.dll

Filesize
48KB

MD5
99cbb52caaa740194f21855e48d87eb4

SHA1
4c393f7632950fa665a10d739a07d4c71b081c92

SHA256
2edfb679f0414631aef591df491163e53f9a6a0c5dd4e77b82ff12086e8072ad

SHA512
178b5b212ab15f3fefb60e0fafa31049dad23903108e6207512a016f58aada966527685e7c4b953c51170546b853843a8138c7d38947eae7c78f8603fc80f523

Download Submit
C:\Program Files\Ziath\Mohawk\jre\bin\zip.dll

Filesize
77KB

MD5
7175691a7f30ea8ccccad8870da1152c

SHA1
b7fed22244799b9b45e32406573f67b36c124714

SHA256
eeac604ab188eb4704b3addc350fcfabca56dfbb5a2d760918056eb509ac6c91

SHA512
7dc86ce31765de20dd7a4e574c22811335b31cfc9e9f5bcdad3f5b9bfbb6cd00d556222ce8b245f42abee1e761055480ff08754cb22b11fab5aabd6dab9577a5

Download Submit
C:\Program Files\Ziath\Mohawk\jre\lib\amd64\jvm.cfg

Filesize
672B

MD5
3bc0c7371c924bf144af8516ba8ba720

SHA1
dcd2c34791a1e7c7d0866d00c014f566d983d860

SHA256
875457098a0a5d8639cdf770239a87af904485c978283c2b201ba54ba60da7d1

SHA512
eeadbed0c4c19084e0bde4456c009e8d1666175a4068f2be4416c81e725ecd99a1e7f1961a0f46e56ab1840ec7f0668f4bae044ad740b3ade376c0c6b05b54f9

Download Submit
C:\Program Files\Ziath\Mohawk\jre\lib\ext\meta-index

Filesize
1KB

MD5
005faac2118450bfcd46ae414da5f0e5

SHA1
9f5c887e0505e1bb06bd1fc7975a3219709d061d

SHA256
f0bce718f8d2b38247ce0ac814a1470c826602f4251d86369c2359ff60676bd8

SHA512
8b618c74b359ab3c9d3c8a4864f8e48fe4054514a396352a829a84c9b843a2028c6c31eb53e857e03c803294e05f69c5bf586e261312264e7607b2efd14f78a9

Download Submit
C:\Program Files\Ziath\Mohawk\jre\lib\images\cursors\is-NB0SS.tmp

Filesize
153B

MD5
1e9d8f133a442da6b0c74d49bc84a341

SHA1
259edc45b4569427e8319895a444f4295d54348f

SHA256
1a1d3079d49583837662b84e11d8c0870698511d9110e710eb8e7eb20df7ae3b

SHA512
63d6f70c8cab9735f0f857f5bf99e319f6ae98238dc7829dd706b7d6855c70be206e32e3e55df884402483cf8bebad00d139283af5c0b85dc1c5bf8f253acd37

Download Submit
C:\Program Files\Ziath\Mohawk\jre\lib\meta-index

Filesize
2KB

MD5
91aa6ea7320140f30379f758d626e59d

SHA1
3be2febe28723b1033ccdaa110eaf59bbd6d1f96

SHA256
4af21954cdf398d1eae795b6886ca2581dac9f2f1d41c98c6ed9b5dbc3e3c1d4

SHA512
03428803f1d644d89eb4c0dcbdea93acaac366d35fc1356ccabf83473f4fef7924edb771e44c721103cec22d94a179f092d1bfd1c0a62130f076eb82a826d7cb

Download Submit
C:\Program Files\Ziath\Mohawk\libs\animal-sniffer-annotations.jar

Filesize
3KB

MD5
9d42e46845c874f1710a9f6a741f6c14

SHA1
775b7e22fb10026eed3f86e8dc556dfafe35f2d5

SHA256
2068320bd6bad744c3673ab048f67e30bef8f518996fa380033556600669905d

SHA512
9e5e3ea9e06e0ac9463869fd0e08ed38f7042784995a7b50c9bfd7f692a53f0e1430b9e1367dc772d0d4eafe5fd2beabbcc60da5008bd792f9e7ec8436c0f136

Download Submit
C:\Program Files\Ziath\Mohawk\libs\ant-contrib.jar

Filesize
219KB

MD5
a6495d687a143cbaefa2ab812c69b42e

SHA1
943cd5c8802b2a3a64a010efb86ec19bac142e40

SHA256
be33a69818310b5c55e41dc11d48cd895f5f129da4b0d28c2f4c6c3e1cbcf3fc

SHA512
5ec325a55bb213226c86faf8a99951839319e9579956ae58e2ccfe84f62d2742542998f98eed3f0dc8f8f94635d6dff1fe02e3c0f5289df1f09027ae2b9bee83

Download Submit
C:\Program Files\Ziath\Mohawk\libs\ant-git-tasks.jar

Filesize
62KB

MD5
ce3108fe8823051e89662ebe208ba795

SHA1
fb6dd62b99c5979149950c017cf5699726a1b7d4

SHA256
c1b304bd8fe0c39668a0c5b7450a516da87a25b8c13f8cb280820534522820db

SHA512
df735a2eef5d3229e3a07425c1c403fca5c73955590f67339ef72e633045d3736ea3ca555694d25ff54bd03f0adfeeec1327f42194e40cff61846b168b1a03e0

Download Submit
C:\Program Files\Ziath\Mohawk\libs\ant-launcher.jar

Filesize
11KB

MD5
e0c8b3f9390a5d784bbdb6a21f2abd1d

SHA1
e7e30789211e074aa70ef3eaea59bd5b22a7fa7a

SHA256
72b3d03e0d7d86a56513ec38dd4cd6abe3da6620189be222ab255352cb6eba4a

SHA512
c60fb98c3e5af8cde5daa28ffc1f6ce8df6b17b7b947984c6c318ac2092fca39d50e5b3c14ec6af624753318d70f79fc68d9b14ca103c0198eee1c593e4a9971

Download Submit
C:\Program Files\Ziath\Mohawk\libs\ant.jar

Filesize
1.2MB

MD5
133e8979e9c11450f557ca890177fe0a

SHA1
9746af1a485e50cf18dcb232489032a847067066

SHA256
92f72307e7440f1e352c916f2438d2bbab3ffd2cf730c71316117ad04abadea8

SHA512
24ad0d5bc6b1a283b3e7a8091f674848266fc0ef6d2b23167bae8c7b7f2fda687758c6730161a04664a49122c150885e2499d7bc2ac0e435ce23425ec59ce208

Download Submit
C:\Program Files\Ziath\Mohawk\libs\artoolkitplus-android-arm.jar

Filesize
308KB

MD5
e3624b906c28bc3e2d45d43586971343

SHA1
1bb26aa6690531eee184f5af5d5f8ca814ff3d4a

SHA256
ffca9ed14eee1d83ac579a9accc9c82675b0e806bf52022b0128e446a8b807e4

SHA512
d2cb2515cb0b0a66145cf05999ed6a465da645186c8c5eec7b74cf3e064a9cac70c853a5ec9507f010e42522bd9fbc531ba9d0809631476b1a848cb11c4ea239

Download Submit
C:\Program Files\Ziath\Mohawk\libs\artoolkitplus-android-arm64.jar

Filesize
370KB

MD5
ad7af21b1b341e28f3b636758cf4ecfa

SHA1
a9289fd152b9af34a0ef72ba9f79e15105b7b1b0

SHA256
e0f6afb1da0e3e01fc02dd5684a7ed11afa67aed5a49cbedd9098fc24e74117d

SHA512
65668a7704ba23606e9c7b1c7971e7cbbfb462c3a255da9f2101d45043dbc7b819c4c7af3b079bf1e44790d4a2985bc9d637863eff9fae7875334a22184e293d

Download Submit
C:\Program Files\Ziath\Mohawk\libs\artoolkitplus-android-x86.jar

Filesize
395KB

MD5
8ffb400a4612ee8f32f128cb2f7b9d9a

SHA1
7b570cbf0b50812ed6f26c42588a6c6a8fd7263c

SHA256
4c25a31f3612d6e3cdc2dfce2e6dae5a6597c0e3ea3c475f5cd2b910cca8fa59

SHA512
70d201a12e4fe1752baea801d15f9f0473c8b5975ec8a291b5086d56354f7694a3ffaa5cc04be755fb75db7b294e50c402fa598e5dce6dc1805e3530fd96e67b

Download Submit
C:\Program Files\Ziath\Mohawk\libs\artoolkitplus-android-x86_64.jar

Filesize
389KB

MD5
eebb458f9f863531ebe868916fd33100

SHA1
cd52f28cd2f694f990ffe101bd287a6f8e3edf0e

SHA256
3afcbd9cda2008796b28cd38e98a59006d410b994a25368d51b0b7d356e6ae48

SHA512
792462c61f9318572d9787b756199b4d7885b28a87baf1a6d7e80082571e05ba852611aa9e45041f909fdb76d430170ed1ba47f920b5f9dbc2de02035d7e525c

Download Submit
C:\Program Files\Ziath\Mohawk\libs\artoolkitplus-linux-armhf.jar

Filesize
143KB

MD5
26c48f3b257654d54d8b71d6e36c31fa

SHA1
68ef6af1377cbd2e407327043b0e484c79be335c

SHA256
b991c11b840bccd0c636ec96052330bd38b782b88cfafb65a2ac2218f0135b10

SHA512
81f2b6e2e949b463b05d186a1f84b4ac0b3faf769ddf9018959edeb946effecdc95ebef67058584345f18884c0298493a6d412c1681123219c7d1620b10cd7fd

Download Submit
C:\Program Files\Ziath\Mohawk\libs\artoolkitplus-linux-ppc64le.jar

Filesize
192KB

MD5
d117f34992f2114951ef218915433855

SHA1
37239d498d9aa2999ea730e827fdf604869ef656

SHA256
2b52b60b4971d5a4536845e7f4cece476c2d8640a1b3a074e5fe0b5f97711b70

SHA512
27389dbb70d1f049fa2052709872e793d5150eb79885e2c86cebfdcde584e816f4b46af05147cf3a0f1b3b4f5e2c068c7cf37d53c1c404c0f07b556af50d8df8

Download Submit
C:\Program Files\Ziath\Mohawk\libs\artoolkitplus-linux-x86.jar

Filesize
197KB

MD5
9c0507996b2cf525b0baafd701ec3108

SHA1
0a9837330bccbf4fdf8477a88e5e8b615d5c0b64

SHA256
57c30ea9530ac8f7bb4eda664af13aef47ead539f19f6b7db98d8c9b6eb657ac

SHA512
998e65a8cb0af0dd1536d862cf3dd5fdf2507a985266128352dac093b614d460340dd33ea2a30b0b7994d6185bc8c1081e7162cf655d0f0acc0235fa5f45a9d1

Download Submit
C:\Program Files\Ziath\Mohawk\libs\artoolkitplus-linux-x86_64.jar

Filesize
198KB

MD5
e544b1095d615d46bb7ebaf4214cd5ea

SHA1
0bed67a81ed98a09329213256a6f2de54e96e369

SHA256
97ea7cde8c8628e32b5a92faacdc4f8953eb035a1327106e183b4ee829b18dd7

SHA512
75d10163422f5427a3172709a092457419aedc022ba17a3bd96162f856c43c501e174c43c6503c1b8c8633d3e4f87f4d1c5acae72e1a38484484f360b4e2a115

Download Submit
C:\Program Files\Ziath\Mohawk\libs\artoolkitplus-macosx-x86_64.jar

Filesize
174KB

MD5
8d92d04d6e5bbf4a719e7376471b5d95

SHA1
44c1f3dd8132627c6eaaab2767f32e66f3960ab3

SHA256
f6abeabd0d9aaa3a4974831113fae7bc21a48b21c9d22f8856d8946a9c77fc78

SHA512
2a576512fdce052641406ec5f6fb7e21c73c74efd6c82ece92891d0e94b35cac2313831cd8717ef539d1375b55343278889a0be42839ab6dea59c3f80d08a6a1

Download Submit
C:\Program Files\Ziath\Mohawk\libs\artoolkitplus-platform.jar

Filesize
2KB

MD5
730f9a9837897923d86e66cbcdf18113

SHA1
b80767dc908c0be640c1215f6cbb686896a55c00

SHA256
e0f721edcb527b40fb2c3a5172e56b271b759041ae434e4cb187a95527d85dce

SHA512
491e2bd3a10744bfe5728a0430738d9b3882e5aed653d3fb795115b2faf01ed76518b977dafbe54d28f4f5d3e265913e5be939012f0e1380c550f8b457f54e11

Download Submit
C:\Program Files\Ziath\Mohawk\libs\artoolkitplus-windows-x86.jar

Filesize
125KB

MD5
c942651ec97c328873fabb99dd0a3773

SHA1
9314c0bf002fec9a071bd76520d4e930da4fe353

SHA256
621d4ac84649e80d7e2570aa206be68e12af14c136d819a03532bc5eafb53beb

SHA512
1e862a1b82992b75137aba84cba62e0b6cf08a18ab45874015e2e356849de608f661e7ec0ddda88f41e26090bec032f51aef6bcaccfdf8a957f49a2f16e69dbf

Download Submit
C:\Program Files\Ziath\Mohawk\libs\artoolkitplus-windows-x86_64.jar

Filesize
158KB

MD5
dacfd96c346c54ad7a752b7a47e16153

SHA1
02b956e6624944d5895368ba310d04f6bea553c9

SHA256
22acb797140770db5c497ed83584ba111c84056aca33c22874aa702a3a929b77

SHA512
61ff801835b5cb062707e181d34cb9b7b093c6a63712d8ffa55b0ff915b882f30532531c3d3676c76fff92e17031593661c517cbe2c9f67a76110d7069cf3486

Download Submit
C:\Program Files\Ziath\Mohawk\libs\artoolkitplus.jar

Filesize
23KB

MD5
6f86f0ff85434c5042e275965ea4ce5c

SHA1
65167bceaf004832ce96b590f7d736a062aa9798

SHA256
bfc153cd915624ac11a4bc0c78ec8c077d5b10b1d316d051e29dc131678f1067

SHA512
a0652e01729e46dc53dfdbc94269d34641ebf0a3eeff9891a3c87506c8bc20ca75db7cd495e7db428ce27ac068d85a688c0ffd48963eeda862d93fb80983cfaf

Download Submit
C:\Program Files\Ziath\Mohawk\libs\aspose-barcode.jar

Filesize
5.0MB

MD5
c0f169cc61aeeae7524069f9167ac3b0

SHA1
b6390e71c31031a9e9035a88f4f8f459dea829ba

SHA256
011099e93bbf316ce98d6bf1a2d552965985ea1a5a403fd5580aa75c28db8ac5

SHA512
52084a7f1e3de3acecfc1ca46b27eb9811cc996f247ef1ad4cbb96d3356b04d97a709a9f996a5b2fd4fd0e72a17c5e194bdaa647da499261f2e03cb913868a54

Download Submit
C:\Program Files\Ziath\Mohawk\libs\bridj.jar

Filesize
913KB

MD5
f60dbb042f60c9f545d08b0d144e120e

SHA1
461c40ed578c92106579e370838ed4e224d0289e

SHA256
101bcd9b6637e6bc16e56deb3daefba62b1f5e8e9e37e1b3e56e3b5860d659cf

SHA512
916cf6a23051ff6d2eeead81d14759bc08ac40970b582dfb2d496feaf2920618e0edda67d2694e578db1fb8f39cc26bc79c805e7e9850479a35c6ce9ab8dff62

Download Submit
C:\Program Files\Ziath\Mohawk\libs\cameraiterator.jar

Filesize
77KB

MD5
3895abd33fd8971e13aea5ff524bca88

SHA1
5a77427f8f45fe82b42ce19ac51f7a12cbd49d38

SHA256
db72ce75a184ff013b898abc33c24d839862720ddbba86fb8199b4b51762003e

SHA512
04f9ddab26d90429c8e6ef8e540d260e655ca225d83f916cae121d816c832255b658230843510044d0e32785d8d89d169d87431c8f4227928918353e62ffd86a

Download Submit
C:\Program Files\Ziath\Mohawk\libs\comm.jar

Filesize
29KB

MD5
564ba62ba530c10c7a5505c97d7a4e43

SHA1
4c8cf77e0384cb69122546029c4a942c218ca0bd

SHA256
00fa78227db77417c711ebd4459130a43d64445be7409e22270fdd4dde9c55c6

SHA512
cea8a3f4d327d276c0342bd3bffdbc1559e12b7cec76df97f76d1fc9b88e35fcb6ab3132cd88f796f805d42170aa1db6b5f5489e334f0b5363f1f2f2da267385

Download Submit
C:\Program Files\Ziath\Mohawk\libs\commons-beanutils-core.jar

Filesize
164KB

MD5
458b500e7283d295f69a93ffc4a15293

SHA1
52f7701e1e9fd1d2b93379503c0bc839d2caf68d

SHA256
dbdac3b81a1c22a1d09b8c4a1c55b00af4767bd068838651c04c2f130172a207

SHA512
9ca7edae21f9c2b2005690e5f7d395bd9b560b296a603d10a2e8ea14825514810a564d145d20ccae313e51460b56d698b7fac8f788f5c128a44d6c8c63a25520

Download Submit
C:\Program Files\Ziath\Mohawk\libs\commons-beanutils.jar

Filesize
184KB

MD5
0f18acf5fa857f9959675e14d901a7ce

SHA1
5675fd96b29656504b86029551973d60fb41339b

SHA256
24bcaa20ccbdc7c856ce0c0aea144566943403e2e9f27bd9779cda1d76823ef4

SHA512
0b29d78fd71aa4d4989f78518b1aeab1152a0ffcaa1b75460c689b7c7dc1559447be32bf938a230e29240bfff278bfc914589162cca1e6ba980bfb58edaf5b06

Download Submit
C:\Program Files\Ziath\Mohawk\libs\commons-codec.jar

Filesize
45KB

MD5
8e149c1053741c03736a52df83974dcc

SHA1
fd32786786e2adb664d5ecc965da47629dca14ba

SHA256
1bafd2ece2e88db4cdf835a7f8f0de65fab5b1147977a5dcc59b7c1b8c6f5080

SHA512
acea0a510bb701c7bae3cb41b5c61a93e72b99c8441e5081269856df906fcc6de1977984f229eb78d0dc1601492a36d9992611c1ff5b8ed3f7b96294d67ecc29

Download Submit
C:\Program Files\Ziath\Mohawk\libs\commons-collections.jar

Filesize
557KB

MD5
7b9216b608d550787bdf43a63d88bf3b

SHA1
f951934aa5ae5a88d7e6dfaa6d32307d834a88be

SHA256
093fea360752de55afcb80cf713403eb1a66cb7dc0d529955b6f4a96f975df5c

SHA512
4c3361c8cf553c6fc34fe10624985bc1a08ea84547f4fb970487e99dc795a67b4bd36a0a1015492019e36dc1ae8b36def98f3ed3bf3e8382057923ddf67ee5ef

Download Submit
C:\Program Files\Ziath\Mohawk\libs\commons-collections4.jar

Filesize
736KB

MD5
20d1ebd548752d0d75aaae9faee66d6a

SHA1
1c262f70f9b3c2351f1d13a9a9bd10d2ec7cfbc4

SHA256
62f8db7da73e551f82d70fd533834177af6bd953de4b5e85c44dc2100de4beb8

SHA512
cc4d3698ad958155ff141b17f11b5b80fe6279bcf00a07bf0f07172837b54cbd06019a89c12f68c49267306b6e95f7c60ae47c64685bd47b422ce06977fb235d

Download Submit
C:\Program Files\Ziath\Mohawk\libs\commons-configuration.jar

Filesize
265KB

MD5
2c0b8b3c029982639c2ee8c951831b16

SHA1
d891c003b41adc63ab99e5f697e04d633568965a

SHA256
e5c824dd43b40517a111da36887c2b1233a1128f0a8fa464f6b32e5b78163998

SHA512
34c3dfec61316e211fdc11e12fe6e186c9bb4661c71a4a14b0675361efc1eb2f78185078fc75cbf10d50a06654ecf581a15aeed8c25fee9595c953f9669fb76c

Download Submit
C:\Program Files\Ziath\Mohawk\libs\commons-csv.jar

Filesize
39KB

MD5
59f8fd70588a5fa15875207b8820e68c

SHA1
fc2512d2109144df353501266ac4bbe179058afd

SHA256
9d4924588d6280c7516db3a4b7298306db5b6f0d1cdf568ce738309b5660f008

SHA512
a5d03809cc8096810e67f91cfa5cc7f46f615453901268a9c628ed45c1ee5b2f3be530b92dfa8f9c923ca99541aa01b1cf4bee6bb0cda7f35f744cb743fbcb13

Download Submit
C:\Program Files\Ziath\Mohawk\libs\commons-digester.jar

Filesize
140KB

MD5
cf89c593f0378e9509a06fce7030aeba

SHA1
dc6a73fdbd1fa3f0944e8497c6c872fa21dca37e

SHA256
05662373044f3dff112567b7bb5dfa1174e91e074c0c727b4412788013f49d56

SHA512
138aaadde6b134eeb39574fde80f8eed1dee4a7049fccdd8c462c0a0dfab5419bafd259e77b99d85094b4e7c864673f07249c39c3b18aff87ef39b3663f537a2

Download Submit
C:\Program Files\Ziath\Mohawk\libs\commons-io.jar

Filesize
106KB

MD5
b6a50c8a15ece8753e37cbe5700bf84f

SHA1
a8762d07e76cfde2395257a5da47ba7c1dbd3dce

SHA256
a7f713593007813bf07d19bd1df9f81c86c0719e9a0bb2ef1b98b78313fc940d

SHA512
a1cc0feb2805e08d49229a20cc4423bb52d6800aab3f65723a28ed7d3429455a3f6ef80daaabad7aa89bfb70e4d3c362b268401e636505d1c89bfa7baf871d94

Download Submit
C:\Program Files\Ziath\Mohawk\libs\commons-lang.jar

Filesize
255KB

MD5
237a8e845441bad2e535c57d985c8204

SHA1
16313e02a793435009f1e458fa4af5d879f6fb11

SHA256
2c73b940c91250bc98346926270f13a6a10bb6e29d2c9316a70d134e382c873e

SHA512
ae35b761d16f4327cdb6fda16789166fc67020efd71fd2cc3395b97444f439dfcc7eee948a3efd3b02440416caeb873417d95db6a2b16f4ef198de9d1afbc045

Download Submit
C:\Program Files\Ziath\Mohawk\libs\commons-lang3.jar

Filesize
483KB

MD5
5d18f68b5122fd398c118df53ab4cf55

SHA1
9d28a6b23650e8a7e9063c04588ace6cf7012c17

SHA256
89c27f03fff18d0b06e7afd7ef25e209766df95b6c1269d6c3ebbdea48d5f284

SHA512
88501994a338221464b2e87c83dd12b6572daf882cb760419edd66ca2805dbb09d96693c21144b00026e68919436af87534f719896bcd5e3f9a66cef12736675

Download Submit
C:\Program Files\Ziath\Mohawk\libs\commons-logging.jar

Filesize
59KB

MD5
ed448347fc0104034aa14c8189bf37de

SHA1
5043bfebc3db072ed80fbd362e7caf00e885d8ae

SHA256
ce6f913cad1f0db3aad70186d65c5bc7ffcc9a99e3fe8e0b137312819f7c362f

SHA512
470323a2ee38be1b7ff8c84f1f5a5f8c4ec2ceb6b0649faa7b961f111865877dbe125409f72b1c52c7f18aa89e3469635c49ff4b83f86cc2f2eb2cc5562f9bff

Download Submit
C:\Program Files\Ziath\Mohawk\libs\core.jar

Filesize
530KB

MD5
3ee2c714be5d25ac6c9b941f666bfea6

SHA1
b640badcc97f18867c4dfd249ef8d20ec0204c07

SHA256
5820f81e943e4bce0329306621e2d6255d2930b0a6ce934c5c23c0d6d3f20599

SHA512
0f492c17719631b395ae63be82c7c57b4dd3cddbc76d6b6ca68abd1d7c8bb7b6557af24523519547acbe26cd78bd3fafff1e5830e907ead3e4f683389fea7dbe

Download Submit
C:\Program Files\Ziath\Mohawk\libs\css-helper.jar

Filesize
6KB

MD5
bab67494ea6e50b1b1437b7d93c52e8b

SHA1
299236de92a386cf7fb74110e98073ca5133036c

SHA256
82d256f4ab15535ca795f78f0fa8f36cc5d7cb8aa1510f4f78460de3d7728cf5

SHA512
a6a486a19d0451f71372592f68b195bfa8b05e26572057872e915ee5df48efbd6a0ce17e45f38327e4ac635d8adf9d8ad40f44bf8db68cc5226e7facb7508aa9

Download Submit
C:\Program Files\Ziath\Mohawk\libs\curvesapi.jar

Filesize
96KB

MD5
0dcbd9b7e498d1118c920d1d55046743

SHA1
3386abf821719bc89c7685f9eaafaf4a842f0199

SHA256
ff71bd27b36816889324de58ecf642532e5c9934c1dca2cfea0cbb2f393ec2cb

SHA512
f4a2b3f7f0a253acfb5e1166a0aa1655555271105c05574dccd1c494aa0787c3574f506561a793edfd93fb3d643238e5db18b33f1d2700c351149cecb77e2944

Download Submit
C:\Program Files\Ziath\Mohawk\libs\datapaqremote.jar

Filesize
31KB

MD5
85315f91577b5eeb3e1779cc43cf95ed

SHA1
94d4c469ca05c7c97de5a8714005fa5acd5cd71e

SHA256
c279d8d5618b227163bd4467a4b0b2260f8086fb3bf392c7c6c8fe6878c23cf7

SHA512
13eefb3f5acee946482faab57b97e5c90ea9724d86722d817fbbbe3f8c0098086abbf575d940090c74e04de57c27b6a91df3155849a683c69eafb8154179abfe

Download Submit
C:\Program Files\Ziath\Mohawk\libs\javacpp.jar

Filesize
351KB

MD5
be8fdd625d2887558c4c70b2a02a13c8

SHA1
cfa6a0259d98bff5aa8d41ba11b4d1dad648fbaa

SHA256
ae4d01d4eb5cb88c9a8544287c28de30b6c1872ae8c28180c38917091c9eed1c

SHA512
8700782abbd1db07d78ce88307a750d0b4182d8c4f2e105cf5144589aa7f08307382f63f29e38f748f65bed75997b879cb6c585b1f9cedd9fc93f0e51b3edf77

Download Submit
C:\Program Files\Ziath\Mohawk\picker-deploy.jar

Filesize
763KB

MD5
f224c83dd99472e111899abd9ab9111b

SHA1
b11930073b8ed47c864ba19a75c4692805dc4064

SHA256
13154d3f7e3aec9548d1074ec84f8257a3fd5289e5b5454477f7fd6de7b6d24a

SHA512
7e1088a009a49f6d72baef4acf3a0fe101d568150a750ea2fb4ca617afaa0cdecc40cad93ad595c2ff938bdf0e1f57b71e24200ebc822412abdbbecdf169555c

Download Submit
C:\ProgramData\Oracle\Java\.oracle_jre_usage\352bcdee40cc5e0c.timestamp

Filesize
50B

MD5
bf26ffa6ae86bc8e2b4ae55fd60e3441

SHA1
eff3894c6c5ad70b41541594347beaaddd250a39

SHA256
5c57a3fa7bc363667dff5cfc2d84b646e18b26a380ff9fd4ecb6f94e95b5fd59

SHA512
c97ac72155bba791f32c58954e075a4ff61e23d7ed54dd91e627193896a63d9f7d75034238ca6809607ef455a9adab1e7a59627ad838118ae6936597e06e6549

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-B897Q.tmp\ziath-mohawk.2.1.297-en-release.tmp

Filesize
690KB

MD5
a2c4d52c66b4b399facadb8cc8386745

SHA1
c326304c56a52a3e5bfbdce2fef54604a0c653e0

SHA256
6c0465ce64c07e729c399a338705941d77727c7d089430957df3e91a416e9d2a

SHA512
2a66256ff8535e2b300aa0ca27b76e85d42422b0aaf5e7e6d055f7abb9e338929c979e185c6be8918d920fb134b7f28a76b714579cacb8ace09000c046dd34d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-NV5J1.tmp\_isetup\_setup64.tmp

Filesize
6KB

MD5
c8871efd8af2cf4d9d42d1ff8fadbf89

SHA1
d0eacd5322c036554d509c7566f0bcc7607209bd

SHA256
e4fc574a01b272c2d0aed0ec813f6d75212e2a15a5f5c417129dd65d69768f40

SHA512
2735bb610060f749e26acd86f2df2b8a05f2bdd3dccf3e4b2946ebb21ba0805fb492c474b1eeb2c5b8bf1a421f7c1b8728245f649c644f4a9ecc5bd8770a16f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-NV5J1.tmp\psvince.dll

Filesize
36KB

MD5
a4e5c512b047a6d9dc38549161cac4de

SHA1
49d3e74f9604a6c61cda04ccc6d3cda87e280dfb

SHA256
c7f1e7e866834d9024f97c2b145c09d106e447e8abd65a10a1732116d178e44e

SHA512
2edb8a492b8369d56dda735a652c9e08539a5c4709a794efaff91adcae192a636d0545725af16cf8c31b275b34c2f19e4b019b57fb9050b99de65a4c08e3eee1

Download Submit
C:\Users\Admin\AppData\Local\Temp\jSerialComm\1716288329261-jSerialComm.dll

Filesize
143KB

MD5
2d7b300111922ef0bb70998218191d10

SHA1
dfeca42c784965d9e5a3df0835b2fab0cf70c76c

SHA256
c4b8fdbbf4716b1cf25bd6ecd2d8cdc53144bb9ba3f8adfe4074634746998f93

SHA512
b916e2dfc4b5c921379a80c83774998b9e19758505e97fe0b4e6a0e4c9224a50be45550ae705f015269077489c12112938fa8ab3108604e4fb943dc87297c5c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\jna4414728648599914510.dll

Filesize
192KB

MD5
5647170cf24a08a03619c8efd7772676

SHA1
219b0b94db920e84cef2cb7534be249068c8f857

SHA256
178d74db6f7af5f1d1c15b0c6b85b8889814bc139d97239dcc536baed1dc9614

SHA512
ed670c32ceedf7cead107eabd79692742d5f6a89f0e748a3687c0cc7b806561417ef8ded4a6aab41d01afbe68080168adbf4db7a37a003ed018ee79fd54e6939

Download Submit
C:\Users\Admin\AppData\Local\Temp\nativeutils3021707853\CameraIterator.dll

Filesize
18KB

MD5
b7bfa787e157dc64f098ad3358894ca7

SHA1
67ca2ccc22e04eb91980aba2301defd93c6b07a9

SHA256
323f747d7070f9b7623467df295fb1f8e1d2fcfe5e2973b1509d9cf6285bdbdd

SHA512
110a06333ce24d1f776527b2ff9f9077d1fc46d2211420eb2593d4e23a05915b9e9fdc0be5714ac010eb68975fe10d590d4cd78f8df65815820fcb782d3f9d6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nativeutils3021707853\WinFoldersJava_x64.dll

Filesize
46KB

MD5
0bc3ae3a106707aee2bf43df2a458a3d

SHA1
37d8b3f830cc84d5b12b0fd2bd3b0498e6bca12f

SHA256
97cab4ef75280969fdcf245f256a7652255fec96990d14787962474b6a0b533d

SHA512
0a90d3135c0689cb19659bd2a13bfdb11c70fe18e0d01788030cdcf16ef442efda527950e169b287a9ec5eb9e8e128a561f809096014b9e6473e23aac221d5fd

Download Submit
memory/540-920-0x0000000000400000-0x00000000004BC000-memory.dmp

Filesize
752KB

Download
memory/540-622-0x0000000000400000-0x00000000004BC000-memory.dmp

Filesize
752KB

Download
memory/540-842-0x0000000000400000-0x00000000004BC000-memory.dmp

Filesize
752KB

Download
memory/540-372-0x0000000000400000-0x00000000004BC000-memory.dmp

Filesize
752KB

Download
memory/540-17-0x0000000000400000-0x00000000004BC000-memory.dmp

Filesize
752KB

Download
memory/540-7-0x0000000000400000-0x00000000004BC000-memory.dmp

Filesize
752KB

Download
memory/540-996-0x0000000000400000-0x00000000004BC000-memory.dmp

Filesize
752KB

Download
memory/540-967-0x0000000000400000-0x00000000004BC000-memory.dmp

Filesize
752KB

Download
memory/1616-1116-0x0000000000400000-0x0000000000480000-memory.dmp

Filesize
512KB

Download
memory/2460-0-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/2460-2-0x0000000000401000-0x000000000040B000-memory.dmp

Filesize
40KB

Download
memory/2460-998-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/2460-16-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/4608-1149-0x0000000000B30000-0x0000000000B31000-memory.dmp

Filesize
4KB

Download
memory/4608-1118-0x0000000000B30000-0x0000000000B31000-memory.dmp

Filesize
4KB

Download
memory/4608-1123-0x0000000000B30000-0x0000000000B31000-memory.dmp

Filesize
4KB

Download
memory/4608-1136-0x0000000000B30000-0x0000000000B31000-memory.dmp

Filesize
4KB

Download
memory/4608-1059-0x0000000000B30000-0x0000000000B31000-memory.dmp

Filesize
4KB

Download
memory/4608-1153-0x0000000000B30000-0x0000000000B31000-memory.dmp

Filesize
4KB

Download
memory/4608-1199-0x0000000000B30000-0x0000000000B31000-memory.dmp

Filesize
4KB

Download
memory/4608-1209-0x0000000000B30000-0x0000000000B31000-memory.dmp

Filesize
4KB

Download
memory/4608-1205-0x0000000000B30000-0x0000000000B31000-memory.dmp

Filesize
4KB

Download
memory/4608-1049-0x0000000000B30000-0x0000000000B31000-memory.dmp

Filesize
4KB

Download
memory/4608-1076-0x0000000000B30000-0x0000000000B31000-memory.dmp

Filesize
4KB

Download
memory/4608-1075-0x0000000000B30000-0x0000000000B31000-memory.dmp

Filesize
4KB

Download