hxxps://drive[.]google[.]com/file/d/19qxOE8ugmSZTckUJKNgsLr7WOgpWmfMi/view?pli=1

Analysis

max time kernel
501s
max time network
502s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
14-07-2024 03:48

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

https://drive.google.com/file/d/19qxOE8ugmSZTckUJKNgsLr7WOgpWmfMi/view?pli=1

Score

8^/10

evasion execution persistence privilege_escalation

Malware Config

Signatures

Blocklisted process makes network request 8 IoCs

flow	pid	Process
129	3708	PowerShell.exe
130	3708	PowerShell.exe
131	3708	PowerShell.exe
132	3708	PowerShell.exe
133	3708	PowerShell.exe
134	3708	PowerShell.exe
135	3708	PowerShell.exe
136	3708	PowerShell.exe

Modifies Windows Firewall 2 TTPs 2 IoCs

evasion

Windows Service

T1543.003

Disable or Modify System Firewall

T1562.004

pid	Process
436	netsh.exe
4900	netsh.exe

Executes dropped EXE 7 IoCs

pid	Process
2676	Set-up.exe
3296	Set-up.exe
4436	Set-up.exe
3496	Set-up.exe
3292	Patch.exe
2208	Set-up.exe
4560	Set-up.exe

Unexpected DNS network traffic destination 8 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

description	ioc
Destination IP	205.251.196.135
Destination IP	205.251.196.135
Destination IP	205.251.196.135
Destination IP	205.251.196.135
Destination IP	205.251.196.135
Destination IP	205.251.196.135
Destination IP	205.251.196.135
Destination IP	205.251.196.135

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
2	drive.google.com
13	drive.google.com
14	drive.google.com
15	drive.google.com

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\WindowsApps	Patch.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 2 IoCs

Using powershell.exe command.

execution

PowerShell

T1059.001

pid	Process
2940	PowerShell.exe
3708	PowerShell.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Event Triggered Execution: Netsh Helper DLL 1 TTPs 6 IoCs

Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

persistence privilege_escalation

Netsh Helper DLL

T1546.007

description	ioc	Process
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe

Program crash 6 IoCs

pid	pid_target	Process	procid_target
4428	2676	WerFault.exe	115
380	3296	WerFault.exe	121
4588	4436	WerFault.exe	125
1148	3496	WerFault.exe	134
4452	2208	WerFault.exe	151
3152	4560	WerFault.exe	159

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer settings 1 TTPs 7 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	Set-up.exe
Key created	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	Set-up.exe
Key created	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	Set-up.exe
Key created	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	Set-up.exe
Key created	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	Set-up.exe
Key created	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	Set-up.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Set-up.exe = "11001"	Set-up.exe

Modifies data under HKEY_USERS 15 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "182"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe

Modifies registry class 33 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	Patch.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	Patch.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	Patch.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\MRUListEx = ffffffff	Patch.exe
Key created	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell	Patch.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	Patch.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	Patch.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0 = 8c00310000000000e958587c110050524f4752417e310000740009000400efbe874fdb49ee58991e2e0000003f0000000000010000000000000000004a0000000000a3c99600500072006f006700720061006d002000460069006c0065007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100370038003100000018000000	Patch.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202	Patch.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\NodeSlot = "8"	Patch.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	Patch.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	Patch.exe
Key created	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	Patch.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\MRUListEx = 00000000ffffffff	Patch.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell\SniffedFolderType = "Generic"	Patch.exe
Key created	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	Patch.exe
Key created	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg	Patch.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	Patch.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	Patch.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	Patch.exe
Key created	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	Patch.exe
Key created	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	Patch.exe
Key created	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings	Patch.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202	Patch.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0000000001000000ffffffff	Patch.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	Patch.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	Patch.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	Patch.exe
Key created	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	Patch.exe
Key created	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0	Patch.exe
Key created	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	Patch.exe
Key created	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8	Patch.exe
Key created	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	Patch.exe

Modifies system certificate store 2 TTPs 3 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	Set-up.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	Set-up.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	Set-up.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3748	msedge.exe
3748	msedge.exe
1572	msedge.exe
1572	msedge.exe
1148	identity_helper.exe
1148	identity_helper.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
512	msedge.exe
1936	msedge.exe
1936	msedge.exe
2940	PowerShell.exe
2940	PowerShell.exe
3292	Patch.exe
3292	Patch.exe
3708	PowerShell.exe
3708	PowerShell.exe
3292	Patch.exe
3292	Patch.exe
3292	Patch.exe
3292	Patch.exe
3292	Patch.exe
3292	Patch.exe
1912	taskmgr.exe
1912	taskmgr.exe
1912	taskmgr.exe
1912	taskmgr.exe
1912	taskmgr.exe
1912	taskmgr.exe
1912	taskmgr.exe
1912	taskmgr.exe
1912	taskmgr.exe
1912	taskmgr.exe
1912	taskmgr.exe
1912	taskmgr.exe
1912	taskmgr.exe
1912	taskmgr.exe
1912	taskmgr.exe
1912	taskmgr.exe
1912	taskmgr.exe
1912	taskmgr.exe
1912	taskmgr.exe
1912	taskmgr.exe
1912	taskmgr.exe
1912	taskmgr.exe
1912	taskmgr.exe
1912	taskmgr.exe
1912	taskmgr.exe
1912	taskmgr.exe
1912	taskmgr.exe
1912	taskmgr.exe
1912	taskmgr.exe
1912	taskmgr.exe
1912	taskmgr.exe
1912	taskmgr.exe
1912	taskmgr.exe
1912	taskmgr.exe
1912	taskmgr.exe
1912	taskmgr.exe
1912	taskmgr.exe
1912	taskmgr.exe
1912	taskmgr.exe
1912	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3292	Patch.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe

Suspicious use of AdjustPrivilegeToken 31 IoCs

description	pid	Process
Token: SeRestorePrivilege	4736	7zG.exe
Token: 35	4736	7zG.exe
Token: SeSecurityPrivilege	4736	7zG.exe
Token: SeSecurityPrivilege	4736	7zG.exe
Token: SeManageVolumePrivilege	2860	svchost.exe
Token: SeDebugPrivilege	2940	PowerShell.exe
Token: SeIncreaseQuotaPrivilege	2940	PowerShell.exe
Token: SeSecurityPrivilege	2940	PowerShell.exe
Token: SeTakeOwnershipPrivilege	2940	PowerShell.exe
Token: SeLoadDriverPrivilege	2940	PowerShell.exe
Token: SeSystemProfilePrivilege	2940	PowerShell.exe
Token: SeSystemtimePrivilege	2940	PowerShell.exe
Token: SeProfSingleProcessPrivilege	2940	PowerShell.exe
Token: SeIncBasePriorityPrivilege	2940	PowerShell.exe
Token: SeCreatePagefilePrivilege	2940	PowerShell.exe
Token: SeBackupPrivilege	2940	PowerShell.exe
Token: SeRestorePrivilege	2940	PowerShell.exe
Token: SeShutdownPrivilege	2940	PowerShell.exe
Token: SeDebugPrivilege	2940	PowerShell.exe
Token: SeSystemEnvironmentPrivilege	2940	PowerShell.exe
Token: SeRemoteShutdownPrivilege	2940	PowerShell.exe
Token: SeUndockPrivilege	2940	PowerShell.exe
Token: SeManageVolumePrivilege	2940	PowerShell.exe
Token: 33	2940	PowerShell.exe
Token: 34	2940	PowerShell.exe
Token: 35	2940	PowerShell.exe
Token: 36	2940	PowerShell.exe
Token: SeDebugPrivilege	3708	PowerShell.exe
Token: SeDebugPrivilege	1912	taskmgr.exe
Token: SeSystemProfilePrivilege	1912	taskmgr.exe
Token: SeCreateGlobalPrivilege	1912	taskmgr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1912	taskmgr.exe
1912	taskmgr.exe
1912	taskmgr.exe
1912	taskmgr.exe
1912	taskmgr.exe
1912	taskmgr.exe
1912	taskmgr.exe
1912	taskmgr.exe
1912	taskmgr.exe
1912	taskmgr.exe
1912	taskmgr.exe
1912	taskmgr.exe
1912	taskmgr.exe
1912	taskmgr.exe
1912	taskmgr.exe
1912	taskmgr.exe
1912	taskmgr.exe
1912	taskmgr.exe
1912	taskmgr.exe
1912	taskmgr.exe
1912	taskmgr.exe
1912	taskmgr.exe
1912	taskmgr.exe
1912	taskmgr.exe
1912	taskmgr.exe
1912	taskmgr.exe
1912	taskmgr.exe
1912	taskmgr.exe
1912	taskmgr.exe
1912	taskmgr.exe
1912	taskmgr.exe
1912	taskmgr.exe
1912	taskmgr.exe
1912	taskmgr.exe
1912	taskmgr.exe
1912	taskmgr.exe
1912	taskmgr.exe
1912	taskmgr.exe
1912	taskmgr.exe
1912	taskmgr.exe

Suspicious use of SetWindowsHookEx 15 IoCs

pid	Process
2676	Set-up.exe
2676	Set-up.exe
3296	Set-up.exe
3296	Set-up.exe
4436	Set-up.exe
4436	Set-up.exe
3496	Set-up.exe
3496	Set-up.exe
3292	Patch.exe
3292	Patch.exe
2208	Set-up.exe
2208	Set-up.exe
4560	Set-up.exe
4560	Set-up.exe
1916	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1572 wrote to memory of 3448	1572	msedge.exe	83
PID 1572 wrote to memory of 3448	1572	msedge.exe	83
PID 1572 wrote to memory of 4500	1572	msedge.exe	85
PID 1572 wrote to memory of 4500	1572	msedge.exe	85
PID 1572 wrote to memory of 4500	1572	msedge.exe	85
PID 1572 wrote to memory of 4500	1572	msedge.exe	85
PID 1572 wrote to memory of 4500	1572	msedge.exe	85
PID 1572 wrote to memory of 4500	1572	msedge.exe	85
PID 1572 wrote to memory of 4500	1572	msedge.exe	85
PID 1572 wrote to memory of 4500	1572	msedge.exe	85
PID 1572 wrote to memory of 4500	1572	msedge.exe	85
PID 1572 wrote to memory of 4500	1572	msedge.exe	85
PID 1572 wrote to memory of 4500	1572	msedge.exe	85
PID 1572 wrote to memory of 4500	1572	msedge.exe	85
PID 1572 wrote to memory of 4500	1572	msedge.exe	85
PID 1572 wrote to memory of 4500	1572	msedge.exe	85
PID 1572 wrote to memory of 4500	1572	msedge.exe	85
PID 1572 wrote to memory of 4500	1572	msedge.exe	85
PID 1572 wrote to memory of 4500	1572	msedge.exe	85
PID 1572 wrote to memory of 4500	1572	msedge.exe	85
PID 1572 wrote to memory of 4500	1572	msedge.exe	85
PID 1572 wrote to memory of 4500	1572	msedge.exe	85
PID 1572 wrote to memory of 4500	1572	msedge.exe	85
PID 1572 wrote to memory of 4500	1572	msedge.exe	85
PID 1572 wrote to memory of 4500	1572	msedge.exe	85
PID 1572 wrote to memory of 4500	1572	msedge.exe	85
PID 1572 wrote to memory of 4500	1572	msedge.exe	85
PID 1572 wrote to memory of 4500	1572	msedge.exe	85
PID 1572 wrote to memory of 4500	1572	msedge.exe	85
PID 1572 wrote to memory of 4500	1572	msedge.exe	85
PID 1572 wrote to memory of 4500	1572	msedge.exe	85
PID 1572 wrote to memory of 4500	1572	msedge.exe	85
PID 1572 wrote to memory of 4500	1572	msedge.exe	85
PID 1572 wrote to memory of 4500	1572	msedge.exe	85
PID 1572 wrote to memory of 4500	1572	msedge.exe	85
PID 1572 wrote to memory of 4500	1572	msedge.exe	85
PID 1572 wrote to memory of 4500	1572	msedge.exe	85
PID 1572 wrote to memory of 4500	1572	msedge.exe	85
PID 1572 wrote to memory of 4500	1572	msedge.exe	85
PID 1572 wrote to memory of 4500	1572	msedge.exe	85
PID 1572 wrote to memory of 4500	1572	msedge.exe	85
PID 1572 wrote to memory of 4500	1572	msedge.exe	85
PID 1572 wrote to memory of 3748	1572	msedge.exe	86
PID 1572 wrote to memory of 3748	1572	msedge.exe	86
PID 1572 wrote to memory of 3440	1572	msedge.exe	87
PID 1572 wrote to memory of 3440	1572	msedge.exe	87
PID 1572 wrote to memory of 3440	1572	msedge.exe	87
PID 1572 wrote to memory of 3440	1572	msedge.exe	87
PID 1572 wrote to memory of 3440	1572	msedge.exe	87
PID 1572 wrote to memory of 3440	1572	msedge.exe	87
PID 1572 wrote to memory of 3440	1572	msedge.exe	87
PID 1572 wrote to memory of 3440	1572	msedge.exe	87
PID 1572 wrote to memory of 3440	1572	msedge.exe	87
PID 1572 wrote to memory of 3440	1572	msedge.exe	87
PID 1572 wrote to memory of 3440	1572	msedge.exe	87
PID 1572 wrote to memory of 3440	1572	msedge.exe	87
PID 1572 wrote to memory of 3440	1572	msedge.exe	87
PID 1572 wrote to memory of 3440	1572	msedge.exe	87
PID 1572 wrote to memory of 3440	1572	msedge.exe	87
PID 1572 wrote to memory of 3440	1572	msedge.exe	87
PID 1572 wrote to memory of 3440	1572	msedge.exe	87
PID 1572 wrote to memory of 3440	1572	msedge.exe	87
PID 1572 wrote to memory of 3440	1572	msedge.exe	87
PID 1572 wrote to memory of 3440	1572	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/19qxOE8ugmSZTckUJKNgsLr7WOgpWmfMi/view?pli=1
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd080046f8,0x7ffd08004708,0x7ffd08004718
  2⤵
  PID:3448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,3546736978928203560,1006372649717801300,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
  2⤵
  PID:4500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,3546736978928203560,1006372649717801300,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,3546736978928203560,1006372649717801300,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2760 /prefetch:8
  2⤵
  PID:3440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,3546736978928203560,1006372649717801300,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:4996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,3546736978928203560,1006372649717801300,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:1888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,3546736978928203560,1006372649717801300,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1
  2⤵
  PID:4840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,3546736978928203560,1006372649717801300,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
  2⤵
  PID:2676
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,3546736978928203560,1006372649717801300,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5820 /prefetch:8
  2⤵
  PID:4672
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,3546736978928203560,1006372649717801300,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5820 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2044,3546736978928203560,1006372649717801300,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5824 /prefetch:8
  2⤵
  PID:1932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,3546736978928203560,1006372649717801300,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
  2⤵
  PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,3546736978928203560,1006372649717801300,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6304 /prefetch:1
  2⤵
  PID:2504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,3546736978928203560,1006372649717801300,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6292 /prefetch:1
  2⤵
  PID:2588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,3546736978928203560,1006372649717801300,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6028 /prefetch:1
  2⤵
  PID:2412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,3546736978928203560,1006372649717801300,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1
  2⤵
  PID:4988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,3546736978928203560,1006372649717801300,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3084 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2044,3546736978928203560,1006372649717801300,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5708 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1936

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2944

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1148

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5040

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\WIN_AAI_V28.3.0.94_AP_ZNT\" -spe -an -ai#7zMap22636:112:7zEvent5365
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4736

C:\Users\Admin\Downloads\WIN_AAI_V28.3.0.94_AP_ZNT\1.INSTALAR\Set-up.exe
"C:\Users\Admin\Downloads\WIN_AAI_V28.3.0.94_AP_ZNT\1.INSTALAR\Set-up.exe"
1⤵
- Executes dropped EXE
- Modifies Internet Explorer settings
- Modifies system certificate store
- Suspicious use of SetWindowsHookEx
PID:2676
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 2488
  2⤵
  - Program crash
  PID:4428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 2676 -ip 2676
1⤵
PID:4048

C:\Users\Admin\Downloads\WIN_AAI_V28.3.0.94_AP_ZNT\1.INSTALAR\Set-up.exe
"C:\Users\Admin\Downloads\WIN_AAI_V28.3.0.94_AP_ZNT\1.INSTALAR\Set-up.exe"
1⤵
- Executes dropped EXE
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3296
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3296 -s 1356
  2⤵
  - Program crash
  PID:380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 3296 -ip 3296
1⤵
PID:3056

C:\Users\Admin\Downloads\WIN_AAI_V28.3.0.94_AP_ZNT\1.INSTALAR\Set-up.exe
"C:\Users\Admin\Downloads\WIN_AAI_V28.3.0.94_AP_ZNT\1.INSTALAR\Set-up.exe"
1⤵
- Executes dropped EXE
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:4436
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4436 -s 1456
  2⤵
  - Program crash
  PID:4588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 4436 -ip 4436
1⤵
PID:4476

C:\Users\Admin\Downloads\WIN_AAI_V28.3.0.94_AP_ZNT\1.INSTALAR\Set-up.exe
"C:\Users\Admin\Downloads\WIN_AAI_V28.3.0.94_AP_ZNT\1.INSTALAR\Set-up.exe"
1⤵
- Executes dropped EXE
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3496
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3496 -s 1928
  2⤵
  - Program crash
  PID:1148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 3496 -ip 3496
1⤵
PID:2384

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2860

C:\Users\Admin\Downloads\WIN_AAI_V28.3.0.94_AP_ZNT\2.PARCHEAR\Patch.exe
"C:\Users\Admin\Downloads\WIN_AAI_V28.3.0.94_AP_ZNT\2.PARCHEAR\Patch.exe"
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3292
- C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell.exe
  PowerShell Set-ExecutionPolicy Bypass -scope Process -Force;(Get-NetRoute | Where-Object DestinationPrefix -eq '0.0.0.0/0' | Get-NetIPInterface | Where-Object ConnectionState -eq 'Connected') -ne $null
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2940
- C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell.exe
  PowerShell Set-ExecutionPolicy Bypass -scope Process -Force;$ips=@();$soa=(Resolve-DnsName -Name adobe.io -Type SOA).PrimaryServer;Do{$ip=(Resolve-DnsName -Name adobe.io -Server $soa).IPAddress;$ips+=$ip;$ips=$ips|Select -Unique|Sort-Object}While($ips.Count -lt 8);$list=$ips -join ',';$list
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3708
- C:\Windows\SYSTEM32\netsh.exe
  netsh advfirewall firewall delete rule name="Adobe Unlicensed Pop-up"
  2⤵
  - Modifies Windows Firewall
  - Event Triggered Execution: Netsh Helper DLL
  PID:436
- C:\Windows\SYSTEM32\netsh.exe
  netsh advfirewall firewall add rule name="Adobe Unlicensed Pop-up" dir=out action=block remoteip="18.213.11.84,3.219.243.226,3.233.129.217,34.237.241.83,50.16.47.176,52.22.41.97,52.6.155.20,54.224.241.105"
  2⤵
  - Modifies Windows Firewall
  - Event Triggered Execution: Netsh Helper DLL
  PID:4900

C:\Users\Admin\Downloads\WIN_AAI_V28.3.0.94_AP_ZNT\1.INSTALAR\Set-up.exe
"C:\Users\Admin\Downloads\WIN_AAI_V28.3.0.94_AP_ZNT\1.INSTALAR\Set-up.exe"
1⤵
- Executes dropped EXE
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2208
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 2236
  2⤵
  - Program crash
  PID:4452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 2208 -ip 2208
1⤵
PID:1788

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
PID:1912

C:\Users\Admin\Downloads\WIN_AAI_V28.3.0.94_AP_ZNT\1.INSTALAR\Set-up.exe
"C:\Users\Admin\Downloads\WIN_AAI_V28.3.0.94_AP_ZNT\1.INSTALAR\Set-up.exe"
1⤵
- Executes dropped EXE
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:4560
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4560 -s 2232
  2⤵
  - Program crash
  PID:3152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 4560 -ip 4560
1⤵
PID:3608

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa38d1055 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:1916

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DA3B6E45325D5FFF28CF6BAD6065C907_EA01B8AC2C0BE6E5850A0487D704D929

Filesize
471B

MD5
28fb39636ca3c51af0a20961b7480b4f

SHA1
2201d3e354344df415c07cda3dc0264af4dd63fe

SHA256
5547c9ba22749627fd158027393e5d25325e050b8cbdd79b7f23c6714b40d80e

SHA512
b07aaba7deb7c2f6e244aae77bfd090347044e7505ec38bb946f2ce7493e782b4b26e25ac3566e87af6b081303c6dc9cf59fb54856f2470f60aec58486cbdb3a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DA3B6E45325D5FFF28CF6BAD6065C907_EA01B8AC2C0BE6E5850A0487D704D929

Filesize
408B

MD5
5ce9aa48de8edebf7b66ce8e189eacc5

SHA1
66ac38b5d7554973e14e3fab74954a5d06506695

SHA256
2765cf068b7a42237ba25a1f33a208d5ad47879a9355686f0b3b34f442bea03f

SHA512
919f1e6baa2788dff84fe9780868f10c46cadb0309a782f94768feb9f7c64179f922973e56cf41753c1f75d1e8955da421e0535c2a3df208d227576ae4b35eac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
584971c8ba88c824fd51a05dddb45a98

SHA1
b7c9489b4427652a9cdd754d1c1b6ac4034be421

SHA256
e2d8de6c2323bbb3863ec50843d9b58a22e911fd626d31430658b9ea942cd307

SHA512
5dbf1a4631a04d1149d8fab2b8e0e43ccd97b7212de43b961b9128a8bf03329164fdeb480154a8ffea5835f28417a7d2b115b8bf8d578d00b13c3682aa5ca726

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b28ef7d9f6d74f055cc49876767c886c

SHA1
d6b3267f36c340979f8fc3e012fdd02c468740bf

SHA256
fa6804456884789f4bdf9c3f5a4a8f29e0ededde149c4384072f3d8cc85bcc37

SHA512
491f893c8f765e5d629bce8dd5067cef4e2ebc558d43bfb05e358bca43e1a66ee1285519bc266fd0ff5b5e09769a56077b62ac55fa8797c1edf6205843356e75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
37fea521eb1b43f158d5dc3dab6fa2af

SHA1
f9f8eb118523d366ca9375a7963fbe522d2c2b58

SHA256
1c6095eaab4af353425eb3e85fcb438b0e9775570a1601b590b2b1c701fd7682

SHA512
cbd95cb1d99ce330120710ab6709fa704a7babaa7c41d2d0947e367fa8edca3e465f5da7e4b437f8fcc02b753f2d597928a30101f9b57e57f6e17567cd1a5a11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
c40a009f18de79ee69e0c62cca62da2f

SHA1
132ae18c283576b6f6db3dc5ee01abe1468987cc

SHA256
b939295c4eac96970ed9844b02881c5b4d854f86bc2369e41264f8c0503d274e

SHA512
5d37fb8b50cb1a7c755fcc0cc61c4707080c9ae18cde8529adc34157b0a54f65fe17c50cf701387afb84eac4b75c8f7ce43c81301ff6b2062cd24bc3b096a1b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
771251d243cd0416215ec1fc47fea395

SHA1
079cd2327aac95cbd234b5694c0961386156dd43

SHA256
6f5ead5aad58a725a723d014023fb083f25984c767e5bf67e79eaa044665a9e6

SHA512
da7d945485d3a3e691e2dc9c807f927b640e83fe5da2013090159c05c52a4c08b3b6661784dad2fcee9ee668db445a83d378380a6a26630051193d67a9e3828a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
e1776c3250f0331ac12ff34f8bea451b

SHA1
e9f58f1017df344ce1292c76911ac9ce856c9e5a

SHA256
dc3774db54c19ccf0a65722ea30a31ea49efa9ed3a7a13e118fcb6400b4854cb

SHA512
f13b45ea91c1c7e57dbf8f6f477527cd7e2db744528ac6992b21fba0573a4c20b137658cbe6b0b8c738b558344670d9dfc4efc79e889e5540cf2e995f007e0de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
927639eb939843ccfee13a43f1c44421

SHA1
b788a3ed15ad9fd9a5873309ffeda17f412241fb

SHA256
eb89d7293dbd31bad8e222a44ce770859efe15f1ecbb153a568190303941dfec

SHA512
8aeca93a4bdc16428dc9a8ee0d04e7bb9efa6c3d7b0c9532ae5251ab925e9205bd0ba260af5ea2a5c1050486da1ba4f607a5b24756cf0e399c2d6c5dd816f824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f9b79eea5d3fb41c02aa6a985f7c47bf

SHA1
cd9d08fbe891336dbe46130057a42015b1e6164c

SHA256
42a263ae685484368b49632fa8cf2e9271159e191a85094e5169ba6de8ab2248

SHA512
5ce441d4104e1f23c002bda80cf00e584b9feaff66e70bd34af1843e0c2cbaf09cd62b22b6ee479dea2683c5ad90f9e847740382cb875620b1da8354a685484b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
fee487f1a47e49e91f9acd36c7b57163

SHA1
8d5cb7f7439a8f173a2ef0080b3e6aa938376716

SHA256
88f0ea5ce440985a4431ad3aae208cf0b21705a7d89b0140ebb473b71af66e5a

SHA512
7b4cde1fb37d79dffa114d878c26921e27c977239c82eaeaf69153d083adcdb77764d741ec5138ee0819bb325493790e6686e7fd5aa52ff4619ff18f5fc38da2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
4bde81fbb88ea3d15445fd10946f216c

SHA1
8c8348f867b7439e943a8418c16356e551ccff8f

SHA256
6c7738a278fe840757aaec23501c07bf446fd797bf699f5820bba7f5e6e818a7

SHA512
da17f45241c2abb6621870afdd671121901b0e86509e91dc8365bb858dba57419d83039b90c68f892566ac9a62d28d84f7db4599beda75a4e312a21f1a8a4a8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b0ea3c09-60c6-4f80-a4a5-6f88b450b166.tmp

Filesize
7KB

MD5
fddd78bf30e9f45e41af826ee5202fec

SHA1
a8cf1c0ded305c8a8fcd186c074b854adadb1cbb

SHA256
1271c167e162eef22b70af72591ae1120a76ced235abe1e02d0fd6f25dbedbdc

SHA512
987afd85f05c022afb0e5d0c8539bd33374852cfdf64131dafdd88ab31d4d1605fabd2fc1b7d774dd66de44b0f1eb7f2c4c9f36a8f27f8b98babac21a4da35f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
a10b19c05f9de6141b6b7953c3806fd8

SHA1
f46dfb60923ca8224ea1e3e7a2d6f923948cbd06

SHA256
b2ce979fd005e61e58b0373d73f9e7e39aac4b74972e29db81e4dfbb333bbac9

SHA512
55a52f8da90cb660316c6e289590a77cfbfe024137b89672627388200e1b055ae9e8b818b3fde5be394c0181017167e4ed57df6c64c41a21ac916b0c27b153a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
018fc1e9e6486bf72460239b4f8d9f89

SHA1
ea4b743f7711e4a4bfb5c6592c7c3f2e386a0475

SHA256
2573fb98b9d223d8cb0f8bf69f21c3597ec02b693f925d89dd9f91067c8b4cd4

SHA512
87ae0bf4bd0089473ff61b961438f3c3523b9d79e6d7bcd5a0193e449a529fa2fec81690a42ba10d2b6283826d47a0fbd63a42aa64268e1028d450ee78cb4499

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a9de1c1e6aaf166a6fe01724b5b5d8c6

SHA1
0b2681c8f7698a8d3a6940c9bcc6268a2634a3ef

SHA256
5f5764adc955a3a508fe85601598dc545cdca4191c3de777cc3410990c3160e9

SHA512
340c25f3d476aec21f99b1016b9ea20908ffd0629ab4ec1f7d69d6176d2915b480af1047ea58ffb1e4c62afa98aed562ed27c0b07bbe91d29be992dfdab94679

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
7e266166dc6bab42ee7796c0ebc23319

SHA1
f665de3254b2099c943c6341b67be980cbb156ad

SHA256
148116e0ae69f2d7a65040b483e6e87a6f2d01bb384df25aaaef13e259cf3c13

SHA512
795cebc5f108906481e27ee9a095ce046bc840218e0d7ccd2ad27ecf3d2c7f5e88dd1d17cb4d8a51909e82d39edc324b4b6f090f858a8215cb45412f70cac138

Download Submit
C:\Users\Admin\AppData\Local\Temp\CreativeCloud\ACC\AdobeDownload\HDInstaller.log

Filesize
4KB

MD5
db1dba23219595123ce3407127c46bb8

SHA1
1075e7e324fb433f62cc0d7b7bbbe24c186e8a59

SHA256
84644acff719ec45c8e9d2e47ba6f679d6a8585ba518340a60c368f03336b674

SHA512
5ab413682c4e3e34a0d4f53b1a30e97a71bf6a089cc5ac28919827bf7b07e3dd8d68fe3a22120f5e8ea8d6fe6973865f496a26f619b4fe5e89b2a8ade602ee45

Download Submit
C:\Users\Admin\AppData\Local\Temp\NGLClient_HDESD15.3.1.470.log

Filesize
1KB

MD5
69e50c2a18e698803915c58e4deda7d2

SHA1
676e9e19476916e55703849ca471229b16e5632b

SHA256
c607bae7daa171dc56220386b9c0afac9ce37c72e2ad04092d35b7fe572ea8a0

SHA512
e3265861f800b76b3b427b5ac80958ee9e46b423a6a5dd8117d163d981b6180df3c1d031d222b0ad4f00ba1642464300cae4ce3307d07ea7ca4334b2f77ff7d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_knyqtufx.eg1.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\dat5F3.tmp

Filesize
140KB

MD5
d070306a9062178afdfa98fcc06d2525

SHA1
ba299b83eb0a3499820fddcf305af0ddbda3e5d0

SHA256
8f5ccdfd3da9185d4ad262ec386ebb64b3eb6c0521ec5bd1662cec04e1e0f895

SHA512
7c69e576b01642ecd7dd5fe9531f90608fa9ade9d98a364bcc81ccd0da4daef55fd0babc6cb35bff2963274d09ef0cd2f9bce8839040776577b4e6a86eb5add5

Download Submit
C:\Users\Admin\AppData\Local\Temp\dat623.tmp

Filesize
140KB

MD5
e204643042591aeec2043c5eae255099

SHA1
ba5f2f94740400f540befc89f1c4d022a26faa84

SHA256
7f58f56a7a353f8fc78ec2757394a7c7f28165e6bbf2a37d6a6e48e845874f3e

SHA512
7196c5b8e88100a08eb296be7570df4d045268ad6bab1c45ebaa9063aa9b46b8896886e24a9f861e322b167dd95e18d5a18abb76f1bb01c8bc85c36bead855ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\dat653.tmp

Filesize
139KB

MD5
dfce51814cf6d2f42375f948602cd99d

SHA1
766e162ff305343010b67fbaa28b36af277c5b34

SHA256
7a8a945586a1d21d2922cb4aed9e28d872129f6c396ac69f47ef3e32ea972ba0

SHA512
2c9489c18719ad29928e86a9e631e080b024c882a77a582f40f4f86f625de9b08ad3c09710d5ee32b5cae5284fd960f412f05290bdb3b4709f097b269b99ce21

Download Submit
C:\Users\Admin\AppData\Local\Temp\dat654.tmp

Filesize
103KB

MD5
fa794ec12d353c26805ff53821331fc2

SHA1
cbc6658badeda2ad9b0d2e03a0a35ff7fbba542a

SHA256
cfdbd8a2aa463c11e483dc10c480acd274e9786632f5571a3970e8a20a2d8237

SHA512
1161afdbf6fc9b74421031fe6e139587f291ffaec03cae4aa76c1a86e10a69c7b1602ecbfbf60287ce8ed926377ad159992cde605ba98e75b212e971b7e14f18

Download Submit
C:\Users\Admin\AppData\Local\Temp\{2C9E86D7-3315-4C4F-92ED-AC3CFC469435}\Dictionary\en_US.json

Filesize
72KB

MD5
c693e1bd4feda683ae5c71f2bd6b9de8

SHA1
2f3c32dbb95623c52ebf3b608074afdfbcbf050a

SHA256
5dffe13d4c72f59dbc6f8efb439350518acd4e8e07efa124973cfd1a625f60d4

SHA512
a48c520b1432f208f7494759d316cf2411163373ef7ba5bb2b2121b4520beb2932d4ea612e9d2dc8997b6221fa2d44c9312928c79394a5d8c577fa39aa5007d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\{2C9E86D7-3315-4C4F-92ED-AC3CFC469435}\clean.css

Filesize
702KB

MD5
4f3364af3e396f92a8826532bfb1a7e5

SHA1
7f7b613435ece78a358f2066287c2f2c3c6aa168

SHA256
45b9b77499356527e9047256db96a542a720bf075d67e9f6ba55d51fd562339e

SHA512
c022a28656483106095967ec4d57eb743d04f029406c2c553c9d19c103520e274c0eea19f411bdb7ae16f388211c456a413df5a0a6097036deb0010573d49c72

Download Submit
C:\Users\Admin\AppData\Local\Temp\{2C9E86D7-3315-4C4F-92ED-AC3CFC469435}\common.css

Filesize
2KB

MD5
1265d497504870d225452b3309b0e06b

SHA1
29a3b783e6f2f2cd3f6d08833b83c7848f8e3450

SHA256
4273a5d4ef990dead6cabe760c27b25f7fcf8a51177f1b31813ad8866a565330

SHA512
9aa8b24e800a619651699c193a7747b8673a3cd4f8a5d3b16ee35f5ef6161f953a904631b97d118339332a3d2c7292c910802f6e1518db18d48fab5e9eb91681

Download Submit
C:\Users\Admin\AppData\Local\Temp\{2C9E86D7-3315-4C4F-92ED-AC3CFC469435}\main.css

Filesize
16KB

MD5
ee23e36c90c9fccd530504285d371ac3

SHA1
7a4e24d18ec723d38cd922e3845ff290f0299e15

SHA256
32616e0764c80efb4607a0dccfec7cf7862886c4ae80e6405dc3cc5c62cd0f82

SHA512
542937075a96f6afb8170c6f41915efeec5e067803606c2a26d29e6c990d93a255ad8cea18600cd0825a0c91ff935d057870a1724062543a8e2bc09c4041b375

Download Submit
C:\Users\Admin\AppData\Local\Temp\{53194707-6656-43FA-BF4C-E23C1DC49328}\common.js

Filesize
2KB

MD5
d98f70ffd105672292755a37f173c2ec

SHA1
c0154add295ac052f234a0282a62b704cdd01998

SHA256
257a42f797f140667c81930001e73943bfc243d50bcc775f75d0334a2d2cf2c3

SHA512
1909cc7e4da0949a469852240be2205209968b18b99f7d967bc0231de33d03c7cbaa9578972e30e95e6d7017aebf9cd70a55ba22cdc9d5774d2a237d3eb0971b

Download Submit
C:\Users\Admin\AppData\Local\Temp\{53194707-6656-43FA-BF4C-E23C1DC49328}\lib\jquery.custom-scrollbar.min.js

Filesize
14KB

MD5
ab3adf4aff09a1c562a29db05795c8ab

SHA1
f6c3f470aea0678945cb889f518a0e9a5ce44342

SHA256
d05e193674c6fc31de0503cbc0b152600f22689ad7ad72adb35fcc7c25d4b01b

SHA512
44dfc748d0bd84f123f9d3f62d5ea137d9128d5bdbe45da9a8666d09039eb179acf0dbb3030e09896fd61e7aa5ae6dfaffe9258d80949a64d0a7e45037791fb4

Download Submit
C:\Users\Admin\AppData\Local\Temp\{53194707-6656-43FA-BF4C-E23C1DC49328}\lib\jquery.placeholder.min.js

Filesize
3KB

MD5
e13f16e89fff39422bbb2cb08a015d30

SHA1
e7cacaf84f53997dd096afd1c5f350fd3e7c6ce9

SHA256
24320add10244d1834052c7e75b853aa2d164601c9d09220a9f9ac1f0ae44afe

SHA512
aad811f03f59f799da4b8fc4f859b51c39f132b7ddbffadabe4ec2373bd340617d6fe98761d1fb86d77606791663b387d98a60fba9cee5d99c34f683bcb8d1f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\{53194707-6656-43FA-BF4C-E23C1DC49328}\main.html

Filesize
8KB

MD5
f4b7942d6563727bd614f10da0f38445

SHA1
84f22240f7a5ed1c23b09e8677ac2ac3cd4e26f9

SHA256
e4bedde22ed405d291c746440a824d5f8527fb232e7a6be2ed9a76465d82f8dc

SHA512
f79b24ac78863a4ed87d41f37b2a5bc27017ebc5317f0a305d676090a16aee8a61384b476e7e9a68a024aa8da4784c1bd4f118766caf4450ec97af430e7074af

Download Submit
C:\Users\Admin\AppData\Local\Temp\{53194707-6656-43FA-BF4C-E23C1DC49328}\main.js

Filesize
58KB

MD5
a8f9eb478c7512c98ca1ad46dbcc298a

SHA1
454226dc42b911caafc9a1e56d8ad0000bbb7643

SHA256
1df6cbdc80c1df47d93d6e7516a2d7017362413a6b9d93634e143856695c3645

SHA512
ae3198cc6ae739f3009359988f5c090664e5fe8422ad1cf739fe316e66f344c10385d1f841c7b0e3ca9f7997c79d95fa0559386b6dec10641ceb8c290b14f5b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\{91321719-9FAB-444C-99DB-D32CB41A36A8}\content.css

Filesize
16KB

MD5
edacde36ff06bd26f1907ae092eac998

SHA1
c25e9052ee5b28ec28e2eceee40217302bf2caae

SHA256
257634b6fa84dce998b31d6497330f0a0661efbd270f58289fbe026ed95b6f2c

SHA512
7e8d48e71a51659ea52dccc2d7c542580c9ea1953ec9ca2ad77d3c0926c5bc77167f85121fab2dcb7fd4d6d2f04edbd90815b76979d3269994cf662fadc357e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\{91321719-9FAB-444C-99DB-D32CB41A36A8}\content.html

Filesize
6KB

MD5
60e80c05a9d6aa602626fec33cd99e3c

SHA1
7aeaac92d57fbabe5da2c923eb0ad1bb22e647ab

SHA256
5bd6a4bc514b2e697a0f0e8b7b8c0be0af34a9e1c25a628b286a5cdf8e1837d3

SHA512
838de7045b1ee4542d4145276b3fef5ba60dc10ed0066266bebb3e44c5485005d33dceaefb1cf3fd1fd1bc7364622bb85630957a243464c4c738a415b30adf7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\{91321719-9FAB-444C-99DB-D32CB41A36A8}\content.js

Filesize
36KB

MD5
d5e6dacf9aa3069e9241780cbc82d50d

SHA1
1b510f2e06b363b4b138afc409a811254f976dca

SHA256
4c3f64961a872731185c0db4d155c9db73f7885ec4596f15098857c5e1fe91f4

SHA512
a3485cd865098e0b6bad5b03936d8ca233eef42ae88f40d660e40a95cf8da1edc4788402c21cfce3eaf7084fadb35d121b1074e0e30adea4c01338aa1a327f39

Download Submit
C:\Users\Admin\AppData\Local\Temp\{91321719-9FAB-444C-99DB-D32CB41A36A8}\images\adobelogo.svg

Filesize
749B

MD5
e7b1717b9eba236b9c12be7a980b5b40

SHA1
f1baa3f41ffa5dfff320b7e289964cec54f19a99

SHA256
2a48e8db0f3991de1088936f56c583fe615fae4b9e14f4ebe2b33d29138088f3

SHA512
9c8debe604372ac1fe3945579ee843f13df6f8d40f2c402590743009b39c5f80e859830fc422d7f8d447c4e30f1198584850de657facfaa2b84955d386563b88

Download Submit
C:\Users\Admin\AppData\Local\Temp\{91321719-9FAB-444C-99DB-D32CB41A36A8}\images\alert.svg

Filesize
958B

MD5
332816d7725fc31725b678cff1cb6dcc

SHA1
876f938efb86c1bb1733b47ec279335de97576da

SHA256
8b5469642507c00b9130bf7ed17a1e4d221e2a93dfd4d2972163650c4e94d714

SHA512
5c4a678892b1a550a0c85e77f75c8b56febbfcd92c658dab198197ed17d7fad04d7b65f8adc17e095895366bf933421cae30e430e136870d3e02e9f89d115775

Download Submit
C:\Users\Admin\AppData\Local\Temp\{91321719-9FAB-444C-99DB-D32CB41A36A8}\images\appIcon.png

Filesize
2KB

MD5
26e9b0fe7397d9c072da92fcf6951b11

SHA1
4ee24ef82e7ee4fcc980e3caeca90b6e0d99b59f

SHA256
e4c2314a50cf372465c97d955645455ccad1911eed45ff2c2de5a310316ab15e

SHA512
782b380a45eb82aeb69ae07938b9c0f211525fac4718c30b96c28d546a93be1cf000714df2375596cb6d237f3b3cc84f304fca73a732a7e044864ea329013425

Download Submit
C:\Users\Admin\AppData\Local\Temp\{91321719-9FAB-444C-99DB-D32CB41A36A8}\images\cancelButton.png

Filesize
295B

MD5
7ae9fb845b9137ef10002fe9d0f5c643

SHA1
9f3fa2b29b1b40e1b6794e5d624524de297a8b59

SHA256
e9e5fc264337bf6845b2cf2720ddcde8936cb120328087917bf94c5911edd74a

SHA512
4420cdfbc47d2ac804f1c05840e4113b098ffc71e95e11ffe8f95342f5a75dc0f35fe8012984b0d645f1310b524f66069ae0c0fe053e0d601d39aded321c15cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\{91321719-9FAB-444C-99DB-D32CB41A36A8}\images\ccIcon.png

Filesize
550B

MD5
8d2c84506f3f48a810eb7232dc000d6f

SHA1
f4a238c1f7c02c7c907368b939efba7512c6be5a

SHA256
c4620bc8b293dd89db628d2002ef9fe02055e2d1cff1f07e18a3e2e4942ab7f1

SHA512
0fcca755a410c7ef4e6f056b7267aaf23d5063dd8230528fc3765ed1e3d12042c930f999a54498e754fcb3565df17636d7a5de2e95e142ae139d17a744ec93a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\{91321719-9FAB-444C-99DB-D32CB41A36A8}\images\ccIconDark.png

Filesize
654B

MD5
13b5f5e052334e0ad6d31845fc859e3d

SHA1
b71022382904d194a5d8f5cb3b1d0dd92e254b16

SHA256
87fd64c46642058fb6d7ae4ab2c71ba5df7ce12ffb8b9383edc7bb7a673f0306

SHA512
79e77ef0cc83c24d3d0f04a2340e248a8dd11469f43740b6453913648cf2c3c5592053dd4a5a34c81f3ffdfdd0fddc5953454ee0d44d3ac946b2ddbe17ada584

Download Submit
C:\Users\Admin\AppData\Local\Temp\{91321719-9FAB-444C-99DB-D32CB41A36A8}\images\checkEmpty.png

Filesize
167B

MD5
d13cecc413374c4ddc22a9edacde8a11

SHA1
981295dd1f713584591716a6e753346b8a89215a

SHA256
b9c9ae215daf1bb5b6692f527375207aedc138891947e5f6c1c6b549c2ebf39a

SHA512
a717e64430a4680d09c555183c69705998fbec4cb8aa41ac6ad10df9fbd4f4e2243548689f12695760d5b191ed62a38a92558bc88a730004d7119dbe017c6241

Download Submit
C:\Users\Admin\AppData\Local\Temp\{91321719-9FAB-444C-99DB-D32CB41A36A8}\images\checkFull.png

Filesize
317B

MD5
9f7974bbcc96f12769c1856045eb7bc7

SHA1
fa0b9b9d709718839ea525ab838260a4e124fb1d

SHA256
e7fcff2549114496e8141f46a7606f740bbadf22c9ad818c40d9ff9b9ea12198

SHA512
bc38c23791a8ad4e596e921bc5e391d39bea998434915d5c25b1b37015a089fe91ce9510774c48fbc91e52400c5843897a5780aa1c2cf5c8b73d3f89a2aa0856

Download Submit
C:\Users\Admin\AppData\Local\Temp\{91321719-9FAB-444C-99DB-D32CB41A36A8}\images\dropdown.png

Filesize
224B

MD5
ee8599707751befddb2b94bc79525c15

SHA1
e118b48e25fe42d933377b03fb5a9a710e1c5caa

SHA256
c1f6844923f7c311d996d81eed6d8e769d52df6d95c898187d92997abbb2770b

SHA512
cdce6d59c807dd1d2b13af39e2fe078b0c0ad51b021dc30373e18bde2a807449051f3f9084afa15b2f6d943169c1bc246c7dbe6e965ddacacb961f67269fb548

Download Submit
C:\Users\Admin\AppData\Local\Temp\{91321719-9FAB-444C-99DB-D32CB41A36A8}\images\dropdown.svg

Filesize
289B

MD5
4585f70294e7b625dcd1ea8c585067a5

SHA1
11c92ae523b0c588c5469814b0c3c7778cb3f133

SHA256
7e58a1cce147df03605a92ffda1b88ca26005c09d1eb9ae56f37accdebbfe348

SHA512
deb1ce83d9bdff93eff950ed267076e5e8a7bb43cd2dde28561c3d07f68094a9c99df594bf2fdcb38fddf9656cd51475108ad1b29f8c9d4bf197e6da5a093b03

Download Submit
C:\Users\Admin\AppData\Local\Temp\{91321719-9FAB-444C-99DB-D32CB41A36A8}\images\errorIcon.png

Filesize
466B

MD5
7978536150734ceffaf0720837e8b302

SHA1
7c11361af6e41d00beffaf4ef9e677506b32164d

SHA256
5d10637927b7a623428560eaf18fb8eaf439cd8731199c3b4d251b9846841183

SHA512
da5bb4329783ba623e12d3dc50b2c080e8ac2aff4d4f25dc3e1d84561fd9b40b158570b98dd24618762562674fc1b7d10e081677f214ec859ecc5d0b477db0f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\{91321719-9FAB-444C-99DB-D32CB41A36A8}\images\folder-open.svg

Filesize
602B

MD5
3530c5040ac9af92cd0a7d347f764593

SHA1
b815ef3654ec2c677e8f8f68d8527b6d8142b4e9

SHA256
daf26ad61aee6152cf7c0e8f2d3936d0c220de2a3c329e6ce0fcc007cb64ca51

SHA512
0ce187a12445054e270337b6bdd6b035e8fadb3b0a4e8c822833c12431bb520340fa509ab3e1df564cbf67700b9ba78ee246689267878d386e88f709d10c1fbd

Download Submit
C:\Users\Admin\AppData\Local\Temp\{91321719-9FAB-444C-99DB-D32CB41A36A8}\images\productIcon.png

Filesize
2KB

MD5
c798f5f4b98fd335a77e600ce21e32dc

SHA1
3db71eb6d87c8a4fcc6fded25d420cf7ea79231d

SHA256
9b249680adc23b858b08a62ea83fd8373e3480ff6f9120195314897c6e5f2cea

SHA512
f74351c5a9535920a81ee42f8caf82bb0c97664b6928f921b4bc74cc446ee61884b1620bce5e57abd6e1a3311d6f70c1f66c459ee4531cbf0197093feadd29b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\{91321719-9FAB-444C-99DB-D32CB41A36A8}\images\spinner.gif

Filesize
18KB

MD5
7699a4c54b1f5515a64e93fe3f801321

SHA1
2e51f7e1a331d921eaf15bd7dc9721a742984d47

SHA256
9146e2390273ac868609dac1be7f1a0458b7d4f7ecdfe1eaec107b3211f33aa2

SHA512
4810abfecc92866145a22f73639264574958d6db1157da0b6ff0472c14d8171ffc633fc6ba04843fcfd617ce4f0c19633475d2501ace48f8ee34ec8fa6fded87

Download Submit
C:\Users\Admin\AppData\Local\Temp\{91321719-9FAB-444C-99DB-D32CB41A36A8}\images\transparent.gif

Filesize
43B

MD5
325472601571f31e1bf00674c368d335

SHA1
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a

SHA256
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

SHA512
717ea0ff7f3f624c268eccb244e24ec1305ab21557abb3d6f1a7e183ff68a2d28f13d1d2af926c9ef6d1fb16dd8cbe34cd98cacf79091dddc7874dcee21ecfdc

Download Submit
C:\Users\Admin\Downloads\WIN_AAI_V28.3.0.94_AP_ZNT\1.INSTALAR\Set-up.exe

Filesize
7.3MB

MD5
bc0672307ff08325dc4348c89bdc8999

SHA1
45e37b595ac1b3ce6e3f6b6c12a9fa9c846addb4

SHA256
24d2666c00ecd02350af0d70c8a9b71ed2bf0ce2553e61506fc1cbba0a9156b3

SHA512
406c11bd4dbda325ee679f235988e8d1643d99de4dfd648d471857eee4892001011ffcc3fb9d1cda3161bce4fda70dcb2e5e3f1c5fd9e75091d49a6954864728

Download Submit
C:\Users\Admin\Downloads\WIN_AAI_V28.3.0.94_AP_ZNT\1.INSTALAR\packages\ACC64\3DI\3DI.pima

Filesize
190B

MD5
bfa2825492d0d648a227b6d8a0662e83

SHA1
0c3f1c5fba466792398104812e944a6cd3a9b78d

SHA256
95514c3e12a559ee471e63b22b1b00aff1afe2e0fc60415d022be23df676bc1d

SHA512
68159d2ebc5b4416e448f0fc6960703e826bd01137d18a7a4616619a2090a903ccad1059e29941b08d9c2c881dbb9051ef2d91fa58472dfae1c28ab6da4a62f2

Download Submit
C:\Users\Admin\Downloads\WIN_AAI_V28.3.0.94_AP_ZNT\1.INSTALAR\products\ILST\Application.json

Filesize
74KB

MD5
99fa575c7676b1f37aa65966ff51e4b8

SHA1
78e050b3a27c1be0275e88de30d4d9b14533fac3

SHA256
e51eff68acec37ae074d7f66229e42411cc2a511faeafe44e208b7b92e51024d

SHA512
9a6c8f1195fdd0ea8c698cb72dd9ea60919924c25bb0730e3853ce1f9af07116f963262d6181c8d0b67bd028f93f2a12198dae4318dc112d0b0ba8399d3bcba1

Download Submit
C:\Users\Admin\Downloads\WIN_AAI_V28.3.0.94_AP_ZNT\1.INSTALAR\products\driver.xml

Filesize
1KB

MD5
f9b06b8f99bbe05994b84812b935e0e0

SHA1
3ad3f39e9e60da6c0f52271047995f7067b2fe6a

SHA256
e2ee08dd26d10640d44a6e6d8d7a0590d6f5871ec484a5b715e6e8531e997fec

SHA512
1361cbf10729adbcf66c3268dcc4a882e685bd7aebec8148e12e5f74c24f79ab9386b260b4180c75793b401da7fc5f09dc5a09540dd8578b9b393a4db0a123e3

Download Submit
C:\Users\Admin\Downloads\WIN_AAI_V28.3.0.94_AP_ZNT\1.INSTALAR\resources\carousel\Dictionary\cs_cz\locale.json

Filesize
405B

MD5
0e66bd0983b2c3516613cc751d69971b

SHA1
551c857dad708f8e0ddc6b618de7966c254abe0e

SHA256
7d3aecdf9b1ea5128ef87a1e6e74dc3e283fb28dd6af8113b4e99040b15747d4

SHA512
44779ee6d29d2747774726b2c3f76a41e6775548d57705f16d59ad3a4ca1be44fb6cd12d1ef0f6f8f228911fc317f6451c403d04f6f1fefb097c8763d5801087

Download Submit
C:\Users\Admin\Downloads\WIN_AAI_V28.3.0.94_AP_ZNT\1.INSTALAR\resources\carousel\Dictionary\de_de\locale.json

Filesize
386B

MD5
d3f198446f78d6e17d85882563ea6b36

SHA1
3bc7c9cc9182935e4ea000ff951ce9493b99fd70

SHA256
e683843b5ecbe6bafd03c26c3762e9e4fe37cb5dc1d9a7188c9158553f3ccdca

SHA512
d3516f25c4f62a5f0787a173f73e001a149e9fbead9ca85964b94f1786635b246ddf182cbf6a46607938c24928939f41c1812db6b9260a81b70cc20b8722d046

Download Submit
C:\Users\Admin\Downloads\WIN_AAI_V28.3.0.94_AP_ZNT\1.INSTALAR\resources\carousel\Dictionary\en_US\locale.json

Filesize
353B

MD5
031aa6225b953a69e223fc71566058b7

SHA1
45a89a91cc432bdb698be076c8cc1db027b3d50c

SHA256
b754524e0f798d8db77bc777a0fed09978fd3fc9d4494f227b7fe07185efd9ce

SHA512
e61497f74508016c8ad755701c907d2d5e053f6e2d7b1228feb0b9276b8ad202975d81ab2806d5c3593adf6ca1bd320d6bbd6a59e565ed300060e851867b52d3

Download Submit
C:\Users\Admin\Downloads\WIN_AAI_V28.3.0.94_AP_ZNT\1.INSTALAR\resources\carousel\Dictionary\es_es\locale.json

Filesize
390B

MD5
592ebf7fadf7792f05ddae25d75a9d59

SHA1
2853af5a44ee3163261bb471cb7a33f0a0bb2ed6

SHA256
1f10dc92034244bbe5435c8d0029773025b929a36f3d30a4a5a3a4526d8a874e

SHA512
59ebddad4576a121b43181547cf0f806e7fc1192428e782233f3e20c4b75e0e7a2febfa809efe7f9296eed38ccc63f9d4f6850c8cdbaabf06ae99d80c93f2f9b

Download Submit
C:\Users\Admin\Downloads\WIN_AAI_V28.3.0.94_AP_ZNT\1.INSTALAR\resources\carousel\Dictionary\fr_fr\locale.json

Filesize
383B

MD5
47c7066b8c2d86ae7047ba355e57230a

SHA1
5702d5eae9b69896db0e2c9ebe8d6f7b83abc6c1

SHA256
e9c432fa590566d463502adcd51a129f789ebc01c59f6409c5734a0109f05156

SHA512
58a0da179b19c507f1ffe8fe4ca1312f2f0c8799c8f4f53a279b1bdfde311105c76bac187ea179598dc7d13fd32fd002fe0f06f5aa1b1a67cf147e7a02dd9f9f

Download Submit
C:\Users\Admin\Downloads\WIN_AAI_V28.3.0.94_AP_ZNT\1.INSTALAR\resources\carousel\Dictionary\it_it\locale.json

Filesize
495B

MD5
78d8a38ab29f2c70fc0552038763561c

SHA1
51ef11689a9e8fd6cf629e2c0238e12d59341e72

SHA256
2c5ffe288391affe2accc1988900d02c3517b652881fba852994d459434239ac

SHA512
969cabda8324cdf3a9cbe0b0b8fdd2a611ef3b813c012a749a89d792c9a9c6ef3ee513c53b76065efd6d1e93ddfa5c31510bf3e25be2fcb86592988cb4abe591

Download Submit
C:\Users\Admin\Downloads\WIN_AAI_V28.3.0.94_AP_ZNT\1.INSTALAR\resources\carousel\Dictionary\ja_jp\locale.json

Filesize
435B

MD5
8eefa1bb3912183d9e3438f91c098841

SHA1
d06c23d25afc8672eace3d214798c5122b664ca7

SHA256
919cba4b8a59f6b69ce16011e50f3bafc76efe58b21032501626cac364d48e9d

SHA512
5027e49717b19842438388b57232b8739e8a1cf15642bf9806e7eb5a749ed9c7a102d2c876cc8d9cf2113558509965cd638b128519071ff6cb06e1b4d5ac7af7

Download Submit
C:\Users\Admin\Downloads\WIN_AAI_V28.3.0.94_AP_ZNT\1.INSTALAR\resources\carousel\Dictionary\ko_kr\locale.json

Filesize
406B

MD5
3a504ea81ba343fab1ebe2a10efaa1a2

SHA1
eddd814cf6ba568a80553a5516bd588b18ce5a52

SHA256
9b4e351eb416e95f6843224227857c528dce2d7a8bd64876204879138208951e

SHA512
57a52b016801fef387c8d33b483dce4d5bd518bd9989ffaf775df4b4dd1bc83e614bf3ace69f779c5047b0bde6b7b4db861530700523acf25110d8846b7e13e4

Download Submit
C:\Users\Admin\Downloads\WIN_AAI_V28.3.0.94_AP_ZNT\1.INSTALAR\resources\carousel\Dictionary\nl_nl\locale.json

Filesize
386B

MD5
c4d0d42780213ddf399e83c60e8f25ca

SHA1
55c4589f3d9a514dee78fd47e7c3696b3df60c79

SHA256
416b4f94812ac0b6bbeb1a5e4f06e587f4ecad75b8efa02072eb7ae92b622b34

SHA512
74edb2fdbdb07a4fef43f3b61bf08188f4ba24cabd75c50c2e53210ea38e345ac7211dab5e761dccb6e0aadfe901b81cf27ec851b640474ab9979996c8841398

Download Submit
C:\Users\Admin\Downloads\WIN_AAI_V28.3.0.94_AP_ZNT\1.INSTALAR\resources\carousel\Dictionary\pl_pl\locale.json

Filesize
415B

MD5
440e7340c381b936d04d8206e966d44b

SHA1
3f5743e2392c734a546f7b9f75b616ae4a121f40

SHA256
7aa4d5a764e0f0a9649a5faa24f14206d0ae44f3e386ed002df2e6f5d359f0a3

SHA512
3adac1c7c6dffd76f6196414919b051cb9152ea073df1313aaff549b7d8d77b73683a83ce03fd87af6a10a6c9223a07c05130d8e96b9d998dc0104fdadee5b80

Download Submit
C:\Users\Admin\Downloads\WIN_AAI_V28.3.0.94_AP_ZNT\1.INSTALAR\resources\carousel\Dictionary\ru_ru\locale.json

Filesize
626B

MD5
3f1235f9c362e368fe52fd708da455b5

SHA1
88bb2da22e940527b61ceceb4d78c992af78126f

SHA256
454f7fe589e1e08f2cf112eddaa839b60951698a84ba87e7767d4dbbcb3a038b

SHA512
d1dce3df39db2db386545f71a5a67b0725906878983944bc97ddb3c95f706cdc71a7a04d717a28428a7e682adcaf40f2f94561c681f4790989876f5c1bdb2bc5

Download Submit
C:\Users\Admin\Downloads\WIN_AAI_V28.3.0.94_AP_ZNT\1.INSTALAR\resources\carousel\Dictionary\sv_se\locale.json

Filesize
378B

MD5
690dbabeee5810ae5b68027eeb148f1a

SHA1
f1624c92497acdfbc53ffb5a891c545b293d01c7

SHA256
270157002492ad80fff2d47f9cdc0257b72bafed053556ddd5b14c910c6a9a8e

SHA512
01f685608ffe85b4beb4bdf20b701944f7b83ab0fbb90b39f379053285e058610fa9f4c6671f4055586674a9a3a849a2784ddede476e4677be9667f3faad8b14

Download Submit
C:\Users\Admin\Downloads\WIN_AAI_V28.3.0.94_AP_ZNT\1.INSTALAR\resources\carousel\Dictionary\zh_cn\locale.json

Filesize
360B

MD5
9fcab8f3d4f4840c927531f5975109c9

SHA1
d433d4dfc1fdac136057f8fd551db01727a749bb

SHA256
b103e04a7ddbeefb389641dd93fafee6119f3316f4133702bb3af38bae92fb4f

SHA512
05a947de06e5594ff031fa4b9aeea39725db4648308ebe7bf12d4db875abadfa4f3982b77c5435de9d498da905ae8c8c69b96bc1dda954288b7f9d7a66701496

Download Submit
C:\Users\Admin\Downloads\WIN_AAI_V28.3.0.94_AP_ZNT\1.INSTALAR\resources\carousel\Dictionary\zh_tw\locale.json

Filesize
361B

MD5
bebb9ba86d130666f1dcaf88abac5d9a

SHA1
e07ea165fdfcaa1b073f77f891c248b1669235cb

SHA256
efc69bc38f34fccaaa7fa985dfbd75c0196da23971fba3df349cb8953657e7b0

SHA512
aedd79f53b6f2a923714965320db4e648f8560b6a6d3e53d39b36d16a55d1f9f19bc898b9aad4efe441392dc424936d0b7e04d0a15f1423dd5dec81a7a55d90a

Download Submit
C:\Users\Admin\Downloads\WIN_AAI_V28.3.0.94_AP_ZNT\1.INSTALAR\resources\carousel\carousel.js

Filesize
2KB

MD5
113251a5c9bc9a91ddfa9411e58c070e

SHA1
06262b09086ea44a9b398a8b2ed412134d9ac6dc

SHA256
69d2722a4919e8f096fd6817f1f76570d1217a4fa2174cdb05c1b0b1ff0537c5

SHA512
ebbd136b4de01e089e06a65c78645ee03bfd3e06fc34971f5311e3dcc80bcb7718145bb7c5a4cd3a8dd06aafd52beb8c81a37525eea5593cee3b65bb8906d103

Download Submit
C:\Users\Admin\Downloads\WIN_AAI_V28.3.0.94_AP_ZNT\1.INSTALAR\resources\carousel\css\fonts\adobeclean\adobeclean-regular-webfont.woff

Filesize
30KB

MD5
6af297e58edc414ee90c76c2d3ea8678

SHA1
7497d181cd6fe3a4b01a4f8b6ba6a47d3fa54333

SHA256
3e8f59db6dfae287af8dccc0fdf5e15a8aa2a954c2c232bc6c64536e1a27eaa5

SHA512
61e14f8e605c4d2b52c9a874f40e73fde43625bc468ba3c7316e7672cffd05b7c1766c875fc1b48218bd2b6856226645ee9bcb45810eb7121c5dbd0c184b7d0a

Download Submit
C:\Users\Admin\Downloads\WIN_AAI_V28.3.0.94_AP_ZNT\1.INSTALAR\resources\carousel\css\styles.css

Filesize
189B

MD5
3a0ec2d2c5020a3cf45c13a87434b285

SHA1
12275d4d51de801ce28c88a0c246de22c6d08120

SHA256
406288e48ced388744e5165a1ec4266f419cc409e4a70036e4b15a93af5c42ab

SHA512
a7c6d55f64d91e5d71661e040f4d06d2c873e0b2d2a3b2e52ff60d230a7c7c0924cd0ddc4dc124d53736c934023a27d6ed77c1266732f0b5de5dc75b02715c8b

Download Submit
C:\Users\Admin\Downloads\WIN_AAI_V28.3.0.94_AP_ZNT\1.INSTALAR\resources\carousel\images\01_creativity_for_all_445x239.mp4

Filesize
360KB

MD5
99126df6d257194b35df72b1530f0ba4

SHA1
068597acc8aab76254cd12d2afda0457ec750bcc

SHA256
b6a9df6efdaa665e677e1c7f665b047a95b74a1759daa64e9726dd95e0c15c53

SHA512
9e340eff5ea2545c89071858d4536be4cc40366d123b15592d56f8bd748219fd8e3f8484120ce224bb8ab057543f78c9f024573cb1f134974849627adbb8040b

Download Submit
C:\Users\Admin\Downloads\WIN_AAI_V28.3.0.94_AP_ZNT\1.INSTALAR\resources\carousel\index.html

Filesize
2KB

MD5
4329bb5e6acbfcc60a0fc42e5225567c

SHA1
ec685ed796e25247b18c4a9906cf5a90bd60f0bd

SHA256
21cf14d5a03aaffd525265f3ee0a27e91f4ac217b81abcd01fb995c1ded8339c

SHA512
8f9d9d2613d903d517571ff7a2afa147eb64931f9e22dc1c9a6f313e5b6c0a348d9133ef2518bdef06d636b84425d74314bf3400ab2f9c9dceeb4cd604b1eae2

Download Submit
C:\Users\Admin\Downloads\WIN_AAI_V28.3.0.94_AP_ZNT\1.INSTALAR\resources\carousel\lib\jquery.min.js

Filesize
91KB

MD5
e1288116312e4728f98923c79b034b67

SHA1
8b6babff47b8a9793f37036fd1b1a3ad41d38423

SHA256
ba6eda7945ab8d7e57b34cc5a3dd292fa2e4c60a5ced79236ecf1a9e0f0c2d32

SHA512
bf28a9a446e50639a9592d7651f89511fc4e583e213f20a0dff3a44e1a7d73ceefdb6597db121c7742bde92410a27d83d92e2e86466858a19803e72a168e5656

Download Submit
C:\Users\Admin\Downloads\WIN_AAI_V28.3.0.94_AP_ZNT\1.INSTALAR\resources\config.xml

Filesize
269B

MD5
fc6656e65cbdbc92cc24b60eec7a3d72

SHA1
db7e3089c668bbbbad152acb66e9cf488708d70a

SHA256
2f917740b60e016b74a1388f71bccc5437d65b3a7feb3f89868a827ea04ab530

SHA512
ed7931a25b58fa3118770e3b585760275c0f07b9191396fc5ce5aba7366f0a4f47f84fc687393b600d2837969f8c77194b37cf6ab6c2691461c689a5b1e0e87c

Download Submit
C:\Users\Admin\Downloads\WIN_AAI_V28.3.0.94_AP_ZNT\1.INSTALAR\resources\content\images\appIcon.png

Filesize
1KB

MD5
702950c1a876068376fd94f8a0e0d216

SHA1
53a604e88cf16d3248d9b195afc0df9d12426a71

SHA256
3640913eb1082b2630f8f602ea98655e10e65bc87beb8699d90cce18e9660bed

SHA512
711f212732e8741d9ab08467ccb824e6488b5a8c6dbb66457b04289c4656e9b085c00dd74317461fea95857eb006f933ece0c2d36a6009ca06d84b83ed235094

Download Submit
C:\Users\Admin\Downloads\WIN_AAI_V28.3.0.94_AP_ZNT\1.INSTALAR\resources\content\images\appIcon2x.png

Filesize
2KB

MD5
a6e58215a042c94afb1d8218ad9743fb

SHA1
9ccea4bf670a218e04e758e27fd8a126eb287e45

SHA256
a129f0c29d783b1b651f0ba6c14f07376642f18557dc77771d72a1a444cbeb42

SHA512
52868607a0e9195596a8070d9bf338e72270c2efcbdfe066d2fdf37e858494e6b2d5282fa7dec54d6c42d9552163b6971651c2cad1d8270dc2283afff4e2711e

Download Submit
memory/1912-2066-0x000002116AEB0000-0x000002116AEB1000-memory.dmp

Filesize
4KB

Download
memory/1912-2059-0x000002116AEB0000-0x000002116AEB1000-memory.dmp

Filesize
4KB

Download
memory/1912-2061-0x000002116AEB0000-0x000002116AEB1000-memory.dmp

Filesize
4KB

Download
memory/1912-2060-0x000002116AEB0000-0x000002116AEB1000-memory.dmp

Filesize
4KB

Download
memory/1912-2067-0x000002116AEB0000-0x000002116AEB1000-memory.dmp

Filesize
4KB

Download
memory/1912-2068-0x000002116AEB0000-0x000002116AEB1000-memory.dmp

Filesize
4KB

Download
memory/1912-2069-0x000002116AEB0000-0x000002116AEB1000-memory.dmp

Filesize
4KB

Download
memory/1912-2065-0x000002116AEB0000-0x000002116AEB1000-memory.dmp

Filesize
4KB

Download
memory/1912-2070-0x000002116AEB0000-0x000002116AEB1000-memory.dmp

Filesize
4KB

Download
memory/1912-2071-0x000002116AEB0000-0x000002116AEB1000-memory.dmp

Filesize
4KB

Download
memory/2860-1812-0x000002897BFC0000-0x000002897BFC1000-memory.dmp

Filesize
4KB

Download
memory/2860-1790-0x000002897C270000-0x000002897C271000-memory.dmp

Filesize
4KB

Download
memory/2860-1764-0x0000028973C50000-0x0000028973C60000-memory.dmp

Filesize
64KB

Download
memory/2860-1780-0x000002897C240000-0x000002897C241000-memory.dmp

Filesize
4KB

Download
memory/2860-1782-0x000002897C270000-0x000002897C271000-memory.dmp

Filesize
4KB

Download
memory/2860-1781-0x000002897C270000-0x000002897C271000-memory.dmp

Filesize
4KB

Download
memory/2860-1785-0x000002897C270000-0x000002897C271000-memory.dmp

Filesize
4KB

Download
memory/2860-1786-0x000002897C270000-0x000002897C271000-memory.dmp

Filesize
4KB

Download
memory/2860-1783-0x000002897C270000-0x000002897C271000-memory.dmp

Filesize
4KB

Download
memory/2860-1787-0x000002897C270000-0x000002897C271000-memory.dmp

Filesize
4KB

Download
memory/2860-1814-0x000002897BFD0000-0x000002897BFD1000-memory.dmp

Filesize
4KB

Download
memory/2860-1815-0x000002897BFD0000-0x000002897BFD1000-memory.dmp

Filesize
4KB

Download
memory/2860-1816-0x000002897C0E0000-0x000002897C0E1000-memory.dmp

Filesize
4KB

Download
memory/2860-1784-0x000002897C270000-0x000002897C271000-memory.dmp

Filesize
4KB

Download
memory/2860-1800-0x000002897BDC0000-0x000002897BDC1000-memory.dmp

Filesize
4KB

Download
memory/2860-1797-0x000002897BE80000-0x000002897BE81000-memory.dmp

Filesize
4KB

Download
memory/2860-1794-0x000002897BE90000-0x000002897BE91000-memory.dmp

Filesize
4KB

Download
memory/2860-1792-0x000002897BE80000-0x000002897BE81000-memory.dmp

Filesize
4KB

Download
memory/2860-1791-0x000002897BE90000-0x000002897BE91000-memory.dmp

Filesize
4KB

Download
memory/2860-1748-0x0000028973B50000-0x0000028973B60000-memory.dmp

Filesize
64KB

Download
memory/2860-1789-0x000002897C270000-0x000002897C271000-memory.dmp

Filesize
4KB

Download
memory/2860-1788-0x000002897C270000-0x000002897C271000-memory.dmp

Filesize
4KB

Download
memory/2940-1826-0x00000199E1680000-0x00000199E16A2000-memory.dmp

Filesize
136KB

Download
memory/3708-1848-0x000002151ECD0000-0x000002151ECEA000-memory.dmp

Filesize
104KB

Download
memory/3708-1847-0x000002151E960000-0x000002151E970000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads