b287700ad026bc68f694344c6d190a2225e09ed02440bb8ccba2428ea2ff772a

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
04/07/2024, 15:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

agent-0.9.0-windows-x64.exe
Size

12.5MB
MD5

981002dad15599cf88cecd9a5ed2feea
SHA1

39f18e6fbb1330205847b350d730d399c4d5e361
SHA256

b287700ad026bc68f694344c6d190a2225e09ed02440bb8ccba2428ea2ff772a
SHA512

45d22c5733b8f1503e397c4ed39d6641b24c93b5b3f1b40fb67b148e0f0b98c09907d74485361dc47e8b1ff52813932ee317b4ac418162e700552b5fc84bfd7d
SSDEEP

196608:tjOFTX/ClXeAXLHXfiExYdzE0yAISknzJB1:WX/k13okzJ

Score

7^/10

persistence

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation	agent-ui.exe

Executes dropped EXE 8 IoCs

pid	Process
1788	agent.exe
4320	agent.new
1556	agent.exe
3944	java.exe
4848	agent-ui.exe
3744	agent-ui.exe
2368	agent-ui.exe
2796	agent-ui.exe

Loads dropped DLL 30 IoCs

pid	Process
3944	java.exe
3944	java.exe
3944	java.exe
3944	java.exe
3944	java.exe
3944	java.exe
3944	java.exe
3944	java.exe
3944	java.exe
3944	java.exe
3944	java.exe
3944	java.exe
3944	java.exe
3944	java.exe
3944	java.exe
3944	java.exe
3944	java.exe
3944	java.exe
3944	java.exe
3944	java.exe
3944	java.exe
3944	java.exe
3944	java.exe
4848	agent-ui.exe
3744	agent-ui.exe
2368	agent-ui.exe
2796	agent-ui.exe
3744	agent-ui.exe
3744	agent-ui.exe
3744	agent-ui.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\by.edn.cloud-sign.agent = "\"C:\\Users\\Admin\\AppData\\Roaming\\cloud-sign-agent\\agent.exe\" "	agent-0.9.0-windows-x64.exe

Modifies system certificate store 2 TTPs 3 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C	agent.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 0400000001000000100000003e455215095192e1b75d379fb187298a0f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b1d00000001000000100000006ee7f3b060d10e90a31ba3471b9992367f000000010000000c000000300a06082b060105050703097a000000010000000c000000300a06082b060105050703097e00000001000000080000000000042beb77d501030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c190000000100000010000000a823b4a20180beb460cab955c24d7e21200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0	agent.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 5c000000010000000400000000080000190000000100000010000000a823b4a20180beb460cab955c24d7e21030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c7e00000001000000080000000000042beb77d5017a000000010000000c000000300a06082b060105050703097f000000010000000c000000300a06082b060105050703091d00000001000000100000006ee7f3b060d10e90a31ba3471b999236140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c990b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b060105050703080f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d0400000001000000100000003e455215095192e1b75d379fb187298a200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0	agent.exe

NTFS ADS 64 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\ЭДиН: Электронная подпись\01ed629a-140a-4e20-9efd-42c2a9733799.tmp	agent-ui.exe
File created	C:\Users\Admin\AppData\Roaming\ЭДиН: Электронная подпись\da4dcaa8-8b01-4765-910e-06b6ee0d4b32.tmp	agent-ui.exe
File created	C:\Users\Admin\AppData\Roaming\ЭДиН: Электронная подпись\891097db-71fa-45d6-8d7b-355866047622.tmp	agent-ui.exe
File created	C:\Users\Admin\AppData\Roaming\ЭДиН: Электронная подпись\8ee437d6-ad4d-4abe-8c00-6d4efeede37c.tmp	agent-ui.exe
File created	C:\Users\Admin\AppData\Roaming\ЭДиН: Электронная подпись\1ed7af4d-995a-41f7-8f8c-012459519134.tmp	agent-ui.exe
File created	C:\Users\Admin\AppData\Roaming\ЭДиН: Электронная подпись\e787bbbc-1341-445a-84e2-bf4333c533f4.tmp	agent-ui.exe
File created	C:\Users\Admin\AppData\Roaming\ЭДиН: Электронная подпись\08d2663b-29a4-4dbd-afc7-b9ed041bceca.tmp	agent-ui.exe
File created	C:\Users\Admin\AppData\Roaming\ЭДиН: Электронная подпись\5ebf870d-d6a1-45bc-8c24-3623809650db.tmp	agent-ui.exe
File created	C:\Users\Admin\AppData\Roaming\ЭДиН: Электронная подпись\9ed574e5-db4f-4018-b049-99d56f9fbd9a.tmp	agent-ui.exe
File created	C:\Users\Admin\AppData\Roaming\ЭДиН: Электронная подпись\123edde1-4010-4c2c-aedd-5bb085dace38.tmp	agent-ui.exe
File created	C:\Users\Admin\AppData\Roaming\ЭДиН: Электронная подпись\dceb6d9b-3eae-453f-955f-3fde9a2255e3.tmp	agent-ui.exe
File created	C:\Users\Admin\AppData\Roaming\ЭДиН: Электронная подпись\2802fddd-06e3-4a1b-9962-f73cadfcb946.tmp	agent-ui.exe
File created	C:\Users\Admin\AppData\Roaming\ЭДиН: Электронная подпись\0a8c1b49-2f8d-4651-973a-e68e76c4f6f0.tmp	agent-ui.exe
File created	C:\Users\Admin\AppData\Roaming\ЭДиН: Электронная подпись\7a7c1d22-a771-42ea-a9f6-e2c3a69570ad.tmp	agent-ui.exe
File created	C:\Users\Admin\AppData\Roaming\ЭДиН: Электронная подпись\ce748399-efff-4450-9b72-16d1ec04c27e.tmp	agent-ui.exe
File created	C:\Users\Admin\AppData\Roaming\ЭДиН: Электронная подпись\489f26fc-914b-4760-a4d3-74525a836f03.tmp	agent-ui.exe
File created	C:\Users\Admin\AppData\Roaming\ЭДиН: Электронная подпись\bdf64f1d-19e7-4b76-8321-e2b3b87a836a.tmp	agent-ui.exe
File created	C:\Users\Admin\AppData\Roaming\ЭДиН: Электронная подпись\586ffe3c-0ce4-4279-ae48-d894e30eb8fd.tmp	agent-ui.exe
File created	C:\Users\Admin\AppData\Roaming\ЭДиН: Электронная подпись\4852a287-51a2-4adc-8bb4-3427a61aa39c.tmp	agent-ui.exe
File created	C:\Users\Admin\AppData\Roaming\ЭДиН: Электронная подпись\9c6d20b3-6813-4d3e-9c3c-e677519752ab.tmp	agent-ui.exe
File created	C:\Users\Admin\AppData\Roaming\ЭДиН: Электронная подпись\3ca76654-9929-459e-86ac-52657fb556d1.tmp	agent-ui.exe
File created	C:\Users\Admin\AppData\Roaming\ЭДиН: Электронная подпись\d0dc9e19-8e6a-4684-a7ee-b3d910b7b534.tmp	agent-ui.exe
File created	C:\Users\Admin\AppData\Roaming\ЭДиН: Электронная подпись\15761097-0fbf-497c-a455-4409c4105405.tmp	agent-ui.exe
File created	C:\Users\Admin\AppData\Roaming\ЭДиН: Электронная подпись\23c97a26-5aaa-4615-a712-2a1389cc94e7.tmp	agent-ui.exe
File created	C:\Users\Admin\AppData\Roaming\ЭДиН: Электронная подпись\7a042f20-1dbc-4cf0-bb5d-e60fcdec9036.tmp	agent-ui.exe
File created	C:\Users\Admin\AppData\Roaming\ЭДиН: Электронная подпись\3a53aef5-f7aa-4e49-bcc5-16bbee983256.tmp	agent-ui.exe
File created	C:\Users\Admin\AppData\Roaming\ЭДиН: Электронная подпись\93b2a4d7-3955-4bcc-8965-995a7259d807.tmp	agent-ui.exe
File created	C:\Users\Admin\AppData\Roaming\ЭДиН: Электронная подпись\af477062-c48f-4b7b-aa44-526eaf6d01a9.tmp	agent-ui.exe
File created	C:\Users\Admin\AppData\Roaming\ЭДиН: Электронная подпись\d67238bf-55c5-46e5-a985-64c28d5d7415.tmp	agent-ui.exe
File created	C:\Users\Admin\AppData\Roaming\ЭДиН: Электронная подпись\8ed72405-fe41-4ab1-b33b-d52683741c93.tmp	agent-ui.exe
File created	C:\Users\Admin\AppData\Roaming\ЭДиН: Электронная подпись\e4337a73-44bf-4d16-bc0a-794b5064c988.tmp	agent-ui.exe
File created	C:\Users\Admin\AppData\Roaming\ЭДиН: Электронная подпись\9a290497-8baf-4a37-9761-38a453884949.tmp	agent-ui.exe
File created	C:\Users\Admin\AppData\Roaming\ЭДиН: Электронная подпись\9ff4ab6b-25f7-4cb4-bfae-c1e3a82d0d99.tmp	agent-ui.exe
File created	C:\Users\Admin\AppData\Roaming\ЭДиН: Электронная подпись\02a105ae-4d94-430c-9ed9-0858a19c7c59.tmp	agent-ui.exe
File created	C:\Users\Admin\AppData\Roaming\ЭДиН: Электронная подпись\a2592a88-81f3-40c6-b71d-643d31ca693d.tmp	agent-ui.exe
File created	C:\Users\Admin\AppData\Roaming\ЭДиН: Электронная подпись\61f9f0a5-6f58-4bad-9591-026e9200f40c.tmp	agent-ui.exe
File created	C:\Users\Admin\AppData\Roaming\ЭДиН: Электронная подпись\c2fb8e52-fe9e-4641-a0b6-0d4cfcdaab4e.tmp	agent-ui.exe
File created	C:\Users\Admin\AppData\Roaming\ЭДиН: Электронная подпись\c9e44d3f-407e-4941-96a8-9ccc6e1e0366.tmp	agent-ui.exe
File created	C:\Users\Admin\AppData\Roaming\ЭДиН: Электронная подпись\02d2db7d-375d-43a8-bca5-85b8e361fd42.tmp	agent-ui.exe
File created	C:\Users\Admin\AppData\Roaming\ЭДиН: Электронная подпись\26695a95-ea47-4658-8511-00cc52284f5c.tmp	agent-ui.exe
File created	C:\Users\Admin\AppData\Roaming\ЭДиН: Электронная подпись\ba044279-3cf0-45d4-bf03-38958554a31e.tmp	agent-ui.exe
File created	C:\Users\Admin\AppData\Roaming\ЭДиН: Электронная подпись\c26b8cf8-2ecb-44d0-b95a-abf269fa4c4f.tmp	agent-ui.exe
File created	C:\Users\Admin\AppData\Roaming\ЭДиН: Электронная подпись\4bfd11ab-7b4d-47d6-abf0-6f349263e4c9.tmp	agent-ui.exe
File created	C:\Users\Admin\AppData\Roaming\ЭДиН: Электронная подпись\396dea6a-0d05-441e-97c7-e232d0862803.tmp	agent-ui.exe
File created	C:\Users\Admin\AppData\Roaming\ЭДиН: Электронная подпись\47c1fe40-d970-4a26-8591-8230630c3034.tmp	agent-ui.exe
File created	C:\Users\Admin\AppData\Roaming\ЭДиН: Электронная подпись\2a42e7fe-38c5-4484-8016-ed75b85d6848.tmp	agent-ui.exe
File created	C:\Users\Admin\AppData\Roaming\ЭДиН: Электронная подпись\06f7cccc-00cd-420f-bfcb-fd29c313e43d.tmp	agent-ui.exe
File created	C:\Users\Admin\AppData\Roaming\ЭДиН: Электронная подпись\ee1c36c0-40f2-4b81-a3aa-6b0b8f0a589e.tmp	agent-ui.exe
File created	C:\Users\Admin\AppData\Roaming\ЭДиН: Электронная подпись\60e50ec0-ac02-4e33-b673-d8a58e3b3ea7.tmp	agent-ui.exe
File created	C:\Users\Admin\AppData\Roaming\ЭДиН: Электронная подпись\28013cfc-5a68-49fe-b964-9f25e111f9af.tmp	agent-ui.exe
File created	C:\Users\Admin\AppData\Roaming\ЭДиН: Электронная подпись\22e747d3-2c5a-4c1d-a219-7a8760473da7.tmp	agent-ui.exe
File created	C:\Users\Admin\AppData\Roaming\ЭДиН: Электронная подпись\f2c40405-c2e2-44db-86d5-d9c2c483efe2.tmp	agent-ui.exe
File created	C:\Users\Admin\AppData\Roaming\ЭДиН: Электронная подпись\cba2c9dd-5640-4edf-89ee-b5cce57b7ab8.tmp	agent-ui.exe
File created	C:\Users\Admin\AppData\Roaming\ЭДиН: Электронная подпись\eb941d17-e5e0-49b3-a37f-ff1fdad97423.tmp	agent-ui.exe
File created	C:\Users\Admin\AppData\Roaming\ЭДиН: Электронная подпись\61b71154-67c1-4e93-8446-53480447c682.tmp	agent-ui.exe
File created	C:\Users\Admin\AppData\Roaming\ЭДиН: Электронная подпись\2c1e7586-63cc-4d11-90e1-88469dab6a06.tmp	agent-ui.exe
File created	C:\Users\Admin\AppData\Roaming\ЭДиН: Электронная подпись\456c5989-27fc-4049-bc2b-13aebada38fb.tmp	agent-ui.exe
File created	C:\Users\Admin\AppData\Roaming\ЭДиН: Электронная подпись\60a3b838-3d71-4a1b-8958-b7c21eac1664.tmp	agent-ui.exe
File created	C:\Users\Admin\AppData\Roaming\ЭДиН: Электронная подпись\f6dfb5c4-e3c5-4885-aaa2-cc93b3b8814d.tmp	agent-ui.exe
File created	C:\Users\Admin\AppData\Roaming\ЭДиН: Электронная подпись\51ccdeeb-60c4-4e0c-a7dc-121287c1e104.tmp	agent-ui.exe
File created	C:\Users\Admin\AppData\Roaming\ЭДиН: Электронная подпись\c4dd5d30-79c9-4691-985e-3adfd2877e69.tmp	agent-ui.exe
File created	C:\Users\Admin\AppData\Roaming\ЭДиН: Электронная подпись\203b01a3-a561-4a0b-8f80-a1578f8f8e29.tmp	agent-ui.exe
File created	C:\Users\Admin\AppData\Roaming\ЭДиН: Электронная подпись\da986741-6f22-4d54-bdcd-2b120bca0ba1.tmp	agent-ui.exe
File created	C:\Users\Admin\AppData\Roaming\ЭДиН: Электронная подпись\437b9ca2-ceba-4698-b909-1c24541db59e.tmp	agent-ui.exe

Suspicious behavior: AddClipboardFormatListener 4 IoCs

pid	Process
4712	agent-0.9.0-windows-x64.exe
1788	agent.exe
4320	agent.new
1556	agent.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2368	agent-ui.exe
2368	agent-ui.exe
2796	agent-ui.exe
2796	agent-ui.exe
4848	agent-ui.exe
4848	agent-ui.exe
4848	agent-ui.exe
4848	agent-ui.exe

Suspicious use of FindShellTrayWindow 6 IoCs

pid	Process
1788	agent.exe
1556	agent.exe
4848	agent-ui.exe
4848	agent-ui.exe
4848	agent-ui.exe
4848	agent-ui.exe

Suspicious use of SendNotifyMessage 5 IoCs

pid	Process
4848	agent-ui.exe
4848	agent-ui.exe
4848	agent-ui.exe
4848	agent-ui.exe
4848	agent-ui.exe

Suspicious use of WriteProcessMemory 54 IoCs

description	pid	Process	procid_target
PID 4712 wrote to memory of 1788	4712	agent-0.9.0-windows-x64.exe	81
PID 4712 wrote to memory of 1788	4712	agent-0.9.0-windows-x64.exe	81
PID 1788 wrote to memory of 4320	1788	agent.exe	84
PID 1788 wrote to memory of 4320	1788	agent.exe	84
PID 4320 wrote to memory of 1556	4320	agent.new	85
PID 4320 wrote to memory of 1556	4320	agent.new	85
PID 1556 wrote to memory of 3944	1556	agent.exe	91
PID 1556 wrote to memory of 3944	1556	agent.exe	91
PID 1556 wrote to memory of 4848	1556	agent.exe	96
PID 1556 wrote to memory of 4848	1556	agent.exe	96
PID 4848 wrote to memory of 3744	4848	agent-ui.exe	97
PID 4848 wrote to memory of 3744	4848	agent-ui.exe	97
PID 4848 wrote to memory of 3744	4848	agent-ui.exe	97
PID 4848 wrote to memory of 3744	4848	agent-ui.exe	97
PID 4848 wrote to memory of 3744	4848	agent-ui.exe	97
PID 4848 wrote to memory of 3744	4848	agent-ui.exe	97
PID 4848 wrote to memory of 3744	4848	agent-ui.exe	97
PID 4848 wrote to memory of 3744	4848	agent-ui.exe	97
PID 4848 wrote to memory of 3744	4848	agent-ui.exe	97
PID 4848 wrote to memory of 3744	4848	agent-ui.exe	97
PID 4848 wrote to memory of 3744	4848	agent-ui.exe	97
PID 4848 wrote to memory of 3744	4848	agent-ui.exe	97
PID 4848 wrote to memory of 3744	4848	agent-ui.exe	97
PID 4848 wrote to memory of 3744	4848	agent-ui.exe	97
PID 4848 wrote to memory of 3744	4848	agent-ui.exe	97
PID 4848 wrote to memory of 3744	4848	agent-ui.exe	97
PID 4848 wrote to memory of 3744	4848	agent-ui.exe	97
PID 4848 wrote to memory of 3744	4848	agent-ui.exe	97
PID 4848 wrote to memory of 3744	4848	agent-ui.exe	97
PID 4848 wrote to memory of 3744	4848	agent-ui.exe	97
PID 4848 wrote to memory of 3744	4848	agent-ui.exe	97
PID 4848 wrote to memory of 3744	4848	agent-ui.exe	97
PID 4848 wrote to memory of 3744	4848	agent-ui.exe	97
PID 4848 wrote to memory of 3744	4848	agent-ui.exe	97
PID 4848 wrote to memory of 3744	4848	agent-ui.exe	97
PID 4848 wrote to memory of 3744	4848	agent-ui.exe	97
PID 4848 wrote to memory of 3744	4848	agent-ui.exe	97
PID 4848 wrote to memory of 3744	4848	agent-ui.exe	97
PID 4848 wrote to memory of 3744	4848	agent-ui.exe	97
PID 4848 wrote to memory of 3744	4848	agent-ui.exe	97
PID 4848 wrote to memory of 3744	4848	agent-ui.exe	97
PID 4848 wrote to memory of 3744	4848	agent-ui.exe	97
PID 4848 wrote to memory of 3744	4848	agent-ui.exe	97
PID 4848 wrote to memory of 3744	4848	agent-ui.exe	97
PID 4848 wrote to memory of 3744	4848	agent-ui.exe	97
PID 4848 wrote to memory of 3744	4848	agent-ui.exe	97
PID 4848 wrote to memory of 3744	4848	agent-ui.exe	97
PID 4848 wrote to memory of 3744	4848	agent-ui.exe	97
PID 4848 wrote to memory of 3744	4848	agent-ui.exe	97
PID 4848 wrote to memory of 3744	4848	agent-ui.exe	97
PID 4848 wrote to memory of 2368	4848	agent-ui.exe	98
PID 4848 wrote to memory of 2368	4848	agent-ui.exe	98
PID 4848 wrote to memory of 2796	4848	agent-ui.exe	99
PID 4848 wrote to memory of 2796	4848	agent-ui.exe	99

C:\Users\Admin\AppData\Local\Temp\agent-0.9.0-windows-x64.exe
"C:\Users\Admin\AppData\Local\Temp\agent-0.9.0-windows-x64.exe"
1⤵
- Adds Run key to start application
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of WriteProcessMemory
PID:4712
- C:\Users\Admin\AppData\Roaming\cloud-sign-agent\agent.exe
  C:\Users\Admin\AppData\Roaming\cloud-sign-agent\agent.exe
  2⤵
  - Executes dropped EXE
  - Modifies system certificate store
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:1788
- - C:\Users\Admin\AppData\Roaming\cloud-sign-agent\agent.new
    .\agent.new
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: AddClipboardFormatListener
    - Suspicious use of WriteProcessMemory
    PID:4320
  - - C:\Users\Admin\AppData\Roaming\cloud-sign-agent\agent.exe
      .\agent.exe
      4⤵
      Executes dropped EXE
      Suspicious behavior: AddClipboardFormatListener
      Suspicious use of FindShellTrayWindow
      Suspicious use of WriteProcessMemory
      PID:1556
    - - C:\Users\Admin\AppData\Roaming\cloud-sign-agent\cryptoj-agent\bin\java.exe
        
        bin\java -Xms64m -Xmx512m -Dfile.encoding=utf-8 -cp lib\main.jar;C:\Users\Admin\AppData\Roaming\cloud-sign-agent\avjceprov\* by.edn.cryptoj.agent.Main
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:3944
    - - C:\Users\Admin\AppData\Roaming\cloud-sign-agent\agent-ui\agent-ui.exe
        
        .\agent-ui --port=61457
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        NTFS ADS
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:4848
      - C:\Users\Admin\AppData\Roaming\cloud-sign-agent\agent-ui\agent-ui.exe
        
        "C:\Users\Admin\AppData\Roaming\cloud-sign-agent\agent-ui\agent-ui.exe" --type=gpu-process --field-trial-handle=1648,1513648628652909367,9700316646576765301,131072 --enable-features=WebComponentsV0Enabled --disable-features=SpareRendererForSitePerProcess --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --mojo-platform-channel-handle=1684 /prefetch:2
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:3744
      - C:\Users\Admin\AppData\Roaming\cloud-sign-agent\agent-ui\agent-ui.exe
        
        "C:\Users\Admin\AppData\Roaming\cloud-sign-agent\agent-ui\agent-ui.exe" --type=renderer --field-trial-handle=1648,1513648628652909367,9700316646576765301,131072 --enable-features=WebComponentsV0Enabled --disable-features=SpareRendererForSitePerProcess --lang=en-US --app-path="C:\Users\Admin\AppData\Roaming\cloud-sign-agent\agent-ui\resources\app.asar" --no-sandbox --no-zygote --preload="C:\Users\Admin\AppData\Roaming\cloud-sign-agent\agent-ui\resources\app.asar\dist\renderer.prod.js" --enable-remote-module --background-color=#fff --enable-spellcheck --enable-websql --disable-electron-site-instance-overrides --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2176 /prefetch:1
        6⤵
        Checks computer location settings
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:2368
      - C:\Users\Admin\AppData\Roaming\cloud-sign-agent\agent-ui\agent-ui.exe
        
        "C:\Users\Admin\AppData\Roaming\cloud-sign-agent\agent-ui\agent-ui.exe" --type=utility --field-trial-handle=1648,1513648628652909367,9700316646576765301,131072 --enable-features=WebComponentsV0Enabled --disable-features=SpareRendererForSitePerProcess --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=2192 /prefetch:8
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        NTFS ADS
        Suspicious behavior: EnumeratesProcesses
        
        PID:2796

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4152

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\cloud-sign-agent\agent.exe

Filesize
12.5MB

MD5
981002dad15599cf88cecd9a5ed2feea

SHA1
39f18e6fbb1330205847b350d730d399c4d5e361

SHA256
b287700ad026bc68f694344c6d190a2225e09ed02440bb8ccba2428ea2ff772a

SHA512
45d22c5733b8f1503e397c4ed39d6641b24c93b5b3f1b40fb67b148e0f0b98c09907d74485361dc47e8b1ff52813932ee317b4ac418162e700552b5fc84bfd7d

Download Submit
C:\Users\Admin\AppData\Roaming\cloud-sign-agent\agent.new

Filesize
11.0MB

MD5
938f6c86b0b83f7877b1232a65a2598e

SHA1
d009d076a5829ca93df59b6860c655a1a619095e

SHA256
024f29b0682fba76d6ce07f3f358e1fb6fb7a3d5bc8f7e15f342702c38de652d

SHA512
0ec700ffec3b51418b3f39ce4c144541087e5044dbc85fd15f82a41a09099cef056d387dbaf51362a460c95b79132c891e021334c16e996b850fb31bbd2bc188

Download Submit
C:\Users\Admin\AppData\Roaming\cloud-sign-agent\avjceprov\avjavaseckit.jar

Filesize
37KB

MD5
542ef7298b71e1b616d9bef3b5ab444f

SHA1
9c6fe77df6f268e85ce02dca4a1aa615cd77e2fb

SHA256
c71758f89d153c815330411c0172a8f62b9fa74202b5ca1b10e8c5ca2cfd90cc

SHA512
26c3b19edd018db1dd40c915db2b61ce394aff167bf9b2dd0c789edf6c8ce78275ec6265dbcb234c8292b75381a696b0c08eeb267fa0db93662c6e83d092ffcd

Download Submit
C:\Users\Admin\AppData\Roaming\cloud-sign-agent\avjceprov\avjavasecprov-shared.jar

Filesize
1.1MB

MD5
758517ad8c46a8f217b5d34439779a55

SHA1
1ced213638658d789b9897f6310b622a83d7f52f

SHA256
ce189e4ec8367c8743f3a084d6e1bca6f96c2d861540dd15d7b34e4773fdcff3

SHA512
b7d1d5b6c9c2338be5ace7c5189b161e7e69542090e311598e5caba3d41f880abc0715ae06012defd039bb2ab999c7a8c751866b3cc25561b52264b0f0512c79

Download Submit
C:\Users\Admin\AppData\Roaming\cloud-sign-agent\avjceprov\avjavasecprovintf.jar

Filesize
34KB

MD5
1e8afa709f7e257be07a5a2ef43a46c8

SHA1
e96f7ff0f711cc4eeede70c4d4770f4e56a8edbc

SHA256
6bd3011797db53602562b10a632382066d5f43d06bdfcd71cb5d63c9701ba042

SHA512
8a61e96e1b86dbf0e95c497b4f7bd4f62531d20b12f2208344938ee989947b96d66f1cdc8004fed1dfe38c43a1d12aa5883587e65f7b28cf4d07fcbccdf89e23

Download Submit
C:\Users\Admin\AppData\Roaming\cloud-sign-agent\avjceprov\avjceprovlib-avbign-shared.jar

Filesize
13KB

MD5
88bbdc5e7897b5c38e89bfda1db4f768

SHA1
aeb8653dac86ea02f4b60715da767c3ce24cf8de

SHA256
c7b2743218b631cf5c58ba1e4b8121fcb2e3e8e1ce0d86dc1a41cf0a8c5c9965

SHA512
b509cea017b4a2b5075e7cde7adf6da772ad0c0dcb448917f6cb9a00216c525652f2a249d11ea821068c189fade1b577c8c1df1d7f61e04e599df228ccbb53b6

Download Submit
C:\Users\Admin\AppData\Roaming\cloud-sign-agent\avjceprov\avjceprovlib-avtoken-shared.jar

Filesize
29KB

MD5
ffed7d433de077d157eac499404a21cb

SHA1
3adae8bcfbb4cc281f1d09b60bac5af4d1ba56ac

SHA256
091e76e7deeef1101abd54eb18874c0beacb9301ed7ba360490a4fa7a5848303

SHA512
1d8c0348e6dd86ca07409084506713daab5a4637300b092b0bf76cefdb4c9d4483cfe19c2f4a195d0d53737e86dd4471ace92977ee24a6a30fc9198ec20109e4

Download Submit
C:\Users\Admin\AppData\Roaming\cloud-sign-agent\avjceprov\avjutils.jar

Filesize
148KB

MD5
d6728af2a861edba084925ad7b96e709

SHA1
a2b878cc389d416f40dfc3c641db72ccdadc6e17

SHA256
8816b9e3133fe3f51fc1df6cad8314ccbbab46ef7edcb99e7c64f0ed95a9f139

SHA512
7a3afdb640dca89ac97d6666c422921028612e6e4c4c1d52545ffc6770001f4e572d9b8f478f25755906ee1e27016719eb156539f6c8652f87ab0c50a68e40e5

Download Submit
C:\Users\Admin\AppData\Roaming\cloud-sign-agent\avjceprov\avkeytool.jar

Filesize
36KB

MD5
57fc47718a867697f88993c53456d901

SHA1
3255d3947b0f0fc867b8f67a7af7735f1c3ed328

SHA256
e4f5c59439248edcd935ad4d6cd901e4f960c29f1cfa473c99545d19c885f7a6

SHA512
66a0542edf8ddbd67af62183b618f7ead91e8256fa15a87cc6364c065641dde7d8abb206a80cb0bdb7d54a45a842c9422ba081a80585138f170fc1c9c94434d3

Download Submit
C:\Users\Admin\AppData\Roaming\cloud-sign-agent\avjceprov\avldapcertstore.jar

Filesize
17KB

MD5
fe553941b88d675df95f7f3cea553033

SHA1
4001974c31a8750bfdaf94742cc13080d6cb10fa

SHA256
37cc1f9b384f4c2a31308667e5b9a5ed915c4c1ea0d9f67a78f1479766868c84

SHA512
95fbf6a484739c18bf901e02ab473e821830552debfb0633f24e943f0d176ad2a9d01a6333fca902ed0d67fa7353e9c3e65b5248985fa7f4ee4c946facb0ae87

Download Submit
C:\Users\Admin\AppData\Roaming\cloud-sign-agent\avjceprov\avlog.jar

Filesize
76KB

MD5
1bc41df585669a918d11bb85db4b2108

SHA1
32bb736402a396f0ca73c9084b89a84f17b6e88e

SHA256
5e0150472fab611fc8cc148159b12480d8673d2103d9e5efbd7e9e74f6df909d

SHA512
47b759a60c2e92acc97ab95dade3d5567772e8f6bf212ae1005ebacc9cd842d137371df4b9dd5c138380a86ff8825b168c196d5cc4c4fd16b1ca61d1fc4641d3

Download Submit
C:\Users\Admin\AppData\Roaming\cloud-sign-agent\avjceprov\avocspclient.jar

Filesize
33KB

MD5
14a1876cbe723a8c01fbcdc338cf1e92

SHA1
c7bfca7c70cc84fff373b7ef391412c4b65c373e

SHA256
c1242f973b372ea834377c2061b7eaf645b0002c926be60b2f6d948c03adaca7

SHA512
5c95f6aa373967366defd87a4dd28f6d957e7001656ed4f4727eefbdf940e6d75b3910226ab29d6ea84416a0417c411cbf6758b7d68165050120f27a2832d13f

Download Submit
C:\Users\Admin\AppData\Roaming\cloud-sign-agent\avjceprov\avoids.jar

Filesize
13KB

MD5
ad8d0b3eb3152de4e2f476e9806957a4

SHA1
4eee74cecb717538bb809497f75ce12a708d42ca

SHA256
0ddf728ea62190545af1e6f6a6a2458b212c74abd281df484f77e4ec239402d5

SHA512
7a514c25dd3a3c214313211d1d4928dc448111fe688b59533c01b01c0315c9d45fe1e85743467ea181d266572736d92af199b8853accb260baafef88caa378b2

Download Submit
C:\Users\Admin\AppData\Roaming\cloud-sign-agent\avjceprov\avpkitools.jar

Filesize
278KB

MD5
975dfe7be1611bbef168265129a70c5b

SHA1
f9cd4a21e0e1b5e602d90ade268b098ceaa37b06

SHA256
2fa80c0e4731f31c491d352b53c1daacd9e6d52cca9bb5c7b31d290c6be158a9

SHA512
ab581fd8cb859e2920e0dba1920d2beee6bc3636e083096096a6cc632a4cc4a0338697b0aba9fe8b630b345ba4cc1e8c7ef46858aff2bae6382f203f7da6d5ed

Download Submit
C:\Users\Admin\AppData\Roaming\cloud-sign-agent\avjceprov\avscimport.jar

Filesize
28KB

MD5
9b0a0a8897cb73b78eeee4e9373d4d82

SHA1
b0de9305b2e7f7f2e9fae33daa199f653da31933

SHA256
4cfe76209a9332c0057aa8ad842ccb3fd81819528fb0334c4ac697b058171924

SHA512
bbe7f0e5bd8c837067ee78d89c1879658389605cc178bbbf9037b35763352d2f3cbc98fff02064a1a84f7fa2e306cd65d3300cd5d7b582eacec013779af39aca

Download Submit
C:\Users\Admin\AppData\Roaming\cloud-sign-agent\avjceprov\avstores.jar

Filesize
98KB

MD5
e78d9fe94fb6da6f997100167da7740b

SHA1
c03dbc925f0e836870ad3dfbf136685872bf3e6b

SHA256
768bcc2b07948c28c19740626abaf2f041418d1b781a6f78c5cbe3bf261e5ebf

SHA512
c2e47b73a72a42b13d92b942a4b866a5c5b441a80a02cea568c99ad85d13c67a1fe307c6d7cef9a30dfd3e7fd918bdaef9777ad36a11790ee53f09fabc71a579

Download Submit
C:\Users\Admin\AppData\Roaming\cloud-sign-agent\avjceprov\avtlsjava-bign.jar

Filesize
196KB

MD5
5e6e32e2b67599c6c637d20efdedcc08

SHA1
5a404c7b3204d96caa87f8fed84338b7a08cadc5

SHA256
28f993017b19bbc5d8618ae4a40cc223d1345bfd67532cc80d44285ed5719023

SHA512
f247c984bc1a0531e1270d4999ec3166a8380feb9f1cf7f1a0f9ff01bf86c23297d6ee486f43a687b81b7408d735f449b3405b1d997da5446829ddd00c7b094b

Download Submit
C:\Users\Admin\AppData\Roaming\cloud-sign-agent\avjceprov\avtsc.jar

Filesize
14KB

MD5
9300e9ebf6a466f580eb6aa61053224a

SHA1
659b5c73976b31a7ad9e6ccdadfb9bcd171c2b63

SHA256
122ab549de35758c31564eade0c4ecf48375d4c3661c571ad1c91d41f12b2d95

SHA512
67004a9b7f19154176c9cc8bc37f1a33c5eca17df5c7ccbcd71392a37735be761b668a9a82e133ed158296fa8509078534822929fc1da317531a586c4aa6bbe3

Download Submit
C:\Users\Admin\AppData\Roaming\cloud-sign-agent\avjceprov\avwss4j.jar

Filesize
28KB

MD5
091e89c03306ab9b67f6f483433ca0e9

SHA1
2ee2cadcc957c6aa135e0f6131683b2da8a375c7

SHA256
3401c42fe59444822fb86549cab60ec81e2c339124856d444649e63b6e16ff5b

SHA512
edf3182ab087d67e8e29d28b13ffa14a753c73002262acb6918adedfb6d55279d57f19b9e8bfdee2272a849fcb6b1ae6f251f328c1c37efa891d2f71ec024de2

Download Submit
C:\Users\Admin\AppData\Roaming\cloud-sign-agent\avjceprov\avxmlsecurity.jar

Filesize
22KB

MD5
02ebb2c9bb382f99e66044e732c65b0a

SHA1
c617982561f2e855fac8d1385c69b2f3adf8e431

SHA256
f1cef137730bf6bcbca173735e0a6c38f979c654488e1d42ae7581ea34c666d7

SHA512
53dbb38e16d4eb02415e3e7d11a2a1362c57fe7e8ac9d238c753d7ab1bf3e7b3b38b0953841127ada3cf2ad493efabd6d7db822e592d61b52cc3c8ee94d7b2ec

Download Submit
C:\Users\Admin\AppData\Roaming\cloud-sign-agent\avjceprov\win64\AvPass.dll

Filesize
237KB

MD5
4981b80bdb125cd6054f1f495e1ecd8b

SHA1
606f27aee642c762db2cb72f6d7f24e1d5b002aa

SHA256
f8ade24a528856e352d41a6951f40870a6bc3a49414b042fc67d1f108e2f68ac

SHA512
71e97ffe55ada1b6d0a585ffaf444eda67fa0d68ce67be90e350eccef082af869d747e41dc0c805810a1a9194e287fb880cc4513ad0335b0a3818b83e14c460d

Download Submit
C:\Users\Admin\AppData\Roaming\cloud-sign-agent\avjceprov\win64\AvToken.dll

Filesize
242KB

MD5
793f5c11c38741332d7f8a1d630d1ba9

SHA1
3820e700b688209c3bbca04c7bcad603531ffdec

SHA256
44633d132b1056125072b2c519899b62a9a6646ff29bc9d332a8e805a1c29084

SHA512
8e353e7eab83884008d11bb7136679ca881a011f79f3efc4d13510f284ff5a59a652ba0c6f704a68a1008138e068a3bb8fa77437b27a93fe177c7698cfaaf6a3

Download Submit
C:\Users\Admin\AppData\Roaming\cloud-sign-agent\avjceprov\win64\avc.dll

Filesize
141KB

MD5
b110a1a8dfb70bd8e20b8957bd481be7

SHA1
e7a3461a1876f00a3c318e1ace98ee5430e2d66e

SHA256
6cc68ed93b46aa44cec3a6dc029a054a3a44973dda8a03d99f36601ef9dd5be6

SHA512
79fe5627712ec24be09c3a8a2d40c993c9277561c06f87002da3fafa1b8739392c9c942d1a189a0c8168b647e408189a7d5e2b96db053ac820f5f228c0264ef0

Download Submit
C:\Users\Admin\AppData\Roaming\cloud-sign-agent\avjceprov\win64\avcext.dll

Filesize
138KB

MD5
6cc7e5a5b5eea90d0eb6b6d146116e47

SHA1
1101440f95360845929176b54f9df4d61d2cdcfb

SHA256
b63d203220b156d2304ad98e7a783aacfc1ed9f830384c7f645c75acfc770e64

SHA512
41c19cd5f9da6504520aa1a5b71ee6aa86487234ea4d2fa5b23be9567104733df405ab13ff47b7086e0ab98f0e62b9430733cf86db41c172f8b40d4f65fcd634

Download Submit
C:\Users\Admin\AppData\Roaming\cloud-sign-agent\avjceprov\win64\avcryptokibignmt.dll

Filesize
1.5MB

MD5
9454f21a7838cebd77423bfcb4bf5343

SHA1
6c3b14a846ae3bd4ffb2f33e92498b73a1a30579

SHA256
6e0e06ae20ef55858e04ffa3fce1ad2b3b6ba1f8092acc73deef2e11608bea12

SHA512
eb06806ae0c91fe485e90aa501a845f506454eb064222585e1ddcd2ad1682670dd208c46053b787a7453d664168d5c1b652aba1ea19a82df65a5a6c210c334fe

Download Submit
C:\Users\Admin\AppData\Roaming\cloud-sign-agent\avjceprov\win64\pkcs11wrapper.dll

Filesize
142KB

MD5
efbc270601c1068395bb81d501a78100

SHA1
b0c5ae68017b0764db899672e1d9f5caaa8b6ea1

SHA256
a190106efa7f74b850cf895c5481a61d98898809cd340beb0101de63b1edc64f

SHA512
d074233ced5b90c004c52901fdec7ce6fe5aba27a00dc0919811264f3b530ffc4792c8074056d785fe972e5513889f547c2d03c025547af264b87c18c0d2dcfa

Download Submit
C:\Users\Admin\AppData\Roaming\cloud-sign-agent\cryptoj-agent\bin\VCRUNTIME140.dll

Filesize
85KB

MD5
6e2b2ddb1bc783122018d99d38497298

SHA1
414dfc02289926416399fd986a303e32e812c595

SHA256
02fcb91909ed2ecc68b62bceaca7b8d8319e7d625e599756c170db631237da69

SHA512
3d2a9b62f4ad87b69a582cd97d3d7a1ae20a99561b65a8c20fbea8b83c1515541bde4d9f3f8b88c03f5fe4f956bc4533b5171e29fde89cc0265c99384eac2358

Download Submit
C:\Users\Admin\AppData\Roaming\cloud-sign-agent\cryptoj-agent\bin\java.dll

Filesize
143KB

MD5
756161294a52ef7ec18ee4ce1963946b

SHA1
32881a11f170bea11d130329b3ce74e9bc32ec63

SHA256
cff434489d4ed6226d8b5f10864444999ab5666762fad05c7e57ac14985c9a63

SHA512
3e7ab89041e658fe6fc224b844ca14420d4a39a255ebfeeb7985a45f28e2170b6965185f85367a19a26ad5ef64812fd8d54be6fb3320a1ff10ad295e8a5da2b3

Download Submit
C:\Users\Admin\AppData\Roaming\cloud-sign-agent\cryptoj-agent\bin\java.exe

Filesize
38KB

MD5
d0acbb9a35acdefeb50ee5058c2ff338

SHA1
41c945204b8352d8df5f851b4cc4c693ab1f3066

SHA256
5da623ae8ceac135e858d609fc6eeb2268d64b5d76283c9960e3fde915d241d6

SHA512
e6264758172021ad3eb5eaf6424b5a6f8c56d032b35fe5d23dfc47af763438cd02d26cdc09b7493051e2a4d379735bc824635a0b26801875ba98e22f5ec597fa

Download Submit
C:\Users\Admin\AppData\Roaming\cloud-sign-agent\cryptoj-agent\bin\jimage.dll

Filesize
23KB

MD5
f609d0f240c35d6d83190cf5492d5143

SHA1
eeda4a57dc4daff765fc5d2d4968451d9674b26a

SHA256
b9902972fe0c15baa08ce0d8a436c6bd7d9515f02aeaa3b86718ee16b6bcf036

SHA512
6a7ce88c3eb4c1ad3cc4b917108ab0b7ba2339d939c78215c56edc6a8152b0bfe33589fb93d773c5d6f5aec3f3f3759496311c344f68900b8216ccc5b56c616a

Download Submit
C:\Users\Admin\AppData\Roaming\cloud-sign-agent\cryptoj-agent\bin\jli.dll

Filesize
75KB

MD5
d0f4d6a3c0730a397b0beaf063e1cd6b

SHA1
a2b02bc7bcaa37b845678c8570e3e0538d2fecdc

SHA256
030542ec6813501c60dd7f09b710590f5f61df76d16561f978d3959c0b522b97

SHA512
ed865069dafd8933f0762a2d0d8ee047f36291a16177a0b486f1263b278c7d99bbe29fcb60c00d7db52109e55b3f0e3a0671e2bed5b1accf7d49c07b0aacaa85

Download Submit
C:\Users\Admin\AppData\Roaming\cloud-sign-agent\cryptoj-agent\bin\msvcp140.dll

Filesize
611KB

MD5
eb1b46c4b900e4c83066760a737986cd

SHA1
90444980a36e79c043e6f037841822a9ef89af9d

SHA256
29206a9a3abb8962593312edc6fb5aaa76a86fae8f24c1e1718707001b8df3dd

SHA512
2bb5ada10764e4ea527e1f8e706ceba8f3fd25704f494e1b900b8c9a24a954a1ee069ebcff8899d0e1bec92af2025e0a58b4b7745f72b1313ba27b93b26be5e0

Download Submit
C:\Users\Admin\AppData\Roaming\cloud-sign-agent\cryptoj-agent\bin\net.dll

Filesize
82KB

MD5
e816706524af6b5a19f93eb64a6f15ee

SHA1
8e3318d2f7bd8d900fef9505ddfaf444b2e53254

SHA256
c48579b63a88118e45728ae546a8cb68fd1d911a984e62a4426bcdeac475486b

SHA512
c596dbd52b4dcdf4bbfac9fbcda5eba292581ec8745c59de6da306134f6d3e58e46eccde395120636f9aa48a3b4cd974d1fd8c40868d29d06e1c8b9af8c38d06

Download Submit
C:\Users\Admin\AppData\Roaming\cloud-sign-agent\cryptoj-agent\bin\nio.dll

Filesize
55KB

MD5
f7e0d8f64cd2ab7b138861eca02d2685

SHA1
ed11be9d1cfbf5577a9acf213be410586e151ff7

SHA256
e6c505b668986e103788427a11569aba66a8712b0411bc425b14ff15ae47e18d

SHA512
9ab1d77996660a6f4a9b7ffcc637bf1ac89847b849ad05e6e763d07b5a728c0f7a4dbf1f83bdd0c617b04dd37257622a56241fe7d0c610c126423cb3afe056f3

Download Submit
C:\Users\Admin\AppData\Roaming\cloud-sign-agent\cryptoj-agent\bin\server\jvm.dll

Filesize
10.4MB

MD5
7a5c53e9949b07f520e84a7ca5389f31

SHA1
16ba55492ce9bc79403c66e7bad7201bebecd2fd

SHA256
c7d393eea9e4938e4f5480536e5a5e341ed7be0ebfcfd7c2cacef863531508f2

SHA512
447d1f3e1fc2425473303d7a88e1dbb88f661268edb20293ca9e734635ab4b9eed2bacb352c956f3710954a6bc05a9363d9702c661a26be25c204138bcb52ebc

Download Submit
C:\Users\Admin\AppData\Roaming\cloud-sign-agent\cryptoj-agent\bin\verify.dll

Filesize
44KB

MD5
cf76139a8e43e9645dd79ca418bead0c

SHA1
bd23b8a85f298fa3201280da2d67e3678e29a049

SHA256
12dd67b01020d3096e1459024e56603b1e8053771153306c46c199b3afab9847

SHA512
5fc238a6a3705b2f64ec96e981c985954b1da437de7a89dca7e84231d8fd1a0cb867760ac21edb26dedbdc49e3978a8bcfd679d080f5e659a4954948ea82a9da

Download Submit
C:\Users\Admin\AppData\Roaming\cloud-sign-agent\cryptoj-agent\bin\zip.dll

Filesize
72KB

MD5
b88504e93e017484617b42b7daa5295c

SHA1
5533506459c95ba9f5c3911cf1d37af06e830f27

SHA256
6dfa6428196cf279be491cc41aa6836217a5cad7d3b837f1e084a8a5b1dc9dcf

SHA512
8917a047a800eb283a53f8dfff55b408dc90e107e2f2b7a84f544aca63c0b78f2229d2ff1a9f5f42999ea737df749720381b72c7b39c1115190ef82f5e7ccbb3

Download Submit
C:\Users\Admin\AppData\Roaming\cloud-sign-agent\cryptoj-agent\conf\security\java.security

Filesize
47KB

MD5
aed97e7bbeaac7508519a814ffd7534a

SHA1
5b507bea8d89313d2ef746970721bbf24b1a675e

SHA256
fec2741477f5cddea082c8fbc4250d998798136a7fbf39161696d6939a82f96a

SHA512
24c3cafbb436d18d1cfb933b8ba3dec8f73b3da416f3062134e3964baabf85d5d458e2a44a6d41d8616618c47d0ecfbcda0b1b3fb983f98182d7a77b0c679970

Download Submit
C:\Users\Admin\AppData\Roaming\cloud-sign-agent\cryptoj-agent\lib\jvm.cfg

Filesize
28B

MD5
4006564666795c838eed8b7fd958b0af

SHA1
cd6d4f2868725ef7541485719c6ea88d05e43724

SHA256
54ac5bb838f64585085f6c04b73431a96b9246cc0090943c48b067ab05086180

SHA512
87643b6f1da35a9a60869ef1f68141b3e4225fc65b256f31f7289c854d0e929e587ab572d4f67f2802aea89958b3a45a23c83bcc60c6b30613c87021ef537b03

Download Submit
C:\Users\Admin\AppData\Roaming\cloud-sign-agent\cryptoj-agent\lib\main.jar

Filesize
723KB

MD5
84734f43c23e3ed233957ed969884040

SHA1
1008fdfdf798e1bff4ef76102f804f93d28b7a44

SHA256
1d0498550cd620e19e2f1f7d616e2ec4c732733fd1cb2f3573e4bb8088f3f140

SHA512
afb0f570d1a382b2ddc2adde259d78a21ec2faded0a54d4b1cb212105e66b6ae6483d45d5eb1514c83567063cb4fbae26a88367e8ff1cd00a9bea6aa3263d3da

Download Submit
C:\Users\Admin\AppData\Roaming\cloud-sign-agent\cryptoj-agent\lib\modules

Filesize
9.0MB

MD5
3e89e958f064ce93c7200ecbba3f029a

SHA1
c29158311b00f5b1cba6fa707d22dae06cf659f1

SHA256
ed1df4f7bb92abf48bd2039008e72d77d54b00e86deff2fd7d5d771c1a7865ea

SHA512
17a9a3d2860861602eab2c24deb7db6788eca9d0364b748a60bdc0bc4ae276c0abf0e6a28c934a882d663a4ea8591652c7ba31caf1065a735e8d2fd2eb25c5bb

Download Submit
C:\Users\Admin\AppData\Roaming\cloud-sign-agent\cryptoj-agent\lib\tzdb.dat

Filesize
105KB

MD5
7650737fe7cd56bea3ae1fee5394bf15

SHA1
79a5a6f7ece8583ce01b87b62d72244cc615042d

SHA256
f87f0e451122f5a9ded4ee69623696cffe3dd7823a9527439eb301f648c56967

SHA512
7efee66c19e872c82af8ece245d9f90354c018240ebfe535b629a0e5bf49f0683b5873ba0e4f5bf218ab2d5c98c66f0f03641dc72c6cdc53597f96b22afa0957

Download Submit
C:\Users\Admin\AppData\Roaming\cloud-sign-agent\cryptoj-agent\lib\tzmappings

Filesize
9KB

MD5
62bc9fa21191d34f1db3ed7ad5106efa

SHA1
750cc36b35487d6054e039469039aece3a0cc9e9

SHA256
83755efbcb24476f61b7b57bcf54707161678431347e5de2d7b894d022a0089a

SHA512
af0ddb1bc2e9838b8f37dc196d26024126ac989f5b632cb2a8efdc29fbce289b4d0bac587fe23f17dfb6905ceada8d07b18508db78f226b15b15900738f581a3

Download Submit
memory/3744-394-0x00007FFC13B20000-0x00007FFC13B21000-memory.dmp

Filesize
4KB

Download
memory/3944-282-0x0000021BDE760000-0x0000021BDE7AC000-memory.dmp

Filesize
304KB

Download
memory/3944-278-0x0000021BDE700000-0x0000021BDE743000-memory.dmp

Filesize
268KB

Download
memory/3944-283-0x0000021BDE7C0000-0x0000021BDE85A000-memory.dmp

Filesize
616KB

Download
memory/3944-284-0x0000021BDE880000-0x0000021BDEA2F000-memory.dmp

Filesize
1.7MB

Download
memory/3944-286-0x000000006A800000-0x000000006A82B000-memory.dmp

Filesize
172KB

Download
memory/3944-287-0x0000000062EC0000-0x0000000062EEA000-memory.dmp

Filesize
168KB

Download