139c45fee905d4cb0d38140d76d4e954cde6ca22e78735cf996ad1eb45d0d4db

Analysis

max time kernel
152s
max time network
169s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
26/08/2024, 04:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

aicoin-latestx64.exe
Size

156.8MB
MD5

45933925afe12e9bc47661200085818b
SHA1

29d1c227b3a30fc7b3a9d6d5a8fc249b2c1d4094
SHA256

139c45fee905d4cb0d38140d76d4e954cde6ca22e78735cf996ad1eb45d0d4db
SHA512

e179a59c0f3ff3ac89dfbf8fd62deb660067dcb794a64ad101296c3eb59309b0ba4776c223a6d1747de218bbe16ae97a7c8d6c69b3bbcd33361c074ac4817c7e
SSDEEP

3145728:MblbdMCCtZIoxx0aC7Gum+p6rLsVr2yBDLJhzqjD4g/BbvL/SxDvBbjp:6lZCYov0aC7nzsr4VvOP4ub7SxDvpp

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Control Panel\International\Geo\Nation	AICoin.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Control Panel\International\Geo\Nation	AICoin.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Control Panel\International\Geo\Nation	AICoin.exe

Executes dropped EXE 9 IoCs

pid	Process
2704	aicoin-latestx64.tmp
864	WdsUnattend.exe
2868	AICoin.exe
2916	AICoin.exe
1992	AICoin.exe
328	AICoin.exe
2212	AICoin.exe
2728	AICoin.exe
2844	AICoin.exe

Loads dropped DLL 35 IoCs

pid	Process
1360	aicoin-latestx64.exe
2704	aicoin-latestx64.tmp
2704	aicoin-latestx64.tmp
2704	aicoin-latestx64.tmp
2704	aicoin-latestx64.tmp
864	WdsUnattend.exe
864	WdsUnattend.exe
2868	AICoin.exe
2908	WerFault.exe
2908	WerFault.exe
2908	WerFault.exe
2908	WerFault.exe
2908	WerFault.exe
2908	WerFault.exe
2868	AICoin.exe
2868	AICoin.exe
2916	AICoin.exe
2908	WerFault.exe
2868	AICoin.exe
1992	AICoin.exe
1992	AICoin.exe
1992	AICoin.exe
1992	AICoin.exe
328	AICoin.exe
2212	AICoin.exe
2728	AICoin.exe
2728	AICoin.exe
2728	AICoin.exe
2728	AICoin.exe
2728	AICoin.exe
2728	AICoin.exe
2728	AICoin.exe
2728	AICoin.exe
2728	AICoin.exe
2844	AICoin.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2908	864	WerFault.exe	31

System Location Discovery: System Language Discovery 1 TTPs 11 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WdsUnattend.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AICoin.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AICoin.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AICoin.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	aicoin-latestx64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	aicoin-latestx64.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AICoin.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AICoin.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AICoin.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AICoin.exe

Checks processor information in registry 2 TTPs 7 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	AICoin.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz	AICoin.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString	AICoin.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2	AICoin.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AICoin.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AICoin.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	AICoin.exe

Modifies registry class 7 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000_CLASSES\aicoin	AICoin.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000_CLASSES\aicoin\URL Protocol	AICoin.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000_CLASSES\aicoin\ = "URL:aicoin"	AICoin.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000_CLASSES\aicoin\shell\open\command	AICoin.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000_CLASSES\aicoin\shell	AICoin.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000_CLASSES\aicoin\shell\open	AICoin.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000_CLASSES\aicoin\shell\open\command\ = "\"C:\\AICoin2.11.2.3 1BTGYesw3\\AICoin.exe\" \"--protocol-launcher\" \"%1\""	AICoin.exe

Modifies system certificate store 2 TTPs 4 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 040000000100000010000000497904b0eb8719ac47b0bc11519b74d00f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030853000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c00b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	AICoin.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349	AICoin.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030853000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c00b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	AICoin.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f00000053000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	AICoin.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2704	aicoin-latestx64.tmp
2704	aicoin-latestx64.tmp

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2868	AICoin.exe
Token: SeShutdownPrivilege	2868	AICoin.exe
Token: SeShutdownPrivilege	2868	AICoin.exe
Token: SeShutdownPrivilege	2868	AICoin.exe
Token: SeShutdownPrivilege	2868	AICoin.exe
Token: SeShutdownPrivilege	2868	AICoin.exe
Token: SeShutdownPrivilege	2868	AICoin.exe
Token: SeShutdownPrivilege	2868	AICoin.exe
Token: SeShutdownPrivilege	2868	AICoin.exe
Token: SeShutdownPrivilege	2868	AICoin.exe
Token: SeShutdownPrivilege	2868	AICoin.exe
Token: SeShutdownPrivilege	2868	AICoin.exe
Token: SeShutdownPrivilege	2868	AICoin.exe
Token: SeShutdownPrivilege	2868	AICoin.exe
Token: SeShutdownPrivilege	2868	AICoin.exe
Token: SeShutdownPrivilege	2868	AICoin.exe
Token: SeShutdownPrivilege	2868	AICoin.exe
Token: SeShutdownPrivilege	2868	AICoin.exe
Token: SeShutdownPrivilege	2868	AICoin.exe
Token: SeShutdownPrivilege	2868	AICoin.exe
Token: SeShutdownPrivilege	2868	AICoin.exe
Token: SeShutdownPrivilege	2868	AICoin.exe
Token: SeShutdownPrivilege	2868	AICoin.exe
Token: SeShutdownPrivilege	2868	AICoin.exe
Token: SeShutdownPrivilege	2868	AICoin.exe
Token: SeShutdownPrivilege	2868	AICoin.exe
Token: SeShutdownPrivilege	2868	AICoin.exe
Token: SeShutdownPrivilege	2868	AICoin.exe
Token: SeShutdownPrivilege	2868	AICoin.exe
Token: SeShutdownPrivilege	2868	AICoin.exe
Token: SeShutdownPrivilege	2868	AICoin.exe
Token: SeShutdownPrivilege	2868	AICoin.exe
Token: SeShutdownPrivilege	2868	AICoin.exe
Token: SeShutdownPrivilege	2868	AICoin.exe
Token: SeShutdownPrivilege	2868	AICoin.exe
Token: SeShutdownPrivilege	2868	AICoin.exe
Token: SeShutdownPrivilege	2868	AICoin.exe
Token: SeShutdownPrivilege	2868	AICoin.exe
Token: SeShutdownPrivilege	2868	AICoin.exe
Token: SeShutdownPrivilege	2868	AICoin.exe
Token: SeShutdownPrivilege	2868	AICoin.exe
Token: SeShutdownPrivilege	2868	AICoin.exe
Token: SeShutdownPrivilege	2868	AICoin.exe
Token: SeShutdownPrivilege	2868	AICoin.exe
Token: SeShutdownPrivilege	2868	AICoin.exe
Token: SeShutdownPrivilege	2868	AICoin.exe
Token: SeShutdownPrivilege	2868	AICoin.exe
Token: SeShutdownPrivilege	2868	AICoin.exe
Token: SeShutdownPrivilege	2868	AICoin.exe
Token: SeShutdownPrivilege	2868	AICoin.exe
Token: SeShutdownPrivilege	2868	AICoin.exe
Token: SeShutdownPrivilege	2868	AICoin.exe
Token: SeShutdownPrivilege	2868	AICoin.exe
Token: SeShutdownPrivilege	2868	AICoin.exe
Token: SeShutdownPrivilege	2868	AICoin.exe
Token: SeShutdownPrivilege	2868	AICoin.exe
Token: SeShutdownPrivilege	2868	AICoin.exe
Token: SeShutdownPrivilege	2868	AICoin.exe
Token: SeShutdownPrivilege	2868	AICoin.exe
Token: SeShutdownPrivilege	2868	AICoin.exe
Token: SeShutdownPrivilege	2868	AICoin.exe
Token: SeShutdownPrivilege	2868	AICoin.exe
Token: SeShutdownPrivilege	2868	AICoin.exe
Token: SeShutdownPrivilege	2868	AICoin.exe

Suspicious use of FindShellTrayWindow 9 IoCs

pid	Process
2704	aicoin-latestx64.tmp
2868	AICoin.exe
2868	AICoin.exe
2868	AICoin.exe
2868	AICoin.exe
2868	AICoin.exe
2868	AICoin.exe
2868	AICoin.exe
2868	AICoin.exe

Suspicious use of SendNotifyMessage 7 IoCs

pid	Process
2868	AICoin.exe
2868	AICoin.exe
2868	AICoin.exe
2868	AICoin.exe
2868	AICoin.exe
2868	AICoin.exe
2868	AICoin.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1360 wrote to memory of 2704	1360	aicoin-latestx64.exe	29
PID 1360 wrote to memory of 2704	1360	aicoin-latestx64.exe	29
PID 1360 wrote to memory of 2704	1360	aicoin-latestx64.exe	29
PID 1360 wrote to memory of 2704	1360	aicoin-latestx64.exe	29
PID 1360 wrote to memory of 2704	1360	aicoin-latestx64.exe	29
PID 1360 wrote to memory of 2704	1360	aicoin-latestx64.exe	29
PID 1360 wrote to memory of 2704	1360	aicoin-latestx64.exe	29
PID 2704 wrote to memory of 864	2704	aicoin-latestx64.tmp	31
PID 2704 wrote to memory of 864	2704	aicoin-latestx64.tmp	31
PID 2704 wrote to memory of 864	2704	aicoin-latestx64.tmp	31
PID 2704 wrote to memory of 864	2704	aicoin-latestx64.tmp	31
PID 864 wrote to memory of 2868	864	WdsUnattend.exe	32
PID 864 wrote to memory of 2868	864	WdsUnattend.exe	32
PID 864 wrote to memory of 2868	864	WdsUnattend.exe	32
PID 864 wrote to memory of 2868	864	WdsUnattend.exe	32
PID 864 wrote to memory of 2908	864	WdsUnattend.exe	33
PID 864 wrote to memory of 2908	864	WdsUnattend.exe	33
PID 864 wrote to memory of 2908	864	WdsUnattend.exe	33
PID 864 wrote to memory of 2908	864	WdsUnattend.exe	33
PID 2868 wrote to memory of 2916	2868	AICoin.exe	34
PID 2868 wrote to memory of 2916	2868	AICoin.exe	34
PID 2868 wrote to memory of 2916	2868	AICoin.exe	34
PID 2868 wrote to memory of 2916	2868	AICoin.exe	34
PID 2868 wrote to memory of 2652	2868	AICoin.exe	35
PID 2868 wrote to memory of 2652	2868	AICoin.exe	35
PID 2868 wrote to memory of 2652	2868	AICoin.exe	35
PID 2868 wrote to memory of 2652	2868	AICoin.exe	35
PID 2652 wrote to memory of 1924	2652	cmd.exe	37
PID 2652 wrote to memory of 1924	2652	cmd.exe	37
PID 2652 wrote to memory of 1924	2652	cmd.exe	37
PID 2652 wrote to memory of 1924	2652	cmd.exe	37
PID 1924 wrote to memory of 2604	1924	cmd.exe	38
PID 1924 wrote to memory of 2604	1924	cmd.exe	38
PID 1924 wrote to memory of 2604	1924	cmd.exe	38
PID 2868 wrote to memory of 1992	2868	AICoin.exe	39
PID 2868 wrote to memory of 1992	2868	AICoin.exe	39
PID 2868 wrote to memory of 1992	2868	AICoin.exe	39
PID 2868 wrote to memory of 1992	2868	AICoin.exe	39
PID 2868 wrote to memory of 1992	2868	AICoin.exe	39
PID 2868 wrote to memory of 1992	2868	AICoin.exe	39
PID 2868 wrote to memory of 1992	2868	AICoin.exe	39
PID 2868 wrote to memory of 1992	2868	AICoin.exe	39
PID 2868 wrote to memory of 1992	2868	AICoin.exe	39
PID 2868 wrote to memory of 1992	2868	AICoin.exe	39
PID 2868 wrote to memory of 1992	2868	AICoin.exe	39
PID 2868 wrote to memory of 1992	2868	AICoin.exe	39
PID 2868 wrote to memory of 1992	2868	AICoin.exe	39
PID 2868 wrote to memory of 1992	2868	AICoin.exe	39
PID 2868 wrote to memory of 1992	2868	AICoin.exe	39
PID 2868 wrote to memory of 1992	2868	AICoin.exe	39
PID 2868 wrote to memory of 1992	2868	AICoin.exe	39
PID 2868 wrote to memory of 1992	2868	AICoin.exe	39
PID 2868 wrote to memory of 1992	2868	AICoin.exe	39
PID 2868 wrote to memory of 1992	2868	AICoin.exe	39
PID 2868 wrote to memory of 1992	2868	AICoin.exe	39
PID 2868 wrote to memory of 1992	2868	AICoin.exe	39
PID 2868 wrote to memory of 1992	2868	AICoin.exe	39
PID 2868 wrote to memory of 1992	2868	AICoin.exe	39
PID 2868 wrote to memory of 1992	2868	AICoin.exe	39
PID 2868 wrote to memory of 1992	2868	AICoin.exe	39
PID 2868 wrote to memory of 1992	2868	AICoin.exe	39
PID 2868 wrote to memory of 1992	2868	AICoin.exe	39
PID 2868 wrote to memory of 1992	2868	AICoin.exe	39
PID 2868 wrote to memory of 1992	2868	AICoin.exe	39

C:\Users\Admin\AppData\Local\Temp\aicoin-latestx64.exe
"C:\Users\Admin\AppData\Local\Temp\aicoin-latestx64.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1360
- C:\Users\Admin\AppData\Local\Temp\is-187B1.tmp\aicoin-latestx64.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-187B1.tmp\aicoin-latestx64.tmp" /SL5="$40212,163510429,737280,C:\Users\Admin\AppData\Local\Temp\aicoin-latestx64.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:2704
- - C:\AICoin2.11.2.3 1BTGYesw3\aicoin\WdsUnattend.exe
    "C:\AICoin2.11.2.3 1BTGYesw3\aicoin\WdsUnattend.exe" IcgkWIN
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:864
  - - C:\AICoin2.11.2.3 1BTGYesw3\AICoin.exe
      "C:\AICoin2.11.2.3 1BTGYesw3\AICoin.exe"
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Checks processor information in registry
      Modifies registry class
      Modifies system certificate store
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of WriteProcessMemory
      PID:2868
    - - C:\AICoin2.11.2.3 1BTGYesw3\AICoin.exe
        
        "C:\AICoin2.11.2.3 1BTGYesw3\AICoin.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\aicoin /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\aicoin\Crashpad --url=https://f.a.k/e --annotation=_productName=aicoin --annotation=_version=2.10.5 --annotation=plat=Win32 --annotation=prod=Electron --annotation=ver=22.3.27 --initial-client-data=0x304,0x308,0x30c,0x2fc,0x310,0x903ed38,0x903ed48,0x903ed54
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:2916
    - - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /d /s /c "%windir%\sysnative\cmd.exe /c %windir%\System32\REG.exe QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:2652
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\sysnative\cmd.exe /c C:\Windows\System32\REG.exe QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid
        6⤵
        Suspicious use of WriteProcessMemory
        
        PID:1924
        
        C:\Windows\System32\reg.exe
        
        C:\Windows\System32\REG.exe QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid
        7⤵
        
        PID:2604
    - - C:\AICoin2.11.2.3 1BTGYesw3\AICoin.exe
        
        "C:\AICoin2.11.2.3 1BTGYesw3\AICoin.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\aicoin" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1036 --field-trial-handle=1160,i,10068991182537579372,6684536950950089325,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:1992
    - - C:\AICoin2.11.2.3 1BTGYesw3\AICoin.exe
        
        "C:\AICoin2.11.2.3 1BTGYesw3\AICoin.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --ignore-certificate-errors --ignore-certificate-errors --user-data-dir="C:\Users\Admin\AppData\Roaming\aicoin" --standard-schemes --secure-schemes --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --service-worker-schemes --streaming-schemes --mojo-platform-channel-handle=624 --field-trial-handle=1160,i,10068991182537579372,6684536950950089325,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:328
    - - C:\AICoin2.11.2.3 1BTGYesw3\AICoin.exe
        
        "C:\AICoin2.11.2.3 1BTGYesw3\AICoin.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\aicoin" --standard-schemes --secure-schemes --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --service-worker-schemes --streaming-schemes --app-user-model-id=com.aicoin.desktop --app-path="C:\AICoin2.11.2.3 1BTGYesw3\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=1536 --field-trial-handle=1160,i,10068991182537579372,6684536950950089325,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
        5⤵
        Checks computer location settings
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:2212
    - - C:\AICoin2.11.2.3 1BTGYesw3\AICoin.exe
        
        "C:\AICoin2.11.2.3 1BTGYesw3\AICoin.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\aicoin" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1344 --field-trial-handle=1160,i,10068991182537579372,6684536950950089325,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:2728
    - - C:\AICoin2.11.2.3 1BTGYesw3\AICoin.exe
        
        "C:\AICoin2.11.2.3 1BTGYesw3\AICoin.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\aicoin" --standard-schemes --secure-schemes --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --service-worker-schemes --streaming-schemes --app-user-model-id=com.aicoin.desktop --app-path="C:\AICoin2.11.2.3 1BTGYesw3\resources\app.asar" --enable-sandbox --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2504 --field-trial-handle=1160,i,10068991182537579372,6684536950950089325,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
        5⤵
        Checks computer location settings
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:2844
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 864 -s 388
      4⤵
      Loads dropped DLL
      Program crash
      PID:2908

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\AICoin2.11.2.3 1BTGYesw3\D3DCompiler_47.dll

Filesize
3.9MB

MD5
ab3be0c427c6e405fad496db1545bd61

SHA1
76012f31db8618624bc8b563698b2669365e49cb

SHA256
827d12e4ed62520b663078bbf26f95dfd106526e66048cf75b5c9612b2fb7ce6

SHA512
d1dc2ec77c770c5da99e688d799f88b1e585f8dcf63e6876e237fe7fce6e23b528e6a5ef94ffc68283c60ae4e465ff19d3fd6f2fae5de4504b5479d68cbc4dba

Download Submit
C:\AICoin2.11.2.3 1BTGYesw3\aicoin\CKeyboardH.dll

Filesize
5.4MB

MD5
7a8d9d83a7974b83a3ef0c86ecb47bed

SHA1
ecbc53e0244e86fab58cd902ea9321f929a9ab8e

SHA256
39600f06373a6878422f1cc97a4c054c404dafca9466a7dc4b7104f00bd7e80b

SHA512
465b2b5aefe1b9940b6e12350bca00fc864955e01e1791309e0fee4d5e0f04b3aa04f4b833ee578df6eed32fe8eca744614e3833dbf3e2dc59da4f8e19a2ebdc

Download Submit
C:\AICoin2.11.2.3 1BTGYesw3\chrome_100_percent.pak

Filesize
126KB

MD5
d31f3439e2a3f7bee4ddd26f46a2b83f

SHA1
c5a26f86eb119ae364c5bf707bebed7e871fc214

SHA256
9f79f46ca911543ead096a5ee28a34bf1fbe56ec9ba956032a6a2892b254857e

SHA512
aa27c97bf5581eb3f5e88f112df8bfb6a5283ce44eb13fbc41855008f84fb5b111dfe0616c310c3642b7f8ac99623d7c217aecc353f54f4d8f7042840099abc5

Download Submit
C:\AICoin2.11.2.3 1BTGYesw3\chrome_200_percent.pak

Filesize
175KB

MD5
5604b67e3f03ab2741f910a250c91137

SHA1
a4bb15ac7914c22575f1051a29c448f215fe027f

SHA256
1408387e87cb5308530def6ce57bdc4e0abbbaa9e70f687fd6c3a02a56a0536c

SHA512
5e6f875068792e862b1fc8bb7b340ac0f1f4c51e53e50be81a5af8575ca3591f4e7eb9239890178b17c5a8ff4ebb23719190d7db0bd8a9aa6dcb4308ffa9a34d

Download Submit
C:\AICoin2.11.2.3 1BTGYesw3\icudtl.dat

Filesize
10.0MB

MD5
76bef9b8bb32e1e54fe1054c97b84a10

SHA1
05dfea2a3afeda799ab01bb7fbce628cacd596f4

SHA256
97b978a19edd4746e9a44d9a44bb4bc519e127a203c247837ec0922f573449e3

SHA512
7330df8129e7a0b7b3655498b2593321595ec29445ea193c8f473c593590f5701eb7125ff6e5cde970c54765f9565fa51c2c54af6e2127f582ab45efa7a3a0f6

Download Submit
C:\AICoin2.11.2.3 1BTGYesw3\locales\en-US.pak

Filesize
313KB

MD5
3f6f4b2c2f24e3893882cdaa1ccfe1a3

SHA1
b021cca30e774e0b91ee21b5beb030fea646098f

SHA256
bb165eaa51456b52fcbdf7639ee727280e335a1f6b4cfb91afc45222895b564f

SHA512
bd80ddaa87f41cde20527ff34817d98605f11b30a291e129478712ebebe47956dbd49a317d3eeb223adf736c34750b59b68ad9d646c661474ad69866d5a53c5c

Download Submit
C:\AICoin2.11.2.3 1BTGYesw3\resources.pak

Filesize
5.1MB

MD5
f5ab76d2b17459b5288b6269b0925890

SHA1
75be4046f33919340014a88815f415beb454a641

SHA256
4f29587bcd952de1dbc0b98df0aa506bd9fcf447e6a7258c5eb7e9eb780e6d6c

SHA512
6ec6a08418743adb5e20218b73169be4f45f5458592219497c3718e620e37871876788937418f1341e0023c1137f9cac715e6bb941f4690febdda993b072feab

Download Submit
C:\AICoin2.11.2.3 1BTGYesw3\resources\app.asar.unpacked\node_modules\@aicoin\cryptaddon\build\Release\Aicoin_Crypt_Addon.node

Filesize
584KB

MD5
f382df566c4c39c7009f5a6c71ba1046

SHA1
26744f7c85bca2a66de0e6782c09acb46ad20adf

SHA256
24d7fa23ca538107059ca988688c27e174122c24cceb3f9f45731b3a193fb2c8

SHA512
aa4ca433f48c5d414a6db450c46d6faa48d59194505a6abfa4eeb7f85122bb35956874ba0c6c67d59b20d2b84fdeacaa9c7226894b19568273fb03c0a4b52d05

Download Submit
C:\AICoin2.11.2.3 1BTGYesw3\resources\app.asar.unpacked\node_modules\better-sqlite3-multiple-ciphers\build\Release\better_sqlite3.node

Filesize
2.3MB

MD5
ced6ee32a2c8932815eb81d59b3d7590

SHA1
f624f13f0a049d5f989ad7205fa8586527185381

SHA256
b15ad765f47986cdc3a020707f4ec8c24e2c741c9f5913770251c3678ffde180

SHA512
a44705c3709aae38cdcc7255cf21fde3eba272c2355ab6447b5823bc0a7467b14ea2a88b29d680e8880a333016f6a8fc698e41890255d7aed4f4a44f4362c39b

Download Submit
C:\AICoin2.11.2.3 1BTGYesw3\resources\app.asar.unpacked\node_modules\keytar\build\Release\keytar.node

Filesize
528KB

MD5
12ec9fff67594ce2b3611ee2ae43cfe0

SHA1
e35352fd4fd46a8591d9dd41a163f4b2aa0b5bc4

SHA256
c19fa9a13590e85b15db5bfab4b31505027eac5eaa4a1d1a10c8e8ed3e5849b4

SHA512
bd4410a5f86a24bee3262fcd504b1b55276bdf4d3c4663a26d9e5406968a7ef4152547e4e645055ae7c9bfd224270953cf1e0f84a6be6b541e18d3db1c197a30

Download Submit
C:\AICoin2.11.2.3 1BTGYesw3\v8_context_snapshot.bin

Filesize
585KB

MD5
b32cbc4a5ff34f441e8e0c264aa61849

SHA1
435d88a3e50ff85b6030c4c6e8918161fa340201

SHA256
4f72c7b625b64d38f819a970cfff5921ff4080e27de84b00b9a7cf8be15277c5

SHA512
7c13eedfab9fba821d5a26e5ba81444a84b48aff13a7cd508c03f7ea113997c2edf7126e5547e16fb3e98a942f0070a5d597c25971afbde92b46125085b57b4e

Download Submit
C:\AICoin2.11.2.3 1BTGYesw3\vk_swiftshader_icd.json

Filesize
106B

MD5
8642dd3a87e2de6e991fae08458e302b

SHA1
9c06735c31cec00600fd763a92f8112d085bd12a

SHA256
32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9

SHA512
f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

Download Submit
C:\Users\Admin\AppData\Local\Temp\646af9e1-d156-4dfa-9ee6-79dbeafa8f46.tmp.ico

Filesize
74KB

MD5
91d440a08e8cf72938c42c7eaeb0ce2a

SHA1
43855c111c696588ca0b8c28d5d4956a58b14566

SHA256
7c8ce62bd44899ee889d025c2dda07bde3824aa1326dfdf50bdafdef7c83cbad

SHA512
2861fb0325f8c1acef0ce2328cb30b56d2d840ffd4ee68e4c00bd8ea7f4109b209e89572d201f25a8cbd97df82fb5792ad67da3c3d63cbe50527a59265047174

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab6BEF.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-4P4DN.tmp\background_finish.png

Filesize
145KB

MD5
825b89655e28d2b63e79ab3c7e5149ef

SHA1
1b3785bdd7c56206f58fe2df0f0aca559294b498

SHA256
68bf9818fcd2fca56379a467815a322ebf836d98e06e432a366d4e7cedafb658

SHA512
40a2ece65eef2c2cff2c75fa280e2c41666a83bcc0e5cb8d3a04797e86b7154b9c894433823e6650b2fd0234b43ec736f9a6f7fc2ea1d94b3adb664f405176f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-4P4DN.tmp\background_installing.png

Filesize
176KB

MD5
d61bec7dff9508f385ad11ea6c3b83f7

SHA1
70c91c4e917842d245069dbc9843de7489b8f143

SHA256
d3a38c6f063ac100700dc65efd1b36b1730ef7f8786bc1008bd2e6d5e1ebaca4

SHA512
643addb428af5ed0beb850c381be9329cf909d10ba0495f8d1cffb444c37894808d6962baf124c1cc625ada34b23774ca7739d75d70c1a341b184d298c567aa0

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-4P4DN.tmp\background_messagebox.png

Filesize
4KB

MD5
d1a4f5ba76b7e7a702f13fbd9bbb76c7

SHA1
2c8e3fbf70f0a89a833c3607fface79a9072d324

SHA256
bcd3b5b4f4fb5a956a6ad14236567dcb1117b621713c50483433d7af1011e724

SHA512
6afc8c206f4cc9969bcc4ba373f05742ea318733891a145ef580f4116170c9fcab4479d8955e58f23d3cf445fdc9ed5eceabd086ce2324fc751f5bbb89d9d578

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-4P4DN.tmp\background_welcome.png

Filesize
150KB

MD5
cae707bd9eb5abfd065c6d5145549cee

SHA1
e47ce3d703beb58366cc3075bc858f3ba5f103e8

SHA256
2f7ba5736572a75b3ba53667e232fc28c77950cde0db5962dad8e389ace34140

SHA512
a9932287d5be67f359279f9438beb4e2e5cfde417a82c69f674e2aa82f6a08efe3cf6feeac49c0a3f20508ee3eee72350e23b999c0f1fb28576f928b993e1788

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-4P4DN.tmp\button_browse.png

Filesize
13KB

MD5
d724d25b757d8f203cd6777da8cd17a8

SHA1
51ac4866ba5550c73512a05fa4cccf36beb05a61

SHA256
78114fdef066f771aa842a682f0e71deb06b98a1b065689611814ba165460fc0

SHA512
183b1eccbf901f21ef992df79024b6bd2fa49e5e6599298ddeed9dfdb647d58a6407b519f5eeebc9a2c4eb6c9afb12e80ee5f3233d8ad7f8145496d569737fb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-4P4DN.tmp\button_cancel.png

Filesize
6KB

MD5
fb8e04322eee99db624e395d969dbc59

SHA1
4ac99299b54c657c0d40679fc6e4f3840638ca58

SHA256
e5a6d0c5f16ca8bebd882dfac1b77336b477ea22f7b22bde72580824dd2d94e9

SHA512
90020fe26f252e4277235eed8f91da5754373f0fdcde0cff6c7bcf8ece5c2ee66c952ef884a69664fe412c55ea9cae1933fad1a0d9c626bdd836e6a177cef0b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-4P4DN.tmp\button_close.png

Filesize
3KB

MD5
2b29884a02b398ef5b3d4cb2db1e5c34

SHA1
a8f7e6525378b22185a0bd3010d1b86fca1a9c2f

SHA256
789e0fd796fa36c23f053acc85dbcc1c03035f93b92cce76840811d8b898b025

SHA512
9093d8c0910118c3dbc1170b183738530fd7bdace1d0e7f839fcee701a807de17d9c1da5d2b9da06ac7ec9b0c89db99f3461c4ae5c553a52c22cfb413ee41883

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-4P4DN.tmp\button_customize_setup.png

Filesize
10KB

MD5
9fd5cf39cb1d65a7dd9fc7396fc03550

SHA1
41179665031dc8031197ee7450fc49b3efba052f

SHA256
adf67d4817b7061ef2ceb74375e1216908df908b4da839a70c275c66f4130193

SHA512
a951745de5fe3925add368eeaf57e6e67a7fa021df2289a3e6b64313890f60fc1a7e5aee49fa489cf268b63cad27c0d78daee1679a518aab4b25bcb9c8498a77

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-4P4DN.tmp\button_finish.png

Filesize
15KB

MD5
ad97fd4c6b284c686ad23f3212d7389c

SHA1
4e82f8151a7b58f7a9afa8d6f6db97684c78c2a9

SHA256
411caa8d2b27c64c092d0e673e4ae06fdef0d7d50e31dfb1b3b3f51d38cc2253

SHA512
cff27c4b705ac0bd44cc58d58496d54477da8bbc9ed6b4ad1ff5c05940654c1ad35be8d8ef6f136f5e9e96789b9ed62a2b0c83daef28c18f3224ea5a368ed86d

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-4P4DN.tmp\button_license.png

Filesize
11KB

MD5
410c7780e6700028ab373f9efe75f728

SHA1
4c6eb2e50b83e2bc8f58aa0b643a549028b16603

SHA256
16f20688f713c3bee746bd0d745f843c99f6c360f71b44aa5713f9d5fae2cf75

SHA512
0e63f245dc8e8799376b3f7e33da5a2f40e3788b7e1541e07e8e171b91c6e4dd0a0f9bca0a02cd6d4e34618bcc112bea29d2d99e19e44aac3a8ad5029e9ef790

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-4P4DN.tmp\button_minimize.png

Filesize
3KB

MD5
53377fd010771582b62621793237d97c

SHA1
7028bce353330e3fc2cfe0e3c94a9cb7c1f116e7

SHA256
7967738a3a3bd46f2c128eb9d66183c93dbb56cf51e08aa439162f999fc952a1

SHA512
a62a7813d60429b7532797f53878acac02975bd13524c496626219180f498033127870659cc96f4fecbcd67976140b904443e93d3a193d149027906f5dcb15d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-4P4DN.tmp\button_ok.png

Filesize
6KB

MD5
558e7219fc377b63365513c4e017cf24

SHA1
ac508857ab9657abc0f731ff09712bbafadd1f0b

SHA256
43818ff077e39e82519171f9525ba3be84e584252d42946733a07a3f39455466

SHA512
dfdec62bf1e1cf0f6f0eb9c825e75bcf1d7eacb7925acf8b4e19fd4f382cb95e8e01c14fde3cc58c9e47d26b296c34dfb469c42d1aa67670ad511a3698ee31f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-4P4DN.tmp\button_setup_or_next.png

Filesize
16KB

MD5
f759680e272b5fc9e60738b7dbbbc623

SHA1
defcdd008ddb3a3d5e4da4824f6114649c2e2c23

SHA256
ea9a1ac0057cf97ff422d306526ea3d73345673bd82f4fdffc2c4313fdb74b31

SHA512
cb2dc79e28edeaaa415653165e23c21236a6535bec6737349d5e9af69e5f92531d1c7da9ff55df10a09bc7731ab15fd4385d6436e78dd7a00792a0848c54eac8

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-4P4DN.tmp\button_uncustomize_setup.png

Filesize
10KB

MD5
aa5886c0e8b173955df656efbcbc00d4

SHA1
a05b410e756d4b2b6c30a448a55777691c55b2dd

SHA256
7b4577498af66c8f3b2e69f65a36306395826fbfd21c8e8b227ab760c793b5d1

SHA512
15d74e888d5490478da9b5e429509cb864fdbc7ac0ad368353b5043fd07923e2d7ead94907ccb458b84f19022d8be1def8bed5c58866d20181206792be7b49a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-4P4DN.tmp\checkbox_RunApp.png

Filesize
18KB

MD5
d940cc6ffe0711645658760a85fd7205

SHA1
34d0bece8d647c23cf22d736ab5d07c0514ffabe

SHA256
87ebac7c4c2120f7e12be062da1c225c7b180aabc2682a6be3ae18f3cdd5198c

SHA512
a89197a2b18bdc9955b11fe2fce449c5ff6c5cd2d6f53af75c9a0494018a6fc59ef7f1bec2c494520970967606a79072e77853d6d0c76393de50d684a54b3614

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-4P4DN.tmp\checkbox_license.png

Filesize
27KB

MD5
e1ca6a42984d8b7ededb48a3f7133791

SHA1
b1c13e402f939ac9f00a795482a6f4b80b27a5bd

SHA256
023cca5e5bbab5aed27e5290d91a14573a0178d8cfaac73d402221c78c5f013d

SHA512
80a93ae1ffc67593faa28c8043135d92b6cc4bddc830a285c2e176c09450b391b4189e9bb060fb93002c236e69f4c48a247946b8169bb97c6b3f42ee07e45d14

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-4P4DN.tmp\progressbar_background.png

Filesize
283B

MD5
04dca3926efaa3851fd98aecb4315ef8

SHA1
8d431629c573a370df73741ad010463af635b8bd

SHA256
648c2e85e064672bb47b3750215470e1b7ea3e4217f777c6faa35446d449b4cf

SHA512
a54930c6a019236eb2ef3b38fe214f5a57645ca58c5896dd702256254279842413c9f4c7e8d60418f270a94f80ca7246a5d3a433503048ebd07ef7d5ddd774c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-4P4DN.tmp\progressbar_foreground.png

Filesize
286B

MD5
2205f8b79ffdd37af080e444c424e513

SHA1
95294bf76c00cf8677119a204046182887c0ec8d

SHA256
d2ce48f668bfeee1500c9aaafba2cfbc8ee7c3c34ec2afec3140aa1d5ff22b57

SHA512
1be8de0c734e96bd81664b74c40cc1e174c9cad93ed3a6af403be3f32c227faeaee02398108e3a87a7a56cbfac963f996de2bc9495024f47715ecc3dbeca7c83

Download Submit
C:\Users\Admin\AppData\Roaming\aicoin\5a4fa20f-ffa3-4924-beb0-e3e497cc4617.tmp

Filesize
57B

MD5
58127c59cb9e1da127904c341d15372b

SHA1
62445484661d8036ce9788baeaba31d204e9a5fc

SHA256
be4b8924ab38e8acf350e6e3b9f1f63a1a94952d8002759acd6946c4d5d0b5de

SHA512
8d1815b277a93ad590ff79b6f52c576cf920c38c4353c24193f707d66884c942f39ff3989530055d2fade540ade243b41b6eb03cd0cc361c3b5d514cca28b50a

Download Submit
C:\Users\Admin\AppData\Roaming\aicoin\DawnCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Roaming\aicoin\DawnCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Roaming\aicoin\DawnCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Roaming\aicoin\Local Storage\leveldb\CURRENT~RFf7961cf.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Roaming\aicoin\common.db

Filesize
52KB

MD5
521df5bb5591701e6ad3afbe23724608

SHA1
92d7b6e466b17b363f043f99e8f754a24a251bf9

SHA256
11571a9f380b6e5e6d62db1d6239b1819622804a904e7a5be322981df98a3faf

SHA512
29af76941d7098ed161704ed4cea62fcfb3426f2c9d1f0744ad5d1c8376039a651cea9ed058a9e7dad71b49d6cdc4b94f1e585665a0ab32b4f727d20239e9b58

Download Submit
C:\Users\Admin\AppData\Roaming\aicoin\en-US-10-1.bdic

Filesize
441KB

MD5
4604e676a0a7d18770853919e24ec465

SHA1
415ef3b2ca0851e00ebaf0d6c9f6213c561ac98f

SHA256
a075b01d9b015c616511a9e87da77da3d9881621db32f584e4606ddabf1c1100

SHA512
3d89c21f20772a8bebdb70b29c42fca2f6bffcda49dff9d5644f3f3910b7c710a5c20154a7af5134c9c7a8624a1251b5e56ced9351d87463f31bed8188eb0774

Download Submit
C:\Users\Admin\AppData\Roaming\aicoin\sentry\scope_v2.json

Filesize
5KB

MD5
6d9778e8f4e3f534a9175b7956ba84b7

SHA1
5b9a0bb07ddef60ccf2df81f5eca186e0f2e84e8

SHA256
e52c9221163fce569fd9f0add1f497c80c03447227a590714159fec420c68c09

SHA512
79d3e284edd837c9c84a2151f6529252b7a69b8e2f489d5a053111d0b1102324617ebf95a682519ddba5929826e95ffb77a713f8acadde5f2ea57cb5e1582cb2

Download Submit
\AICoin2.11.2.3 1BTGYesw3\aicoin\WdsUnattend.exe

Filesize
34KB

MD5
dde4e4e601e8b0e7d1621167b709adb4

SHA1
cf152fff93d8bfc7bcde44e41954a36600c4c599

SHA256
53a5ebfe5356da897d550be1017f0c7334d8d9971288abf1398661e288cd983a

SHA512
f9b561ea64f374fa3548a09e26a00ea07baa2fd2d328ebc3668e793c4ebd6c44e8f66f04634a8e3f87b6888f60cc4eb663d073f4384a49b8a435dcc56a6ac8a4

Download Submit
\AICoin2.11.2.3 1BTGYesw3\ffmpeg.dll

Filesize
2.4MB

MD5
c921230b4bbe802f0d797db79d0009b9

SHA1
dd852ce1f82b2daadfb85efa9c53e3264e1d401e

SHA256
02a6d001e6dd944738e09b720e49dcb1272cb782b870e5ae319d4600bc192225

SHA512
6acdda7d638609ffa1989e50dde5a51436ae3d98e036b24ffc2c3f08bc0d39e91a5a2ea427063645f3141f06e7c272ca45fd41333d6770f8402651489a0f6da7

Download Submit
\AICoin2.11.2.3 1BTGYesw3\libEGL.dll

Filesize
375KB

MD5
51cc9f3891cfe33e095f901c8e5f121d

SHA1
03ac95d250969e65a3ede7a29c3e5425ccdd9fe1

SHA256
961aff31cab097ebb973a32140c4f87c415734412771cf1fdfe24ddc675b54c2

SHA512
3351898af8c75afa8df3f300416bc9d40f4ead90ea947876140ec54a015fafd149427a9dfb5b7c8239ae229839edd786561a5a73ffe37f29758946fd18730039

Download Submit
\AICoin2.11.2.3 1BTGYesw3\libGLESv2.dll

Filesize
6.4MB

MD5
fb74e837a2ebbf59afeb09106644a9ab

SHA1
55225fcc692aa332f698960c3dc1140d791d1fa1

SHA256
e6ab5fc601d0d230c989d2f481b37c259a0a1fffb7fb841b7099a5e966f0088a

SHA512
585e464de076d6d2560288fe9430004430effb0599134bfb30fabb7bad3cdccff9458d21d17f580823a308cd6472f36d1f1ce6a04e568ba6dcca2e68fd39d63f

Download Submit
\AICoin2.11.2.3 1BTGYesw3\vk_swiftshader.dll

Filesize
4.3MB

MD5
ad00a712203b9dfb702d886e43d215e6

SHA1
1921d4d14b5ac0a669f69cd852a41eba8377a434

SHA256
01742049534047b956328b9a0ca57f720e957edb684a6a0d70acc992e2b684fc

SHA512
f4672dce073c940fe3b9f9687fc9a195b5d0a6e51bb92c91047775be244ce95a2c743947eb05299d77cb3c8b914821984bb98182bc9afdc35e3963148f5562e0

Download Submit
\AICoin2.11.2.3 1BTGYesw3\vulkan-1.dll

Filesize
774KB

MD5
c5292c08876926143ef404b3e638c314

SHA1
aa4917507da1bd71d0671c449af9e2e081295c90

SHA256
84c7f070e59f3b0bce2d32d4f2e6c7e03fb5d30f82a99c4edd8a251c9a3c0e74

SHA512
9e4d8f89de130d20ac7fcc34e3e8914320bed5d0ca61156a80a8d9bc66882e6f6a19012106e949ecda8e515203a605ad56e19ec0d4c0f73cfbab5f40c5746763

Download Submit
\Users\Admin\AppData\Local\Temp\is-187B1.tmp\aicoin-latestx64.tmp

Filesize
2.9MB

MD5
31b29a985a7707be48569762d4dbee24

SHA1
0527b91be37a258bded61820fcbcd2636ea07702

SHA256
ac7c3ff21ebbc2f4543c3d6770e84c14da42a457ee455dd982902fcf38dacae4

SHA512
79a7a76ed7687ea48f431a71e6c111e8b80b5726fc24b89ab8df5e6833b4bf8267af5f2a2fe17f0f67e8d2e42ffd1a1e39afa2285eafbb7fbb3bd93884ad057e

Download Submit
\Users\Admin\AppData\Local\Temp\is-4P4DN.tmp\_isetup\_isdecmp.dll

Filesize
28KB

MD5
077cb4461a2767383b317eb0c50f5f13

SHA1
584e64f1d162398b7f377ce55a6b5740379c4282

SHA256
8287d0e287a66ee78537c8d1d98e426562b95c50f569b92cea9ce36a9fa57e64

SHA512
b1fcb0265697561ef497e6a60fcee99dc5ea0cf02b4010da9f5ed93bce88bdfea6bfe823a017487b8059158464ea29636aad8e5f9dd1e8b8a1b6eaaab670e547

Download Submit
\Users\Admin\AppData\Local\Temp\is-4P4DN.tmp\botva2.dll

Filesize
37KB

MD5
67965a5957a61867d661f05ae1f4773e

SHA1
f14c0a4f154dc685bb7c65b2d804a02a0fb2360d

SHA256
450b9b0ba25bf068afbc2b23d252585a19e282939bf38326384ea9112dfd0105

SHA512
c6942818b9026dc5db2d62999d32cf99fe7289f79a28b8345af17acf9d13b2229a5e917a48ff1f6d59715bdbcb00c1625e0302abcfe10ca7e0475762e0a3f41b

Download Submit
\Users\Admin\AppData\Local\Temp\is-4P4DN.tmp\innocallback.dll

Filesize
63KB

MD5
1c55ae5ef9980e3b1028447da6105c75

SHA1
f85218e10e6aa23b2f5a3ed512895b437e41b45c

SHA256
6afa2d104be6efe3d9a2ab96dbb75db31565dad64dd0b791e402ecc25529809f

SHA512
1ec4d52f49747b29cfd83e1a75fc6ae4101add68ada0b9add5770c10be6dffb004bb47d0854d50871ed8d77acf67d4e0445e97f0548a95c182e83b94ddf2eb6b

Download Submit
memory/864-393-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/864-364-0x0000000001DF0000-0x000000000235A000-memory.dmp

Filesize
5.4MB

Download
memory/864-394-0x0000000001DF0000-0x000000000235A000-memory.dmp

Filesize
5.4MB

Download
memory/1360-367-0x0000000000400000-0x00000000004C2000-memory.dmp

Filesize
776KB

Download
memory/1360-2-0x0000000000401000-0x00000000004A9000-memory.dmp

Filesize
672KB

Download
memory/1360-0-0x0000000000400000-0x00000000004C2000-memory.dmp

Filesize
776KB

Download
memory/1360-261-0x0000000000400000-0x00000000004C2000-memory.dmp

Filesize
776KB

Download
memory/1992-406-0x00000000001B0000-0x00000000001B1000-memory.dmp

Filesize
4KB

Download
memory/2704-267-0x0000000000400000-0x00000000006F5000-memory.dmp

Filesize
3.0MB

Download
memory/2704-63-0x0000000003660000-0x0000000003675000-memory.dmp

Filesize
84KB

Download
memory/2704-263-0x00000000033C0000-0x00000000033CF000-memory.dmp

Filesize
60KB

Download
memory/2704-262-0x0000000000400000-0x00000000006F5000-memory.dmp

Filesize
3.0MB

Download
memory/2704-8-0x0000000000400000-0x00000000006F5000-memory.dmp

Filesize
3.0MB

Download
memory/2704-365-0x0000000000400000-0x00000000006F5000-memory.dmp

Filesize
3.0MB

Download
memory/2704-56-0x00000000033C0000-0x00000000033CF000-memory.dmp

Filesize
60KB

Download
memory/2704-264-0x0000000003660000-0x0000000003675000-memory.dmp

Filesize
84KB

Download