Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

Dragonfram...64.zip

windows10-1703-x64

7

Analysis

  • max time kernel
    249s
  • max time network
    224s
  • platform
    windows10-1703_x64
  • resource
    win10-20240611-en
  • resource tags

    arch:x64arch:x86image:win10-20240611-enlocale:en-usos:windows10-1703-x64system
  • submitted
    06/08/2024, 15:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Dragonframe5.1.3MultiWinx64.zip

  • Size

    103.0MB

  • MD5

    7780bcecc7c29046d3c0861adaa019da

  • SHA1

    e02cda7afe843de6a3e1be170a949932f580b02b

  • SHA256

    9287289b01a5a7f8857129d390484cddaac891ba7380c7771d8a1c27fb977461

  • SHA512

    c6db79a0632fbf8f7a97b841663384e081f830079e32fae3fd69baff82e8009da7917785b2c5a5784a62cd9a927465b1b2c3a3197f74b98d5c2f13b9cff10a99

  • SSDEEP

    3145728:Omt9Tv7BYL3r4UH6CFeq0VCv5MxJKpETF6EBAmH3:Omt9XBYTk8vMq0VnxJKpETFZGmX

Score
7/10
discovery

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 5 IoCs
  • Loads dropped DLL 53 IoCs
  • Enumerates connected drives 3 TTPs 64 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 17 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 21 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Kills process with taskkill 1 IoCs
    evasion
  • Modifies data under HKEY_USERS 5 IoCs
  • Modifies registry class 25 IoCs
  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of WriteProcessMemory 56 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware
  • Views/modifies file attributes 1 TTPs 4 IoCs
    evasion

Processes

  • C:\Windows\Explorer.exe
    C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\Dragonframe5.1.3MultiWinx64.zip
    1⤵
      PID:2220
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:4532
      • C:\Users\Admin\Desktop\Dragonframe5.1.3MultiWinx64\Dragonframe 5.1.3 Multi Win x64\Dragonframe_5.1.3-Setup.exe
        "C:\Users\Admin\Desktop\Dragonframe5.1.3MultiWinx64\Dragonframe 5.1.3 Multi Win x64\Dragonframe_5.1.3-Setup.exe"
        1⤵
        • Loads dropped DLL
        • Enumerates connected drives
        • System Location Discovery: System Language Discovery
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of WriteProcessMemory
        PID:304
        • C:\Users\Admin\Desktop\Dragonframe5.1.3MultiWinx64\Dragonframe 5.1.3 Multi Win x64\Dragonframe_5.1.3-Setup.exe
          "C:\Users\Admin\Desktop\Dragonframe5.1.3MultiWinx64\Dragonframe 5.1.3 Multi Win x64\Dragonframe_5.1.3-Setup.exe" /i "C:\Users\Admin\AppData\Roaming\DZED Systems LLC\Dragonframe 5 5.1.3\install\setup.msi" AI_EUIMSI=1 SHORTCUTDIR="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragonframe 5" APPDIR="C:\Program Files\DZED\Dragonframe 5" SECONDSEQUENCE="1" CLIENTPROCESSID="304" AI_MORE_CMD_LINE=1
          2⤵
          • Enumerates connected drives
          • System Location Discovery: System Language Discovery
          PID:2908
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EXE1139.bat" "
          2⤵
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:1884
          • C:\Windows\SysWOW64\attrib.exe
            C:\Windows\System32\attrib.exe -r "\\?\C:\Users\Admin\AppData\Roaming\DZEDSY~1\DRAGON~1.3\install\setup.msi"
            3⤵
            • System Location Discovery: System Language Discovery
            • Views/modifies file attributes
            PID:4880
          • C:\Windows\SysWOW64\attrib.exe
            C:\Windows\System32\attrib.exe -r "C:\Users\Admin\AppData\Local\Temp\EXE1139.bat"
            3⤵
            • System Location Discovery: System Language Discovery
            • Views/modifies file attributes
            PID:2824
          • C:\Windows\SysWOW64\cmd.exe
            C:\Windows\system32\cmd.exe /S /D /c" del "C:\Users\Admin\AppData\Local\Temp\EXE1139.bat" "
            3⤵
            • System Location Discovery: System Language Discovery
            PID:4756
          • C:\Windows\SysWOW64\cmd.exe
            C:\Windows\system32\cmd.exe /S /D /c" cls"
            3⤵
            • System Location Discovery: System Language Discovery
            PID:2396
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EXE11B7.bat" "
          2⤵
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:1112
          • C:\Windows\SysWOW64\attrib.exe
            C:\Windows\System32\attrib.exe -r "\\?\C:\Users\Admin\AppData\Roaming\DZEDSY~1\DRAGON~1.3\install\setup.msi"
            3⤵
            • System Location Discovery: System Language Discovery
            • Views/modifies file attributes
            PID:872
          • C:\Windows\SysWOW64\attrib.exe
            C:\Windows\System32\attrib.exe -r "C:\Users\Admin\AppData\Local\Temp\EXE11B7.bat"
            3⤵
            • System Location Discovery: System Language Discovery
            • Views/modifies file attributes
            PID:648
          • C:\Windows\SysWOW64\cmd.exe
            C:\Windows\system32\cmd.exe /S /D /c" del "C:\Users\Admin\AppData\Local\Temp\EXE11B7.bat" "
            3⤵
            • System Location Discovery: System Language Discovery
            PID:368
          • C:\Windows\SysWOW64\cmd.exe
            C:\Windows\system32\cmd.exe /S /D /c" cls"
            3⤵
            • System Location Discovery: System Language Discovery
            PID:4956
      • C:\Windows\system32\msiexec.exe
        C:\Windows\system32\msiexec.exe /V
        1⤵
        • Enumerates connected drives
        • Drops file in Program Files directory
        • Drops file in Windows directory
        • Modifies data under HKEY_USERS
        • Modifies registry class
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:4448
        • C:\Windows\syswow64\MsiExec.exe
          C:\Windows\syswow64\MsiExec.exe -Embedding CB981290187FB5DD3A4A87C6127021A0 C
          2⤵
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          PID:3308
        • C:\Windows\system32\srtasks.exe
          C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
          2⤵
            PID:1904
          • C:\Windows\syswow64\MsiExec.exe
            C:\Windows\syswow64\MsiExec.exe -Embedding CCE57D6EE98D32E4B26C3898E3941FB4
            2⤵
            • Loads dropped DLL
            • System Location Discovery: System Language Discovery
            PID:5024
        • C:\Windows\system32\NOTEPAD.EXE
          "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\Dragonframe5.1.3MultiWinx64\Dragonframe 5.1.3 Multi Win x64\Read Me.txt
          1⤵
          • Opens file in notepad (likely ransom note)
          PID:5000
        • C:\Windows\system32\vssvc.exe
          C:\Windows\system32\vssvc.exe
          1⤵
            PID:4032
          • C:\Windows\system32\svchost.exe
            C:\Windows\system32\svchost.exe -k netsvcs -s DsmSvc
            1⤵
            • Checks SCSI registry key(s)
            • Modifies data under HKEY_USERS
            PID:520
          • C:\Users\Admin\Desktop\Dragonframe5.1.3MultiWinx64\Dragonframe 5.1.3 Multi Win x64\DragonFrame 5 Search & Patch Activation.exe
            "C:\Users\Admin\Desktop\Dragonframe5.1.3MultiWinx64\Dragonframe 5.1.3 Multi Win x64\DragonFrame 5 Search & Patch Activation.exe"
            1⤵
            • System Location Discovery: System Language Discovery
            • Suspicious use of WriteProcessMemory
            PID:2252
            • C:\Users\Admin\AppData\Local\Temp\is-C3RVT.tmp\DragonFrame 5 Search & Patch Activation.tmp
              "C:\Users\Admin\AppData\Local\Temp\is-C3RVT.tmp\DragonFrame 5 Search & Patch Activation.tmp" /SL5="$7023C,1227802,111616,C:\Users\Admin\Desktop\Dragonframe5.1.3MultiWinx64\Dragonframe 5.1.3 Multi Win x64\DragonFrame 5 Search & Patch Activation.exe"
              2⤵
              • Executes dropped EXE
              • System Location Discovery: System Language Discovery
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious use of FindShellTrayWindow
              • Suspicious use of WriteProcessMemory
              PID:2084
              • C:\Windows\SysWOW64\taskkill.exe
                "C:\Windows\SysWOW64\taskkill.exe" /F /IM DragonFrame.exe /T
                3⤵
                • System Location Discovery: System Language Discovery
                • Kills process with taskkill
                PID:4532
              • C:\Program Files\DZED\Dragonframe 5\Read Me.exe
                "C:\Program Files\DZED\Dragonframe 5\Read Me.exe"
                3⤵
                • Executes dropped EXE
                • System Location Discovery: System Language Discovery
                • Suspicious use of WriteProcessMemory
                PID:780
                • C:\Users\Admin\AppData\Local\Temp\is-H0DH0.tmp\Read Me.tmp
                  "C:\Users\Admin\AppData\Local\Temp\is-H0DH0.tmp\Read Me.tmp" /SL5="$103E2,112243,111616,C:\Program Files\DZED\Dragonframe 5\Read Me.exe"
                  4⤵
                  • Executes dropped EXE
                  • System Location Discovery: System Language Discovery
                  • Suspicious use of FindShellTrayWindow
                  PID:1632
          • C:\Users\Admin\Desktop\Dragonframe5.1.3MultiWinx64\Dragonframe 5.1.3 Multi Win x64\DragonFrame 5 Search & Patch Activation.exe
            "C:\Users\Admin\Desktop\Dragonframe5.1.3MultiWinx64\Dragonframe 5.1.3 Multi Win x64\DragonFrame 5 Search & Patch Activation.exe"
            1⤵
            • System Location Discovery: System Language Discovery
            • Suspicious use of WriteProcessMemory
            PID:924
            • C:\Users\Admin\AppData\Local\Temp\is-2PROQ.tmp\DragonFrame 5 Search & Patch Activation.tmp
              "C:\Users\Admin\AppData\Local\Temp\is-2PROQ.tmp\DragonFrame 5 Search & Patch Activation.tmp" /SL5="$403DC,1227802,111616,C:\Users\Admin\Desktop\Dragonframe5.1.3MultiWinx64\Dragonframe 5.1.3 Multi Win x64\DragonFrame 5 Search & Patch Activation.exe"
              2⤵
              • Executes dropped EXE
              • System Location Discovery: System Language Discovery
              PID:3148
          • C:\Program Files\DZED\Dragonframe 5\Dragonframe.exe
            "C:\Program Files\DZED\Dragonframe 5\Dragonframe.exe"
            1⤵
            • Checks computer location settings
            • Executes dropped EXE
            • Loads dropped DLL
            • Suspicious behavior: AddClipboardFormatListener
            PID:2568

          Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Config.Msi\e599a24.rbs
            Filesize

            95KB

            MD5

            5f77938ea3ea8ba90a5884d1f651aaab

            SHA1

            934ecb69bc7b24785913f927a31a127b5c95f1ac

            SHA256

            4b40f9af32d6b54c4b465b317f3c1990861a448ae0a71d6857073bff9f135252

            SHA512

            7bfdd22bfb28e4ca122ff2621f55f22de6eb2058c248e9a8965d55f1edbb41149430b438f88833f4c03ee77bc57429890dd86c21997dbf7a40f7b7daa5848ee5

            Download Submit

          • C:\Program Files\DZED\Dragonframe 5\Dragonframe.exe
            Filesize

            44.6MB

            MD5

            8fdb56cdc5b3d6703488b339e78f8d52

            SHA1

            c05c1ad8a84db03bb2d8569d9719d37016fa9f87

            SHA256

            43bc1ebe327e2b3b28afe376efe4f412905c58d5bdc4664a0f3bcc116de29eae

            SHA512

            a48a79387d70f6e971f0f2f134ad2eef35fe2263d8f95e90c1ba1e402c8251893e4d64015b4751023c2e166b211d9bdd92923cfd45b2cc269b5930b3bb860527

            Download Submit

          • C:\Program Files\DZED\Dragonframe 5\Read Me.exe
            Filesize

            381KB

            MD5

            243ecd008e5ffad7f29884c412565c98

            SHA1

            099e47aaaea4a70105ecaf0ef31ff1344f5ae41d

            SHA256

            a0626c86c6943c0886287de8da8294398e4e9a98c0ed575ac50a690a7cc977c0

            SHA512

            5f6ca237af5cca87db3d3e48071c0c85f4ecf731fb4841063ecfea8655d25f5850203bb365dda5538085fab9b6797d2ce51eff3028e0d8a898b49743e8c1a0ac

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
            Filesize

            471B

            MD5

            4aa2c4df0a1e0ffb8c8c64329e96de72

            SHA1

            45dd09f43eb3a4647f35b48ed8c6b148652618af

            SHA256

            5fcdc1b937a3794edab32e1c0e5ba7ec466c2451beba86ceaabbab62aca54def

            SHA512

            16622462d916bad832a14f477f7ffc62b7cb7d240d9853bbbf9e871c6434383b15c072ffeac5fa27b1ae608489503c1199f5387d4f8b9d4e44310e50117c0b76

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_9395020BE4ACFA5604713D7C369663F0
            Filesize

            727B

            MD5

            3e939416a4c47389d4d4bf9b0a6e9c3c

            SHA1

            81e958f529346e18a8750542d9edaff8af5c4448

            SHA256

            681bf1bf34ec2e21e17fa104037d219a8fa2893da362aba0de3e433efb03369f

            SHA512

            b4443c29562c3bd26abefa02196c4e23fcea93e3c0a88190de29451f14889260e7884f2b03a8128efcaecd1be5b512cdefae16aa6e4f8716b6b1e97b6629f275

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
            Filesize

            727B

            MD5

            a00f73fcb3a5f7280d12e12c60ac2222

            SHA1

            1ef58c9ae73d1600f5d3e0ebd5a4eeab1fe7a331

            SHA256

            802e13fdf6fbbf9a0edae48ae0e5a12e0ea28942f3a1c864785781c4eec6a932

            SHA512

            fa55080eec654f0877133447866665d054f0dc5bfd7e0c03b014d4d1da7afa3d1f9ccb07072af7d479715f9ddc9f38d35d9135d62e94c6f1482e2dc1b56964fc

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
            Filesize

            400B

            MD5

            c989bdb20ba4a59b279d7b5341d8b38f

            SHA1

            f427516a40f1162ea06a640615053b35479fda55

            SHA256

            c9974683642e8283e0e063e02d5a2b76184d7f9da0aabbf5a87904705507c6c0

            SHA512

            5321f96182e2bc63829245b27dc0c1a5d5a3f6a4412a3ff114a79d9e928e9e6f5323c5591324227a0634b22c755f93e7221c4b2185ab8d829153a8e067c89ba2

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_9395020BE4ACFA5604713D7C369663F0
            Filesize

            404B

            MD5

            6c11ba3ee60072d241ed89fd124dc163

            SHA1

            1d97050a99638f956e46de67df42bcee85384edd

            SHA256

            d6fb8f95a9e1a4c0eb59019c6bed1c8c33851946b01fd363036bffb23e549a7d

            SHA512

            e60160fe1caf4b97452f3acbb6d18dda34aed39fd4eea16c6f4712d7f8f325f393cdcf594b225ed826ada97927c2a88e04ac4f73921117c9d334f2f46596342f

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
            Filesize

            412B

            MD5

            a325738753fc1095d418c4de22782d0e

            SHA1

            6b5670aa311e72e5134e5aad47d644132e87ab50

            SHA256

            9a83caaaea37b4c2c65f8c8888ecd0cbb25f00d7bea245e6f09bd33e35df589b

            SHA512

            43265210f82962d6cc4d79a1bbeb1ebd0d5ee2e8bdf0a0429818831f6e5560a6b8f16c5eb251a318ac89890dd02f0334fe731b2e2af791ba62db0eda4963673f

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_304\PrepareDlgProgress.gif
            Filesize

            24KB

            MD5

            f550f449baed1315c7965bd826c2510b

            SHA1

            772e6e82765dcfda319a68380981d77b83a3ab1b

            SHA256

            0ee7650c7faf97126ddbc7d21812e093af4f2317f3edcff16d2d6137d3c0544d

            SHA512

            7608140bc2d83f509a2afdaacd394d0aa5a6f7816e96c11f4218e815c3aaabf9fc95dd3b3a44b165334772ebdab7dfa585833850db09442743e56b8e505f6a09

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_304\ProgressImage.png
            Filesize

            173B

            MD5

            6bbc544a9fa50b6dc9cd6c31f841548e

            SHA1

            e63ffd2dd50865c41c564b00f75f11bd8c384b90

            SHA256

            728c6cc4230e5e5b6fdf152f4b9b11ac4d104fa57a39668edea8665527c3bcc2

            SHA512

            2cf43d3a3f2e88805824e4c322832af21c4c49d5309387aa731ddbea8cc280a6049cab4526e20b1c87c39c8781168c5ff80083c94becf0984b94593b89ab77f8

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_304\applogoicon
            Filesize

            19KB

            MD5

            af7ad9a40809c0d00004383c656c3692

            SHA1

            898b75659e67e7e1dcc9e028ba92b9888ce53bac

            SHA256

            83bfdb826d2d753f31b12c1d0a62e36d96004dc32038ae85d9006ca578612b60

            SHA512

            b325313982285754cdfdc61b165d1968ddd0437a1c0bb46d35c04be03e3444a3d189baded903eb91806552d26c1544d0576d2f8ea754ea4776054cb237bfcad5

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_304\backbutton
            Filesize

            404B

            MD5

            50e27244df2b1690728e8252088a253c

            SHA1

            b84ad02fd0ed3cb933ffbd123614a2495810442b

            SHA256

            71836c56ec4765d858dc756541123e44680f98da255faf1ece7b83d79809b1c3

            SHA512

            ba3d3535bfd2f17919e1a99e89fdb1c9a83507ff3c2846c62770e210a50aee1281445d510858d247cc9619861089aaf20f45b0b7c39f15c0ea039ac5498fa03e

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_304\backgroundprepare
            Filesize

            134B

            MD5

            a0efb0e7b9cee25b09e09a1a64e96ba6

            SHA1

            0c1e18f6f5e6e5e6953e9fb99ca60fdec35d6e39

            SHA256

            f044f542bc46464054084c63596877f06c6e2c215c0e954c4ace9787ced82787

            SHA512

            7e53f9f564aaa529b3b15035671957c2923ec98ddee93758ea7a4c8645ee9058962078771b853e3490290fde1f57030dff5092d40d69418776ffee89f79c8a7c

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_304\browsebutton
            Filesize

            253B

            MD5

            9554be0be090a59013222261971430ad

            SHA1

            9e307b13b4480d0e18cfb1c667f7cfe6c62cc97c

            SHA256

            f4302ee2090bc7d7a27c4bc970af6eb61c050f14f0876541a8d2f32bc41b9bab

            SHA512

            ac316f784994da4fed7deb43fe785258223aba5f43cc5532f3e7b874adc0bc6dbcd8e95e631703606dfaa2c40be2e2bb6fa5bc0a6217efe657e74531654ea71c

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_304\checkbox
            Filesize

            1KB

            MD5

            0b044ccde7aa9d86e02a94030d744ac2

            SHA1

            0594ebb3737536703907ba5672ccd351c6afb98a

            SHA256

            bce5b6de3a1c7af7ec14b6643da25f7c9e15bd5f1c4a38abfcddc70a5e93bdd3

            SHA512

            dbfba793722589f1a76dbc75c9a2f3646733e4a079a6b70003716a7f7b8fa1a6a2b234ec9132f5737e91d20d460db1e29826b2d7ac740f73136975f19e336cd8

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_304\frame_bottom_left.bmp
            Filesize

            66B

            MD5

            1fb3755fe9676fca35b8d3c6a8e80b45

            SHA1

            7c60375472c2757650afbe045c1c97059ca66884

            SHA256

            384ebd5800becadf3bd9014686e6cc09344f75ce426e966d788eb5473b28aa21

            SHA512

            dee9db50320a27de65581c20d9e6cf429921ebee9d4e1190c044cc6063d217ca89f5667dc0d93faf7dcc2d931fe4e85c025c6f71c1651cbd2d12a43f915932c3

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_304\frame_bottom_left_inactive.bmp
            Filesize

            66B

            MD5

            821930553ef406b0c82d9420d3351c78

            SHA1

            8511c65f0048f8f30797a13b3d7d8264c314cbd4

            SHA256

            d5e9f3533cb7d727611aafaa5af22fa07efeaec0391a011ecf9803bed867de7a

            SHA512

            9d55bb01e40bb411321e60fbb1e60748a7243392456030d81f853448af0af75e27ef87455ad1eebf96af754e803aabd1a82f0653deda52832769f5b74171d9cf

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_304\frame_bottom_mid.bmp
            Filesize

            66B

            MD5

            71fa2730c42ae45c8b373053cc504731

            SHA1

            ef523fc56f6566fbc41c7d51d29943e6be976d5e

            SHA256

            205209facdebf400319dbcb1020f0545d7564b9415c47497528593e344795afd

            SHA512

            ea4415619720cc1d9fb1bb89a14903bfd1471b89f9c4847df4839084aae573d49b4969d3799ad30ff25b71f6e31f8d9f30701e1240d3cd6a063819c04873f21f

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_304\frame_caption.bmp
            Filesize

            206B

            MD5

            8641f45594b8d413bf1da25ce59f1207

            SHA1

            afebb23f5a55d304d028ca9942526b3649cddb52

            SHA256

            0403ed31d75dcc182dd98f2b603da4c36b6325e9d159cac4371e1448244bb707

            SHA512

            86a5f959f8462f866466dc706d3ae627b1fb019b8a33ee7fe48e3b69f92bf33dc0f1417c0d5116552b25b488bcb5d9050a33773e6883ebe08410267d95b2353a

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_304\frame_left.bmp
            Filesize

            66B

            MD5

            30384472ae83ff8a7336b987292d8349

            SHA1

            85d3e6cffe47f5a0a4e1a87ac9da729537783cd0

            SHA256

            f545ec56bc9b690a6b952471669a8316e18274d64e2ebc9e365fcf44363a125a

            SHA512

            7611f930a0a1089cc5004203ec128c916f0c2aedae3a6fcc2eaffa8cd004dcbf154714e401947921a06896ca77c77daec7f9bda82369aacd3bb666f8a0331963

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_304\frame_left_inactive.bmp
            Filesize

            66B

            MD5

            4b84f29fbce81aab5af97a311d0e51e2

            SHA1

            60723cf4b91c139661db5ecb0964deca1fc196ea

            SHA256

            c93be5a7c979c534274fc1a965d26c126efa5d58c14066b14937e5aba3b9eb55

            SHA512

            775eadccc44fddbd1e0d4231bc90d222f0a9749199e1963449ad20285ea92941a5685cdc12c0cd8c0ef0a21e10bdacaf139e5c69cd5e402cc110679323c23df1

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_304\frame_top_left.bmp
            Filesize

            154B

            MD5

            1966f4308086a013b8837dddf88f67ad

            SHA1

            1b66c1b1ad519cad2a273e2e5b2cfd77b8e3a190

            SHA256

            17b5cd496d98db14e7c9757e38892883c7b378407e1f136889a9921abe040741

            SHA512

            ec50f92b77bca5117a9a262ba1951e37d6139b838099e1546ab2716c7bafb0fc542ce7f1993a19591c832384df01b722d87bb5a6a010091fc880de6e5cfa6c17

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_304\frame_top_mid.bmp
            Filesize

            66B

            MD5

            4e0ac65606b6aacd85e11c470ceb4e54

            SHA1

            3f321e3bbde641b7733b806b9ef262243fb8af3b

            SHA256

            1d59fe11b3f1951c104f279c1338fc307940268971d016ebe929a9998a5038ee

            SHA512

            7b28bcb4e76af3b863a7c3390b6cd3316c4631434e1d1e2df8d6e0eb9987a61a4f1a24de59567394e346d45e332403a0817ed0b0b64d7a624dbe48e30db9bb64

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_304\metrobuttonimage
            Filesize

            404B

            MD5

            17368ff7073a6c7c2949d9a8eb743729

            SHA1

            d770cd409cf1a95908d26a51be8c646cace83e4c

            SHA256

            16e6e7662f3a204061c18090a64a8679f10bc408be802abd2c7c0e9fe865cbb4

            SHA512

            cbc3a378335f131d0146e5fe40cea38a741a0754a26304daebfda6f82c394cf0e151654782c6c8c7bbf7c354fcb72a2c66a77a87df528c2a3fa87c88f204059d

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_304\metroinstallbutton
            Filesize

            520B

            MD5

            70db38d656afa3778dcf6173d390e61b

            SHA1

            8b8674d6d70d67943d313d2b74222daa4bd1691d

            SHA256

            3a0a5b69f9da7cae9fc631326ed8aa97abbaaecf2bf15d0a73169a29f3381e83

            SHA512

            8888ab493c7342f69b33279eaec4f99c41a906929d65503c48c7059d199fbab267ba9ad6ef6e57a7a56d2a321c01e46008f770afe67fa99ec7b7676ec2376c05

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_304\metrorunapplicationbutton
            Filesize

            3KB

            MD5

            49ad8e9164fd6facb8a8bfd6f62972b8

            SHA1

            e23605df242772a047d6d3543aaa72241066abb9

            SHA256

            914a0241a557591dfdcf3ed1ef0e557ceb153f32c716c53d13342dc5318bbb79

            SHA512

            843359888242b97b12185954fe6f04bbe8ed14c71f101a79d4863ccdca7d1b03b4e1f0c6cacf26f87a91c5eacb0d4571481bca81a0c3dfd8add475310a6269f2

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_304\nextcancelbuttons
            Filesize

            404B

            MD5

            583580e2c651f5c230fb3235b7ca0e3b

            SHA1

            a9bd6aeef43a6f4c0c00d1ecd98a585d7eb0aaa3

            SHA256

            65172283ee04f2fa18d0e57b21471be2e68017d1f61816aaaa6be070b446346f

            SHA512

            6c61e6c06c883113a7a0efbd352120354c070f5c17d770b6b821c42cb9d9ca895992842b29b51bd3e569b0c95e93709dd7c1c2a26bcff0ad425079f5302670ce

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_304\runapplicationbutton
            Filesize

            18KB

            MD5

            f5a120b564fc7823d1c269b7a6e70473

            SHA1

            1b85466c12f83b7872214f787390614df50eaddb

            SHA256

            c178ed81de4aa8b049efcf0670c10cf2043a51c6be1144ee95d09c1c2afd6087

            SHA512

            96d285759f8a8c5d17d7cac4ef224995dfa09554a3687c7f34e63651888c98a9c60095cd1a71c82030781ff6e7d58b7d49068bd9f53126ff7b775579d3368ace

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_304\sys_close_down.png
            Filesize

            273B

            MD5

            f6a5e71e9cbe8d3654a2cdf91aae98fa

            SHA1

            8871a1ae25cff6c5a3e6288a58fc5f4d7a92409d

            SHA256

            4801d63bd9bdc6279765ba785b0da9e10730764a9c3645934a46c691547c0612

            SHA512

            1b3146dfdef9c46123f27fa355790036f296d600bb10fbad12363c71c8e3a840863512f4a581daa18ffabb3ec5a3720a6337c4bac54be8b9b49d161b9459a1c9

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_304\sys_close_hot.png
            Filesize

            276B

            MD5

            17242d201d004bb34449aab0428d2df1

            SHA1

            77a332c6a6c4bfc47a2120203cfeabb8a2268a6b

            SHA256

            15405855866fa2b7c60afbc8ba720aae8f2ba7fb60bfa641dc9d10361e56f033

            SHA512

            605a97e2614c664417d53263be21c67b1504a46ee61b92b0a84ac18a7baab05eb56b72d4cf27372ae6c157928080ba16e24081e95458eb122ba18f3722c2d21f

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_304\sys_close_normal.png
            Filesize

            225B

            MD5

            8ba33e929eb0c016036968b6f137c5fa

            SHA1

            b563d786bddd6f1c30924da25b71891696346e15

            SHA256

            bbcac1632131b21d40c80ff9e14156d36366d2e7bb05eed584e9d448497152d5

            SHA512

            ba3a70757bd0db308e689a56e2f359c4356c5a7dd9e2831f4162ea04381d4bbdbef6335d97a2c55f588c7172e1c2ebf7a3bd481d30871f05e61eea17246a958e

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_304\sys_min_down.png
            Filesize

            205B

            MD5

            5e947815d865acf099fa753283e09179

            SHA1

            7d98046d20a73439c53044e0ebb5f0b34afaeea9

            SHA256

            c1d0663131fe901d890cdd9f18af8f9a553bee4848cbd978f5122e8383b5534b

            SHA512

            b22e31c37d84128b271c5e5a70fdce90a3bbc02059d1bd032841b3383dbeeca56ec9abe6335453abc8ded1de84e6fcafb648d76d4dcc79246339e9a5eb6d5270

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_304\sys_min_hot.png
            Filesize

            180B

            MD5

            1a883668b735248518bfc4eefd248113

            SHA1

            1112803a0558a1ad049d1cac6b8a9d626b582606

            SHA256

            bcbb601daa5a139419f3cd0f6084615574c41b837426ebff561b7846dfec038e

            SHA512

            d321878ed517544c815fd0236bdff6fcb6da5c5c3658338afba646f1d8f2e246c6c880d4f592ff574a18f9efdf160e5772bbf876fb207c8fd25c1f9dd9ddfd04

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_304\sys_min_inactive.png
            Filesize

            175B

            MD5

            a2c4802002bb61994faabda60334a695

            SHA1

            0a2b6b0ceb09425080c5ba4b9cbdef533cf69eba

            SHA256

            a3b59dbc5a39d551455ff838e71b5820560ca3484c6411b9d69df33d8113619c

            SHA512

            34e130edc650c3de6020f2d2b5dc1404b7aee0105eb7e315c15c5aa61398d174377e9b6a2aecc55f79f54c04812b8745c6739a201539e291538979e6b024da31

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_304\sys_min_normal.png
            Filesize

            238B

            MD5

            516172d0ebf941237cef32fcee8cdf43

            SHA1

            6bee117996c16c7413be876dfc15978d14813091

            SHA256

            56e64eaf6349ece08005e6f7299de413ed00112d53518215d90690be2b2a4f1a

            SHA512

            46477a58aa7e9eeae29e1c1d826bf045422709b7c8f428985c617b366012c58121d4404523a75efe77fc6d8e061a6bb209743d0a2af81545898f51c8855728ec

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_304\viewreadmebutton
            Filesize

            2KB

            MD5

            c288a7a350a1a5a5eee9ada36cb6011c

            SHA1

            d1174e488d08dc4ab9bba3fd7653724d5553898f

            SHA256

            030e5bb7b7fff395c38433516cf96988939cb794d9d62d550d7eab9cef7d2b2e

            SHA512

            dc7f9486699b4eb4b8295590112b540ed619c2b956948eec3b72fe86226740f43392dd1898d5f27d553e775351c527ac316f4606389b92bedfc996845649a859

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\EXE1139.bat
            Filesize

            450B

            MD5

            6693284db53e625fe2d660b04a0735da

            SHA1

            4e3db1aa524c8f741164819e6a6e7a7638d68799

            SHA256

            0c6befda688c6e518b07fdca66dd23a54ba266be90a2a6619760446e469a823a

            SHA512

            d4074e1b495431b89749b72fcbb6bf24526d42b5d4fd2292d992fce25f28e54365709d55377495ad258c9a0e6882dee1ea180129288fa15a535f6dd7a09b9a70

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\EXE11B7.bat
            Filesize

            450B

            MD5

            f951f6d4a03163dd837ee21851e5df8e

            SHA1

            89522e69f67f768b8b8645638ea5e8733cd3eb58

            SHA256

            85c2aa8c79ef6e0da8ae698a0ee42f4a9c7237868ec45e7ed87d180da332d7cb

            SHA512

            a9ad3518b0b36deed05ff5f538aaa71fb4222e0e618a80a22d19aaf2cc3f3219647c6b5c812959562ca619221b12bcd6c7ffafe91e90246f5905c20bf1281c3b

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\MSIEB27.tmp
            Filesize

            379KB

            MD5

            647145b1074e24a0c2bf8998917a8a90

            SHA1

            0c863b05a5599b2c1dd0645e086cda4a9f2fb954

            SHA256

            91933aae899e769f6aa29a3640bf8151e70192aa5d416195b9c69041301101e1

            SHA512

            f991cda750d4b57c847076f16bf267f1aee503cdacac3732fe0ea1ac685a6424722be61e184fe9c0006c0008387c723ea5ef5ca3a1e638dd47aa609549e8d3a3

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\is-C3RVT.tmp\DragonFrame 5 Search & Patch Activation.tmp
            Filesize

            754KB

            MD5

            d8467ca1f529c6c6decb1b82dbaed1df

            SHA1

            a4a21c366a4f4331e13bada80682a117c9d17be2

            SHA256

            d12e8487b5941b9552e2ad2f742938cff407cb80825ad4dbb1b54de2c706ce81

            SHA512

            03a519849743a7f71ae2974b4d5d08ceba8555f06ff8c64a4a99749bbef99d59f40effc34f3f8afbb56d8370c1171a5f5ba5de4d0ca830bfb28b16c5e6956257

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\shi17C4.tmp
            Filesize

            3.2MB

            MD5

            032bb369103dac02606fb919f6658f3c

            SHA1

            60b39428ab3493aab7babf3a1c5f2a951ae853bd

            SHA256

            daa61c42d53be45c7709a0b0f66a51a0a47ca84eab787e0627f6da255c96ddff

            SHA512

            0f1fb9bb34e699ee6d4a1dc58f99514fb1df81ad0cf37b3ffe938295a70d832a5702cec3df16d30d400c77014d09228e6d02d3e65d5d6d0f1c5e34f39d55e313

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\shi9E2A.tmp
            Filesize

            94KB

            MD5

            6e34fc4a713c3fbd88e47ac188d2540d

            SHA1

            1877a17da406d147566168c56aac1eb576782b37

            SHA256

            d8faf8ebf360ed0b3b1a43877a04863f7e044b3d19b641d88737e0829d683b36

            SHA512

            848a1d9602210d7da0f6e4d7817af08dc02baac7eccf1cfaadaf3a24b55e1316e77c40672a6a1195797e525f448817e534ae200e99cdf548ee64a7996fbcec4f

            Download Submit

          • C:\Users\Admin\AppData\Roaming\DZED Systems LLC\Dragonframe 5 5.1.3\install\setup.aiui
            Filesize

            2.0MB

            MD5

            232e5d86304d91a543fff37d497157a9

            SHA1

            0de25029e979048a8103a4be3bfe54437a61bc90

            SHA256

            57e791b514c9ac2ecb205bd422b770d94e1868a67a7141c75c834230237e5409

            SHA512

            89c018e197cb15b1e730be916f4d8c09c55c3ef1a3a4c883181a03f8dbfa302b4be476ee1433e6606aeecf6be7b248a2ebc247877b771a798d12c8d0eeab6432

            Download Submit

          • C:\Users\Admin\AppData\Roaming\DZED Systems LLC\Dragonframe 5 5.1.3\install\setup.msi
            Filesize

            2.1MB

            MD5

            4db5c8cb9a85dc1b54d17940f62edb4d

            SHA1

            491130ef186fe0bb1fdb1e1e1dda53bf87bbc768

            SHA256

            d33a7141479b90f5acb952ccfd144c71f2b81f38ed27eae1d388f2e1b948aeff

            SHA512

            1ff034c11d6516678a133f856c8e296e289d297a829e22609d6f097925442e4d18150f84d97be3b1d9a4742c750d34b6b05546e70560e9a1b7018eaab82600d4

            Download Submit

          • \??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2
            Filesize

            26.0MB

            MD5

            6bdb7068bb97efe7ee5c09a9591bf5cd

            SHA1

            06d781da78ddacfdc670ac1775b31f9df530716a

            SHA256

            39e5ea3708003d4373dc5addae28176430d47ff81ada89b43ee84338d56cc1d3

            SHA512

            9cbeb687a1752dfa378cb835a334be544862f1f58579e37d4031d78d56d03740ef5b149c3c84f040ffb45520254fc860fc2264da25e73d226c9b716f17f77186

            Download Submit

          • \??\Volume{4f38e779-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{79f8e855-513b-4c2d-a408-1cc931d932c2}_OnDiskSnapshotProp
            Filesize

            5KB

            MD5

            82f1432a97a691128c115221f1ed5998

            SHA1

            5c235b146a9e069d42c9b9336ce5d2b356472987

            SHA256

            2cf268f7a90c16c0fe9bde421168617592a286e7fe2bb7f1279b67895b4e05ba

            SHA512

            8b5bf8a90f8faa28fb62e373e3f1726dc7f1446ece5d588833a599b8275b7be0a375cce95e10c0717c924332b9a6bc17c37664961a9228b557d752f84674743f

            Download Submit

          • \Users\Admin\AppData\Local\Temp\MSIF30E.tmp
            Filesize

            535KB

            MD5

            1b194025c161371d3bcb9b5919278620

            SHA1

            af9edebc182d96e361140670751dd2f7756d92ad

            SHA256

            7aec9b8db15c991f780cd3542b149fc1399118371ccd3bd14341a0c47bf63486

            SHA512

            22ae4a6c80b346d440911f51193c3d456b03db1a26df78d2e7a7f51f6aae52892867c4f03b5bc96a73d7372519f73a60f088c2100cf80a69540b865fe0bf924a

            Download Submit

          • memory/780-1211-0x0000000000400000-0x0000000000422000-memory.dmp

            Filesize

            136KB

            Download

          • memory/780-1200-0x0000000000400000-0x0000000000422000-memory.dmp

            Filesize

            136KB

            Download

          • memory/924-1228-0x0000000000400000-0x0000000000422000-memory.dmp

            Filesize

            136KB

            Download

          • memory/924-1216-0x0000000000400000-0x0000000000422000-memory.dmp

            Filesize

            136KB

            Download

          • memory/1632-1252-0x0000000000400000-0x00000000004CC000-memory.dmp

            Filesize

            816KB

            Download

          • memory/1632-1212-0x0000000000400000-0x00000000004CC000-memory.dmp

            Filesize

            816KB

            Download

          • memory/2084-1196-0x0000000000400000-0x00000000004CC000-memory.dmp

            Filesize

            816KB

            Download

          • memory/2084-1194-0x0000000000400000-0x00000000004CC000-memory.dmp

            Filesize

            816KB

            Download

          • memory/2084-1210-0x0000000000400000-0x00000000004CC000-memory.dmp

            Filesize

            816KB

            Download

          • memory/2084-1175-0x0000000000400000-0x00000000004CC000-memory.dmp

            Filesize

            816KB

            Download

          • memory/2084-1173-0x0000000000400000-0x00000000004CC000-memory.dmp

            Filesize

            816KB

            Download

          • memory/2252-1172-0x0000000000400000-0x0000000000422000-memory.dmp

            Filesize

            136KB

            Download

          • memory/2252-1164-0x0000000000400000-0x0000000000422000-memory.dmp

            Filesize

            136KB

            Download

          • memory/2568-1235-0x00007FFF89FB0000-0x00007FFF8A1E0000-memory.dmp

            Filesize

            2.2MB

            Download

          • memory/3148-1229-0x0000000000400000-0x00000000004CC000-memory.dmp

            Filesize

            816KB

            Download

          • memory/3148-1239-0x0000000000400000-0x00000000004CC000-memory.dmp

            Filesize

            816KB

            Download

          • memory/3148-1247-0x0000000000400000-0x00000000004CC000-memory.dmp

            Filesize

            816KB

            Download

          • memory/3148-1253-0x0000000000400000-0x00000000004CC000-memory.dmp

            Filesize

            816KB

            Download