Analysis Overview
SHA256
7ded9ee2801093622eb98474c29c883632a563abd55f3a986b9e5a506f64ca60
Threat Level: Shows suspicious behavior
The file 7ded9ee2801093622eb98474c29c883632a563abd55f3a986b9e5a506f64ca60.exe was found to be: Shows suspicious behavior.
Malicious Activity Summary
Loads dropped DLL
Executes dropped EXE
Checks computer location settings
Adds Run key to start application
Checks installed software on the system
Drops file in System32 directory
Drops file in Program Files directory
Unsigned PE
Program crash
Enumerates physical storage devices
Detects Pyinstaller
NSIS installer
Enumerates processes with tasklist
Suspicious behavior: AddClipboardFormatListener
Suspicious use of SetWindowsHookEx
Runs net.exe
Modifies data under HKEY_USERS
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Uses Task Scheduler COM API
NTFS ADS
Suspicious behavior: LoadsDriver
Suspicious use of WriteProcessMemory
Suspicious behavior: GetForegroundWindowSpam
Enumerates system info in registry
Checks processor information in registry
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-20 19:43
Signatures
Detects Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
NSIS installer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral8
Detonation Overview
Submitted
2024-06-20 19:40
Reported
2024-06-20 19:52
Platform
win10v2004-20240611-en
Max time kernel
134s
Max time network
207s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ADMachineDll.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 13.107.21.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.159.190.20.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 237.21.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.58.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
Files
Analysis: behavioral14
Detonation Overview
Submitted
2024-06-20 19:40
Reported
2024-06-20 19:52
Platform
win10v2004-20240611-en
Max time kernel
298s
Max time network
327s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\DSGui.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 252.15.104.51.in-addr.arpa | udp |
Files
memory/4376-1-0x00007FFFBD500000-0x00007FFFBDA5A000-memory.dmp
memory/4376-0-0x00007FFFBF6D0000-0x00007FFFBF811000-memory.dmp
Analysis: behavioral22
Detonation Overview
Submitted
2024-06-20 19:40
Reported
2024-06-20 19:52
Platform
win10v2004-20240508-en
Max time kernel
288s
Max time network
270s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\ICNow_License Agreement_Eng.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ff8efc546f8,0x7ff8efc54708,0x7ff8efc54718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,6330252552969721696,8561810829801043947,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,6330252552969721696,8561810829801043947,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2408 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,6330252552969721696,8561810829801043947,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6330252552969721696,8561810829801043947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6330252552969721696,8561810829801043947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,6330252552969721696,8561810829801043947,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4520 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,6330252552969721696,8561810829801043947,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4520 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6330252552969721696,8561810829801043947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4544 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6330252552969721696,8561810829801043947,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4616 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6330252552969721696,8561810829801043947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6330252552969721696,8561810829801043947,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,6330252552969721696,8561810829801043947,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5008 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4158365912175436289496136e7912c2 |
| SHA1 | 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59 |
| SHA256 | 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1 |
| SHA512 | 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b |
\??\pipe\LOCAL\crashpad_1244_AGMVVVOZWVTZJFGM
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ce4c898f8fc7601e2fbc252fdadb5115 |
| SHA1 | 01bf06badc5da353e539c7c07527d30dccc55a91 |
| SHA256 | bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa |
| SHA512 | 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9f4a13a34dec389578711f83c9d84932 |
| SHA1 | 63243a1ba26e470c047fdc395c565aff989fbfee |
| SHA256 | ca0b4f21f578d31f880cacf25b4e7a5d1e4964897d32fd5cab09a1fc8c148324 |
| SHA512 | 6aceab6a3ad989702af81c36b707c3deb13362fedd361f6f5b5b215453cc7c900685e1708a2b4b05cdebc109dddcbd27da81cff382b4b9cd10c92dcdc0a9e8be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f9d841f39ff1344ace62609a60eaf230 |
| SHA1 | 419f6fcc983031b91ea6ab5f0df1d17220bb1c1a |
| SHA256 | 700f9383879c29e2d9fc958072cb9150c2d3b4638ea0d71d5b3ebe21dd608e13 |
| SHA512 | 9dd1104500e69209e58beee3e2bc3f120cace0f88b712f6ae8446d3f10af684e291437d01d9197e951ced64667a038d5b071076b783654357dfd3e8e6ee8e679 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3b6b0b1e1a9739261a09b5989fed8317 |
| SHA1 | 76d612fe1ea03ccb6c7dc51b9a34ae5965a5ab74 |
| SHA256 | d45df67f57fe573a36681f58e3584b2bfb09cbe14a69ce6a984a8068efa7e510 |
| SHA512 | 83f2df2d966f8897043cbee617145b4f512327aeb0e346bf0d8696b0e49e66a081e7d92afbb91a47205e0d18a8f959cfb7c7f02cf0e94cb975b456eb1d5574ee |
Analysis: behavioral23
Detonation Overview
Submitted
2024-06-20 19:40
Reported
2024-06-20 19:52
Platform
win10v2004-20240611-en
Max time kernel
294s
Max time network
320s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\ICNow_Opensource Statement_Eng.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=5024,i,3833046924978547022,12404847742964713612,262144 --variations-seed-version --mojo-platform-channel-handle=5036 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=5000,i,3833046924978547022,12404847742964713612,262144 --variations-seed-version --mojo-platform-channel-handle=5052 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --field-trial-handle=5104,i,3833046924978547022,12404847742964713612,262144 --variations-seed-version --mojo-platform-channel-handle=5532 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5636,i,3833046924978547022,12404847742964713612,262144 --variations-seed-version --mojo-platform-channel-handle=5668 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5944,i,3833046924978547022,12404847742964713612,262144 --variations-seed-version --mojo-platform-channel-handle=6036 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=5700,i,3833046924978547022,12404847742964713612,262144 --variations-seed-version --mojo-platform-channel-handle=5660 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 13.107.21.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.21.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| IE | 94.245.104.56:443 | api.edgeoffer.microsoft.com | tcp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 2.20.12.87:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| SE | 23.34.233.128:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| GB | 172.165.69.228:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 172.165.69.228:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | 56.104.245.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.234.34.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 128.233.34.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | 228.69.165.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.65.42.20.in-addr.arpa | udp |
Files
Analysis: behavioral27
Detonation Overview
Submitted
2024-06-20 19:40
Reported
2024-06-20 19:52
Platform
win10v2004-20240611-en
Max time kernel
132s
Max time network
315s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Inframd.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.90.14.23.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.173.189.20.in-addr.arpa | udp |
Files
Analysis: behavioral32
Detonation Overview
Submitted
2024-06-20 19:40
Reported
2024-06-20 19:53
Platform
win10v2004-20240226-en
Max time kernel
260s
Max time network
362s
Command Line
Signatures
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
Processes
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\Languages\DHDictionary_zh_CN.xlsx"
Network
| Country | Destination | Domain | Proto |
| US | 20.231.121.79:80 | tcp | |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| GB | 216.58.213.10:443 | chromewebstore.googleapis.com | tcp |
| US | 8.8.8.8:53 | 10.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.28.109.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.16.208.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.173.189.20.in-addr.arpa | udp |
Files
memory/1696-0-0x00007FF95AB10000-0x00007FF95AB20000-memory.dmp
memory/1696-2-0x00007FF95AB10000-0x00007FF95AB20000-memory.dmp
memory/1696-1-0x00007FF95AB10000-0x00007FF95AB20000-memory.dmp
memory/1696-3-0x00007FF99AB2D000-0x00007FF99AB2E000-memory.dmp
memory/1696-4-0x00007FF95AB10000-0x00007FF95AB20000-memory.dmp
memory/1696-5-0x00007FF95AB10000-0x00007FF95AB20000-memory.dmp
memory/1696-6-0x00007FF99AA90000-0x00007FF99AC85000-memory.dmp
memory/1696-8-0x00007FF99AA90000-0x00007FF99AC85000-memory.dmp
memory/1696-7-0x00007FF99AA90000-0x00007FF99AC85000-memory.dmp
memory/1696-10-0x00007FF99AA90000-0x00007FF99AC85000-memory.dmp
memory/1696-9-0x00007FF99AA90000-0x00007FF99AC85000-memory.dmp
memory/1696-13-0x00007FF99AA90000-0x00007FF99AC85000-memory.dmp
memory/1696-12-0x00007FF99AA90000-0x00007FF99AC85000-memory.dmp
memory/1696-11-0x00007FF99AA90000-0x00007FF99AC85000-memory.dmp
memory/1696-15-0x00007FF99AA90000-0x00007FF99AC85000-memory.dmp
memory/1696-14-0x00007FF9581B0000-0x00007FF9581C0000-memory.dmp
memory/1696-16-0x00007FF99AA90000-0x00007FF99AC85000-memory.dmp
memory/1696-17-0x00007FF99AA90000-0x00007FF99AC85000-memory.dmp
memory/1696-18-0x00007FF99AA90000-0x00007FF99AC85000-memory.dmp
memory/1696-25-0x00007FF9581B0000-0x00007FF9581C0000-memory.dmp
memory/1696-29-0x00007FF99AA90000-0x00007FF99AC85000-memory.dmp
memory/1696-47-0x00007FF95AB10000-0x00007FF95AB20000-memory.dmp
memory/1696-48-0x00007FF95AB10000-0x00007FF95AB20000-memory.dmp
memory/1696-50-0x00007FF95AB10000-0x00007FF95AB20000-memory.dmp
memory/1696-49-0x00007FF95AB10000-0x00007FF95AB20000-memory.dmp
memory/1696-51-0x00007FF99AA90000-0x00007FF99AC85000-memory.dmp
Analysis: behavioral26
Detonation Overview
Submitted
2024-06-20 19:40
Reported
2024-06-20 19:52
Platform
win10v2004-20240508-en
Max time kernel
40s
Max time network
70s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Infrad.dll,#1
Network
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-06-20 19:40
Reported
2024-06-20 19:51
Platform
win10v2004-20240611-en
Max time kernel
217s
Max time network
250s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 4732 wrote to memory of 704 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 4732 wrote to memory of 704 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 4732 wrote to memory of 704 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsisSlideshow.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsisSlideshow.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 704 -ip 704
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 704 -s 616
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
Files
Analysis: behavioral9
Detonation Overview
Submitted
2024-06-20 19:40
Reported
2024-06-20 19:52
Platform
win10v2004-20240508-en
Max time kernel
58s
Max time network
102s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Adaptor.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 52.111.229.48:443 | tcp |
Files
memory/2948-1-0x0000023CC7480000-0x0000023CC768C000-memory.dmp
memory/2948-0-0x0000023CC6720000-0x0000023CC747C000-memory.dmp
Analysis: behavioral13
Detonation Overview
Submitted
2024-06-20 19:40
Reported
2024-06-20 19:52
Platform
win10v2004-20240611-en
Max time kernel
240s
Max time network
269s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\Conf\System\xls_head.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa506546f8,0x7ffa50654708,0x7ffa50654718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,17890476650117636559,6417718783087004066,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,17890476650117636559,6417718783087004066,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,17890476650117636559,6417718783087004066,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2984 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17890476650117636559,6417718783087004066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17890476650117636559,6417718783087004066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,17890476650117636559,6417718783087004066,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,17890476650117636559,6417718783087004066,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17890476650117636559,6417718783087004066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17890476650117636559,6417718783087004066,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17890476650117636559,6417718783087004066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17890476650117636559,6417718783087004066,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,17890476650117636559,6417718783087004066,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4728 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 13.107.21.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 73.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.90.14.23.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 3a09f853479af373691d131247040276 |
| SHA1 | 1b6f098e04da87e9cf2d3284943ec2144f36ac04 |
| SHA256 | a358de2c0eba30c70a56022c44a3775aa99ffa819cd7f42f7c45ac358b5e739f |
| SHA512 | 341cf0f363621ee02525cd398ae0d462319c6a80e05fd25d9aca44234c42a3071b51991d4cf102ac9d89561a1567cbe76dfeaad786a304bec33821ca77080016 |
\??\pipe\LOCAL\crashpad_748_DNZUKPNVOYUAYHGO
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | db9081c34e133c32d02f593df88f047a |
| SHA1 | a0da007c14fd0591091924edc44bee90456700c6 |
| SHA256 | c9cd202ebb55fe8dd3e5563948bab458e947d7ba33bc0f38c6b37ce5d0bd7c3e |
| SHA512 | 12f9809958b024571891fae646208a76f3823ae333716a5cec303e15c38281db042b7acf95bc6523b6328ac9c8644794d39a0e03d9db196f156a6ee1fb4f2744 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5e0c776723d1ebbafd883b6dbba3d181 |
| SHA1 | 46625b609799bd6b72bb4aaafde3564cc8b9d6e8 |
| SHA256 | a715931bb4fecab6a728b52960ac0890365da1dac15b588037e0462dd520a205 |
| SHA512 | a741ccc1ba61dfdad0ecb04f635ac515f8185e7dd73ce8b47e2169362d95fd7acf17ec1f0414d6c83f6faf36034c02817d2847ec0dd6c3cb8616be343c0c9009 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | fbb6d79c8364e0597c509acde85dc303 |
| SHA1 | 670cc36e766b665ffcf749ff187ea20c1a7b724f |
| SHA256 | aa4bf492035584194bf0a8d83d957c713ac0cbe541b174630bf3fb03dbf1d0d7 |
| SHA512 | e579494d1ddb417b7d162c85139f2333187b9eff318d75f647dcb7c36ca8a54a74f8551e69081d694852206b905cef150e3c50c25c772f2be40edd57cff8e334 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f589d805284bdb44c9c3e36047877f93 |
| SHA1 | f1a2e6567525d99115649dac327258050b887908 |
| SHA256 | 0734a787da020e18e046585b7b3754c60cfb705d97ff63b4c0280542d2d46551 |
| SHA512 | 8402b06e7c37485590bf3d54047b576384a43a7fed6241b4aebffed788f9169048add911a446c01f4551d0697bfcca020461de1be37a3e173f18eda39813377f |
Analysis: behavioral19
Detonation Overview
Submitted
2024-06-20 19:40
Reported
2024-06-20 19:53
Platform
win10v2004-20240226-en
Max time kernel
257s
Max time network
362s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\HWDec.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| GB | 142.250.200.42:443 | chromewebstore.googleapis.com | tcp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 8.8.8.8:53 | 42.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 8.8.8.8:53 | 29.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.16.208.104.in-addr.arpa | udp |
Files
Analysis: behavioral21
Detonation Overview
Submitted
2024-06-20 19:40
Reported
2024-06-20 19:52
Platform
win10v2004-20240508-en
Max time kernel
298s
Max time network
332s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\ICNowDaemon.exe
"C:\Users\Admin\AppData\Local\Temp\ICNowDaemon.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
memory/1196-0-0x00007FFEE8910000-0x00007FFEE8E6A000-memory.dmp
Analysis: behavioral16
Detonation Overview
Submitted
2024-06-20 19:40
Reported
2024-06-20 19:52
Platform
win10v2004-20240508-en
Max time kernel
34s
Max time network
71s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\DVRIPClient.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
memory/3096-0-0x000002910FD70000-0x00000291117BA000-memory.dmp
Analysis: behavioral7
Detonation Overview
Submitted
2024-06-20 19:40
Reported
2024-06-20 19:51
Platform
win10v2004-20240508-en
Max time kernel
40s
Max time network
64s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\7z.exe
"C:\Users\Admin\AppData\Local\Temp\7z.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
Analysis: behavioral28
Detonation Overview
Submitted
2024-06-20 19:40
Reported
2024-06-20 19:52
Platform
win10v2004-20240611-en
Max time kernel
128s
Max time network
315s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\IvsDraw.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 13.107.21.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.21.107.13.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.65.42.20.in-addr.arpa | udp |
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-20 19:40
Reported
2024-06-20 20:06
Platform
win10v2004-20240508-en
Max time kernel
1152s
Max time network
1165s
Command Line
Signatures
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\Program Files\ICNow\ICNow.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\mshta.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\mshta.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\Program Files\ICNow\ICNow.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\ICNow\ICNow.exe | N/A |
| N/A | N/A | C:\Program Files\ICNow\UsersName.exe | N/A |
| N/A | N/A | C:\Program Files\ICNow\DSMessageNotify.exe | N/A |
| N/A | N/A | C:\Program Files\ICNow\ICNowDaemon.exe | N/A |
| N/A | N/A | C:\Program Files\ICNow\7z.exe | N/A |
| N/A | N/A | C:\Program Files\ICNow\UsersName.exe | N/A |
| N/A | N/A | C:\Program Files\ICNow\UsersName.exe | N/A |
| N/A | N/A | C:\Program Files\ICNow\ICNow.exe | N/A |
| N/A | N/A | C:\Program Files\ICNow\7z.exe | N/A |
| N/A | N/A | C:\Program Files\ICNow\7z.exe | N/A |
| N/A | N/A | C:\Program Files\ICNow\DSMessageNotify.exe | N/A |
| N/A | N/A | C:\Program Files\ICNow\ICNowDaemon.exe | N/A |
Loads dropped DLL
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ICNow = "\"C:\\Program Files\\ICNow\\ICNow.exe\"" | C:\Program Files\ICNow\ICNow.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ICNow = "\"C:\\Program Files\\ICNow\\ICNow.exe\"" | C:\Program Files\ICNow\ICNow.exe | N/A |
Checks installed software on the system
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\system32\taskschd.msc | C:\Windows\system32\mmc.exe | N/A |
Drops file in Program Files directory
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\ICNow\ICNow.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\ICNow\ICNow.exe | N/A |
| Key queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\ICNow\ICNow.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ | C:\Program Files\ICNow\ICNow.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\ICNow\ICNow.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\ICNow\ICNow.exe | N/A |
| Key queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\ICNow\ICNow.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ | C:\Program Files\ICNow\ICNow.exe | N/A |
Enumerates processes with tasklist
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SYSTEM32\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\tasklist.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133633873907471807" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\ICNow\.C:\Users\Public\ICNow\Data\User\Database\AlarmScheme.db | C:\Program Files\ICNow\ICNow.exe | N/A |
| File opened for modification | C:\Program Files\ICNow\.C:\Users\Public\ICNow\Data\User\Database\AlarmScheme.db | C:\Program Files\ICNow\ICNow.exe | N/A |
Runs net.exe
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\ICNow\ICNow.exe | N/A |
| N/A | N/A | C:\Program Files\ICNow\DSMessageNotify.exe | N/A |
| N/A | N/A | C:\Program Files\ICNow\ICNowDaemon.exe | N/A |
| N/A | N/A | C:\Program Files\ICNow\ICNow.exe | N/A |
| N/A | N/A | C:\Program Files\ICNow\DSMessageNotify.exe | N/A |
| N/A | N/A | C:\Program Files\ICNow\ICNowDaemon.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7ded9ee2801093622eb98474c29c883632a563abd55f3a986b9e5a506f64ca60.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7ded9ee2801093622eb98474c29c883632a563abd55f3a986b9e5a506f64ca60.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7ded9ee2801093622eb98474c29c883632a563abd55f3a986b9e5a506f64ca60.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7ded9ee2801093622eb98474c29c883632a563abd55f3a986b9e5a506f64ca60.exe | N/A |
| N/A | N/A | C:\Program Files\ICNow\ICNow.exe | N/A |
| N/A | N/A | C:\Program Files\ICNow\ICNow.exe | N/A |
| N/A | N/A | C:\Program Files\ICNow\ICNow.exe | N/A |
| N/A | N/A | C:\Program Files\ICNow\ICNow.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\ICNow\ICNow.exe | N/A |
| N/A | N/A | C:\Program Files\ICNow\ICNow.exe | N/A |
| N/A | N/A | C:\Program Files\ICNow\ICNow.exe | N/A |
| N/A | N/A | C:\Program Files\ICNow\ICNow.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\ICNow\ICNow.exe | N/A |
| N/A | N/A | C:\Program Files\ICNow\DSMessageNotify.exe | N/A |
| N/A | N/A | C:\Windows\system32\mmc.exe | N/A |
| N/A | N/A | C:\Program Files\ICNow\DSMessageNotify.exe | N/A |
| N/A | N/A | C:\Program Files\ICNow\ICNow.exe | N/A |
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\SYSTEM32\tasklist.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Program Files\ICNow\7z.exe | N/A |
| Token: 35 | N/A | C:\Program Files\ICNow\7z.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\ICNow\7z.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\ICNow\7z.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\7ded9ee2801093622eb98474c29c883632a563abd55f3a986b9e5a506f64ca60.exe
"C:\Users\Admin\AppData\Local\Temp\7ded9ee2801093622eb98474c29c883632a563abd55f3a986b9e5a506f64ca60.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Program Files\ICNow\GrantF.bat""
C:\Windows\SysWOW64\mshta.exe
mshta vbscript:createobject("wscript.shell").run("""C:\Program Files\ICNow\GrantF.bat"" hide",0)(window.close)
C:\Program Files\ICNow\ICNow.exe
"C:\Program Files\ICNow\ICNow.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Program Files\ICNow\GrantF.bat" hide"
C:\Windows\SysWOW64\net.exe
Net users
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 users
C:\Program Files\ICNow\UsersName.exe
UsersName.exe
C:\Windows\SysWOW64\cacls.exe
Cacls "../Smart Professional Surveillance System" /t /e /c /g The:F
C:\Windows\SysWOW64\cacls.exe
Cacls "../Smart Professional Surveillance System" /t /e /c /g command:F
C:\Windows\SysWOW64\cacls.exe
Cacls "../Smart Professional Surveillance System" /t /e /c /g completed:F
C:\Windows\SysWOW64\cacls.exe
Cacls "../Smart Professional Surveillance System" /t /e /c /g successfully.:F
C:\Windows\SysWOW64\cacls.exe
Cacls "../Smart Professional Surveillance System" /t /e /c /g Guest:F
C:\Windows\SysWOW64\cacls.exe
Cacls "../Smart Professional Surveillance System" /t /e /c /g WDAGUtilityAccount:F
C:\Windows\SysWOW64\cacls.exe
Cacls "../Smart Professional Surveillance System" /t /e /c /g Admin:F
C:\Windows\SysWOW64\cacls.exe
Cacls "../Smart Professional Surveillance System" /t /e /c /g Administrator:F
C:\Windows\SysWOW64\cacls.exe
Cacls "../Smart Professional Surveillance System" /t /e /c /g DefaultAccount:F
C:\Windows\SysWOW64\cacls.exe
Cacls "../Smart Professional Surveillance System" /t /e /c /g -------------------------------------------------------------------------------:F
C:\Windows\SysWOW64\cacls.exe
Cacls "../Smart Professional Surveillance System" /t /e /c /g User:F
C:\Windows\SysWOW64\cacls.exe
Cacls "../Smart Professional Surveillance System" /t /e /c /g accounts:F
C:\Windows\SysWOW64\cacls.exe
Cacls "../Smart Professional Surveillance System" /t /e /c /g for:F
C:\Windows\SysWOW64\cacls.exe
Cacls "../Smart Professional Surveillance System" /t /e /c /g \\GSAGMHCQ:F
C:\Windows\SYSTEM32\tasklist.exe
tasklist.exe
C:\Program Files\ICNow\DSMessageNotify.exe
"C:\Program Files\ICNow\DSMessageNotify.exe" -Pid MessageNotify_ICNow.exe -SN MessageNotify_ICNow.exe -TS "C:/Program Files/ICNow/Languages/DSMessageNotify_en.qm" -Skin White -Lang English
C:\Program Files\ICNow\ICNowDaemon.exe
"C:\Program Files\ICNow\ICNowDaemon.exe"
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\ICNow\7z.exe
7z.exe a C:/Users/Public/ICNow/Log/client_log/ICNowDaemon.zip-2024-06-20-19-52-13.zip C:/Users/Public/ICNow/Log/client_log/ICNowDaemon.log-2024-06-20-19-52-13.log
C:\Windows\System32\NOTEPAD.EXE
"C:\Windows\System32\NOTEPAD.EXE" C:\Program Files\ICNow\GrantF.bat
C:\Windows\system32\mmc.exe
"C:\Windows\system32\mmc.exe" "C:\Windows\system32\taskschd.msc" /s
C:\Program Files\ICNow\UsersName.exe
"C:\Program Files\ICNow\UsersName.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9f2cdab58,0x7ff9f2cdab68,0x7ff9f2cdab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1780 --field-trial-handle=1992,i,9530329271419945321,5917492590483055008,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 --field-trial-handle=1992,i,9530329271419945321,5917492590483055008,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2240 --field-trial-handle=1992,i,9530329271419945321,5917492590483055008,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3156 --field-trial-handle=1992,i,9530329271419945321,5917492590483055008,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3168 --field-trial-handle=1992,i,9530329271419945321,5917492590483055008,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4344 --field-trial-handle=1992,i,9530329271419945321,5917492590483055008,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4712 --field-trial-handle=1992,i,9530329271419945321,5917492590483055008,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4892 --field-trial-handle=1992,i,9530329271419945321,5917492590483055008,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x254,0x258,0x25c,0x230,0x260,0x7ff7b40aae48,0x7ff7b40aae58,0x7ff7b40aae68
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4588 --field-trial-handle=1992,i,9530329271419945321,5917492590483055008,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4316 --field-trial-handle=1992,i,9530329271419945321,5917492590483055008,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4840 --field-trial-handle=1992,i,9530329271419945321,5917492590483055008,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3468 --field-trial-handle=1992,i,9530329271419945321,5917492590483055008,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3304 --field-trial-handle=1992,i,9530329271419945321,5917492590483055008,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3512 --field-trial-handle=1992,i,9530329271419945321,5917492590483055008,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4144 --field-trial-handle=1992,i,9530329271419945321,5917492590483055008,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3472 --field-trial-handle=1992,i,9530329271419945321,5917492590483055008,131072 /prefetch:8
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C "C:\Program Files\ICNow\GrantF.bat"
C:\Windows\system32\mshta.exe
mshta vbscript:createobject("wscript.shell").run("""C:\Program Files\ICNow\GrantF.bat"" hide",0)(window.close)
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Program Files\ICNow\GrantF.bat" hide"
C:\Windows\system32\net.exe
Net users
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 users
C:\Program Files\ICNow\UsersName.exe
UsersName.exe
C:\Windows\system32\cacls.exe
Cacls "../Smart Professional Surveillance System" /t /e /c /g The:F
C:\Windows\system32\cacls.exe
Cacls "../Smart Professional Surveillance System" /t /e /c /g command:F
C:\Windows\system32\cacls.exe
Cacls "../Smart Professional Surveillance System" /t /e /c /g completed:F
C:\Windows\system32\cacls.exe
Cacls "../Smart Professional Surveillance System" /t /e /c /g successfully.:F
C:\Windows\system32\cacls.exe
Cacls "../Smart Professional Surveillance System" /t /e /c /g Guest:F
C:\Windows\system32\cacls.exe
Cacls "../Smart Professional Surveillance System" /t /e /c /g WDAGUtilityAccount:F
C:\Windows\system32\cacls.exe
Cacls "../Smart Professional Surveillance System" /t /e /c /g Admin:F
C:\Windows\system32\cacls.exe
Cacls "../Smart Professional Surveillance System" /t /e /c /g Administrator:F
C:\Windows\system32\cacls.exe
Cacls "../Smart Professional Surveillance System" /t /e /c /g DefaultAccount:F
C:\Windows\system32\cacls.exe
Cacls "../Smart Professional Surveillance System" /t /e /c /g -------------------------------------------------------------------------------:F
C:\Windows\system32\cacls.exe
Cacls "../Smart Professional Surveillance System" /t /e /c /g User:F
C:\Windows\system32\cacls.exe
Cacls "../Smart Professional Surveillance System" /t /e /c /g accounts:F
C:\Windows\system32\cacls.exe
Cacls "../Smart Professional Surveillance System" /t /e /c /g for:F
C:\Windows\system32\cacls.exe
Cacls "../Smart Professional Surveillance System" /t /e /c /g \\GSAGMHCQ:F
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4920 --field-trial-handle=1992,i,9530329271419945321,5917492590483055008,131072 /prefetch:1
C:\Program Files\ICNow\ICNow.exe
"C:\Program Files\ICNow\ICNow.exe"
C:\Program Files\ICNow\7z.exe
7z.exe a C:/Users/Public/ICNow/Log/client_log/ICNowDaemon.zip-2024-06-20-19-52-13.zip C:/Users/Public/ICNow/Log/client_log/ICNowDaemon.log-2024-06-20-19-52-13.log
C:\Program Files\ICNow\7z.exe
7z.exe a C:/Users/Public/ICNow/Log/client_log/ICNow_19_50_00-2024-06-20-19-50-00.zip C:/Users/Public/ICNow/Log/client_log/ICNow_19_50_00-2024-06-20-19-50-00.log
C:\Windows\SYSTEM32\tasklist.exe
tasklist.exe
C:\Program Files\ICNow\DSMessageNotify.exe
"C:\Program Files\ICNow\DSMessageNotify.exe" -Pid MessageNotify_ICNow.exe -SN MessageNotify_ICNow.exe -TS "C:/Program Files/ICNow/Languages/DSMessageNotify_en.qm" -Skin White -Lang English
C:\Program Files\ICNow\ICNowDaemon.exe
"C:\Program Files\ICNow\ICNowDaemon.exe"
Network
| Country | Destination | Domain | Proto |
| N/A | 127.0.0.1:61375 | tcp | |
| N/A | 127.0.0.1:61377 | tcp | |
| US | 8.8.8.8:53 | p2p.myeasyip.com | udp |
| N/A | 127.0.0.1:12100 | tcp | |
| N/A | 127.0.0.1:62612 | tcp | |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | virustotal.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.4.4:53 | google.com | udp |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | virustotal.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | virustotal.com | udp |
| N/A | 127.0.0.1:65230 | tcp | |
| N/A | 127.0.0.1:65232 | tcp | |
| N/A | 127.0.0.1:12100 | tcp | |
| N/A | 127.0.0.1:65265 | tcp | |
| US | 8.8.8.8:53 | p2p.myeasyip.com | udp |
Files
C:\Users\Admin\AppData\Local\Temp\nsb889A.tmp\LangStr_es.ini
| MD5 | bb0eee891dc159c17462c22f6857a434 |
| SHA1 | e7296808204a46d10aa9c6884fcf92676248a848 |
| SHA256 | c521da3c0222b31c1d91ebb45e28045ede7c11b7b168e613dee97eef055fb191 |
| SHA512 | bb26749a3a90ed6130321c3013063ca85773beb1cd324392f6afd382476535b50cbeafcf49bb23621887a47f46f705b4e49e87940770d283f8dd1319968b6ebe |
C:\Users\Admin\AppData\Local\Temp\nsb889A.tmp\SkinBtn.dll
| MD5 | e4ec95271ff1bcebab49bdfed6817a22 |
| SHA1 | 2c03e97f4773aea80ecdb98a1482e5896fe4677b |
| SHA256 | ee1c06692a757473737b0ebdef16f77b63afac864d0890022d905e4873737dd6 |
| SHA512 | 771a527133806307a1b17b7e956d6a3c16e9bc675bf084b43204ae784a057dac2726dbf90645692876043a4e7365ba8825c167621fde4760c79cd84679e2aa3d |
C:\Users\Admin\AppData\Local\Temp\nsb889A.tmp\licenseEN.rtf
| MD5 | e6e36d4f5d374e08336bcc218e56df57 |
| SHA1 | 9f9fdc1685832a8c183fcf7dce06d69c7cce68e8 |
| SHA256 | c4b8c123e131b50a3086cd7c65acc94b3b73be9859951ff3dffec2fe106165a4 |
| SHA512 | 8c75437ba58a9a6c7bbef13b21df90d24ac15ac1f73daab6eae85df68eb6f5bb439132f24c69f63b6cca4c75b39e083aee0bfadbcc436d22e82cde70a592f83f |
C:\Users\Admin\AppData\Local\Temp\nsb889A.tmp\LangStr_en.ini
| MD5 | d4b215545e3963d495674bd70616a595 |
| SHA1 | c1795450448695ad3882b3f2040d559f17fb64c8 |
| SHA256 | 34b3d6b482023d616f611b61ba6cf1f419cb58af9ccf56cb2ccb12a12de1e4c2 |
| SHA512 | dff08a14bcdf4d984181821baed92c967525e372993d5784aed0c8f6083daccdeafd7cbd96761f4931fb9945be4be9babffa15867d9dee04f1b0090a73c4e518 |
C:\Users\Admin\AppData\Local\Temp\nsb889A.tmp\System.dll
| MD5 | c17103ae9072a06da581dec998343fc1 |
| SHA1 | b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d |
| SHA256 | dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f |
| SHA512 | d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f |
C:\Users\Admin\AppData\Local\Temp\nsb889A.tmp\FindProcDLL.dll
| MD5 | 75e7351a0f836b8659e6f315683c29f7 |
| SHA1 | 66b733d1c978d68cadc245e7efbfcae32807429d |
| SHA256 | 7ffc549e7f679a08c77fa230654b77cdffb3444296bb7c6b8b5769db374b61ee |
| SHA512 | f03400798b07ccca5e12fa119a586ee9444deb0d2419aced24d93fd84a4702d66864a71b40a11b04b1dbe56e36481cd6a644aec0347bc82bc7375b27bc403fe4 |
C:\Users\Admin\AppData\Local\Temp\nsb889A.tmp\nsDialogs.dll
| MD5 | c10e04dd4ad4277d5adc951bb331c777 |
| SHA1 | b1e30808198a3ae6d6d1cca62df8893dc2a7ad43 |
| SHA256 | e31ad6c6e82e603378cb6b80e67d0e0dcd9cf384e1199ac5a65cb4935680021a |
| SHA512 | 853a5564bf751d40484ea482444c6958457cb4a17fb973cf870f03f201b8b2643be41bccde00f6b2026dc0c3d113e6481b0dc4c7b0f3ae7966d38c92c6b5862e |
memory/2148-160-0x00000000021D4000-0x00000000021D5000-memory.dmp
memory/2148-159-0x0000000004140000-0x0000000004141000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nsb889A.tmp\WndProc.dll
| MD5 | f0cb331dd4bd92a6ebce45e7cd1cf5ef |
| SHA1 | b66ea0c10b08750295f2dc7c170b370402393214 |
| SHA256 | e7b3115fa2ce4a8fa09beeefa4fb634a474197f38a2854ce9be60d0a26016458 |
| SHA512 | 7c33418f39b91ae0d4cc8b560f516bac293593eef539832815028878c2058bf1691c2d767a039cf312989839071f2f6f0b6d9d59835acdfff6b448bf1ffea271 |
memory/2148-180-0x00000000021D4000-0x00000000021D5000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nsb889A.tmp\SkinProgress.dll
| MD5 | cc037c4703d3ec257efeef2ce0a1a20e |
| SHA1 | b3d6cc8f687a31fb2c1a5921a38de9429af20502 |
| SHA256 | 888b32ecbc37ce67d4edc28d894cba0a4f4e2488cfc2212d1af011bd0bfe97ff |
| SHA512 | 120bfa0a68775bef04c1863023b0e73a41982284fb36da7f497fbb7d5ed8631ad02fa09951424d339f6fefaa90a17c12f949dd68bb33bad64b1b7cace489d2a7 |
C:\Users\Admin\AppData\Local\Temp\nsb889A.tmp\TestDLL.dll
| MD5 | f4f9df98495103a5f3e3a2c66f3a4714 |
| SHA1 | 7a8e2422931139b8c13b9ebfee344811f2c25367 |
| SHA256 | e848e0837f3c8b654d3dc8e78af31ca8e7993cbf955bad76d32f06a831b0b575 |
| SHA512 | 68dcff4ee80dcbf949370b67836d8f392502bef236a5992a0fad1c7c4dabf650d7ce23ebcb2e81a40cda3cdab2fc6703347465940d5cbe69241d515c4cd9b436 |
C:\Users\Admin\AppData\Local\Temp\nsb889A.tmp\progress.dll
| MD5 | 10d73356f0dace1ddd9be92d52577375 |
| SHA1 | c29974f2c5c5ecaffdf3cabf570a885690647155 |
| SHA256 | 7d936aebee57e04338308ed8c52ce2c24e21b2978721326be3eb9e90c080834e |
| SHA512 | 4864585412734b4d0c5ae7af0c5e5fd3f70646d5ce72ba55594a2051aded0750a9f727c78a28e5f34a0f4dcc9bd0581c53e87c0144f049070c801680c9258cee |
memory/2148-205-0x0000000005690000-0x00000000056C8000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nsb889A.tmp\nsisSlideshow.dll
| MD5 | 379fc69af4ffaf5cd5d0e3f6ded9376f |
| SHA1 | e7685656d854c464a1a1299abc24177849496a54 |
| SHA256 | ef4be0f68c8ca2ea4434e9daf2b36e5443327a9b2a0fb8857c820183a757b9a4 |
| SHA512 | c8db8caed243ee80038af4a74f1898762167b952febccd9b4974d0e93938040aad9c8d53ff288aafd1e388845c3cd6ea24a13aa37f893af4b2fa63c5add091e5 |
C:\Program Files\ICNow\Data\System\Sound\en\external alarm.wav
| MD5 | 611588ec5cccb93e2a8e95fcea3b94ca |
| SHA1 | 4a054d46dbc53e8b69c3837eba8cea60f0ecc073 |
| SHA256 | 84cfc39fe69c67d5a0f12bf065a3702a43b27268090cdc1b0e2834f6cde6bd07 |
| SHA512 | 8a0f13e1ced361049e989ea71b92ac83026597711926d656c05512163406c60308b36d5cf6b6b1997b8b937b55463019dfa1d8a167a461d98573c36e9b21aebc |
C:\Program Files\ICNow\Data\System\Sound\en\move detection.wav
| MD5 | bf4070b024dcefd21206a6919e32389c |
| SHA1 | 96ce9943e267972e84fa207b790ddba693c38155 |
| SHA256 | 3170276ee2ddcb96b5aa517aa99352b9ca79dea3d0debcfa5991fb11351a1c09 |
| SHA512 | 4e9ac02d659ded28155bbb198e4243e9fb16a7ad49480baf64e6282e9f01953b609ff2b2dc2ee66ad895a4882b7b9fe40bfc2825cfd8faa666f64af3ce59d81b |
C:\Program Files\ICNow\Data\System\Sound\en\parking detection.wav
| MD5 | d7bb673af407a6dce5466a1265695d41 |
| SHA1 | 3dd330273b43a9e921ebaacaa9f258da8f9e7194 |
| SHA256 | 72c33e194c70033f662ffd7ccbbd58712413c531b9522c374d215e0fb5344ce7 |
| SHA512 | 985c6deaa524c08cfdc33ec2b2a01771bfefc212017ff53dad4cc1839b7336dab223bc8f6e45ffb6f4cd208210000938ae2c6c4e02252be8289cf12cedc3cc41 |
C:\Program Files\ICNow\Data\System\Sound\en\wander detection.wav
| MD5 | 3dafaceeb714fbe4785c1ea30123b52d |
| SHA1 | 3101e398e452c0744d2531c2b5c0b2c15e0d478d |
| SHA256 | c6acb62522103b66ae392a389c809158c4bd2671f67d6572b19beeff5a3cbc57 |
| SHA512 | f2d55c5dd0e596dfdae5b6fa544be9a3b26316981925b52db1ec7e3275aa12809828874268e400e2d084298ea1f13a328edbb909ee4ff79f0a3ed7519a4cf40c |
C:\Program Files\ICNow\Skin\DustyBlue\AttendanceReportUI\Attendance\Delete-d.png
| MD5 | dd9e33d34115db516197ffe68b187023 |
| SHA1 | 4f2f094b476c391c8981e55d7079fc969bdef772 |
| SHA256 | 6a28b37ac001e705c41daae412db170119e7b53664a5a5268cac3d872144c4a5 |
| SHA512 | af940eb50ff60112555c0d3b7e975dae6de6015a5957da182323f59be8845035706e0991c23fc42596a04daa08bb0a93e206fd80ff08c5e39e9b6717cfcb863a |
C:\Program Files\ICNow\Skin\DustyBlue\AttendanceReportUI\Attendance\Delete-h.png
| MD5 | 2c396cd3fa02824aa82ad669a2db1c78 |
| SHA1 | 619a881608bfea8f06c4316357c1b042f27ac577 |
| SHA256 | b90d574516205ce9a9e4f7e7df278edfff0d20d7569675f856366f4198fa5ea7 |
| SHA512 | 9c20fad60255e3b208d555742c26be290b16a737c1b44673a419128ff3ef062cfd6541a3a7cfd579e72def98a148736510d2346fab13e49cc9c36e7e8a0b846d |
C:\Program Files\ICNow\Skin\DustyBlue\AttendanceReportUI\Attendance\Delete-n.png
| MD5 | b1cbde74e5bb280b6fa30ba50beb5b34 |
| SHA1 | 18516d7602780737160137d57e17432b3c627978 |
| SHA256 | c5b5d264bc6ea2fed861d0d7dec069031a53af2d1fbacba5bd7b0e6434b1f0a6 |
| SHA512 | a23fef0bc87d3f6547b54d406d96d2e3bd0e3604a4dcb10282efed87f90a40f6d5adeeddee477ce8fa147dae2991bd1990668fa3b82a7d63491afc82b4f5d8dc |
C:\Program Files\ICNow\Skin\DustyBlue\AttendanceReportUI\Attendance\Delete-p.png
| MD5 | a415ee528327a55eac567b42a8122ed8 |
| SHA1 | 1a59df77d44c6fb3f78adc0bdb6e37244be197e2 |
| SHA256 | 83366e3ff594c7e205995fb7d1c945006a951d822ba7f27e66b390d0d3147ad6 |
| SHA512 | 9a0a2766dcdf3ef203503aba0e4c1f2ec59ec1e8b51088594c1adee6cd8a1fe1130d509e484e724c2caa54fdae1686ae0e351e4bece2e52622701c8aaee7ad1c |
C:\Program Files\ICNow\Skin\DustyBlue\AttendanceReportUI\Attendance\Explain-h.png
| MD5 | eaa6a49761f22d652893801603e18a25 |
| SHA1 | 62679468d9aba47fdecd2319fa74ef4146238378 |
| SHA256 | bd521d42eff14737397d577fd02a02768eaa2b4471975c7126511742a1f84113 |
| SHA512 | a5c289b790ca3ecce2dbd4dd98a5378bb629524356af873feb5ec598fe59b05b3bf0b8d91ee9d99806692aaa62c26f064958a189a685625bcb96421287909199 |
C:\Program Files\ICNow\Skin\DustyBlue\AttendanceReportUI\Attendance\Explain-n.png
| MD5 | 61fe3a70e8c38308653205d3627bf54d |
| SHA1 | 24fcb9e78b53745fdd647bbf21c41615129c4226 |
| SHA256 | c3c3c2922a10e184ca0135ec1aad1b7bdd0a2acfb6d582b048bdb459c9d46952 |
| SHA512 | 53a79b34fb2d41f90c5e165d3e63a28248e33cc846d4656d3379572019b2a04d2e2183ccb881092b4ba06437f24520dca40f65bed72855f82291adbdcd9ecfb6 |
C:\Program Files\ICNow\Skin\DustyBlue\AttendanceUI\Attendance\AttendancePeriod-d.png
| MD5 | c36b1358b43eef2e041d69b0d02d928e |
| SHA1 | a80ad31d6649170df205f0b8ea100a93afee36ea |
| SHA256 | f1b72fdb1a1abcc54440f576c010f97a9dfa0e86596d772a2ea90c4ffa5bf1a5 |
| SHA512 | f8cfbc404090e27b675e5a01d0f0a10be841515829736da87b191493bbf7200e33b9849c0d80ac15aa3e81984ac7c284b63f2359b8324f52966bb424a43bc18d |
C:\Program Files\ICNow\Skin\DustyBlue\AttendanceUI\Attendance\AttendanceShift-d.png
| MD5 | c4ee2abaaaa585ed68a689acc1362cbf |
| SHA1 | 291a342e7ea2486e64cb919a9622e4637a58cd66 |
| SHA256 | 1069baecf3526498f8d646044e335be41bed968b93efc0c46ae8775509758354 |
| SHA512 | 093d5a11a98c0f7fc4b1e6a99e796cdbc677d192794698645e136347d37b9253f3edb9c14543798543c55a529e5e8a295fe246da6ed3ed0f56691c1f0869e020 |
C:\Program Files\ICNow\Skin\DustyBlue\AttendanceUI\Attendance\Holiday-d.png
| MD5 | dd2f8b636e8cb5c13ff1e2eb044e5f3d |
| SHA1 | 609a152b460b7c1b860b67d9b7fc50f203f2f2d9 |
| SHA256 | dead12b037221c8398777394f1f19aea1bae71e1b64ddbf0d4162220faecfbab |
| SHA512 | 02ad804c5d4a79dececc4258d07d4dc065404f09a6e13af4c10e3d273863d36406a253437a57d20e467b231ba752caff83c6d41ca04993aed67b9a7524636f3c |
C:\Program Files\ICNow\Skin\DustyBlue\AttendanceUI\Attendance\PersonShiftManager-d.png
| MD5 | 840ed963decaa360cfd13c8e0c096b9a |
| SHA1 | 5f92f9f08a1b9dcd89db30debc349e06feaa97f6 |
| SHA256 | d42de0b8e1089200e99ae0d2d4cf7076e0e406d53181bc384f38a1a1a9503612 |
| SHA512 | 694afe0c68f61be35175484eb07acdbc3db7b3533eb6112da1f73d855f2179c01482776c6c08509fd20011220ef65427d9f58c254b285c4881fcdd4aa957a666 |
C:\Program Files\ICNow\Skin\DustyBlue\AttendanceUI\Attendance\PersonShiftProcess-d.png
| MD5 | 9a9264ae4135d7ef94bf2b6b50f4d6f0 |
| SHA1 | 886d347eda08a5a3e92c73138d705f41ce28b6b7 |
| SHA256 | 90a6bbe0f000467830a04fc2497d17096acba8d38aad9dd7a3c0b3e70758ed3e |
| SHA512 | 8096dd1472a378815aa025c39a86837bffc6db957e5a45127f3432074ad3724174a6fbac7b9e3c23768f93f944c1d529b8a1dc4c4f81401213a76054e5db4ce8 |
C:\Program Files\ICNow\Skin\DustyBlue\AttendanceUI\Attendance\down_h.png
| MD5 | f9e27313e0823dfec7d3fc23b0b2215d |
| SHA1 | cc25e244665e3c39ebd3f24612fc8e3e96feefd7 |
| SHA256 | da7bf4be2ffd84bc3ea56d3f0ebb11a63b232a92f7f745fd333d3feae2df59e0 |
| SHA512 | defbdf5aebe2d0b78c51a0b0233c80674249304d38d147425af8cc2e7696b3e55fb52e0f36e48e44062d16bb73386e7ff2492cac2e359534635b8db102978217 |
C:\Program Files\ICNow\Skin\DustyBlue\AttendanceUI\Attendance\tab_pending.png
| MD5 | d4057351e25347b4c0eca7c0be52940e |
| SHA1 | c7d8829f12f3014e659e5c03bae4bc424e46a7e4 |
| SHA256 | f776ccbeeb55a5f25aeeba26f35e0e86341a1b1a4a3c011ce902bf0c35f0aa01 |
| SHA512 | ebd16434b751c01e7e4f6f2182f1e2dab68e4b7cdaf9cf312bbb387cff1ad13bad4aaccdfa65bc975fe430d9e75b107414b7c07235b623f7f6540c011bf5e391 |
C:\Program Files\ICNow\Skin\DustyBlue\AttendanceUI\Attendance\up_h.png
| MD5 | ebbcc23408c9196fcad11738783a3319 |
| SHA1 | 22cc8e9f9b75113bfb0e8335c1bd9d6e8e615216 |
| SHA256 | 464fe180357bc71f9cb3bd61fc76274d7b64788e01dc39fa08be074f87e0684c |
| SHA512 | 31f063b32bebad0d24b1cf07e68c1abe84c6a54607a0779bca8f7535d6c3fb7e90e2b9e513b614b2af1ea3785f07f3287b6d22fcfea0eb0ede227728a410d92c |
C:\Program Files\ICNow\Skin\DustyBlue\AttendanceUI\Attendance\tab_current.png
| MD5 | 32a82031070eec47490a755062bcd614 |
| SHA1 | 5e8e6aeac3dd5d78ac5edf3f5266af04de1aab4a |
| SHA256 | 66016648c703330bb30aa776580cf04614fe08ef98ebe3bd8d4d99b45f53932e |
| SHA512 | 3378c3ad74bd99d8773342d22cd6a672294a7afd8fe70ce9a8bf3bc23d2abc439be7238b1a174ebe99ac2fe187f949ebe19891a083ae409517112c06a2d3768c |
C:\Program Files\ICNow\Skin\DustyBlue\PersonManagerUI\PersonManager\PersonManagerCtrl.css
| MD5 | e6d5d584f65fe93e2e5802d2142110f4 |
| SHA1 | 05048eb535e13f3e008e7acae1210535b42e29cb |
| SHA256 | ef09b6dba843b55f67e4b0d0161d49c200be188efb74f104143f0b39d58bd10e |
| SHA512 | 251f380f958dbe6c7a4e8f8d46ac1f0176fee9b81446e9ab6c3e48f291deb484ab9ba3aab92625269fac48f9337a5c1b7a4c0fec96488f29356bd89de1df1f4f |
C:\Program Files\ICNow\Skin\DustyBlue\PersonManagerUI\UserManager\CardViewDelete.png
| MD5 | 9d202372665a4a7f33e6209ea9cd6820 |
| SHA1 | 8b015b2b81f66891c290df0070be0cca1b65ab2d |
| SHA256 | 8c3660054bbfb53c0c8c1ad5302e288a0f2822d51fa85671cb65f4977b9610ca |
| SHA512 | 5307be60c132adfd1f99157deed5064b9f1fa3ce2bd8b8fd42237055b143dc572fa1e8749809bf3776fe68502166e9ef4d193d4d78519eb2f4f566146519da49 |
C:\Program Files\ICNow\Skin\DustyBlue\PersonManagerUI\UserManager\CardViewEdit.png
| MD5 | 4eafe272ae895a6ac1e52edf53c50037 |
| SHA1 | 99a5f1109bc35f21a59f4ed933b5f5b92e320fa3 |
| SHA256 | 7e78175c46e01e2b507ce8d6cea81de732bc3b6bdaa2a56d2a726f7042ffb14c |
| SHA512 | 84ffcda16d5ae5305ed88667cd080d0f7db9e8a1b277527dcb8222e421cc3eaa29f56a485c653664fdb419cfeb89a36f378b57c64fccdebd242393ad0ca78ba0 |
C:\Program Files\ICNow\Skin\DustyBlue\PersonManagerUI\UserManager\Edit-d.png
| MD5 | 5face7f99096a97d73d2b0820aa9b8dd |
| SHA1 | 01167bef5683bed14b4d4db184f3931196817717 |
| SHA256 | f366b1fffa4cca5a97806d979a1c86010483923cd9274a6d6422443e6bbf73d5 |
| SHA512 | f851b551d6df49419439d9c58e9f6a4b661e80d3bae41564d16d4520c5d0686413fc2c8bfde2333ae29f13b664b07193e79d6eb7935ddeb14b22f0d2a8e0959b |
C:\Program Files\ICNow\Skin\DustyBlue\PersonManagerUI\UserManager\Edit-h.png
| MD5 | 07a72696f7a7306954779aa68d2a0533 |
| SHA1 | 540d6ac2ed37a03eb78371eb1d062b369eb4deae |
| SHA256 | dade9b77e67d413c04ec107a14e53ac6c4a275fc12339fac3c78b9b17e112ac7 |
| SHA512 | 5cad4e314b2ce9c2bb09a83fddf516241e590ef9555871563864d52aeca87124fd34c473fa69257e95c7a7b9de39939a524e153fcd2841eabd70392af7416b96 |
C:\Program Files\ICNow\Skin\DustyBlue\PersonManagerUI\UserManager\Edit-p.png
| MD5 | 803d6028d5d84300f85cdb0bca17a515 |
| SHA1 | f94f41b86ef1648a5bc0db7ab79bedb28d27a2f3 |
| SHA256 | c6f86ce2dcc69973ae8413108f899ddad157c8410ba9b36cf8f41a5ac8960280 |
| SHA512 | 777bf7dacef5d3c7fb0163d0551e190750ab642c0508b5e809b5242507169f7687f20b3441f07d3e3114e7a98efd7e436dc0d809b744fc27ed8a2f6be2f4a1d3 |
C:\Program Files\ICNow\Skin\DustyBlue\PersonManagerUI\UserManager\default_globalpic.png
| MD5 | 0a9f604a285fccde6d3c81866118c0ff |
| SHA1 | 6873b51bc43b7f8c8a2e8afb58c44a9db4c2a1c6 |
| SHA256 | d6cbf34d8bcd6f9e768f4d3265bd865101dc81616de562671a50886537fc77c0 |
| SHA512 | ee1b7c345d45f88021acef60bce372949911e2037069a831b5a9eb32b0a6b30608362371b119867215b0ef40f156481fbb244567417df0b626be4cfea7a4ffd4 |
C:\Program Files\ICNow\Skin\DustyBlue\PersonManagerUI\UserManager\switchoff.png
| MD5 | 4de836bacf6e82c228f4297370b197e1 |
| SHA1 | b67162d97333e6a78fe69fb48cb726d2ec4fc4d7 |
| SHA256 | 49c16404c54343237eb21072884bdf1d4056f0cb1abf35abe529f459010a8d8e |
| SHA512 | 432036ab4a00ade9abf7d7e1e87498efcab7d136b8c2af6fa602a8562782126407a0b8bdd670d10c18e4c06121bd8652b0ebf07cfef0d1cd48a03d5bbcdb2275 |
C:\Program Files\ICNow\Skin\DustyBlue\PersonManagerUI\UserManager\switchon.png
| MD5 | 110ea2f4f0f0497da8c7136ef90f86da |
| SHA1 | 11fd736007d733f1d95b8e0b9a919f1d3cfa9352 |
| SHA256 | 0d3759c32ed787643e96f2e83d4e10ec9fbd36ca491aed0f8168dfc0078f5f7f |
| SHA512 | 0bf1d54ee184683af266004c0a0577999d4bf58d6791fad18a5ca99030c6587228dc033c91ebe8ce57b2ea3e52b257641c7c94e23b83657de49c6dfa3169c833 |
C:\Program Files\ICNow\Skin\DustyBlue\PersonManagerUI\UserManager\Authentication\TipIcon.png
| MD5 | e4c2e095fa21905c9612904d49a52502 |
| SHA1 | 7e0d8009c7b83a2a169d621032d23f929d350328 |
| SHA256 | 0cafc34d57b30ece24b5f4065b141735ca6eada24b2fa23ab1270cfefbfb3b8a |
| SHA512 | cc7b0c0d93cc24417f1eea49943f2fbf3bdffd9ed02d8ef4071083e50d5c35eb8275862d9e51949b9ec2f0a8a9bdf42fa5adba9d481946307cb929eaf8d1d8fa |
C:\Program Files\ICNow\Skin\White\ACSManagerUI\AdvanceFunction\switchoff.png
| MD5 | ee871f4a28b0194abcfc6c362f53377e |
| SHA1 | c2fa441d788fb424d3f9d8fbd814be9c4b05c740 |
| SHA256 | 4cb4c4ce4299d1d170767ee701d15bab422a89c99fa06ecd144d385d6ad9afc4 |
| SHA512 | 36a83975cf1d0a4f5cde8eabb15276837e083ca5b1b3ce3384b6b8c5bd6091315d0fc41346f97ad2f88e4e6e4e8e2c5d2ea80dd94aa26d941a51467ca66e6a87 |
C:\Program Files\ICNow\Skin\White\ACSManagerUI\AdvanceFunction\switchon.png
| MD5 | 9efd66b38579bee1cb49928847847889 |
| SHA1 | ce4180f167c18b249fea299c245e94b240232480 |
| SHA256 | dd9a7accea747196341354edc415e9b45b50ac0314005e3ea41b09630bfcabea |
| SHA512 | eee5eb8d847ce6e8dbf162957a32b98d3e6d4dd877644c9b87b1f5c9c3186c346924f07b0e1260d9c3265b447634dc11e332f0ec82fc3bb4a466f46ab90575eb |
C:\Program Files\ICNow\Skin\White\ACSManagerUI\TimeTemplate\edit.png
| MD5 | b8ce21a306a97f41b877be91d9d18e61 |
| SHA1 | 062912919dda81eb5e40f914999fd710ede3e9c3 |
| SHA256 | fd622816d20db66c2d9fc40ec95f8b9f5911ec07977682ca2035602956f04c7b |
| SHA512 | a27a9bf703a6fac4fb25a723b95f07e7ad840dbf3938810af213e4429fafd41ee140d494fc4ec9c41e452ddd188dcf12764b31114b24d0d8e2b0153a51e7db87 |
C:\Users\Admin\AppData\Local\Temp\nsb889A.tmp\Slides\Slide 02.jpg
| MD5 | 87b4dd5c571be4b0816434240b0030e9 |
| SHA1 | 26bd405adb37571dba6fef384c5c1b86b34d7889 |
| SHA256 | 1c19b34276dda004e722fc332d807236603cf92915a9095c2386b7a61a1a892a |
| SHA512 | 314f54b5ad6b690a83b802d99e983744bc00417fac780fc7318c7c61414d45ad2fdb190f096458a51063ff974438f815e410aa3495bbf9eaacd5bdc9cc88ec6e |
C:\Program Files\ICNow\Skin\White\AttendanceRecordUI\Attendance\AttendanceReport-d.png
| MD5 | 276dbf40ff0176c53252d2138629f4f4 |
| SHA1 | 40fdce134e0d03dbcdd3fb5924f03b22e3454898 |
| SHA256 | 17800161dea62bbe369e9ca770337c6dd43fe134acef305e06243171633b320e |
| SHA512 | 9190a84d317d6a2c0ef47131c33e27e8608cc1b99e2077a75802fc84db1adf3f50bbe2dd29e5086b373bdaeebfdb0fec4b6f828035bcc7aeff5c66f03031d6d4 |
C:\Program Files\ICNow\Skin\White\AttendanceRecordUI\Attendance\TimeTemplate-h.png
| MD5 | ca804d862cccb7f1c72d47cb8900014a |
| SHA1 | 7394fd9f7df83f66c65e8310b325d3c94d7876a7 |
| SHA256 | 6a1b0a9690147c9b2ac229136ac9defdbcf9cde9c66293d194057589c29bb6e8 |
| SHA512 | 2e8fa647bbc3317ce23c75e6eed19746f999f918734a9ed150438c7064afd24aba28c6d147341a537eab988ac60f9a2395f3b9c0d29ab01ddf8322537bd29be5 |
C:\Program Files\ICNow\Skin\White\AttendanceRecordUI\Attendance\TimeTemplate-n.png
| MD5 | 16875e41d9556b19e093bbc73b2c81cf |
| SHA1 | b5d9969c233983bc4121630fd50703df4c316ad2 |
| SHA256 | 7f68b28622cda3f3f6684aba2b481bf618c7047bbb30ced90d62045e85a97f0b |
| SHA512 | 9e778e6c30ef4b0acdeaf6ce8010bd39adef9e6a5427ed44d11cdd1d913a9abdc2c764a4d46dd9e56be340ad8d1444649588af5f905e3792dbccf863d6fbdb85 |
C:\Program Files\ICNow\Skin\White\AttendanceRecordUI\Attendance\TimeTemplate-p.png
| MD5 | c53494741fcf2d24d735a24031932c09 |
| SHA1 | 25dee425f054f92db903e11a4ff751ae61932d33 |
| SHA256 | 514b76edd3b7fbf8cc95dc6885ead6bf31b7f829167603876dae711a1ce534b8 |
| SHA512 | d9b36fbd466f4b3614853c1d9fc14234ab0620da93df6c12abee9de81740cbb5247435966d2edc76185f4c295f63d4bd7075158b4f7e61a89b3984b961cfb728 |
C:\Program Files\ICNow\Skin\White\AttendanceRecordUI\Attendance\delete-n.svg
| MD5 | f05e7bd32a7cc9b9d47c36e6c1c981dc |
| SHA1 | e97b1beb4885a11c0ace5596cba3555ff4672a5c |
| SHA256 | 2170228ac395406a13ff6f7554114bc74213cc746b086e5b0932a4aa6aabf80d |
| SHA512 | b63334d25c54ff27f85816719a0c24892864fd888affea8bc0bed92ab7f886b2760bf9cad95dc7cde4406e65cfafbc1888cb7e5f77f97177a67333a86fdc6635 |
C:\Program Files\ICNow\Skin\White\AttendanceRecordUI\Attendance\drawed.png
| MD5 | 51844f03f5cf6a619b798cda2a0b4abb |
| SHA1 | 6204425f595b08d1298990f4b1d73510748d778e |
| SHA256 | 9ca49e254e0f549ef14be16081325c9560ed852e9e92a70ed5cc6f005db09f40 |
| SHA512 | d9218e49f13782a43483e37b009ba51ed7a7995fdba0a116e80b63fce4e837823f737aab007ae74c31597f2ed9b5de7566ee1d57644971c13b14dee5e019c33a |
C:\Program Files\ICNow\Skin\White\AttendanceRecordUI\Attendance\drawing.png
| MD5 | 41f01db4e45de8f8de096c020888a636 |
| SHA1 | 447f146fa04cfc6cec62eaee0c693181107aac16 |
| SHA256 | 5cb1927c987616bc43bdcb067b0535650e852c19c382071149f7ac62456c1828 |
| SHA512 | 5ad7d5b451839452726d9ed8c524a3839c5573d6dd6242b6363fdc828593c9775cda4d6a8677fd4929b7ed0265ee66b13650d970d95cdc23e1132c2d2a0171fd |
C:\Program Files\ICNow\Skin\White\AttendanceRecordUI\Attendance\remove-d.png
| MD5 | e4e8ec7830e0fa697b9895b26551e122 |
| SHA1 | 260748155d9f03154dd9828fd62c04f4582fe4bb |
| SHA256 | 3ad791ab8f425c9d30c7ef0e872e9f337628a37000831a309e63a4a6031b0ffd |
| SHA512 | cd6e7db7a6779c4706d84c5d3494e39bcb98e3c3e9cbca8625f6bbbe12e075036003f9c505898b4679fa383f7e234b6822932a0aaed406e761f79613574a5d5a |
C:\Program Files\ICNow\Skin\White\AttendanceRecordUI\Attendance\remove-h.png
| MD5 | 10512e10964b553b12b76106ec136531 |
| SHA1 | 7fceeeb04fc2479a62263c9a5627f6a83444f352 |
| SHA256 | 927163070ed8ea0d0db53bf52d10029a4fc210234a8405224c8eaaf082f82cd0 |
| SHA512 | fcd0f3e8a11b263c4efc9268644bace152c102ace866d7b406e28603823c289a6dcfd5d945bb8bebb1656d8ec8511fe0db0e5d2a3f44ac19511eba686f8391af |
C:\Program Files\ICNow\Skin\White\AttendanceRecordUI\Attendance\remove-n.png
| MD5 | 7f972202bb6a364332947875a056294d |
| SHA1 | cbfd2b00bb2bacfd8ad808ea26f6a5552f8c4031 |
| SHA256 | ea263177cd8d635ad1f5316c6ce44f9c3d9b7233cfec00de851a9763c6491d80 |
| SHA512 | c5ec25c5ec5ea239c4d6ab5cad21cbeeaf20819aee17fbe8d01fd273f67b69037ebc5dc1709c68caa7345c95f2f9ff2b251c53750511fbeb805febf93aa5a735 |
C:\Program Files\ICNow\Skin\White\AttendanceRecordUI\Attendance\remove-p.png
| MD5 | f9547766aba25422d3ae819c239e5db5 |
| SHA1 | 8a033595055966a060bea444039ef15ff6c926e5 |
| SHA256 | f8bee1162f698ce509656702e21761d96810f77e00001295f45b00404ed9080c |
| SHA512 | c6dfa7528bf79ccd792d83edb528721480bce655262418e0deb03606e866e3ccd0c7e222e99e8c971b1514b9cff5fffc439110f9cea47aeb1ce80bc8b6a5c1ab |
C:\Program Files\ICNow\Skin\White\AttendanceReportUI\Attendance\AttEditButtonWidget.css
| MD5 | a52c0a951ec96153de6eec58d67c2704 |
| SHA1 | c738ff1d113ea096c8bdae836d2445ec099dd4ee |
| SHA256 | 2f4f967e7b474bde3bf0d486439b862941213d767c57becbda261bcc9ddf9185 |
| SHA512 | 1e33b51db9c2aa6a6d5f377f88c70132d6972e16de754491cb2a1b33b7f1f518e09f2020e77c75cda2754841a3ee0e21bfed2e60b3d56abb21d2e9963580f779 |
C:\Program Files\ICNow\Skin\White\AttendanceReportUI\Attendance\AttOpenPictureBtnWidget.css
| MD5 | e980e34268c15ce095c72488d4eaf3d1 |
| SHA1 | 654b5eb31997d86792120235319814b0b8b2e8d3 |
| SHA256 | 8c9648c222bd60463004026b6ab77c92795c9a88eaf6fa4ec500e1bb8b7d64d0 |
| SHA512 | cd4a29a97dbf21b7295c373dc18fff7c846e146d30d0df0fb12ee5decd54ba110f4a301c3aa6b33c7db41d1ded81415e9172561849a2b0e67ae84b805dae7d4b |
C:\Program Files\ICNow\Skin\White\AttendanceReportUI\Attendance\Attendance.png
| MD5 | 72cba80196ae3a93b14019c39d677679 |
| SHA1 | ecb5810a3e61097a84ae21e1e18dcfa52646f3cd |
| SHA256 | f39746a3957599e7ec646b2316ad2eac64135f146bce562f2aee40cb9063596c |
| SHA512 | fd7b18446deaa742993b218ccfa638091968c052e47ea15dfab5c9d53c1354f5f3f11e31d65f8ed29a8b3fac41e108f82430776f8bcfe0bfc0faead194054992 |
C:\Program Files\ICNow\Skin\White\AttendanceReportUI\Attendance\AttendanceCalculate-d.png
| MD5 | 41fcc4e694228479cea9eece05a8d974 |
| SHA1 | 0d666bcca53daa2196d9c87e1c15a3b1622e0d7f |
| SHA256 | 1f73f2dab55291893522d2fa34cdc9b5d431d30cb7b17734e77ef457138cd9a9 |
| SHA512 | a1b3121b6af97a8999488d8e2100b81442081a185508aa63d11bddf92837d98b7e33b4a1e60d9f52d9c2fd61736470e2570e5903742deb70e9acbfef4c687957 |
C:\Program Files\ICNow\Skin\White\AttendanceReportUI\Attendance\AttendanceConfig-d.png
| MD5 | a51801b586c38ed39e7f14f48e3a1019 |
| SHA1 | c8436188efc3971481feacf2ad49e685edbfb8b2 |
| SHA256 | 6491ab11162f954d3151e2e0ab6ac2d16b25431469ea495c9119c70b45f1327c |
| SHA512 | 1b6e7796ae3a6359d66c1d014fb7f7a542f85324de73a88583ee21c6ba5b4b7b1e03ba598aff7506f4835c51fca393c1b95ddf20db098a5e7df1bfc4f4eaa3a2 |
C:\Program Files\ICNow\Skin\White\AttendanceReportUI\Attendance\AttendanceLeaveExceptionDeal.css
| MD5 | ce74a3a7329669f505ebf62bd8ec0ce4 |
| SHA1 | fdc410ae140b536e8aab15ca5c51bab136c7b95f |
| SHA256 | 09143e5785044e49e426fb7b614590a93d64a99ff1ed1b623d3244b8996be48f |
| SHA512 | 4a90790f615c8130fcdd4c14fdb2024ab3129fd4081355a8b202dd4e40ea946392b383ade39a17ad1c12b9b783df3bfd87403a828e64b924f8e1fc940681c986 |
C:\Program Files\ICNow\Skin\White\AttendanceReportUI\Attendance\AttendanceQuery-p.png
| MD5 | 0d8dbc537e4b52332b7b654ffb90f946 |
| SHA1 | 4175ab822eca758b84649a09be31251abac4fe8e |
| SHA256 | 2dbaf6bbdeb586b42cf7def92734a315b47dadd615e91ae065c7fba9bbb16fdb |
| SHA512 | c383ec425e05f2e8083f4e13fbcaae976e94010a99a408a37e15a9fb0275084a611ae9206254dcea8e6efffbd96db0516b49d41a53e303903de1bfe440247153 |
C:\Program Files\ICNow\Skin\White\AttendanceReportUI\Attendance\ClassBackground.png
| MD5 | afca6aeff711a6a8402295e4e7dede9a |
| SHA1 | 59b664210cdd1a6745686d9b4c7f2f9d9fde80b4 |
| SHA256 | c3bb7b9aa6ca56e3159ca1e1faf2b99005988a0cf55f0b9311a091465a798cfc |
| SHA512 | e26161e2a534cd51ba8ce0956c5fc6f4b1a5a547759780059bf532c4b0c9443b16f40fc3966a21e9f75a44f90058a67ffcc76f294541a9f744887e6f15a55c14 |
C:\Program Files\ICNow\Skin\White\AttendanceReportUI\Attendance\HolidayBackground.png
| MD5 | f6fcaea6cdf54490a0cfb1e1b6e6ce7d |
| SHA1 | d321d9da2117a04df9f03a0442ac521c7886e56d |
| SHA256 | 40cd416f450e782c476a2ec5853231c6b47aa429c1658ffef1d1a3a3fb9c8211 |
| SHA512 | 78d34ffb7b7ce9ae9eeb6c480dc35be3299259a901d34f179f7e6dc928d3f1d71e48de5d80c418aaa8c2a405da8a8b606ae3256df640e83f5f1aec133f059a44 |
C:\Program Files\ICNow\Skin\White\AttendanceReportUI\Attendance\CLoadWait.qss
| MD5 | 9c704d112184c0bb16c4314f7d69b630 |
| SHA1 | f91d343866fbafbf53a0b19768965278f11f6a78 |
| SHA256 | ddcd24f6d23bf7eae68b05ee3d4d8e0e47710d8180e4754ed88e5c1aaf576b58 |
| SHA512 | 29f6ca17ad276d7df7827970d625506cf2b351044fcded33ac3764f4aba3a2aeec26961f34189bc46358b705ca866863c041af4be238448047ebc7c508ee5544 |
C:\Program Files\ICNow\Skin\White\AttendanceReportUI\Attendance\CClassSelectComboBox.qss
| MD5 | c42acc288589c09cd386fe3cd4c1b9e6 |
| SHA1 | 097b39f19423309fa1fd98ec5a641e1ca141a3e8 |
| SHA256 | 8e106c2ce56bd5bc32c7fe39e548584308976e5c52f37ea0a985b77b9955a42b |
| SHA512 | 848b08ca760dac719e3f67de1a31d74f4b5d1c8e6e04e322a8b7c2999cb4de9aec4d473e2a4012930f3e7e3bbe9c8618fc19fc573a1d24b93a3b4bf7a30f7285 |
C:\Program Files\ICNow\Skin\White\AttendanceReportUI\Attendance\AttendanceQuery-n.png
| MD5 | 51b3993f3dcba4656981820379862dfc |
| SHA1 | 2f04959e4fa1726783902fdf9a36d9b6120fa640 |
| SHA256 | 61e9d0f7bf7dad77141e95be5d3c32727a3896a9c40ff0c75186e056b2ee9ea1 |
| SHA512 | 37d7f5c51da2df4df1c95e26e57a5e243342f24a4a2f8d15adbebdf8d4bfb69347b96f669f096596a601fd90ea0acbdca8c22b0062f1e56234b9b5a1ee879c82 |
C:\Program Files\ICNow\Skin\White\AttendanceReportUI\Attendance\AttendanceSet-p.png
| MD5 | d59e1b78170a4d8baee340f69109135a |
| SHA1 | 052c4f8cd3684b60c4b937ca16a040ff67505699 |
| SHA256 | b7326305c15fc030e1048a35e230f43605f3f11df5a652e2cb798f55ae544a91 |
| SHA512 | b1becbde68331ce5a680b85414ba242ad3c86d7ba46057c7bfc38a3ee603c03d1b58ad69e135cb3b37c95d6df9f8eb40c0143d26bb63a0d8831c07ab1643e7ae |
C:\Program Files\ICNow\Skin\White\AttendanceReportUI\Attendance\AttendanceSet-n.png
| MD5 | ed6c67347d8f9452c23332ee577fdb62 |
| SHA1 | 05ee881cfad1d0c2aac443ab05d9a9a2197f1ce1 |
| SHA256 | 6b860b4e4171c9864f821d2e26dea94f6df3b82a54d467bbeda967595e344188 |
| SHA512 | 4838206fc6cce1ad26069bfebad75809a7a20f95cc000cff5d5ee326b66db150a0e991dc8070bdc08973cc9bb7599d23cf669102f8548848e591242277b46699 |
C:\Program Files\ICNow\Skin\White\AttendanceReportUI\Attendance\AttendanceSet-h.png
| MD5 | 3adac880676d2305a36a5cd278f39d34 |
| SHA1 | afb30016b5f33b19d7ba4919fd3f2826671b5847 |
| SHA256 | 5f26c4e672aaf09e4e9b1ee546b3930f4ae65f2e765c29216aba01f0f87a6eb2 |
| SHA512 | 7535fe2b180e67cc30d17c3cd089108b0de91e9b40a78252a6cd8f1d9460a3b996063f898c7f41054b08fe904489df75e653bc183a0a84f411ed8dfd7bb0596f |
C:\Program Files\ICNow\Skin\White\AttendanceReportUI\Attendance\AttendanceQuery-h.png
| MD5 | 2ac4076c841238afd14d3e86a8503584 |
| SHA1 | 7483752caf216d9da35bbcfa33630ab8da87cb21 |
| SHA256 | bf5c8f8083072919fbd4898eedf397488332752ccddba7fdda0527cc5e80d9c6 |
| SHA512 | 9386a2490b7285613b96ae3ed8e1e52065ae4b4bf06e5f41e8384a85bc8b004cd1cd1a71ee0078b53be5f34e1fb75840a4aebeab7e6fa62baa584704fa94dc62 |
C:\Program Files\ICNow\Skin\White\AttendanceReportUI\Attendance\PTZ-Edite.png
| MD5 | a12081d54cd703f9b4043bfc371dd7d6 |
| SHA1 | b3852e7b1e0e75ebd2139ed64279e6e75dc3169e |
| SHA256 | 431ab58a37bba7d2dc9eff561ddeb5a865d54c7e97635a8f99a05b1004c9cc95 |
| SHA512 | 5bc14512cc9a91c408a06211ef395cbb72e358cddbf7ccd156005b7b6665e2c03ac9de4c0c99f566441a4ce3af0b3ee7de2c731ee8fc1bd5e606bd22c53937c3 |
C:\Program Files\ICNow\Skin\White\AttendanceReportUI\Attendance\Page-lastone.png
| MD5 | 8d3db2006f7b0121591f090251b4666f |
| SHA1 | 68c08514aba06e05ec7fcf6c37d0dca2a3765bee |
| SHA256 | 9a774b53125411c39c6c7b9d4770598db6437625a349017c46a2e123252f13e3 |
| SHA512 | 496e312861097e75a485d74fbc0a84f2ae4ccbe02b21f48192a10dd842fcd5aeae77c26c18f4f69a5b00001959d6e6a738919464b93a93f171185d9504465ea2 |
C:\Program Files\ICNow\Skin\White\AttendanceReportUI\Attendance\Page-nextone.png
| MD5 | 32c07bf36ca9a4578e1611ea80393c69 |
| SHA1 | 3f29faee93076ce0fd1449cd0ee95028aac6612d |
| SHA256 | 0bcd2f8712d9b5ec57ad1357972c5cd5f5d895ea1443db6e4cd5725a13ca9009 |
| SHA512 | 52ed7452b93d64d4289b84f70464138f839ca1562e09fc7ae507ebf6c048b2f754a878d3f328f5256c7a0d0333c61347bbd05886f0b87360fa3b08fa7a7c6830 |
C:\Program Files\ICNow\Skin\White\AttendanceReportUI\Attendance\PeopleSchedule-h.png
| MD5 | 6d087d87971f841eefd87bc164b4ae81 |
| SHA1 | f084ace9ef2d6dcfe05339d74fdf4f7f5d4db63e |
| SHA256 | be5cf7bb6b15749fd0643225e2ad55e07dfc25dcc39f07d9da7411dd0489c640 |
| SHA512 | 3d95bf93347579f0e759f2052f2290e8329ad1d23096d5fd4e7688d7e0f708b11a9540bc648e9aee8daed8832bdf346c1a487d3a7cb6cdf9e8e1e2df735eefbf |
C:\Program Files\ICNow\Skin\White\AttendanceReportUI\Attendance\PeopleSchedule-n.png
| MD5 | 90e5a9a16b84d9553d42ebe8d255a267 |
| SHA1 | f26449142624601cd47b3355dba4b1678cda394c |
| SHA256 | 5811df3ba08c408dd676f50128e01b0fd49ef54bfd75330b1eec406144c590f5 |
| SHA512 | 509983e143afabb14faf277bdda204baef3955ad62281a1caab72d89c34e46de18cc7786f3cfc70f4859e141a2decbcc1c4bb50b2a07f9638e8c7dc70184ea7d |
C:\Program Files\ICNow\Skin\White\AttendanceReportUI\Attendance\PeopleSchedule-p.png
| MD5 | b6b2c47b7170c8f7086b034d50108fa5 |
| SHA1 | f6a5f1273172fb75e7af4c12e020492ffb20ea4b |
| SHA256 | 7db4821b71096e166af48e3b7f396ee96e004d33dd7c98c12a45f94d06b1dbac |
| SHA512 | 4d97fbdc72a18e462baf97c5dfd09ffc535fee140deb63cb57eddc19f89dea4a69cbeda201bd48b185b9795b9cf6b58e225dbc8e91f9c8d33e1a055968e5078c |
C:\Program Files\ICNow\Skin\White\AttendanceReportUI\Attendance\PeriodBackground.png
| MD5 | 048ca450dd0374c605afb80e4ca07880 |
| SHA1 | 3b89c8d54cb7d4b60d4a161fe1e9b9e3aa0b13c7 |
| SHA256 | 285b42788eab3e3cac6a7414bc682bf38d26535e05cd0a9174da254e4e48fbd6 |
| SHA512 | 1b1e1e227477bd8a39d72b298da0d2f6bae9530cf2da7941015776c9b3d1675af91793b17e424963c08c964d41eb1b8bd2b08fa6414af6766797b439b65cec80 |
C:\Program Files\ICNow\Skin\White\AttendanceReportUI\Attendance\PersonShiftManagerh.png
| MD5 | 2d32428a176712e87a143b93006f4942 |
| SHA1 | 32abd711026320643e362d7d358caed789aba0e5 |
| SHA256 | 20db6d6ca23667b40f859a67ee95db65e23379967d86a5175744d02e5fd85af3 |
| SHA512 | c53c867044e90fd75c2b4d3ec99fb7ab77549efc7f1d8e03a79a2ee88cdffbd874c086d691bc00d5c37cfd918295cb13009781f917dbff2175e45a4b4c2c2024 |
C:\Program Files\ICNow\Skin\White\AttendanceReportUI\Attendance\PersonShiftManagern.png
| MD5 | 48470d26207fefb8e6e362218ea6c7b0 |
| SHA1 | 37b20cfc4429d7d137ce256f134ff7248658ede1 |
| SHA256 | 38ddf97a0c206e3c2b98296d80c6cc2a70db7d10a698e115c6b40c51bd4ecead |
| SHA512 | 748b41ab89d58ab7a657d3c836ab82538469ab81164aa633eb7a582af584dd109acb890fcf2e3d437b94c79f4e558310dae911974e8515101e57998b7450d0d2 |
C:\Program Files\ICNow\Skin\White\AttendanceReportUI\Attendance\PersonShiftManagerp.png
| MD5 | 2450e2436cbd388d4d2fd082e7a66efd |
| SHA1 | 8d716e97fd727d17a6cb9019275bf5034aedb1fe |
| SHA256 | 20f8f9c74aa35f0c6d8e9f407d9a78cd4dd71954552eff9f9d126a2e972498a5 |
| SHA512 | d84649d93745f83fbc6c0dae8cebd18533f43565e209ad22d568c56083c391edafb787dbd320172327a50296ac9b45f87fda91d934c7738c15dea53474b3c180 |
C:\Program Files\ICNow\Skin\White\AttendanceReportUI\Attendance\RealTimeAttendance-h.png
| MD5 | d4cfdfba65cf58afcf703e82de6a00dc |
| SHA1 | 9cdc25e89b2fb0d4554d08c637d9162d72819728 |
| SHA256 | 21d60e1880c02c808d0c05e5deb6320b5294d7d4333c80207340651180498151 |
| SHA512 | 2fc7d95d06841c16754f5c53be10648cab9abe4f5fe8f6bedee43397027f09bad8aa878a26e5e8aee1cedd99d7579ee0497ec1a41cb6c40c8829e1db9edb9c28 |
C:\Program Files\ICNow\Skin\White\AttendanceReportUI\Attendance\RealTimeAttendance-n.png
| MD5 | f916711a2917b03588557be2104d0194 |
| SHA1 | f3a9a09098c50559cf4fe04b0740f9d7a2d93fcd |
| SHA256 | 14b60f8202e49c2fcffb10b6436112179e32bb2b28d083c4fcf2d3af9a18b4a4 |
| SHA512 | c9f1b5cd172ac15f3ec4e14eeec18d726196369dbf49f5f8174419677e4c5db56dac8e8d27ea55e701830112994eb7880b19b2540d477e29c6a3317f1de2239c |
C:\Program Files\ICNow\Skin\White\AttendanceReportUI\Attendance\RealTimeAttendance-p.png
| MD5 | 848535270f904af834d28cec278d6b85 |
| SHA1 | f84d4544a44fd893e3dbab2786ba3c0d2a3391fb |
| SHA256 | 5925ea90c0a7e5bd80649b3c4d367d0007b4ffceb9c714a7cdad790c3a491265 |
| SHA512 | 08a50ac583a1cd12d80449d7b6fff1f56d073eb984813fc33ad8329f632565bbf006bfac64e9c1be2e397b170f9d6607b718c85fb65ed94f5345f321324b5b5d |
C:\Program Files\ICNow\Skin\White\AttendanceReportUI\Attendance\ScheduleDlg.css
| MD5 | dfcf3a0a18f194e7fdf74c2492c5ea11 |
| SHA1 | 083a7f7fea48234f267d5c9668b13d99b3e436e5 |
| SHA256 | c498fddb628babbb70adabe96527abf3e0f1cd6c974f042b6dc1338c0a89ddaf |
| SHA512 | 084df7638185160165654524d1d4809ec99e18d6d9de6c916619c13c1a12828a7fbe76c2f9c137b8993ce11794d8f91ad8826c7206dc80a49abc6f9f820ecb8a |
C:\Program Files\ICNow\Skin\White\AttendanceReportUI\Attendance\ShiftScheduling-h.png
| MD5 | e881e81fdd5c4ef621f24d64346c3534 |
| SHA1 | 6c70dc8b8063975f7ef7b92a19c1d91035d2f890 |
| SHA256 | da1b4699209095e5361d6f0b666d315e16f0f4692d9ee977c0e33a70788ba403 |
| SHA512 | ba3e23da486a0853f9f8ab1cf85bd8af6a939b635548e644a508b65ea6213e8d9c46c2d9d4542e39928cb7aa039f7f5dde7c56fd25dfe4f0ccb778044db3fa87 |
C:\Program Files\ICNow\Skin\White\AttendanceReportUI\Attendance\ShiftScheduling-n.png
| MD5 | a8e1d47e65ec1e3feee36417619645ad |
| SHA1 | ba51e8f0a1767f40fc7813d291a2dae21f9649d3 |
| SHA256 | 49c627c21507fcb51c52bf39606eec05a96b63fe51eae1661dd81a637324bc5c |
| SHA512 | a682d50a5fe05558dc51fcfd82767d551a2a6fc7e4cdc748cb0c642a50717849da135c809ad6c589f37576cde1730f79567ec4a25f0457b4ca23b11019678296 |
C:\Program Files\ICNow\Skin\White\AttendanceReportUI\Attendance\ShiftScheduling-p.png
| MD5 | bdb33dad5685f039292e575b024d6354 |
| SHA1 | 98140d8df1d50def207b4ed40a1978117340c237 |
| SHA256 | ac7df93dfe332091aee62ef230fc67acd0d6882780518d1334ffbf60fb0740e9 |
| SHA512 | d2462f3bae1436b22ac395eab0f837d924848a752f30d08983f29892c857d2c919471e6ef852e93ca199ca7237890eb7f758162a4f3bcc39415f5434e9840b63 |
C:\Program Files\ICNow\Skin\White\AttendanceReportUI\Attendance\Tip.png
| MD5 | 88d4dc15091fbad770bc4e42b5cf06ee |
| SHA1 | cf52dd06dbc3acad60abb8a9b247f505313c9bc6 |
| SHA256 | 8091e7a269e59871c23b54988d2d35c9223eb1d3a3e995a55a12a2e6c71a41de |
| SHA512 | bc5d038eb3995707c200913b5dff52067b5df0989ff0befa3fc3f74b2b2ad31b0d6433898ccf75e21e84971b575826e53cda78d11445236d819cd151360f3105 |
C:\Program Files\ICNow\Skin\White\AttendanceReportUI\Attendance\UserMangerDate-h.png
| MD5 | 4b9af455f1bd9b61c4c16c6d4348bf8e |
| SHA1 | 285a1b713598b754bb12f6a554e9b9b2cb731a40 |
| SHA256 | c76439e147918eb8cdd0cb7fe02ea0ad247d5e56325597a28c78549f744ee807 |
| SHA512 | 1e6e10d922581deb863ca5f53814e8ca40b190a0af31baaab813c1edd3b2197145c693c73b4ec24612ae851c9bd971ace32dff794d17b28e89b36c21c075fef2 |
C:\Program Files\ICNow\Skin\White\AttendanceReportUI\Attendance\UserMangerDate-n.png
| MD5 | eaccd45848ca948305b24aa13be6f31d |
| SHA1 | 1c6399412a288788f6638887d707d2d8bb7cdd4a |
| SHA256 | 574ae222bd22ff73b7532c7e5b08436425dc13cf94dda147d12cc286b5c20689 |
| SHA512 | 50e279ab1addcaf5aa897d402a8b65371f107340b0071774db718f60778b0f6b9dae4d0a767e94c8510c625918eb17ac9afbbfb022744bf59b7b3d2cb8e316fc |
C:\Program Files\ICNow\Skin\White\AttendanceReportUI\Attendance\UserMangerDate-p.png
| MD5 | e9e7479de61d6b345d8f0b2dbea895ac |
| SHA1 | f9d3bc4771b4893fddac9f025b3b0ceca6cd9450 |
| SHA256 | c3ba25586d47dd9786fc35bf6ed57ada16cd7dde3caa71ab71eaabfb5838557e |
| SHA512 | 531799be444173171546b76460991c69c5cfef5b241c53f987e5ce7b359c65e57133e3850a13b3dc33488547cc07a444e39999764d6d903ffc76874feda81397 |
C:\Program Files\ICNow\Skin\White\AttendanceReportUI\Attendance\btn_shiduan_normal.png
| MD5 | 03e2d127fceea035f02bb1f409b98bd6 |
| SHA1 | db513f6f1477ab958c8ba2ca654f59cbfeadcd4f |
| SHA256 | c16561d4e468477d8082a9209500b50d75a454c3836f10c0d1478ff9035a5849 |
| SHA512 | ab66ed89e2de502d2de692c832a91317ff6777c59798e14df45013ba57919920959dae7660bcaba384d938fa94a15da613a114ab23b0350358beb735bb9f8345 |
C:\Program Files\ICNow\Skin\White\AttendanceReportUI\Attendance\color.svg
| MD5 | ab21b7698a0bf13816e96547d7777c57 |
| SHA1 | f3934023dedd9e03058d2848c75bbc130c12320b |
| SHA256 | b4562d48992707d80733a93eca59e6675f361b516964d62d449014a4503eae8e |
| SHA512 | d0e81c0af1d76fd9b6b653fe840362a76ef6f7dd6e0f80c08f69779fede82b2fec357c352c1d3e9cdc280366e88e2ee8f0f76a0e03f5bd3e516a082b991417c5 |
C:\Program Files\ICNow\Skin\White\AttendanceReportUI\Attendance\export.svg
| MD5 | 71f3b1aec2a3be0fab5d36337322dd88 |
| SHA1 | ce213aedff3c512eba699b08c216099eed0d31e0 |
| SHA256 | 389abcfba5f5f26e2346f13ef40f8a452a4334deaba3aa328eafff1245cc7bb4 |
| SHA512 | 8384a307382dc286c02590773b26b052324a9b6357e4876275d6fea667f57cb9ec59cea839f55b91bfef44bc1dcfa82c02afbf96f2d481c1783fd96650af11e1 |
C:\Program Files\ICNow\Skin\White\AttendanceReportUI\Attendance\move.png
| MD5 | 9c0bf9b1455e6b473b076d5e2b0853d8 |
| SHA1 | b151655f751326f8ad9a73f6ff6d3e22336acf51 |
| SHA256 | 1d658dc4062969375736b11feea0fbbbcb105fb7f771cd8a136cbb146cfeae22 |
| SHA512 | 0e6d6a6473b908dd51a9efc2c47f963507ec188eb5c280d750d7182b2ce5345a04f8050cdf4818c522e01bb0af10b980b615259c72ce3de88de808ed6aa81426 |
C:\Program Files\ICNow\Skin\White\AttendanceReportUI\Attendance\preservation_d.png
| MD5 | 3073ea6f4cbb4b715e9d0b538a259ac1 |
| SHA1 | feb5b5297d95b843b621fae1625896c17cde4a48 |
| SHA256 | bc227f8446c2303bb0a5c0b5eedc885e5b3697ffbbe7eb05d79d91d6f032b40e |
| SHA512 | aba4016bbbd72e2a29b6207f9df68a1092376156bc95c4d2cc9f13862b665e9bb0b90e9990a744d51262e0ded76e7dca61f386ef094efb8a04bf88bead0d9e1c |
C:\Program Files\ICNow\Skin\White\AttendanceReportUI\Attendance\time.png
| MD5 | 8b45b6a4852f4df83297fd141d410e42 |
| SHA1 | 3c6e2a8c4d8add9bc72e2162d5f4fae4d0fa4462 |
| SHA256 | 63c5b68b9f739db51968acb3b27cb9d6b3783cfd5ede1dba0c15e6a46f806c9a |
| SHA512 | 527e28c27253e6c55bb0e931e24f94efa9301ec510e27a31f7e0ecf63503f16f7ed51093902e53a9197b9102b78fc44b8f6819160f5f6ea7b84bbf37251520e7 |
C:\Program Files\ICNow\Skin\White\AttendanceReportUI\Attendance\xml\ColorDictionary.xml
| MD5 | 2bc8a16d2bf31f5eb7bacd637f4a8b8f |
| SHA1 | ecbfeb8b9d4921f750b6eea39095dda4666ebd77 |
| SHA256 | 03ae077d02fe4f836f4e69822a863f812267114fb6fdd63aea85e8c94aa6b637 |
| SHA512 | c0ba85a9c4073d82f5fca333a323130b6242b724e1aafa56b367e799946df676041f2c447cfd70de978175fc413e06d613a2397b7f14fdd54446035b0cb23a32 |
C:\Program Files\ICNow\Skin\White\AttendanceReportUI\Attendance\undraw.png
| MD5 | 388a29da7b7b78c231bd12031ff6b129 |
| SHA1 | 3119e2f3c81a86f0cfbed348dd4f6fe435898ab1 |
| SHA256 | 58690f8b12faac0d5185fa9053b46d1f14a3be6051331c7c95e451a3517a9fa5 |
| SHA512 | f10baf3f5eec234b1f2aabd1bbe06d517812be39f0c120d8c525ccb7455d736de1c8252e30025260ec336f0fa30fa709d498a89697f5e4157417b6f9840d87b5 |
C:\Program Files\ICNow\Skin\White\AttendanceReportUI\UserManager\ATTMassSendCardDlg.css
| MD5 | a0efc538e2feb5cbb09cd3aa03138445 |
| SHA1 | 26cbf2e0dcaf6994a55c27398c49959149340d97 |
| SHA256 | 72943d7d152464c2e5270336bc8314521c7503f3b3baadfd3ac583563b924e86 |
| SHA512 | af912c440124e0cce534a1bc21a4cecec8ce4915abce79228b1cc45252128c54617b0d7a218a9c611f4a1e8e97079dfe3847d57fec4b2c8fe00d648484e23102 |
C:\Program Files\ICNow\Skin\White\AttendanceUI\Attendance\addnew-d.png
| MD5 | c1714c3f479c9bf6cdb8d7e663b52f13 |
| SHA1 | d6fe46481a7827ef2bc17608b78f9e33b0f4da57 |
| SHA256 | 87bc4f94ce468c348e351a4ab9817c00e6d4fff0dc3de9556041d0ca645ea194 |
| SHA512 | da706c6dcb941babb8672ccdbb2f477f2c522b1edb01dcf38fd7458762eb814709e23c9915fccce434825a365bc072c43f0511f85434a2071584441fcc882389 |
C:\Program Files\ICNow\Skin\White\AttendanceUI\Attendance\addnew-h.png
| MD5 | 8da6c589736dc81333e72137949a9c60 |
| SHA1 | 2b6f0545099321ac63b6d751c7b25dfca2b3a5d2 |
| SHA256 | defada29af2eb815d6dad13351449a1c3d0e9b546497d54dbfd652a866cdb287 |
| SHA512 | 386db337e933350fedba3e6925745b0b5debaccbec63b3ec038d36b41ac69ef56a115dd3ff064e1ae065a12d5f77828e1aa2f786dffef15432ce700bd1b8babb |
C:\Program Files\ICNow\Skin\White\AttendanceUI\Attendance\addnew-n.png
| MD5 | 1a388973d5e6dc16827657e296a6f9c2 |
| SHA1 | ecc3166c7fafe8a7fefc641b565fd7dd1ccb90d4 |
| SHA256 | c95338526e6ecf53639552fde59448add0f8eb63eb3ef4ea0f10155461fb9779 |
| SHA512 | e0fa1c0432672c458ca279beb4e9bdfad23086e79df6ae9100a31f8e38d3a47d094e4eaf4ee25965bf3cf6ccfe2923b263fecfb0c490490e69bf95bafc28fa13 |
C:\Program Files\ICNow\Skin\White\AttendanceUI\Attendance\addnew-p.png
| MD5 | 235b052e5061796be9713b46a6201f67 |
| SHA1 | 93f6b11ac12b7198f29f7ddbc478dd7680cfdd55 |
| SHA256 | 948500e6495711cc1464e1422d26cb965cefba81543819dfe526636e5db3e4de |
| SHA512 | e1829a11534324948980ce07a052d65031871e7fbd730c0010290d892fd6ba2b382321c1d2fd0d9d7fc8a4c7c6750dfb2d9144103945ee6254755acf8cd9aa4c |
C:\Program Files\ICNow\Skin\White\AttendanceUI\Attendance\down_h.png
| MD5 | 168a6321f261e60a606ad1a7b857d893 |
| SHA1 | 629fc6380a3874f8a484545842d35711831b796e |
| SHA256 | 2921b7780f4f3557dc16e60322e11f8c15cb8242cff0378290fe4305a3aa6d8e |
| SHA512 | 4ac7b9a6c57b89879fb4a03febf63342c59bcc0bd85cd9f04c5369d7618c31b142444fca36e543116807f06377c5667af6f8a7e6bd8c49ad1b4a6981ecf1b4d9 |
C:\Program Files\ICNow\Skin\White\AttendanceUI\Attendance\up_h.png
| MD5 | 32432a4caca3135af48c461f8c79d174 |
| SHA1 | ff020ebd318a879f4aa3a5f44de9d14101de8022 |
| SHA256 | ab8ad93851de18f087242037a0af54455ee6b288845e91af2da2cd466d560334 |
| SHA512 | 41e5a587163f5ddff5e249495b936692e164fd1ce8f088633d4b1e2a4b1050ab266c62f268ecd96003267136d53d69cc064918899db4ad0d191327a9f149f47f |
C:\Program Files\ICNow\Skin\White\ConditionMonitorUI\AttendanceMonitor\Edit-d.png
| MD5 | df739e1df99dde953e91f013c3f3958d |
| SHA1 | 364e2898e823d88c920b15a78041db2d3380e996 |
| SHA256 | c881c1680e7a911c59a52cdd8a14f258e7b9acc2a76f80133619f224c886bbe5 |
| SHA512 | e65070379d04f3ff6072650ea76514f873dadd54710f07f7f2230eaf079de808724056e656ab37f258c39ccb026574e2b24ab5adc526804be917edacbe0af80d |
C:\Program Files\ICNow\Skin\White\ConditionMonitorUI\AttendanceMonitor\Edit-h.png
| MD5 | 4aea9500762a6465ab8272414484712b |
| SHA1 | 65a1795d6885aca8c7c9427680affb751156239b |
| SHA256 | 35dda2b820aab7bf9955340f46007592f4ae15b1543a4876b611f03ecf3d3c87 |
| SHA512 | 36afab1df4fdc3d64dde7a53a3947260e81c9ac2d0162eb8fe031abf8c52860284c326df9de2c5c87499e5a70f461ef669446201acc1f6fd089e7f259da61763 |
C:\Program Files\ICNow\Skin\White\ConditionMonitorUI\AttendanceMonitor\Edit-n.png
| MD5 | c98ab2cf6ef49107f77d286203e02a99 |
| SHA1 | cb23cc957c8e83e5612e28deaf3fdebb6c89f8fb |
| SHA256 | e61aa83618a13b75ebcc4b0ba32697c769ce995c43cba590c0de05e37fc6c087 |
| SHA512 | ec4951912858fe127c3bb0c8efffef7f269b8e09bdd67af7615b214c752c909d33e49ca02644d709ee2548b76bd60af21bfa2983c0bba614a7ef6bc4069637a2 |
C:\Program Files\ICNow\Skin\White\ConditionMonitorUI\AttendanceMonitor\Edit-p.png
| MD5 | f4bf61ab678ba5ea02f7a7f5cec3c4c0 |
| SHA1 | 0d1f62605b04124a74dcf52749a78bb067789c31 |
| SHA256 | 46d9587ebf41c26b362075b3ff032827d2c12021ed687efe21ae825a78990de6 |
| SHA512 | fee298cdf0260a3852481ef4848f732351d462817a24510a69c97db8e6dccb660d115007a78baed7dd826ea09a7f461bcc0287940c15c8ad3112364f329cc8a8 |
C:\Program Files\ICNow\Skin\White\PersonManagerUI\UserManager\CardViewDelete.png
| MD5 | f39091032f4b1ce7bd15a5e56fd51914 |
| SHA1 | c7fe01f7106a758918783869d1cfd03c2bed79f4 |
| SHA256 | ce6bafc8ec66126bcaf3d72ec6928f7196607423ed0d135cc773dc6fe6b1fef3 |
| SHA512 | f105662ab8b01e947043b71644a687642273acda37545bd56a4ee5db6bb12303b19c7514d7e5bf331e4b3b413c7c18395b952e238e6e9cfce4abb504ad705167 |
C:\Program Files\ICNow\Skin\White\PersonManagerUI\UserManager\Export-p.png
| MD5 | ab580c40ebd29474b29d2e6db80bb670 |
| SHA1 | 66a7b2dc3654443115a31703bdfc2ba2206c2cb7 |
| SHA256 | 4ce09ee89cee20455dd0e8eef7be5806143ae37aeabeffb0651d62783bd71cef |
| SHA512 | 1a9b547c4a939159e0d9b2a8c61b3e0628d1012ff59681ae6dc1bace35791059b6510d1d7bcd74c264ad11015ec6107f943e9d366b63a5faa051b7d5a84801f5 |
C:\Program Files\ICNow\Skin\White\PersonManagerUI\UserManager\Export-n.png
| MD5 | b0b4e3320228cbd2b96ad80242626405 |
| SHA1 | a3fcf56ea16f4cab8e1fbb5f5f4f7031a038bfbd |
| SHA256 | 99159c8c023e5a546cc8693b71c1d7d1d899d5931e2fe8a4913f05684c41347c |
| SHA512 | 1b69944b07555930ccd83f89d00e377821304a68565db2f389ff7e354323bd19f387f4f02ff4775c821d4b3afd84e8f82e4ec2bc6eb176d409c28856ea90843d |
C:\Program Files\ICNow\Skin\White\PersonManagerUI\UserManager\Export-h.png
| MD5 | b5c9693f0cf8734f2866b2a909215b34 |
| SHA1 | c34077620641dcbb9044098ff6ba4c76beaef387 |
| SHA256 | b8b7e45d045d977afd0385b048cd43ba2c69ed85c96eb8d1a0ca51b453b986f6 |
| SHA512 | e290bfdb77fa30e8f1fd3bf4738c8d77cf20e08902fa1932df33c283e76039d15eb9f84ab954f17a5de3cc9dc21f72df3eb9aed7f933227bf14e3a12d4093463 |
C:\Program Files\ICNow\Skin\White\PersonManagerUI\UserManager\Export-d.png
| MD5 | 5edf5e061d3c113e8a8046f79e89b180 |
| SHA1 | 7ceca43ca4f2fda452669b77d7d43f6e4b8a5f3a |
| SHA256 | 49d83fe822c13a05c21e80c45ed72f7fcc26fc3977d0f3c05b08d915424e5ed4 |
| SHA512 | e6f7f6565dd5f2f40da66ff4d5dbb800d256b87aeabbcad18e1794f4e5d3816ce27a88aa10cdcdbe5e1212716e895b4125885caa327dda1cf9ec022ac6ba7eda |
C:\Program Files\ICNow\Skin\White\PersonManagerUI\UserManager\Authentication\loading.gif
| MD5 | d76a489eb4b136986658e7d6457bb2b3 |
| SHA1 | 8c7d9474f0cb5b93419b83d89db51d2f4e356505 |
| SHA256 | 8ed984bc5d1e007d29e98c28e09d9c77c7212fea08df27792ada033bd5dbcdce |
| SHA512 | 8061260effddf63985cb56e71efbaf491956ab27ceb914e3385b2b17dfe95dc91e706b9c10203edfa7b823696d2b9a56458a12702315607d163f31c30ed83b26 |
C:\Program Files\ICNow\Skin\White\PersonManagerUI\UserManager\Authentication\config-p.png
| MD5 | 67cd348c495bce24a128b1465d7e7602 |
| SHA1 | 545cb8a62774fbd9939305dc3bdbb830f29d4342 |
| SHA256 | d477f442f12b6212c587035385bae5cfe7ec3bc7fe0d76da94a3390bbc28247a |
| SHA512 | 7ff1db13d5b6275c2c129a48c7e05ddab347327703f846966d387621689003f41c28a896b1ec82974ec6354598ebeb270f713f2649bbc88b882aac3c9c1f31ac |
C:\Program Files\ICNow\Skin\White\PersonManagerUI\UserManager\Authentication\config-n.png
| MD5 | b97e2b22700336de416d55dc88a07182 |
| SHA1 | e98b52d7171f6e80df18825392520139191df77c |
| SHA256 | 907ad67e89e1b8290d1697e20cb37499d31fb1af2b74b2772c5c0a23eab1819f |
| SHA512 | a815bbf1c9b6eaa18b48574f31e059c0f6902195a526c303588a61ffda2071b1ad6fe6cddda88490e6ea0fbb4ef195a212e9c6538f5e039adbffb4eb7ba6da1c |
C:\Program Files\ICNow\Skin\White\PersonManagerUI\UserManager\Authentication\config-h.png
| MD5 | 9908f715c88a4863af2082ab7bf04675 |
| SHA1 | b1e99400374d66abacf86581436ae4e090a850f1 |
| SHA256 | 635d836a26a39cbe537ee772de3fc6ae3380dc0b91694c60c1a66e24d729e01f |
| SHA512 | 5e43a3ee63bf7925afdd8d2a731bfd1d38021aa245e46b892ef2de61ae34549780bd2538a4eb685d643ac858443974736d1d2b3694adb149c8bbfd53a1bb3841 |
C:\Program Files\ICNow\Skin\White\PersonManagerUI\UserManager\Authentication\config-d.png
| MD5 | 09ccb69c2684bd609820718648802241 |
| SHA1 | 4a92df679fe7d08c2a25ca62be5dd41dc3a63465 |
| SHA256 | 4fd69e280dba949f613d4744902163ca05d8d7e41b218ac00e4dce5f3b65d126 |
| SHA512 | dfe1f19039180065b08b2cd299f6ab86a120e17cda6a96905917b68f4a8c90509222165152dfbaf3cb5115933443cae4b873e380c1cfac33f48a101d3d0dd51c |
C:\Program Files\ICNow\Skin\White\PlayBackUI\menu\menu-fisheyebtn.png
| MD5 | ff767cb3f577892a8dec294c14e2edf5 |
| SHA1 | d5b3180487560c852b02d14aec7535fd3a8d2ca2 |
| SHA256 | 939911232d008cf87b67f1d903e962052720fd4d167b981388f8d69268801994 |
| SHA512 | 6949e5fe599e4ff5069f9936f7525320cf5d651e1565a1e065a5f8ed720ab05bc6e915a69121caa506413478786032c1c86bf2a42bce5e05711faa2a74ae03fb |
C:\Program Files\ICNow\Skin\White\QuickWizardUI\Employee-EmployeeInformation.png
| MD5 | 726a908e78be3d4464223cfc33380d16 |
| SHA1 | b6b1f2c8b631c62862d1f94707c748e1f9b97293 |
| SHA256 | 74fde5dde69870b4aaa69083f773736efe3215bd7e257683f4127c5da80158d9 |
| SHA512 | a5d10dfe0c3be6bd0d99839bd26b364d316daceb59cc51471dc1606b68a3fe252fbfa3033d7f299102360022d70f385633c52e4df36a56cafdc99d070aa3416d |
C:\Program Files\ICNow\Skin\White\RealMonitorUI\tab_current.png
| MD5 | 1adbf611b2ca10f915fbbd4ed8ad013d |
| SHA1 | 4d0f72f383ff41ec55e0557232c0b068c9c8d9f0 |
| SHA256 | 1492afad4f51d8583bd892cbf72594fa0b2060bcb8de8ae7e301546e3439c78a |
| SHA512 | c99a8c53c64e5914018be3c9c1fe2952611f33081ced2991af9cdaed4776ba2ec02a708e9548ac5ae2204c45a44663ced681ea4543031673bcdd8be6392a93df |
C:\Program Files\ICNow\Skin\White\RealMonitorUI\tab_pending.png
| MD5 | 6a8246c5d33484c2c15382488eeadb9e |
| SHA1 | 289bf09257113937cbe1a891443276d074a0339c |
| SHA256 | cb6d3448bdc8a178ecf3d96d7a871056f9315d30fe41f12c85895ee501ec42cd |
| SHA512 | ec3b5511bb3c6cc6dc07d940c4033ab085acae4d35a422224c06e7d60f52d5c24b01988231eb41621bdff4d61a458a1bdb192a8d17027d20c53578f88c9dc77d |
C:\Program Files\ICNow\Skin\White\SystemCommon\RealPlayCtrl\ptz\ptz_slider_btn.png
| MD5 | 85aef638e3ee3d6746a0a8bc7541ee7a |
| SHA1 | e965082fc0e0617e26cb3fab5a2e83469c86b96e |
| SHA256 | 0721e09c1b7a439cbe78919e87f8eeb8cbf228bad9601426fdf6c94aa67fa7c1 |
| SHA512 | 7d06f6c31fd17356055750d9eabec984f031ec43c5920f94910319f531cf52e61b78284f8ed7914e3bb74e9954d498dcba72ec90eedff59119c6d392e3925756 |
C:\Users\Admin\AppData\Local\Temp\nsb889A.tmp\Slides\Slide 01.jpg
| MD5 | d0bd4a1d1f56ef5d92f86a105b968aad |
| SHA1 | 1718bd27ed4f6386fb964095d74fb730389b605b |
| SHA256 | db217f4b681ff77ba96c5f40db4c72d289b8772bf0fef9de5df4347202e8ce7a |
| SHA512 | 2c2a50418a64f5e8348300d30b0aaa9635199c50db6409391226e82595ff5ae8b717967ef7efda9209ebffd28764481eda5dda9491461d8b4b85bc47d7258e1e |
C:\Program Files\ICNow\Skin\theme1\ACS\DetailShow.png
| MD5 | bdd02465ca4e0bd9f5110f7af13651eb |
| SHA1 | 14a18df9e9444ee28d42845931976d726fb5dd83 |
| SHA256 | e174c4a6d6713830ec07cff46425fb93ede265aa07b4f88f0d99e2e33ed60b7f |
| SHA512 | b6a4ddaf53c9ce0bd226ef2cbaa41a148bebd820b98f118966512be2281d2d749415d87cb9ee47966ab146941a3f1e81902ce71f646af35c67a816fd80874bea |
C:\Program Files\ICNow\Skin\theme1\ACS\DetailHide.png
| MD5 | cccff9fb1df5f8827dd1d1c305aa5548 |
| SHA1 | 0bf1c374426c47189dea59deb1bd02db9fbad022 |
| SHA256 | c71b0351d7ca6f589a4434d3d0b2464fe91914863fccba2352bad0f5244d85d1 |
| SHA512 | a66d6079a5b6a516853ccfa74a413bf2198205a2e7f186e50061e6e3b890889d88ccab9d6aafc4f081a5517821ebfec80d7cf0867cb8bfec9203ab9fe47c5892 |
C:\Program Files\ICNow\Skin\theme1\ACS\color_green.png
| MD5 | 519a91ee75e09d7e648fcf3b26505b03 |
| SHA1 | b37a01d4cc9a37aced64489f07ec8413c66bf1b1 |
| SHA256 | 559aadc3da780e7d373e1ced3662fd0a3e7f6d95442550950484e97692b37bb5 |
| SHA512 | 682be9882066e307200fd16e7049989fd7a1c8df6f19c5477b25ffeb8fbe077e99742a01b75cfab16502ca6f09d3526cedfc38c4ea4dded2dade783b4161aef7 |
C:\Program Files\ICNow\Skin\theme1\ACS\photo_peopleset.png
| MD5 | 7b56155ab4ba1b1397af3d7031ef92e7 |
| SHA1 | 7fb00898a58b7f8337ac6810e25a71efbe488215 |
| SHA256 | 295ec073ac2d22a24cef02edfb80c373b48575db47840b9d85d741cc87b44b2d |
| SHA512 | 9c9ae95d242aecba37ea4e756c38b6dec75ce6b31313dd965cfe0501892a054115ff5591621240e78ba3f8dd844f9ab28310969decb3395f5373578600c29cd5 |
C:\Program Files\ICNow\Skin\theme1\AlarmCtrl\event_done.png
| MD5 | 16caace2b51147dd0d458b2ab55f994a |
| SHA1 | 25067f26a15238685c57ddaf01837bc97534d140 |
| SHA256 | 387d5c84d366bad8f5f3084c70eda38051c9f4e25457230d42a659b136ef4061 |
| SHA512 | fb820eb727c65c871204d274a3d9f9a0d49c019f2eeb1f5bb6e36dbc64f82bc066a3927a3221aa91a51da64e598355f280f55578f9dc6b06c447345005b07d12 |
C:\Program Files\ICNow\Skin\theme1\DevCfg\DownButtonHover.png
| MD5 | 64ea6ddbe6c4b85335ef2322c7202c74 |
| SHA1 | 57c19820da9a84deabb3c68a1d7b6a890ffa6aea |
| SHA256 | a5d8608de3ae57b3903086ba2c5c46c2b5ca12b6edaa3de6f548729123cf0e27 |
| SHA512 | fb82b27e0d5a9f560567f1b8a4a0c7f30020201e2b90693a11d3a687681905e85e9008c7e80d281f8aeddeecd26ae27e0538a5e0dff807dca41b000eb344770b |
C:\Program Files\ICNow\Skin\theme1\PC-NVR\disk_slider.png
| MD5 | 77292b56a44404af399a00035f3548b1 |
| SHA1 | a194e1412de079d7513e7a720f5b097ea23804a9 |
| SHA256 | be3b0a733916a354d575e8a41c00ad213625b9e0ae8e85e76b97bd5d1e62f7e8 |
| SHA512 | 94b189e887258132785a9eadf07ce3df13ea91403c0a72058a904f4c2892d922b6c0a0f39d48693a1f722ca2fad1adac1dc6d756acfb516408ebcfa639bf38d2 |
C:\Program Files\ICNow\Skin\theme1\UserMgr\normal_n.png
| MD5 | 1f9592ab46a1ce3818be10afbce0723f |
| SHA1 | eb87cfa66c8f25034ec5c6416a2ebc76aab7b61b |
| SHA256 | bdedd79f7952f42cac4e93501e163813478954c225a9ff1a3042fc27eadc9ffa |
| SHA512 | cf8c8d01236bbaf293a47acc816eb9d7934bfb60d9a7b19269d24af0f10e3cb00dbe049ab44ac1739da215a81d294b5dce623e04b7a499c8bea45a844eae05c2 |
C:\Program Files\ICNow\Skin\theme1\UserMgr\normal_h.png
| MD5 | 4c3b724afce320353db1ae39fed6a870 |
| SHA1 | 547c0ee69fcd0f3f4004069f46fe7bc3674e2b33 |
| SHA256 | 3f6f6e2be74fbaab629f2c972de93a4a0895b1ed8de5f6d01dffef4e555e6284 |
| SHA512 | 34dfb1f7fb17f943f99b4b3716c04140e64f13fc8f0849a10cb0502350932f0ff58458546e51dbb5d613ed4d10d973f0d514986dfcb060f92d68dc52a1263b79 |
C:\Program Files\ICNow\Skin\theme1\UserMgr\advanced_n.png
| MD5 | eef2275ca91716c8ef73c3032ce45dac |
| SHA1 | 65973b6d5c4f21c298d9eb6659a6a72a3b5e5138 |
| SHA256 | fe878d3b8a65a497091f7158c396d6311acaeb202a6274cf0331ddd9403062ca |
| SHA512 | 165c671c028c16957a377e5ff8635d1342b7c1e7d06174e5d570665572b451a5ab4e24c4a0ce822bf60f617b0036a3e49c53ef934d6f8a63147869a624adc585 |
C:\Program Files\ICNow\Skin\theme1\UserMgr\advanced_h.png
| MD5 | f7a1030a128e7b415b1d7069ec8909b8 |
| SHA1 | 7add358157339e89723dae477f37dc112bc37546 |
| SHA256 | fb2d8b32bb42ec8caccfe130feb3bdee491bf74e153ea3bfae40d84695fc3b65 |
| SHA512 | 4829ca9d1675ab87dc87f31daae7a155c99546872f2e1ccf7b10453ed08892d0f79d4e737829f7a7308563e146577dc540c9b965f174e7acc73f2d903d388ad6 |
C:\Program Files\ICNow\Skin\theme1\TV-Matrix\screenicon.png
| MD5 | be1f41e115d1a05bd55e1449d0161022 |
| SHA1 | f4ee7a331bee7bd8f9060fab0f28646b194d7b36 |
| SHA256 | f83425f8405ad0c8523e9bbfaefa9ddb7bb9dd3713fd0043e6e889bd00a3becd |
| SHA512 | 56e2a0a04c318d3366a5c62da3e1e178ac348e4693230374d0612561e084c212d44b46de0380e8cdf78da28fd8907066a31a1f66b080795ec7d0f9925ef9a442 |
C:\Program Files\ICNow\Skin\theme1\common\ptz.png
| MD5 | b994d7cea6659bb4759a35fe99143884 |
| SHA1 | 554defe92eb070e097b1305094b2b7181969ac3d |
| SHA256 | 52a4fb7d10b5ab0da9a601962c4b4878a635dd5c8044fa7fa8a680b31cb8f5a7 |
| SHA512 | 657be819fe81ffdf33299ccc1efec9a81e2f0369a0b8451c8c951927251a4d2fed8b8fe88ee331be62afcf08175dc3ae760b92b9e1f533f838ce07e0aab947b9 |
C:\Program Files\ICNow\Skin\theme1\devmanage\ADD.png
| MD5 | 4c7e9c74f356329b9362cd3aa02300af |
| SHA1 | 21d22a729b0f0742575612c1e77b5027efae3089 |
| SHA256 | 48045f67367fb9bcce2c3fd4641434a1645ba349bcdc6e3640ed7495eebc80cb |
| SHA512 | a92e8d2c8f52defb7601f3abd784a8d78b43f07b76d2989e0774f0d38e0446dd954ffd8b4f18ba0f24f8e8e2e6b3ed88a613fc2197ff6e735b6c08d4d1b2e554 |
C:\Program Files\ICNow\Skin\theme1\devmanage\MentionIconOK.png
| MD5 | 7698a4e121f7b6100df1f4e0bc87d8f9 |
| SHA1 | 18b7168b03ad185dc139517c73d9fb2e7ac3ed78 |
| SHA256 | 40065cf8d653ff53789de932072225fc5d24116bc2dfab35b25c5bc6bcc42599 |
| SHA512 | 2b426a40c315231fd7ce11ab38b0c85474579032d0815c7acd46586e6b263b47706ebcc99ca11dd9dd9edd97fa2b920583afd30a139f7f9bad71381789e37d63 |
C:\Program Files\ICNow\Skin\theme1\playback\Alarm.png
| MD5 | e0d8815421606bf2bd01c47dae52b6ac |
| SHA1 | fb55b157f6fedcb1d953904b2fae424bb10c1c59 |
| SHA256 | c377e17c62c52816afde01f7d02b9ab51b51341d489eaf4ca152e9701983b53f |
| SHA512 | b242cd139a286cbf5245e0347e3a52061072f82d9930913a741e2a87982d1d30d7df946970143431ca7884d118bb29e856149cbc5696b4afce5dddb496181090 |
C:\Program Files\ICNow\Skin\theme1\playback\Intelligent.png
| MD5 | b0be080a49737b14f694895c1cdf569a |
| SHA1 | 40b4076a815e1a2b1041dfa319db3567d5c09196 |
| SHA256 | 1757ea0219c163c4926941af331749b03be0fa79809027604d6f252e1e90aef9 |
| SHA512 | 8cd9707571c8c6d6e0cfe5d284105aa48083bc1a7221138cb01aa18d71448782495f32a150f3f92144f0bf9f864880976ece88b2c807b331be88b22342ac8ad1 |
C:\Program Files\ICNow\Skin\theme1\playback\MotionDetect.png
| MD5 | 403c72f2a9a70ea8c3a245fd0eb7392b |
| SHA1 | 408a508cf71d1c04d272324c67dd0f9f1199e498 |
| SHA256 | c671f31047fde398b207a142d4906d43a0fa6e80f8e177968f850c372bab8b24 |
| SHA512 | 2a6ad902f59744f18da6344aa66e9006f31cf9ea441a643124bf5b51d33d0abc3cb3c02fc9c96637b866e8a8e6d283cdf4dab65f5309906b7abd0d88579d8aa9 |
C:\Program Files\ICNow\Skin\theme1\playback\Normal.png
| MD5 | ca5848c277b600cb052b9912fdd4ac38 |
| SHA1 | 1434e2e89edcc0da375d8b0d013209d6c1a93890 |
| SHA256 | 7748e9eecc775395d638f36aef63b8c1dbce242d487868e34156f71d679a5a9d |
| SHA512 | 09bd8886f7ae6a5ce82c06879008eaeeb482f5db4dd9ff91fffe374ab4dca09b1cecf1bf84c47a042517ade5bad735dae9c777327493a11486823ec13b6e65b8 |
C:\Program Files\ICNow\Skin\theme1\real\Group.png
| MD5 | 2b7fdfb1a4448b59db5be210125969db |
| SHA1 | b0db345fe5dbdb8ef2fc67d1100ae0fd7965a94d |
| SHA256 | 7eda137a7c49a3d15454c3a3fe6f67ca7edb3b94aad1653153404c25e1a3e62b |
| SHA512 | 7e490f6198b94f8082b168aff39e2282c4ed027f4e45554e6d77b1fae84a32615f879906c2e308a6934619722ae9e5b5dd7c0b879bf726b9c37a07d9f3f352c4 |
C:\Program Files\ICNow\Skin\theme1\real\IPCOnline.png
| MD5 | d8def218b0d411abb525884fc8a682c1 |
| SHA1 | 2d5b9ee1d67d8eb7621fa8551ce2e91f59f2427a |
| SHA256 | 6d57775978bf833d9af001dbb717f5d4faa8ea8e17e5b762eed3d9aa6661f2ae |
| SHA512 | ce15c974209f71fba6ee881038c4455eab1be3aeb89eb86d162f29085cc4a689edc05ecf7a33d70c37c6ecc672f04560abf562217eeb007f523e4c6cf660c5ef |
C:\Program Files\ICNow\Skin\theme1\real\NewGroup.png
| MD5 | 78f6c9de5b82988fb3568ca28accfd06 |
| SHA1 | f2d7f601d5b30f644510bb87da72df619208bd48 |
| SHA256 | c1b96121356bc2be18be6302794ef6a008a94282a187912c4c81d031b298ea22 |
| SHA512 | b2d143863392ba51c708b319ad332e1d8f7157b85b6976f0ed24f73ac3a4ca6a6f4847144249091cf794942f5e9578d84cef6efa2eadc7dfe430a4741b746c66 |
C:\Program Files\ICNow\Skin\theme1\real\btn_bar.png
| MD5 | c654df6dcadf0d52160343c571467ee1 |
| SHA1 | aa4a2d187731bfd64d8b220749cd8e1296a07fdc |
| SHA256 | 2bcb6df2a78351d1cee1fc2c3dd439979e7546ad33dfff0d007960e21da9775a |
| SHA512 | 5ec0813a55c574ea38075fb8eebad12a663199a0c127cc6658f7321a52dc4022f7cff91ba6e515e9fdc76a742529c9bfe94f9cc9ca7939b324161bec535cd366 |
C:\Program Files\ICNow\Skin\theme1\real\HumanTrait\HumanAttributes\cotta_white.png
| MD5 | f1819d3586bc3ff8609974a6ea645289 |
| SHA1 | 1d269bdebc574bd4b136cf11205cbbdfdad5099d |
| SHA256 | 6e56b607a0d64d9b7d7b9d2d20586b95243e8f529b2bd342159e871c17065f7e |
| SHA512 | 0be21a89412ca563d7b3fed68279d7f94af743cefbc989b13fd7efdfb269a8574dbe7b94bf361a5f50b4210336b940732161d2e36fa916b8fb0204b0b1a0d7fe |
C:\Program Files\ICNow\Skin\theme1\real\fishlink\free3.png
| MD5 | fc973e1ede569d154ef85671a971a205 |
| SHA1 | 735a91b9406f7f9d9083c7f96ed0cfe91a96c240 |
| SHA256 | 31939405efcd06ebdbdbd85ccc063239d6f136cc28d29e859d4e1638a9194da5 |
| SHA512 | f2a59ebda6c1319e190a9fa709525a7773451192abff1f94fa1bde0440dd7e854b69096bf597b7b01689abf5b7c2e163d58cfe88ef1c96bdbf8d44e633e57a32 |
C:\Program Files\ICNow\Skin\theme1\real\fishlink\free2.png
| MD5 | b77107322237df6acb06d9abf1dcdc51 |
| SHA1 | d3ab7664d105491d41d0d6d96c70c6690eea2cdc |
| SHA256 | eb2943c1b006cdc78e1bd553fea643a3d552b031f50a2a18454e3270e50e3d74 |
| SHA512 | 505e7ffebe233f096d20734103f64d184d9e2470b98ec8fb52c1a53c5d1faba2cc9808c0767229c29ce8ac3780889769400f6d34f2dcebf5c08f4ddd3fb97add |
C:\Program Files\ICNow\Skin\theme1\real\fishlink\free1.png
| MD5 | 02ec453127911f1aae083277fcd486e6 |
| SHA1 | e79164252d242fa66ad5fd7db892f4bd5db99b3d |
| SHA256 | 75b0ec729303015bbb61c40a6d367c4e157e7a6500e386eaeef2ef0e12945198 |
| SHA512 | 80fa24d1e15c481fcc6c76f1b02e11d9ea11cdfd9e1d31b9d6d24c2f84910c8cdef6ad08f9fe0714288600baaa3d7b95218f44ca2a892f821fb0713a37987507 |
C:\Program Files\ICNow\Skin\theme1\real\fishlink\active3.png
| MD5 | 4dd8c836322b02e76927f75c8a93e6d2 |
| SHA1 | c906b4c14f0376df9853395ce44ab324ca070b0d |
| SHA256 | c8fdcff4f13cbecb36180c6acddab77db798203a32d312c6c297e5b06b6dd17f |
| SHA512 | 48ed7f4c48cbbf02ffad8660ede7947cb85fa2e3d56a4777859df76ade12174b28948467a8f2c50f5a01993ba1c32987a017e8ef8a48b322dd1bde969bdda4eb |
C:\Program Files\ICNow\Skin\theme1\real\fishlink\active2.png
| MD5 | 26a37d6e35466c95f790f31aec767254 |
| SHA1 | 049402ce7cd60fc656e03827085d5a0a4f80681c |
| SHA256 | ecbede4fc2bc65c2115c05b68db86ae613e6b093510734c17168f375325acde7 |
| SHA512 | d676c235590dd023b0a484bc6be0f837541f70e71d59a98f5124f08a356f5569ce16f33ae47c5cbb73daddecc9cb88225d02a9a172c806bccecc72d3d770fb26 |
C:\Program Files\ICNow\Skin\theme1\real\fishlink\active1.png
| MD5 | 9a1cff8e91b148543b1bbbe94d6c000a |
| SHA1 | 34a0d7239f506e969f60985d317a02805c0a4ef5 |
| SHA256 | c05dbca72861ab7055615114e5658e6d5e63b4aa047de72093579e7f9a92942b |
| SHA512 | 20a17c0a738884f4b313b1909db19715c5580d560dd4dcac9f2df3a0286d28df7da7c829302013ef1a8c8aa4ea34272b1a6999134ae9dd4f5ccbd3cda2f02c23 |
C:\Program Files\ICNow\Skin\theme1\real\HumanTrait\photo.png
| MD5 | da64bdac134225c41451b21de87797cd |
| SHA1 | 0828026ebf2ed303d8f8b26fd7e4e09dcf4e892d |
| SHA256 | 9d71b06346714077264b8a98a4afb825492de8350e158e4f1a12804dfebf1c74 |
| SHA512 | 5b1bacb0dbf2eaca6ea804cde0a4a0c6ce3c5419f72adcce70afde5444fe2654d230611214e9c8e7608154f14c9409ad2f513ce79c6fd8b0fbfa9f0ed1bba34f |
C:\Program Files\ICNow\Skin\theme1\real\HumanTrait\ToolbarRefresh.png
| MD5 | 2cc54a9b8b873b56916c2cb8d8ea9ddc |
| SHA1 | 91216e116a68c0045168f6c16618493713cbeff8 |
| SHA256 | 2b1f50b1bdcca172e28ae47bef49b501ea36d241948286cee80dd695a7d64a8c |
| SHA512 | 0d64dfc322f8aad0479b800c44fd44fae9751b389f7752fe645f068fb9170e5aef26818ee0efd1c6be499c279d26d2c54af210357d3a11d185bb62dc675bb51e |
C:\Program Files\ICNow\Skin\theme1\real\window\talk.png
| MD5 | b190f878d4a92f71214ba9f3ba048eb8 |
| SHA1 | a57b0d8975ddefc62ad086764cefa15a8867a9aa |
| SHA256 | df472050ef18d9b90fad9ac1148be28e4a101068d61a1e802291d11220c2382f |
| SHA512 | 77d00c14e31dc250e5fcf9efc7c2c26f2927f09c68d09889d07eb7e467b3756ff94e7e323b8928200288d3fe005ba6fb55350ee35e70b9813bef4227e413b634 |
C:\Program Files\ICNow\ICNow.exe
| MD5 | 5dd9c664a1c3632dc55d230115135c79 |
| SHA1 | 43c34a830f885553683b73bb4e21d7840eb728b5 |
| SHA256 | 51e2cc887a6c7b7a04ecc03b3941ab122e081437c1d1325cd76790242bc20c82 |
| SHA512 | 7aa5f6f16c57272eb12296fa7b42e98538ec2ae95b2b2f53e3773e1477a884b6b9a1be913001b7997ed6d5f1537ed3e575e223df60081f1422643f4a7861f654 |
C:\Users\Admin\AppData\Local\Temp\nsb889A.tmp\btn_mini.bmp
| MD5 | 3e5aeaaa05cf7831eea655ba6d7a38eb |
| SHA1 | bbba5f8b1a32b7c0c96dbf816d9af117035ff5bb |
| SHA256 | 0d8a606c8e60366239c6f479bbabe5894576aadc99a0e54c89e3bc65e6cac7ab |
| SHA512 | c9161bfde111c6b260ff5d4d610d6eb6032cb433f6833fcd21ad484049507e9381f971bc224ae3305c032f8f92fee63d15f288ea58681f067958eecd78b49744 |
C:\Users\Admin\AppData\Local\Temp\nsb889A.tmp\btn_clos.bmp
| MD5 | f73ea8ce5feac6eb243093ffb1e31ee7 |
| SHA1 | aaafdc4e6508bc207c0ea28f17f51b8a1e39a1b5 |
| SHA256 | 7a88ae7d1b432603910ccfeac7e459657fabe0e209fd62e5d9b41f9c3f1ba504 |
| SHA512 | f621a9c7eccc48844357fa0a65f14e6103a0709e996bdc556188eaee782f9a317bc5b574b905bbfa00eb3773ed9131f9b96af2009398b162bc5ff9bae7aeabfb |
C:\Program Files\ICNow\GrantF.bat
| MD5 | 5ca92a2a0ed3ffc6ebcd368ca2f409ec |
| SHA1 | fb7444c3b8cb2378d2483b9e7fd48ad860d7b845 |
| SHA256 | f10599eaec2e1461629ced8e95063570bab38a152fcdcbc923a5fe308e00f9cf |
| SHA512 | f73ad1fbf3d553bec111a9f88f58553a261e6e1e2b8f4dfbea14fb36b8c713fc651626ebc8eb3acbceb38f20992df51725496e49126f4bf2d12c07dccbd86872 |
C:\Program Files\ICNow\Qt5Core.dll
| MD5 | 432887d366b0a567ff06ee5fb5634665 |
| SHA1 | e9bbbb8a3f26bf3ee810e61d18fcc670ef0056c1 |
| SHA256 | 4c8d20549452b358e67bb6bb0c9e623cc8c4297a9f07934a0319ec8955afcd09 |
| SHA512 | 8443b1c194bc9eab0fef31b700e2eb377d73bf91c9590a297efa22cc357a77330dcccb6b2a7ef233f68aff8b721f58d500926918de6d35629ab9d63a4bbb8ffa |
C:\Program Files\ICNow\Qt5Widgets.dll
| MD5 | 08197918e1d580b8c54437c22713b6eb |
| SHA1 | 4b601782bd045a67cfa642cc8d52483e5de2c9ec |
| SHA256 | 02abfc10ce40d8edf27f5286e2f7ad3c4362d9e6e7efe8aa84b909ac969463f9 |
| SHA512 | 0d47b1ab5dba57648745275d91fc01ba4c90b4bff52ddd5ebefd379a538b4b2632e86e798393dff101e14cd6992ee5364b548b4574d6e9db8a447ec42611a643 |
memory/1432-10655-0x00007FF9F7DA0000-0x00007FF9F82FA000-memory.dmp
memory/1432-10657-0x00007FF9F6740000-0x00007FF9F68F1000-memory.dmp
memory/1432-10656-0x00007FFA086D0000-0x00007FFA08811000-memory.dmp
C:\Program Files\ICNow\UICommonModule.dll
| MD5 | 33d312a94aabbd3e618ae078226f0c0e |
| SHA1 | 024419fd76b4e7c381db962a6bae893876646fbe |
| SHA256 | 31a4c64f3c5b8bca2deefd1357c69700c166d2392be7b93220d2b26e4d00bf3b |
| SHA512 | 63fd243e1e0479cde0f80cd408f34660ba9032e672d24d04acebf4f0949cd5f13c1928ce71e7d2ace59271f5cdbba07c754fa0c359689bd428a27486efe5c674 |
C:\Program Files\ICNow\SPSSModel.dll
| MD5 | 86e1e69cf3e3491220c6927aa7443491 |
| SHA1 | db7c56dd6ec2bcbc2d359fc2e21390aac748c58e |
| SHA256 | 8d75fc7aad2ac7c77773c535bd7f614484e38a8ac935f6cdbee83aabdf022cb1 |
| SHA512 | 8e2358ec241e505fb36b95861637eb3e0e0e02ccb2f9e606c1c347dbd77c0759d5eb67d6af8dc53eaa7b59ae259f196e26f03a5812a41354b9b3ad6334d3ae28 |
memory/1432-10693-0x0000024CE5200000-0x0000024CE5643000-memory.dmp
memory/1432-10694-0x0000024CE5650000-0x0000024CE6391000-memory.dmp
C:\Users\Public\ICNow\Conf\User\SystemConfig.ini
| MD5 | 9dce3658c76596e929ee32b4866813ad |
| SHA1 | 0e077b9f0e974b0dc2d99f04c2719770ffb1d1f3 |
| SHA256 | 770585dd13b578e637c0af92f63512ece3935c01d0790184e107ec1044a6d35a |
| SHA512 | f856dc4a1cb76887941dbd1075900acda81f1db562be1856d48125c6a2f2d3b1e36e0529f83f068cd11e05663856e4443ce355d73d850b44cd9870f94b460b0e |
C:\Program Files\ICNow\SPSSSecurity.dll
| MD5 | 2d4dc8160161629e61335e9609360b51 |
| SHA1 | 0fd53bd3ab9c96db8aebf74eacb06d75d7274720 |
| SHA256 | 15245ecbc43cd4201912c0602f9125340d8224412a0983464d1996e25f588f04 |
| SHA512 | 613693e6cf792cf022fc7d4920cecc3fddc3606416cef79889bcb151f245cdc4264dee5129aa41b869c3140e08fe6c1daad6468a2e118ee523c51ff177c6cdcd |
C:\Program Files\ICNow\SPSSLogic.dll
| MD5 | ef141d7feaa77a965ab76c3b1a922706 |
| SHA1 | 3264393bfb9f45f4c06f16402b7b9265d0148938 |
| SHA256 | b97d9d99d385a063194fc9396fb662fbb40de055e1b1c3f677596c41b400b068 |
| SHA512 | db9eb775c445eade85ca39e441d4fc45dae8be97c061344e612bb3f16ec390871d884fb4bdad0509364eab7dc5847cde07f0c04d0b7013a8c041a301bd52d515 |
C:\Program Files\ICNow\Common.dll
| MD5 | 654b893d72ac09c1c747f6fc92adfe01 |
| SHA1 | 6175fea04e010e60fa9b3a490abcd603909f389b |
| SHA256 | 1aad0fb52e558c71f001cfd1bcde1debc44355e5bf75f43604a0a9cf657cc750 |
| SHA512 | 79196df3bb33bab4e17c095b26a6c2de054d5fa0d8bf32a174868f85f16b780516f651a84673e0251a094a6c7d5d7aadc04ecaf667feb2cd48703a67ac4d43ad |
C:\Program Files\ICNow\SPSSComponent.dll
| MD5 | 6d9d2e0f04f1836cf6dde322f3159009 |
| SHA1 | a16965656b01fc5a708aa9895288d90640c51e88 |
| SHA256 | a0c62e8e085c4fab2385ce95538e785f2c5c0158edab4788ac050ff2d68fa0d6 |
| SHA512 | b34f4170b552444d7fdc605bea613e1b4a1ed54c99358bd242275f09fabafc7c63e1364fbf3f17a15cb5d5474b809733534f5403176fb81f720edad3ddc88020 |
C:\Program Files\ICNow\PlatformSDK.dll
| MD5 | 6d6343cf3895a9a809a7da7e6d8d76a4 |
| SHA1 | 57be18f64835b316891ce783eae5a774f3bdc8ae |
| SHA256 | e68aee31901a77775228a72d2ff06133817cb146f6e4977eb662fa6965aeda47 |
| SHA512 | 48cc6a8ea392602f0693a7efcec40785c88ece9a45a70710ff17ed5d5f78d784573736daf667e41fb50ce52f39ac5b40f1c1d1148b06d8324cd8ca090f767899 |
C:\Program Files\ICNow\dslalien.dll
| MD5 | 3965db49fcaba74f0cef333fa368c046 |
| SHA1 | a886164a85b52c570a3dbd8d5b3fab12baadd7b4 |
| SHA256 | c531ae5b993fd535e06d1484f4b4a8d70cc15d203bbe899661f0017f0b9c3dc8 |
| SHA512 | 531c2cdd6c8120feed96a62be7553fb67401ec0a438a9a9340abaa08125c449e8d83c9a5fd7abad3f29e6fbd7111e7e024cfe00a878d67e6b4d720f611194ea0 |
C:\Program Files\ICNow\Qt5Multimedia.dll
| MD5 | 348d12c50f12244bed159eefe38f147c |
| SHA1 | 88ed711a1090297f259f4f396a3bac1e7cdf7959 |
| SHA256 | f0744c32108db097c058c4b16a206c69e6fb599fe37e1273602bac9955a64573 |
| SHA512 | 0d5049647c38e09a327bd24bb8aee4176c7e2f62061234d456575ad4430879cbc13920888edc21441850982d63aa923194ea25e74e7716e14d5714326fad0594 |
C:\Users\Admin\AppData\Local\Temp\nsb889A.tmp\MsgDLL.dll
| MD5 | 21a7a47784121c1eca0895fa4ba5d99b |
| SHA1 | d08e1179b3ebeb43f84172e98db24fb33ab98bf4 |
| SHA256 | 9fb07055f1fbfeaa5ef672a7c7e4463042c2902b1332713ebff0800cb40350c5 |
| SHA512 | 5888a1de5b0a271f5f2ce5c27ced4e9aba29485b8d3d982ca76b54c000134b52c3e35c36c298ff0a2e5ce764d8f6e8bd60705babf436a2ab78899d3824fb7abf |
C:\Program Files\ICNow\Qt5MultimediaWidgets.dll
| MD5 | 7152a908eeaf0189cf6b23921aa3366e |
| SHA1 | 0a91233ec32fc489b54c2ca3251c313dfb4682b5 |
| SHA256 | 1ebb4882b51f9c6490148f9bebf9d0e97cbff410cc490b40c8ac0ed242fbdffd |
| SHA512 | f87213137aff84ceaa080b63c2ffe5c1a273d3cbb36f6e3b98c626c4cbdf6d9b0f2ff5d669a2f56d6456f6289708de2c731e17af026bb10d03b362444af6022b |
memory/2148-10630-0x0000000003DB0000-0x0000000003E13000-memory.dmp
C:\Program Files\ICNow\Qt5Network.dll
| MD5 | 3d850d523852853decc8cbfe5b0c5857 |
| SHA1 | 85a360351e7253461f45fedb2056ed5dfbdfb8b8 |
| SHA256 | 46bcc9c2c901f279ec4f050b3b16a7a02c1800bb86290829f6f5e143428bc229 |
| SHA512 | ae727d8c73f2d3b03741090db141e645c859e0c1ca81b6aeece37cac5ff46466cb09e6148a6d0af5bbfaf31bac4b802fc0221963fb091927c35aff6f486cf818 |
C:\Program Files\ICNow\Qt5Sql.dll
| MD5 | 766b0a409587076c88dc13ab166c1355 |
| SHA1 | 1d481a0d95bbf07c2a7e95c17a33afad18b5f7ec |
| SHA256 | f520e1da92a3327ae7bd0299bb6ae1d76a76d82dcbf412cf3faff4b0204108c4 |
| SHA512 | 2b1a2377cae9a7196dafe170b28744aaa6cd2fbd095a313417c515f5aa2ee14ac1471ac52c537e2dbdf43b61155e85dc1a79a5f09b12febee3a2d39a0625d3fb |
C:\Program Files\ICNow\dbghelp.dll
| MD5 | a5e4b3ff51cf5b7926d9651908feb666 |
| SHA1 | 4ef5d229709e40f3f84e46c3a28341eadbd1a044 |
| SHA256 | 13f0c74845318b52b76e6000564b1a99c37de48422b44ac74d034fa222c65a23 |
| SHA512 | 0615ff581b648715461349b1622fbc208042fc8c395cb2d271203b25b036f59edb0fc3470065dc15061af1be0fff48981f55bbea7f00c88906e9b470764a86fa |
C:\Program Files\ICNow\msvcp140.dll
| MD5 | 9ff712c25312821b8aec84c4f8782a34 |
| SHA1 | 1a7a250d92a59c3af72a9573cffec2fcfa525f33 |
| SHA256 | 517cd3aac2177a357cca6032f07ad7360ee8ca212a02dd6e1301bf6cfade2094 |
| SHA512 | 5a65da337e64ea42bcc461b411ae622ce4dec1036638b1e5de4757b366875d7f13c1290f2ee345f358994f648c5941db35aa5d2313f547605508fd2bcc047e33 |
C:\Program Files\ICNow\vcruntime140.dll
| MD5 | edf9d5c18111d82cf10ec99f6afa6b47 |
| SHA1 | d247f5b9d4d3061e3d421e0e623595aa40d9493c |
| SHA256 | d89c7b863fc1ac3a179d45d5fe1b9fd35fb6fbd45171ca68d0d68ab1c1ad04fb |
| SHA512 | bf017aa8275c5b6d064984a606c5d40852aa70047759468395fe520f7f68b5452befc3145efaa7c51f8ec3bf71d9e32dbd5633637f040d58ff9a4b6953bf1cbf |
C:\Program Files\ICNow\DSGui.dll
| MD5 | 852c9de7115e2bc3ffb33c8f0a442957 |
| SHA1 | 694c8c64b9bdce2f9889b4f4d4deef3b485ea4dc |
| SHA256 | f56dae5cd3915d103abd4400a52845ccc4006304e64cec5e10f06092c9e9a242 |
| SHA512 | 47c34f4f7ada429be8ee678c58fe02114db7e53ba5bce907dddc63e0d48153cfab0875df5e2ff1be191d7fefbfabe8fec869a6268aa05b38d7cdea628b61cc77 |
C:\Program Files\ICNow\Qt5Xml.dll
| MD5 | 0085b262bdca9a55751660e787f9c6f5 |
| SHA1 | ab16fb0f2cc4316360fed481b2746780454cfb78 |
| SHA256 | f6c40a1d0c820c49cf1d3d8358eeed5f7fd58ba510a43f54c04115489f21dbe1 |
| SHA512 | 57a9ce69134959a056571ef5cad3fffdf914fa46b9a256051c2b5885bbfc5e65d70f8131f2eeeda2e01ca4f42ac287a64e57e5eb04cf8d05a37b62bce1a35e7d |
C:\Program Files\ICNow\SystemCommon.dll
| MD5 | a9682810c207eff9b82c4090410f41cf |
| SHA1 | cc6f18de43b4d423c10df253b781361a9456e08e |
| SHA256 | aa1f1db47fa6cdb2d81196baf0485044aafa7a3484e479baa48750146b3b5926 |
| SHA512 | 95e638700d031b6696810b2295d74d66e661f76d6c4c5c15719ac3907c2e01e240924dd2ea1bd5d4bc70327f47aaffb8e57f9feadbd8d1ea5f44fb680007491b |
C:\Program Files\ICNow\libdsl.dll
| MD5 | 7d5cbe79fea0fdd00daf3730579e5fe3 |
| SHA1 | 3c8c60596fb25295672562680d3af42a152133b1 |
| SHA256 | b82252b87f8522564dc49c923ccd83abb9cc3de41ad48f13986bc6b527cc4292 |
| SHA512 | ee847fa22137c104192c24b7f3fe5639e6d3a9790d23ad962d30c2e2d1b5f82be4c6067b830ced1d9b45ceb677ef7c99b2f472f7791773e2fb7b92da42653b4d |
C:\Program Files\ICNow\Qt5Gui.dll
| MD5 | 29d7fac6f156e779987a04f5c083fe13 |
| SHA1 | 1ab8dcc0be40409f9d9625bf18657bb276412aba |
| SHA256 | eeb274d94b2d44a9f8aa9305bd958bc07738c5a8ac1cca57d9d8a1142d0bcc0a |
| SHA512 | d55522c7b8b920eba4a3a252e09b766411aeb6afeba016a5d6127527bebc85b0b10d23f56458b0f8c03e285876c3ad4ed8dfdabd6729f55f750cdea2087e7c6b |
memory/1432-10658-0x00007FF9F7600000-0x00007FF9F7D93000-memory.dmp
C:\Users\Public\ICNow\Conf\User\SystemConfig.ini.lock
| MD5 | dcfd288cb076fcec391b37afa48a04da |
| SHA1 | 22e5e3d45704b3fea93091b5010c784a9165cd2c |
| SHA256 | d7333b60afd841b4c6fcd807fedc325876a62956f14fe4106083dc4c049b78dc |
| SHA512 | 100d271facf322b1aebae2be3e7bb4ffc1fee7d4002210b54c6afb10b0f0e11b5c759ceeb0497341e40e30acb7677a372ffee4eea98e7de02a61890ab195d94e |
memory/4788-10710-0x00007FFA086D0000-0x00007FFA08811000-memory.dmp
memory/4788-10711-0x00007FF9F7DA0000-0x00007FF9F82FA000-memory.dmp
C:\Users\Public\ICNow\Conf\User\Settings.ini
| MD5 | 09de8744b4ec3008b9a33be4b1da1779 |
| SHA1 | a91535ffb3038e61f4f801147c1e7fadca7b50e8 |
| SHA256 | ebb29890a11cede35f04ad370ed23369bf3d324f553ab0bfa2ec971c1fc3390c |
| SHA512 | ed5a721298470dddd556af53bf622c3a51bedac0ef7f5200968d671360083b568c9796401bffcf878817cf5c58a8422b898bdb97cc4e775d4e138a57517a13c9 |
C:\Users\Public\ICNow\Conf\User\Settings.ini
| MD5 | 491241ac88828a9d90b741331d33e4e1 |
| SHA1 | 5f57ea6bd6cb894a6e164cd18617f9fa498e6d4e |
| SHA256 | c9e92b111a91730114037dbf5f6ffd35610edb634b808288fed6e9facced3873 |
| SHA512 | 4848c54eb7b65dab3ca88593ada023bc16d03f78738db2f21ed9b2176b9d081b8b8528cf6cdd81e1c38c6b7e2189e4c86c697beaf594129ed823f0128210447c |
C:\Users\Public\ICNow\Conf\User\OrganizationBackup\OrganizationEmap.xml
| MD5 | b27d01d9881d9e7f1371183b9ea8cfb8 |
| SHA1 | d07cd8fb05312b11dc7566c07ec7775b5b9a5a73 |
| SHA256 | 459c43ae0b408a8a8e97272e30c3f41e50ab3a4aa29e1bf367e26660bd7212ab |
| SHA512 | 8894e8c05451a558234f6431f526c0d531d9c1b2136504aeef1d3e0793529c8a942efdc874fd777d80f1303cea710518a7f43955d4320c64617bb2a5b8b25ab5 |
C:\Users\Public\ICNow\Conf\User\OrganizationBackup\OrganizationChannel.xml
| MD5 | bb047cde490c1202d80d8a5258dc9381 |
| SHA1 | 08c79960fa831b79abd86fca1ccb485dff64e379 |
| SHA256 | add27866f998fc5bc132aac52fa0009d90a60993ca206d68a8e253594e923c9c |
| SHA512 | 685ce00b333027b985f4a566aeb59e3bd61a9a8e8c4da6b4c2c7cba1b2c886cd8e7b26f1e421c7b7f6402ee24a7820c043803102b2ba16c32a33153e36880479 |
C:\Users\Public\ICNow\Conf\User\OrganizationBackup\OrganizationDevice.xml
| MD5 | 1b67c70ed96ddf2d6c8361fed1020a9b |
| SHA1 | 05d3f6e37d4f80593a124ad925c8097fde39b7d6 |
| SHA256 | a932853e02a0fca929051bf347969123bf632312f39161eec5aa97adc6a83a19 |
| SHA512 | a5f5d37d6d55e6bbc44a06152997a5ec9f49e2d11124733a6ce9627c65cecf060fe864167054a09f5a1ad1174ad9a71ea296afa39d312bc878b69b014e6e8fb3 |
C:\Users\Public\ICNow\Conf\User\OrganizationBackup\OrganizationRegion.xml
| MD5 | c546d8109d871360be2f44decc3aaa96 |
| SHA1 | 5bb47844e4185186ee77db471fdd5e8f7e64bc20 |
| SHA256 | 739fcd236700650473cb2112778346a2b128f030d0dc1e8a895eb4f1ebc3e0b6 |
| SHA512 | 823a7697d35eefa5ed46e3549bf6e43b34e77aa3388373d6bdb45702e7c56db612a0fa7fabcc76456171edea82eab531a2b3fbd3da4d4f2694d90ca799141ccc |
C:\Users\Public\ICNow\Conf\User\OrganizationBackup\OrganizationGroup.xml
| MD5 | 4e829c96ab4c4bd02ad8084492307a5a |
| SHA1 | 67820e54be5e6f965460f74e6680152a6b795e9a |
| SHA256 | 6583236895afd0d6a111efffeef81594a98ec3d26f419481cfbf4e7404881aa0 |
| SHA512 | 1faf48e5aecb5256a2a894fbd695f5193486a23144eb5a472ed4bcce75e355afb8b56bec124caa216b2d5cd82a8c992f214b917aaf602fbb00408c90d1cb2c18 |
C:\Users\Public\ICNow\Conf\User\OrganizationBackup\Organization.xml
| MD5 | 6d325b90791ee5ea6d5242b678fdc079 |
| SHA1 | b7273c55fc3d1c2b7414b89a5d1b29a3a28cf15b |
| SHA256 | 63160c718e877b924a32c8160ec8b8a53bff34916de61f3e623de14ed21b2c5e |
| SHA512 | 1da49fc508d6ec510a4df06f904e64521788974155c96a009bf4c209592bc8d4ac7c4fbd0718c285c91cb18d5fbd3168a022df0df3b5991ff59a8195a139b416 |
C:\Users\Public\ICNow\Conf\User\Settings.ini
| MD5 | d980774cd1b4d3c03a1a7857ae7d02b9 |
| SHA1 | f3bf84407afa08dae333fecec83acbde8b204dbf |
| SHA256 | 8e66e1060228407ea22db1ea2a72e9183f895c9ae204603c381fbfbd8e680c26 |
| SHA512 | adf5eab46da2da4f961ba2529b6deae41cf22556928b684cbe03e1419f8b65a41616bd5ab3e8ac6fda5a3e776c9972a0247e1e086ac2b27fd5ad570a2d15fe03 |
C:\Users\Public\ICNow\Conf\User\Settings.ini
| MD5 | 47858ec64070116b5b58dc12fada1113 |
| SHA1 | 978c18450a1988b194fadbaf4758687c4f66b42b |
| SHA256 | 3077137ec1d919cdc0c3b29a0b4530cb5480b4eda19db222162e83ee15a104c0 |
| SHA512 | 3c31dcb44b97e3f7e423e21ae3c9d4c1e9fcc98673efe4bb7a2b2d3bdeb1de60bbca2799021203420972f6106487f18a75a0ffd931219dd2cdfcf4231fb78d07 |
C:\Users\Public\ICNow\Conf\User\SystemConfig.ini
| MD5 | 04a4d9eedf64b35247fb7b75bc5aefc8 |
| SHA1 | 3c6a34e9afea92877b1b67322a7890e2e334f8ea |
| SHA256 | 0d39d50c6ced8c13aa49fecc39bec5e907aed0fd8269994fdef39a105f4eaeeb |
| SHA512 | 46e100e10b15a4eda8e1352db421da2c1a88df12f784636d5d2a492bf1816ff7f553025cbe587688d34f0431c386268edb029dc5693b6beba356e5441e3fb4a1 |
C:\Users\Public\ICNow\Conf\User\SystemConfig.ini
| MD5 | 09651d7c6e9846851a798e89c7288b7c |
| SHA1 | 353e2039340508318daef839d706e0c589fc1ef4 |
| SHA256 | 1e61f0a7d0df2dad0889ba5df5b419913f623a93a2c3d5962d994a39ff8f4c5b |
| SHA512 | df593180c1f4f341559a690e3bd39f8a48366a6156046c32564637bebc4663875221e00d99d47228eddaf6a84317cfed66c694e6dd23c3bf7e668d8090951838 |
C:\Users\Public\ICNow\Conf\User\SystemConfig.ini
| MD5 | 581617ab5eb56f89ea9c4e68b998c8ee |
| SHA1 | e7ef1353c7fe0333d1d06b2adee277ef572ced88 |
| SHA256 | 88fd9fdc3b9e0decc1022f7fdf70fd85e6f59ed2b60c8318eb76c52aa3e26c4b |
| SHA512 | 846badf169a189775a4c32264b58cc82951f82e70f87ff8905794c59cceddf12c03e342d50d668692cdefc658c0472f928bdbeafc7a214768dc16440bb74e677 |
C:\Users\Public\ICNow\Conf\User\SystemConfig.ini
| MD5 | 7569d1c79226750f59b47ae9f633929b |
| SHA1 | 386c7bf5e4ca6b4d36a2452c80531ff41414f182 |
| SHA256 | b66da7398761623c8fa9f5995f43ba82a48f9d8420adea02a2233eb445d1d50f |
| SHA512 | 8d566aa075c3c0186258fbd33d9bf274b51b67b34feb8b1134cf5315cabeadca7f3925fed4de7439aa5d6f8e6e5983657a04e027e9738c63866dd005d3bc8f1b |
C:\Users\Public\ICNow\Conf\User\SystemConfig.ini
| MD5 | 1557c5c49cf1ef1f96c417cbe36a8a04 |
| SHA1 | 6f668d05e2a8c0a43652572fadee0251f13231f8 |
| SHA256 | 371510301488d5cb28deb65faebb0bfdf5280e965df60d2d0b40a71a2a26b0e7 |
| SHA512 | 74e81aab36d5c6342efa68e280d0c304f8c63a6dc945e1c32f9e761de569b3ec4f6aa68bfa3b7e97a55293f42d9b51ebf3cd0f4e78c2dd2d55a63098896db40a |
C:\Users\Public\ICNow\Conf\User\SystemConfig.ini
| MD5 | 873d866f07a00674ef2b2002f0860020 |
| SHA1 | 5eb74edd7cc2e6f484b865e70239f45d50a96d46 |
| SHA256 | 3df2756d89e807ecafb58634e093beda33c7f8292e07e6877c09754560ef81c3 |
| SHA512 | 59b2962ddcc048d4792d58e9077084518c12624a52fe545154c1f19f40dfbf1a20ea2a2e7fc360c1860af120c4e64d35f5c18ba10f992f8dbf0cb795894b288b |
C:\Users\Public\ICNow\Conf\User\SystemConfig.ini
| MD5 | a1942a494d532bd5f9566fd097a884d2 |
| SHA1 | 411f34942abca9b34b9775a6bdba1d1df639b388 |
| SHA256 | 6cdb7d30c20d41ceca0c5431d6acb075f65ee6404a60be4377d7f93b904b1f32 |
| SHA512 | d7fa5a993349ad1473cce3b1f1428c90c0e6967dba79bba3163afc7b88e8c2604353f3b1656f34ea69da360e21cfa3a3292db166ba84832921ca8d9335298f38 |
C:\Users\Public\ICNow\Conf\User\SystemConfig.ini
| MD5 | bec0f8ba96bf20388b3f61fc5e7fb01a |
| SHA1 | ea5c9d62138f8a5b8d793a1fa4413cee2419c373 |
| SHA256 | 4de09f379c3df88246d74e60c21b97ebc5af3296852c825939169b2ce353b766 |
| SHA512 | a6c196969069f236131560afd0b546455b0afd15f4daaacf42e23de729cb21f73cf168353b7c8ff059cda72c9b761d580047d5557112b687b212434fed656632 |
C:\Users\Public\ICNow\Conf\User\SystemConfig.ini
| MD5 | 5bd5d3e95ca812e67bd5e8fe9ee3001f |
| SHA1 | 883ecd7c8f5efce09a84063af83f28dbd38e5254 |
| SHA256 | 0829d55fe9812686e27ad739c9690bec1d22370656ea34dcb615b83876b0b4f8 |
| SHA512 | 0df19b8e5a7206328a0a85c617f398f66260c5c7cad21f3bdb5fa3c71226e1f4228b55c3a57bfcceae120a4055aba499da5ce03664a007a2e0308e1320f9febc |
memory/1432-11990-0x00007FF9F25B0000-0x00007FF9F2878000-memory.dmp
memory/1432-11993-0x0000024CF7600000-0x0000024CF770B000-memory.dmp
memory/1432-11992-0x0000024CF7320000-0x0000024CF7396000-memory.dmp
memory/1432-11991-0x0000024CE64E0000-0x0000024CE6563000-memory.dmp
memory/972-11996-0x00007FF9F7DA0000-0x00007FF9F82FA000-memory.dmp
C:\Users\Public\ICNow\Conf\User\SystemConfig.ini
| MD5 | c8653068dd5fab36f17a8dd931ec2717 |
| SHA1 | 8cc83b701a087ec57348f3ee49cbd5d8b3963c04 |
| SHA256 | 75ae5cf120e3c709c720e60afcec5ce5d07387c65b23132eb534f9d8fbac22c8 |
| SHA512 | 81333061e1237e82d96e0c8ef32add88264a44789a483e90c9145230b6fac67e34fbdb6c8c7ca73ffe835b1920c314cf6b60f8a21938a227d70c0ab50484ada0 |
C:\Users\Public\ICNow\Conf\User\SystemConfig.ini.MGAiDK
| MD5 | 16688408e3045056bec1915fe1878586 |
| SHA1 | 185ffef347e30e2bdaad7ede1c9ac3256bd5db0a |
| SHA256 | 3b765e8585fb67e72a181720a974e372489ab56885f05f4d965a90b6d0fc9216 |
| SHA512 | 4b848e878e7cefe3769ebd9e2397e821e6f2656daffc6ec69b225754713c19593a23fdebca8bceca6e796739f8f0bdcebffe633cb7512bf8325c36e30c46c062 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 55cd5944f47a5e6ab17a83525625b013 |
| SHA1 | 1e2fc976d9d0324bb7e0375f26349a892d40418d |
| SHA256 | 9d27e925ae0548f624517fd89eea6a49c1e02bc686cb370d1b7dfdc4c27c0a92 |
| SHA512 | 4c0d09a01d5710b8df875e79652c887f6d73885cde4452d4f05980e93d683e0ae78900eff98368f0878a8269adabb84a2ed581560c6e7de0fcf792336cfa8a87 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | a1c9ff34bcaf44eb53c7716dbe65861f |
| SHA1 | 01e34f95dd8410ab34b348f8aa6c24347b8a3adf |
| SHA256 | 69f30b28ba0a794f66a3a366f1c29e7b0e015190641cd3b575e87461009c8788 |
| SHA512 | 6ab43405ee542f15a7a49ca1a54f05eb5dbc292045f7a348123d18f58f51fa72076f4021b5e0ddf7896706e7ffc79f1111739efef8de33ce126c5b4e1aaa32c9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | aa3a3b43d7ff0e170481fe70ed80cf06 |
| SHA1 | c053a78ab0aeddc4a4a511fd507e02ef79d05318 |
| SHA256 | 241f4ef45b462ee591f35ed283ff3d5f118933f012cc8c9fd7ba3ba01d479dfa |
| SHA512 | 08526b69a0d3f11c615b2480d6070c188314671ba0faaba3ae110ce0d5f07d335a6aa65e852847693a275d34e06f590dcfc4892a55e37368a3fee6aede389e3b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 56f3204943d95823a9bbb632694c1b78 |
| SHA1 | 08d17561bc3a5d365ed5d9060b24c554d32a74e9 |
| SHA256 | 0baf90344c95621c6dbc481c59f51fac95ae26247a9dd2493521cbba91452e5a |
| SHA512 | 1c5106d5003dfb9fff53f9a42d55455f377ce45e0b4c495a67af791a1e46a2c6913449bca36c5f72cea72905e0cb19e68ab96cfb5fea92a65438b58e1aad582d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | f5fdbbd8cffc37208037c574bc629633 |
| SHA1 | 51f359646dc738a0fc04286f625b5c7b17677fc4 |
| SHA256 | 62eccf3bb3c4ba5a52046ed50df64fbf5d9453973338874dab73da7855484d19 |
| SHA512 | fa0c55f6c99930a0e399a744862ad8ae1b23269b7d28e462367586b38067e1533b3661b6ad55df906e7cae01e64f34b2fff0bf8f5918008dad0a78a564d7f723 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe66eca9.TMP
| MD5 | d5b22a8bd7094a411f0a8d4fa9be3544 |
| SHA1 | 97d68bda74f99922f165bbfd7eadd162a633f4cf |
| SHA256 | 734b1cece7dd692740b355e3edd6c412e74b38416b8b93a3d7d56f36f0b42741 |
| SHA512 | 93a2ff4b71c4666ff4b4d5e66e3bf1d3ef08ee2eeb335f11dc08da02c0ef4b7a471f3f25375d149f99af9124519869e758206789f13bb1b4d6cb6ada4c07a160 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 299030ab4a8c07fa36105992b743ca97 |
| SHA1 | a05544ba951b0fb7973fd0df5f8a836bc9bfde25 |
| SHA256 | 56537bd27b8b80453b6e59d11187e47c82c82bd828a4fa0571a14b58d4ee3dfd |
| SHA512 | 325b4fed2bf249cc1f1c05cd83656de8c22917630844bec39936f037f89cdab88c8e90b3abffd020ecf12c5c1e89f92f9cbcc358afeef05feccc5d15c82f40a5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7656bdc5f7027ee5b062ba242b633333 |
| SHA1 | bfa31733ee5fb6011ed06ed0b5ff3fff303be261 |
| SHA256 | 432bcdeb67c18ba94a00b95c5eb7ce98058059f20a66c185e9758c8858e0848e |
| SHA512 | b9a0e155f8dd71e6056674fe9ae40b66a794cbf43cc850c5ccf7e3ddcac1dd2afdeaa826edd2396e64e03530a275f1c9985076ae59b3dd2e2e53698ab5327766 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | de4f3ba91e9261ad0779c8bac22a04ad |
| SHA1 | 9b4a3996a8e7a9e8e445cf4bfad4cbdc52fe5de4 |
| SHA256 | f9424f07a092c8d433df7a6ec7c5e3396e6adc73a2ead3538c99f1bb454f4870 |
| SHA512 | 7aa7e304285dd8b722fd738b16deb10cd603d001bd14181303abcfe1f2d9119f6083b9868c4c00ff6651bc35edcb010e5dc01c226f410c0f375a5cc54ecb53e5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
| MD5 | 24e9d0c9795b47d4c1b3504e60a85f19 |
| SHA1 | df32da8e6029b4f7a06cc79bedc087107c8572bc |
| SHA256 | ab72591f5ae4b1c2244e5ca2860de4e55dd4656d6d530983786385e321b6db6b |
| SHA512 | 2ca104346f5b4da4f322d7b9c6e04faabcbb38d2fa4173cee017bd877af31621b8a5c114f4f8001f8862bcb912258d56e23a3d6e3865bf297b0650f4244bbfc1 |
C:\Users\Public\ICNow\Conf\User\SystemConfig.ini
| MD5 | 972e8cfa18af61e555bc0a9128e994d4 |
| SHA1 | 0d42d0c89bb8eb785b8cba7d9fdef53ba397b2f4 |
| SHA256 | 3f034ac7b769132758124478294a7fa22f677f5d4987fdd145921ab15509af3f |
| SHA512 | 278bea1b81fe45e95d3199c100058a81a5250363e85f7d7e2f400fd28c9337eab178d055c411294546a0dd448536c5022ca08c94f8983152e2b3aa2f15bc5657 |
memory/5572-14612-0x00007FF9F7DA0000-0x00007FF9F82FA000-memory.dmp
memory/5572-14614-0x00007FF9F7600000-0x00007FF9F7D93000-memory.dmp
memory/5572-14616-0x00007FF9F7600000-0x00007FF9F7D93000-memory.dmp
memory/5572-14615-0x00007FF9F6740000-0x00007FF9F68F1000-memory.dmp
memory/5572-14611-0x00007FF9F6740000-0x00007FF9F68F1000-memory.dmp
memory/5572-14613-0x0000023CDF970000-0x0000023CDFEBA000-memory.dmp
memory/5572-14610-0x00007FFA086D0000-0x00007FFA08811000-memory.dmp
C:\Users\Public\ICNow\Conf\User\PtzPrePoint.xml
| MD5 | c4af2726453dc87702ce9c87449a1524 |
| SHA1 | 8a6b03c87e70107225efd7e5f47b5d8fd56df18e |
| SHA256 | 91e0b4093529ea0fea5b832deaa94a1bc10df928d368077e69b8d2f1f982d43a |
| SHA512 | 4a412113e7843c1c16a5ee247ca79620b287f59f6d82889eba2eec9d21cea2e25cb785056bd5999da53b9fb28a80d151a579ad7d34bba0e900be7e07000029bf |
C:\Users\Public\ICNow\Conf\User\TaskScheme.xml
| MD5 | ca7df3ab4c728604d2b9e110108da283 |
| SHA1 | 6a3f83a226fc12e1e5454183af158bf7e0cb3619 |
| SHA256 | 0ba208d4c23a588d6f95de2678b0c0eb0ff11053136fa440a3760f3767e54f3a |
| SHA512 | 4e4e38279aee0a3d897608a4c9ab438b146d45d1803cbae22b501227aebec3249c7bf5b1a275640d512b4d4f6f7c4038312e0f24ba630dd911b5260fdf8abec2 |
C:\Users\Public\ICNow\Conf\User\WndSplit.xml
| MD5 | 1c01a02e6bf44e561c8240e06f6007a6 |
| SHA1 | 7252e8b5089727ba0edfce95ae65c5c554902569 |
| SHA256 | 40362684aabc6c1735e9665d0d966fb55d5386a9e96139257a790fe53c3c4deb |
| SHA512 | f9a352b837f9ffe3fc19eb109136791aec8a7d3454243f04d010c4143f66b1054eceaf136ce9ecb5a93e74fff17e10d8c91cf68b6592666d93afceb12e308ce3 |
C:\Users\Public\ICNow\Conf\User\loginconfig.ini
| MD5 | c3e3499b824e112bd756c4a3960bb14a |
| SHA1 | 296555e64a414662f215432ce1289d3c1db29a9c |
| SHA256 | 96b84ae7ce1ee665b4be38a10019cbfae952400be74a88613235b3745c38f829 |
| SHA512 | 6df2b6078c0be38d1b9addb239e704f97098c9a9f781ec35dc38f84bc1b820a95aa1f1207cd27c3e62c1286698d280562fb5638b4ab087637b7cc1b8250b3578 |
memory/5572-14650-0x0000023CE3210000-0x0000023CE3653000-memory.dmp
memory/5572-14651-0x0000023CE3660000-0x0000023CE43A1000-memory.dmp
memory/5280-14660-0x00007FFA086D0000-0x00007FFA08811000-memory.dmp
memory/5280-14661-0x00007FF9F7DA0000-0x00007FF9F82FA000-memory.dmp
memory/5572-14679-0x00007FF9F0DA0000-0x00007FF9F1068000-memory.dmp
memory/5572-14681-0x0000023CF4120000-0x0000023CF4196000-memory.dmp
memory/5572-14680-0x0000023CF4080000-0x0000023CF4103000-memory.dmp
memory/5572-14682-0x0000023CF4330000-0x0000023CF443B000-memory.dmp
memory/220-14683-0x00007FF9F7DA0000-0x00007FF9F82FA000-memory.dmp
C:\Users\Public\ICNow\Conf\User\loginconfig.ini
| MD5 | fb207048109d45916d0b03a521d46ba1 |
| SHA1 | 3c0776fdc0c3ea7a3e1f28d5f61b1669293706c1 |
| SHA256 | 20e3cb86b044f594b5519a18038276d70c35e61e209c236933ef07883ac0d162 |
| SHA512 | 37ec868c0303c00af4b3f26d0fe31516add0f61b2dedb7bada28546d9c726bf6448f25a68507d36a515ae71ff8e4a254ce880720827ec7a5952a1845e4bde0b3 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-20 19:40
Reported
2024-06-20 19:52
Platform
win10v2004-20240611-en
Max time kernel
129s
Max time network
196s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1860 wrote to memory of 2040 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 1860 wrote to memory of 2040 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 1860 wrote to memory of 2040 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2040 -ip 2040
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 612
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 13.107.21.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 237.21.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-06-20 19:40
Reported
2024-06-20 19:52
Platform
win10v2004-20240508-en
Max time kernel
40s
Max time network
62s
Command Line
Signatures
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1984 wrote to memory of 2528 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 1984 wrote to memory of 2528 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 1984 wrote to memory of 2528 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\progress.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\progress.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
Analysis: behavioral6
Detonation Overview
Submitted
2024-06-20 19:40
Reported
2024-06-20 19:52
Platform
win10v2004-20240508-en
Max time kernel
242s
Max time network
278s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7z.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 23.53.113.159:80 | tcp |
Files
Analysis: behavioral11
Detonation Overview
Submitted
2024-06-20 19:40
Reported
2024-06-20 19:52
Platform
win10v2004-20240508-en
Max time kernel
215s
Max time network
276s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ClientInit.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.173.79.40.in-addr.arpa | udp |
Files
memory/1252-0-0x000002B6D5FC0000-0x000002B6D7A0A000-memory.dmp
Analysis: behavioral12
Detonation Overview
Submitted
2024-06-20 19:40
Reported
2024-06-20 19:52
Platform
win10v2004-20240611-en
Max time kernel
133s
Max time network
319s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Common.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.143.182.52.in-addr.arpa | udp |
Files
Analysis: behavioral10
Detonation Overview
Submitted
2024-06-20 19:40
Reported
2024-06-20 19:52
Platform
win10v2004-20240611-en
Max time kernel
135s
Max time network
313s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\CardReader.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 13.107.21.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.90.14.23.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.65.42.20.in-addr.arpa | udp |
Files
Analysis: behavioral24
Detonation Overview
Submitted
2024-06-20 19:40
Reported
2024-06-20 19:52
Platform
win10v2004-20240508-en
Max time kernel
295s
Max time network
320s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\ICNow_Privacy Policy_Eng.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=4604,i,15142778360084620907,1763097090506261076,262144 --variations-seed-version --mojo-platform-channel-handle=4572 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=1736,i,15142778360084620907,1763097090506261076,262144 --variations-seed-version --mojo-platform-channel-handle=5228 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --field-trial-handle=5220,i,15142778360084620907,1763097090506261076,262144 --variations-seed-version --mojo-platform-channel-handle=5472 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5524,i,15142778360084620907,1763097090506261076,262144 --variations-seed-version --mojo-platform-channel-handle=5624 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5988,i,15142778360084620907,1763097090506261076,262144 --variations-seed-version --mojo-platform-channel-handle=5996 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=5796,i,15142778360084620907,1763097090506261076,262144 --variations-seed-version --mojo-platform-channel-handle=5668 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 88.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| IE | 94.245.104.56:443 | api.edgeoffer.microsoft.com | tcp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 2.20.12.101:443 | bzib.nelreports.net | tcp |
| SE | 23.34.233.128:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | 56.104.245.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.234.34.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 128.233.34.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| GB | 172.165.61.93:443 | nav-edge.smartscreen.microsoft.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 93.61.165.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.90.14.23.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.65.42.20.in-addr.arpa | udp |
Files
Analysis: behavioral30
Detonation Overview
Submitted
2024-06-20 19:40
Reported
2024-06-20 19:52
Platform
win10v2004-20240508-en
Max time kernel
131s
Max time network
209s
Command Line
Signatures
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
Processes
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\Languages\Abbreviation Of Country Names.xlsx"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | roaming.officeapps.live.com | udp |
| GB | 52.109.28.47:443 | roaming.officeapps.live.com | tcp |
| US | 8.8.8.8:53 | 97.32.109.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.28.109.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.65.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
Files
memory/628-0-0x00007FFE4F9B0000-0x00007FFE4F9C0000-memory.dmp
memory/628-1-0x00007FFE8F9CD000-0x00007FFE8F9CE000-memory.dmp
memory/628-2-0x00007FFE8F930000-0x00007FFE8FB25000-memory.dmp
memory/628-4-0x00007FFE4F9B0000-0x00007FFE4F9C0000-memory.dmp
memory/628-3-0x00007FFE4F9B0000-0x00007FFE4F9C0000-memory.dmp
memory/628-5-0x00007FFE4F9B0000-0x00007FFE4F9C0000-memory.dmp
memory/628-6-0x00007FFE8F930000-0x00007FFE8FB25000-memory.dmp
memory/628-7-0x00007FFE4F9B0000-0x00007FFE4F9C0000-memory.dmp
memory/628-9-0x00007FFE8F930000-0x00007FFE8FB25000-memory.dmp
memory/628-8-0x00007FFE8F930000-0x00007FFE8FB25000-memory.dmp
memory/628-10-0x00007FFE8F930000-0x00007FFE8FB25000-memory.dmp
memory/628-11-0x00007FFE4D100000-0x00007FFE4D110000-memory.dmp
memory/628-12-0x00007FFE8F930000-0x00007FFE8FB25000-memory.dmp
memory/628-13-0x00007FFE8F930000-0x00007FFE8FB25000-memory.dmp
memory/628-14-0x00007FFE8F930000-0x00007FFE8FB25000-memory.dmp
memory/628-16-0x00007FFE8F930000-0x00007FFE8FB25000-memory.dmp
memory/628-15-0x00007FFE4D100000-0x00007FFE4D110000-memory.dmp
memory/628-19-0x00007FFE8F930000-0x00007FFE8FB25000-memory.dmp
memory/628-21-0x00007FFE8F930000-0x00007FFE8FB25000-memory.dmp
memory/628-22-0x00007FFE8F930000-0x00007FFE8FB25000-memory.dmp
memory/628-20-0x00007FFE8F930000-0x00007FFE8FB25000-memory.dmp
memory/628-18-0x00007FFE8F930000-0x00007FFE8FB25000-memory.dmp
memory/628-17-0x00007FFE8F930000-0x00007FFE8FB25000-memory.dmp
memory/628-37-0x00007FFE8F930000-0x00007FFE8FB25000-memory.dmp
memory/628-38-0x00007FFE8F9CD000-0x00007FFE8F9CE000-memory.dmp
memory/628-39-0x00007FFE8F930000-0x00007FFE8FB25000-memory.dmp
memory/628-55-0x00007FFE4F9B0000-0x00007FFE4F9C0000-memory.dmp
memory/628-56-0x00007FFE4F9B0000-0x00007FFE4F9C0000-memory.dmp
memory/628-58-0x00007FFE4F9B0000-0x00007FFE4F9C0000-memory.dmp
memory/628-57-0x00007FFE4F9B0000-0x00007FFE4F9C0000-memory.dmp
memory/628-59-0x00007FFE8F930000-0x00007FFE8FB25000-memory.dmp
Analysis: behavioral15
Detonation Overview
Submitted
2024-06-20 19:40
Reported
2024-06-20 19:52
Platform
win10v2004-20240508-en
Max time kernel
129s
Max time network
206s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\DSMessageNotify.exe
"C:\Users\Admin\AppData\Local\Temp\DSMessageNotify.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.56.20.217.in-addr.arpa | udp |
Files
memory/4936-1-0x00007FF9D53B0000-0x00007FF9D54F1000-memory.dmp
memory/4936-0-0x00007FF9D5660000-0x00007FF9D5BBA000-memory.dmp
Analysis: behavioral17
Detonation Overview
Submitted
2024-06-20 19:40
Reported
2024-06-20 19:52
Platform
win10v2004-20240508-en
Max time kernel
40s
Max time network
70s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\DeviceWeb.exe
"C:\Users\Admin\AppData\Local\Temp\DeviceWeb.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
memory/1492-2-0x00007FFD05500000-0x00007FFD05641000-memory.dmp
memory/1492-0-0x00007FFD05D30000-0x00007FFD05EE1000-memory.dmp
memory/1492-1-0x00007FFD06690000-0x00007FFD06BEA000-memory.dmp
memory/1492-3-0x000001B0EA0F0000-0x000001B0EA63A000-memory.dmp
memory/1492-4-0x00007FFD05EF0000-0x00007FFD06683000-memory.dmp
Analysis: behavioral18
Detonation Overview
Submitted
2024-06-20 19:40
Reported
2024-06-20 19:52
Platform
win10v2004-20240611-en
Max time kernel
269s
Max time network
301s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\EncryptSqlite.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
| GB | 52.123.242.9:443 | tcp | |
| GB | 52.123.242.49:443 | tcp | |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.16.208.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.242.123.52.in-addr.arpa | udp |
Files
Analysis: behavioral25
Detonation Overview
Submitted
2024-06-20 19:40
Reported
2024-06-20 19:52
Platform
win10v2004-20240611-en
Max time kernel
131s
Max time network
206s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Infra.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 13.107.21.237:443 | g.bing.com | tcp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-20 19:40
Reported
2024-06-20 19:52
Platform
win10v2004-20240508-en
Max time kernel
280s
Max time network
312s
Command Line
Signatures
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 4452 wrote to memory of 2688 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 4452 wrote to memory of 2688 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 4452 wrote to memory of 2688 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\TestDLL.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\TestDLL.dll,#1
Network
Files
Analysis: behavioral20
Detonation Overview
Submitted
2024-06-20 19:40
Reported
2024-06-20 19:52
Platform
win10v2004-20240611-en
Max time kernel
135s
Max time network
312s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\ICNow.exe
"C:\Users\Admin\AppData\Local\Temp\ICNow.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 13.107.21.237:443 | g.bing.com | tcp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.173.189.20.in-addr.arpa | udp |
Files
memory/1472-0-0x00007FF96E720000-0x00007FF96EC7A000-memory.dmp
memory/1472-2-0x00007FF96DD10000-0x00007FF96DE51000-memory.dmp
memory/1472-1-0x00007FF96CDB0000-0x00007FF96CF61000-memory.dmp
memory/1472-3-0x00007FF96DE60000-0x00007FF96E5F3000-memory.dmp
Analysis: behavioral29
Detonation Overview
Submitted
2024-06-20 19:40
Reported
2024-06-20 19:52
Platform
win10v2004-20240508-en
Max time kernel
234s
Max time network
269s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\IvsDrawer.dll,#1
Network
Files
Analysis: behavioral31
Detonation Overview
Submitted
2024-06-20 19:40
Reported
2024-06-20 19:52
Platform
win10v2004-20240611-en
Max time kernel
130s
Max time network
301s
Command Line
Signatures
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
Processes
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\Languages\All Translations Of PSS.xlsx"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 13.107.21.237:443 | g.bing.com | tcp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 237.21.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | roaming.officeapps.live.com | udp |
| GB | 52.109.28.47:443 | roaming.officeapps.live.com | tcp |
| US | 8.8.8.8:53 | 46.28.109.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.28.109.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.16.208.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| NL | 52.111.243.30:443 | tcp | |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.16.208.104.in-addr.arpa | udp |
Files
memory/2636-0-0x00007FFB2EBF0000-0x00007FFB2EC00000-memory.dmp
memory/2636-1-0x00007FFB6EC0D000-0x00007FFB6EC0E000-memory.dmp
memory/2636-3-0x00007FFB2EBF0000-0x00007FFB2EC00000-memory.dmp
memory/2636-2-0x00007FFB2EBF0000-0x00007FFB2EC00000-memory.dmp
memory/2636-4-0x00007FFB6EB70000-0x00007FFB6ED65000-memory.dmp
memory/2636-7-0x00007FFB6EB70000-0x00007FFB6ED65000-memory.dmp
memory/2636-8-0x00007FFB2EBF0000-0x00007FFB2EC00000-memory.dmp
memory/2636-11-0x00007FFB6EB70000-0x00007FFB6ED65000-memory.dmp
memory/2636-12-0x00007FFB6EB70000-0x00007FFB6ED65000-memory.dmp
memory/2636-13-0x00007FFB2C470000-0x00007FFB2C480000-memory.dmp
memory/2636-10-0x00007FFB6EB70000-0x00007FFB6ED65000-memory.dmp
memory/2636-9-0x00007FFB6EB70000-0x00007FFB6ED65000-memory.dmp
memory/2636-6-0x00007FFB6EB70000-0x00007FFB6ED65000-memory.dmp
memory/2636-5-0x00007FFB2EBF0000-0x00007FFB2EC00000-memory.dmp
memory/2636-14-0x00007FFB2C470000-0x00007FFB2C480000-memory.dmp
memory/2636-17-0x00007FFB6EB70000-0x00007FFB6ED65000-memory.dmp
memory/2636-20-0x00007FFB6EB70000-0x00007FFB6ED65000-memory.dmp
memory/2636-19-0x00007FFB6EB70000-0x00007FFB6ED65000-memory.dmp
memory/2636-21-0x00007FFB6EB70000-0x00007FFB6ED65000-memory.dmp
memory/2636-22-0x00007FFB6EB70000-0x00007FFB6ED65000-memory.dmp
memory/2636-18-0x00007FFB6EB70000-0x00007FFB6ED65000-memory.dmp
memory/2636-16-0x00007FFB6EB70000-0x00007FFB6ED65000-memory.dmp
memory/2636-15-0x00007FFB6EB70000-0x00007FFB6ED65000-memory.dmp
memory/2636-37-0x00007FFB6EB70000-0x00007FFB6ED65000-memory.dmp
memory/2636-38-0x00007FFB6EC0D000-0x00007FFB6EC0E000-memory.dmp
memory/2636-39-0x00007FFB6EB70000-0x00007FFB6ED65000-memory.dmp
memory/2636-55-0x00007FFB2EBF0000-0x00007FFB2EC00000-memory.dmp
memory/2636-56-0x00007FFB2EBF0000-0x00007FFB2EC00000-memory.dmp
memory/2636-58-0x00007FFB2EBF0000-0x00007FFB2EC00000-memory.dmp
memory/2636-57-0x00007FFB2EBF0000-0x00007FFB2EC00000-memory.dmp
memory/2636-59-0x00007FFB6EB70000-0x00007FFB6ED65000-memory.dmp