hxxps://drive[.]google[.]com/file/d/1jCrCS9_HdasaQNv8QCZlNwg7x7aQ8TxY/view?usp=drive_link

Analysis

max time kernel
313s
max time network
204s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
21-10-2024 18:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1jCrCS9_HdasaQNv8QCZlNwg7x7aQ8TxY/view?usp=drive_link

Score

7^/10

discovery evasion

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
4836	EA.exe
4920	SSFileHandler.exe
3508	EA.exe

Identifies Wine through registry keys 2 TTPs 2 IoCs

Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Software\Wine	EA.exe
Key opened	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Software\Wine\Debug	msiexec.exe

Loads dropped DLL 49 IoCs

pid	Process
2112	MsiExec.exe
2680	MsiExec.exe
2212	MsiExec.exe
4288	MsiExec.exe
656	MsiExec.exe
4836	EA.exe
4836	EA.exe
4836	EA.exe
4836	EA.exe
4836	EA.exe
4836	EA.exe
4836	EA.exe
4836	EA.exe
4836	EA.exe
4836	EA.exe
4836	EA.exe
4836	EA.exe
4836	EA.exe
4836	EA.exe
4836	EA.exe
4836	EA.exe
4836	EA.exe
4836	EA.exe
4836	EA.exe
4836	EA.exe
4836	EA.exe
3508	EA.exe
3508	EA.exe
3508	EA.exe
3508	EA.exe
3508	EA.exe
3508	EA.exe
3508	EA.exe
3508	EA.exe
3508	EA.exe
3508	EA.exe
3508	EA.exe
3508	EA.exe
3508	EA.exe
3508	EA.exe
3508	EA.exe
3508	EA.exe
3508	EA.exe
3508	EA.exe
3508	EA.exe
3508	EA.exe
3508	EA.exe
3508	EA.exe
3508	EA.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
8	drive.google.com
12	drive.google.com

Drops file in System32 directory 6 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\MSJINT35.DLL	msiexec.exe
File created	C:\Windows\SysWOW64\MSJTER35.DLL	msiexec.exe
File created	C:\Windows\SysWOW64\MSREPL35.DLL	msiexec.exe
File created	C:\Windows\SysWOW64\VBAR332.DLL	msiexec.exe
File created	C:\Windows\SysWOW64\mfc42loc.dll	msiexec.exe
File created	C:\Windows\SysWOW64\MSJET35.DLL	msiexec.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs

pid	Process
4836	EA.exe
3508	EA.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Sparx Systems\EA Trial\ModelPatterns\dyn-stocks-javascript.rtf	msiexec.exe
File created	C:\Program Files (x86)\Sparx Systems\EA Trial\ModelPatterns\bk3.0-lessons-learned.rtf	msiexec.exe
File created	C:\Program Files (x86)\Sparx Systems\EA Trial\Scripts\JScript\JScript - Project Browser Multi Selection Example.js	msiexec.exe
File created	C:\Program Files (x86)\Sparx Systems\EA Trial\TechnologyPatterns\AWS_EC2InstanceContentsGroup.xml	msiexec.exe
File created	C:\Program Files (x86)\Sparx Systems\EA Trial\ModelPatterns\bk3.0-solution-recommendation.rtf	msiexec.exe
File created	C:\Program Files (x86)\Sparx Systems\EA Trial\ModelPatterns\sf2.1-conceptual-bus-association.xml	msiexec.exe
File created	C:\Program Files (x86)\Sparx Systems\EA Trial\InternalTechnologies\Ex_DataModeling.xml	msiexec.exe
File created	C:\Program Files (x86)\Sparx Systems\EA Trial\ModelPatterns\procg-adding_metamodel_rules.rtf	msiexec.exe
File created	C:\Program Files (x86)\Sparx Systems\EA Trial\ModelPatterns\um2.5-basic-class-diagram-with-roles.xml	msiexec.exe
File created	C:\Program Files (x86)\Sparx Systems\EA Trial\Scripts\VBScript\VBScript - Recursive Element Count Example.vbs	msiexec.exe
File created	C:\Program Files (x86)\Sparx Systems\EA Trial\Config\Workspace Layouts\Right Orientation\1 Core\Basic Diagramming.eaworkspace	msiexec.exe
File created	C:\Program Files (x86)\Sparx Systems\EA Trial\ModelPatterns\procg-input_from_dialog.rtf	msiexec.exe
File created	C:\Program Files (x86)\Sparx Systems\EA Trial\TechnologyPatterns\Win32UI_BasicDialog.xml	msiexec.exe
File created	C:\Program Files (x86)\Sparx Systems\EA Trial\Code Samples\C#_Sample\Form1.cs	msiexec.exe
File created	C:\Program Files (x86)\Sparx Systems\EA Trial\ModelPatterns\de1.0-ingres-model-structure.rtf	msiexec.exe
File created	C:\Program Files (x86)\Sparx Systems\EA Trial\ssceca2.clx	msiexec.exe
File created	C:\Program Files (x86)\Sparx Systems\EA Trial\Code Samples\VEA\Microsoft Native\CityLoop\Lock.h	msiexec.exe
File created	C:\Program Files (x86)\Sparx Systems\EA Trial\DocTemplates\Report Templates\Project Management Report.xml	msiexec.exe
File created	C:\Program Files (x86)\Sparx Systems\EA Trial\ModelPatterns\bk3.0-decision-analysis-with-decision-table.rtf	msiexec.exe
File created	C:\Program Files (x86)\Sparx Systems\EA Trial\ModelPatterns\ua1.0-standard-taxonomy-sd-tx.xml	msiexec.exe
File created	C:\Program Files (x86)\Sparx Systems\EA Trial\ModelPatterns\bk3.0-business-analysis-approach.xml	msiexec.exe
File created	C:\Program Files (x86)\Sparx Systems\EA Trial\InternalTechnologies\SoaML_tech.xml	msiexec.exe
File created	C:\Program Files (x86)\Sparx Systems\EA Trial\ModelPatterns\to9.1-catalogs.xml	msiexec.exe
File created	C:\Program Files (x86)\Sparx Systems\EA Trial\Config\light.properties	msiexec.exe
File created	C:\Program Files (x86)\Sparx Systems\EA Trial\ModelPatterns\bs1.0-bpmn-integrate-with-dmn-delivery-cost.xml	msiexec.exe
File created	C:\Program Files (x86)\Sparx Systems\EA Trial\ModelPatterns\sysml_pvt.rtf	msiexec.exe
File created	C:\Program Files (x86)\Sparx Systems\EA Trial\Code Samples\VEA\Java\Collector\samples\Collection.java	msiexec.exe
File created	C:\Program Files (x86)\Sparx Systems\EA Trial\ModelPatterns\aws-instance.rtf	msiexec.exe
File created	C:\Program Files (x86)\Sparx Systems\EA Trial\ModelPatterns\scr_fontcolortest.rtf	msiexec.exe
File created	C:\Program Files (x86)\Sparx Systems\EA Trial\TechnologyPatterns\Google_TensorFlow.xml	msiexec.exe
File created	C:\Program Files (x86)\Sparx Systems\EA Trial\ModelPatterns\um2.5-domain-model.xml	msiexec.exe
File created	C:\Program Files (x86)\Sparx Systems\EA Trial\UML.DTD	msiexec.exe
File created	C:\Program Files (x86)\Sparx Systems\EA Trial\TechnologyPatterns\BABOK_OrganizationChart.xml	msiexec.exe
File created	C:\Program Files (x86)\Sparx Systems\EA Trial\TechnologyPatterns\Wireframing_WebpageWireframe.xml	msiexec.exe
File created	C:\Program Files (x86)\Sparx Systems\EA Trial\ModelPatterns\de1.0-basic-sybase-ase-model.xml	msiexec.exe
File created	C:\Program Files (x86)\Sparx Systems\EA Trial\ModelPatterns\um2.5-one-level-component-type-hierarchy.rtf	msiexec.exe
File created	C:\Program Files (x86)\Sparx Systems\EA Trial\ModelPatterns\um2.5-basic-use-case-model-with-collaboration.rtf	msiexec.exe
File created	C:\Program Files (x86)\Sparx Systems\EA Trial\ModelPatterns\up2.0-dodaf-framework.rtf	msiexec.exe
File created	C:\Program Files (x86)\Sparx Systems\EA Trial\ModelPatterns\wf1.0-iPhone-4s-with-traces.xml	msiexec.exe
File created	C:\Program Files (x86)\Sparx Systems\EA Trial\Config\diffSyntax.properties	msiexec.exe
File created	C:\Program Files (x86)\Sparx Systems\EA Trial\TechnologyPatterns\Google_Generic GCP.xml	msiexec.exe
File created	C:\Program Files (x86)\Sparx Systems\EA Trial\TechnologyPatterns\BABOK_BusinessCaseExternal.xml	msiexec.exe
File created	C:\Program Files (x86)\Sparx Systems\EA Trial\ModelPatterns\bs1.0-fibonacci-numbers-with-link-event.rtf	msiexec.exe
File created	C:\Program Files (x86)\Sparx Systems\EA Trial\ModelPatterns\kb1.0-two-stage-workflow.xml	msiexec.exe
File created	C:\Program Files (x86)\Sparx Systems\EA Trial\BackgroundTiles\Tex3_Blue_1.jpg	msiexec.exe
File created	C:\Program Files (x86)\Sparx Systems\EA Trial\BackgroundTiles\Tex2_Ice_2.jpg	msiexec.exe
File created	C:\Program Files (x86)\Sparx Systems\EA Trial\ModelPatterns\up2.0-sv-6-systems-resource-flow-matrix.rtf	msiexec.exe
File created	C:\Program Files (x86)\Sparx Systems\EA Trial\BackgroundTiles\Tex3_Brown_2.jpg	msiexec.exe
File created	C:\Program Files (x86)\Sparx Systems\EA Trial\ModelPatterns\sg1.0-swot-analysis.rtf	msiexec.exe
File created	C:\Program Files (x86)\Sparx Systems\EA Trial\Firebird\ib_util.dll	msiexec.exe
File created	C:\Program Files (x86)\Sparx Systems\EA Trial\TechnologyPatterns\Google_Frontend Platform Services.xml	msiexec.exe
File created	C:\Program Files (x86)\Sparx Systems\EA Trial\ModelPatterns\do1.0-vision-and-scope-document.rtf	msiexec.exe
File created	C:\Program Files (x86)\Sparx Systems\EA Trial\SScript.tlb	msiexec.exe
File created	C:\Program Files (x86)\Sparx Systems\EA Trial\ModelPatterns\up2.0-stv-5-capability-to-organisation-deployment-mapping.xml	msiexec.exe
File created	C:\Program Files (x86)\Sparx Systems\EA Trial\ModelPatterns\scr_backgroundcolortest.rtf	msiexec.exe
File created	C:\Program Files (x86)\Sparx Systems\EA Trial\ModelPatterns\procg-swm_profiler_stack.rtf	msiexec.exe
File created	C:\Program Files (x86)\Sparx Systems\EA Trial\TechnologyPatterns\Google_Cloud API.xml	msiexec.exe
File created	C:\Program Files (x86)\Sparx Systems\EA Trial\Config\Script Templates\NormalTemplate.js	msiexec.exe
File created	C:\Program Files (x86)\Sparx Systems\EA Trial\ModelPatterns\am3.0-application-structure-viewpoint.xml	msiexec.exe
File created	C:\Program Files (x86)\Sparx Systems\EA Trial\TechnologyPatterns\UMM2FoundV2_RequestConfirm.xml	msiexec.exe
File created	C:\Program Files (x86)\Sparx Systems\EA Trial\ModelPatterns\sm1.4-element-group.rtf	msiexec.exe
File created	C:\Program Files (x86)\Sparx Systems\EA Trial\UML_EA.DTD	msiexec.exe
File created	C:\Program Files (x86)\Sparx Systems\EA Trial\TechnologyPatterns\Google_Virtual File System.xml	msiexec.exe
File created	C:\Program Files (x86)\Sparx Systems\EA Trial\ModelPatterns\procg-mysql_install.rtf	msiexec.exe

Drops file in Windows directory 26 IoCs

description	ioc	Process
File created	C:\Windows\Installer\$PatchCache$\Managed\64E2E8A47654B5740BE2036F9053B76E\16.0.1604\vbajet32.dll.DADF596F_35A6_44B1_989B_17FA6EE01338	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\64E2E8A47654B5740BE2036F9053B76E\16.0.1604\vbajet32.dll.DADF596F_35A6_44B1_989B_17FA6EE01338	msiexec.exe
File created	C:\Windows\Installer\e592939.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI3985.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\64E2E8A47654B5740BE2036F9053B76E\16.0.1604	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\64E2E8A47654B5740BE2036F9053B76E\16.0.1604\mfc42.dll.DADF596F_35A6_44B1_989B_17FA6EE01338	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\64E2E8A47654B5740BE2036F9053B76E\16.0.1604\msvcp60.dll.DADF596F_35A6_44B1_989B_17FA6EE01338	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\64E2E8A47654B5740BE2036F9053B76E\16.0.1604\msvcp60.dll.DADF596F_35A6_44B1_989B_17FA6EE01338	msiexec.exe
File opened for modification	C:\Windows\Installer\{4A8E2E46-4567-475B-B02E-30F609357BE6}\MainExecutable	msiexec.exe
File created	C:\Windows\Installer\SourceHash{4A8E2E46-4567-475B-B02E-30F609357BE6}	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\64E2E8A47654B5740BE2036F9053B76E\16.0.1604\msvcirt.dll.DADF596F_35A6_44B1_989B_17FA6EE01338	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI913C.tmp	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\64E2E8A47654B5740BE2036F9053B76E\16.0.1604\msvcrt.dll.DADF596F_35A6_44B1_989B_17FA6EE01338	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI3E0A.tmp	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\64E2E8A47654B5740BE2036F9053B76E\16.0.1604\expsrv.dll.DADF596F_35A6_44B1_989B_17FA6EE01338	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\64E2E8A47654B5740BE2036F9053B76E\16.0.1604\expsrv.dll.DADF596F_35A6_44B1_989B_17FA6EE01338	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\64E2E8A47654B5740BE2036F9053B76E\16.0.1604\msvcirt.dll.DADF596F_35A6_44B1_989B_17FA6EE01338	msiexec.exe
File created	C:\Windows\Installer\e59293b.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e592939.msi	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\64E2E8A47654B5740BE2036F9053B76E	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\64E2E8A47654B5740BE2036F9053B76E\16.0.1604\mfc42.dll.DADF596F_35A6_44B1_989B_17FA6EE01338	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\64E2E8A47654B5740BE2036F9053B76E\16.0.1604\msvcrt.dll.DADF596F_35A6_44B1_989B_17FA6EE01338	msiexec.exe
File created	C:\Windows\Installer\{4A8E2E46-4567-475B-B02E-30F609357BE6}\MainExecutable	msiexec.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 8 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	EA.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SSFileHandler.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	EA.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe

Checks SCSI registry key(s) 3 TTPs 5 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 00000000040000009fc5eef0dbaffe7c0000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff0000000027010100000800009fc5eef00000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff0000000007000100006809009fc5eef0000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d9fc5eef0000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000009fc5eef000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 21 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Sparx Systems\EA400\EA\EA1608Workspace\WindowPlacement	EA.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Sparx Systems\EA400\EA\	EA.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows Script\Settings\Telemetry\splwow64.exe\JScriptSetScriptStateStarted = "240760640"	splwow64.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Sparx Systems\EA400\EA\Version = "16.0.1604"	EA.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Sparx Systems\EA400\EA\Typlib Version = "2.10"	EA.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Sparx Systems\EA400\EA\Install Path = "C:\\Program Files (x86)\\Sparx Systems\\EA Trial"	EA.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Sparx Systems\EA400	EA.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Sparx Systems	EA.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows Script\Settings\Telemetry\splwow64.exe	splwow64.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Sparx Systems\EA400\EA\OPTIONS\PAGE_SIZE = "1"	EA.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Sparx Systems\EA400\EA\Options	EA.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Sparx Systems\EA400\EA\OPTIONS\AllowObjectCache = "0"	EA.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Sparx Systems\EA400\EA\OPTIONS\DefaultModel = "C:\\Program Files (x86)\\Sparx Systems\\EA Trial\\EABase.eap"	EA.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\26\52C64B7E	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Sparx Systems\EA400\EA	EA.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Sparx Systems\EA400\EA\OPTIONS\DEF_PAGE_W = "850"	EA.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Sparx Systems\EA400\EA\OPTIONS\DEF_PAGE_H = "1098"	EA.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Sparx Systems\EA400\EA\OPTIONS	EA.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Sparx Systems\EA400\EA\EA1608Workspace	EA.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26	msiexec.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00000016-0000-0010-8000-00AA006D2EA4}\ = "DAO.Group.35"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8591F3CB-89D0-422C-B3F8-0AA66127CD57}\ = "IDualRoleTag"	EA.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Sparx.EA.xml	SSFileHandler.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3F6EB46E-1E92-42EB-8064-08AFBEC7B563}\InprocServer32\RuntimeVersion = "v4.0.30319"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{725264E9-F59D-474B-9AF8-E571C0631B71}\ProxyStubClsid32	EA.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{23139BD0-3C76-48F5-BA64-B5ED0110A1AD}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	EA.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Sparx.EA.yml\DefaultIcon	SSFileHandler.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB28E995-ED5A-4ECE-9576-221B0239A44A}	EA.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8CE7A768-988B-45EB-9BF1-39BA86F7DF68}\TypeLib	EA.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\EA.Repository\CLSID\ = "{67F4E0FA-46A7-4255-B084-69A9433D08C3}"	EA.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AEFEEB2A-62F8-4EAD-930F-3A0E67324ED5}\TypeLib	EA.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{402AD740-0B61-4FEE-BA0B-0A0B88BE84FD}\TypeLib\Version = "2.a"	EA.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{67F4E0FA-46A7-4255-B084-69A9433D08C3}\InprocServer32\CodeBase = "file:///C:\\Program Files (x86)\\Sparx Systems\\EA Trial\\Interop.EA.dll"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A02BBDBF-0CD3-4133-BD75-8E3A266E37C2}\ProxyStubClsid32	EA.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{12EADEC6-AA9D-471C-99B9-337D6F7AF7EB}	EA.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB85CDE9-39B5-43D4-AEB8-4DD4328E05DE}	EA.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{107E4D06-AF8D-451C-BB1D-71EDF3D3CF8A}\ProxyStubClsid32	EA.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DB76DC9C-BE30-4203-A65A-3AC35D133BEE}	EA.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Sparx.EA.php\shell	SSFileHandler.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20073882-CCA7-4E64-BE9C-D381216A4225}\TypeLib\ = "{64FB2BF4-9EFA-11D2-8307-C45586000000}"	EA.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F798CB29-D293-4904-8B0F-BA3910F9F7A8}\TypeLib\Version = "2.a"	EA.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8A3D99F6-A88D-4D1B-8E71-70DC3A3A2621}	EA.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\EA.App\CLSID\ = "{3A9E4F92-8D27-495B-8B22-1D702B3F0C83}"	EA.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{45A56D05-CFF3-453F-993E-FC50642575BE}\ = "IEASchemaNamespace"	EA.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BA9D8775-E4B9-4F42-8680-A03803842A9B}\ProxyStubClsid32	EA.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C231BED4-8FEC-4243-94D6-B4FA0C0F81FA}\TypeLib\Version = "2.a"	EA.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{84948475-137F-4F94-9660-7A8154392905}	EA.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{93876056-8873-4B9B-9076-B4AEB6E34CF9}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	EA.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CC96ECE3-6AD9-4852-AAF7-7C4629D2D428}\TypeLib	EA.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Sparx.EA.java\shell\open	SSFileHandler.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Record\{AE8E8D96-BEF0-4E3F-9EF1-8D93C71AF105}\2.10.238.1\Class = "EA.LinkLineStyle"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8CE7A768-988B-45EB-9BF1-39BA86F7DF68}	EA.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F17A62C8-9C97-4D50-9CDD-EC91CFCF8DDE}	EA.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2147F778-CC2A-47D8-B62C-D29474DB8FC2}	EA.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Record\{595E4736-A8BB-4CE1-A953-F91937BB5EBD}\2.10.238.1\Class = "EA.TextAlignment"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0DCD267F-F71A-42AF-9B41-8C037864FC78}	EA.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{22F628A8-6D3A-4357-9CF3-58F26C2AEC9F}\TypeLib\Version = "2.a"	EA.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EF08950B-949E-435F-84A3-A59E3106C3BF}\TypeLib\Version = "2.a"	EA.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{733E7359-2D32-4D4A-B411-26449C81EFA8}\ProxyStubClsid32	EA.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{67F4E0FA-46A7-4255-B084-69A9433D08C3}\LocalServer32	EA.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CF132D5A-B397-40D3-840A-485B6EFB295C}\ProxyStubClsid32	EA.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2CE992A4-8336-4D28-BFD6-1DE0B4711A35}\ = "IDualChartBoxPlotData"	EA.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{23E29B09-8870-4ED9-844C-74DCEA6C06AC}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	EA.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DCA92605-6BFD-4FD9-A221-76108E90E980}\TypeLib\Version = "2.a"	EA.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{60BB64E8-BE9F-4DBC-92A3-0CDFADF59FCE}\ProxyStubClsid32	EA.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{EF30CEFE-A5EA-4CF6-B90E-6B2E19A99FFF}\ProxyStubClsid32	EA.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F8F4B6B1-FC58-4228-AB07-5C55D61960EF}\TypeLib\ = "{64FB2BF4-9EFA-11D2-8307-C45586000000}"	EA.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{035869FF-869B-4E48-868D-4ACB99889FD3}\TypeLib\Version = "2.a"	EA.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{689FC928-4B60-403A-8E6C-D23C3454B7EF}\TypeLib\ = "{64FB2BF4-9EFA-11D2-8307-C45586000000}"	EA.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{63EEB3D1-049D-4F01-937E-0563F9FCC49C}\TypeLib\Version = "2.a"	EA.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8659C495-1D7A-420E-BF7B-0F26813DAC4B}\InprocServer32\2.10.238.1\Assembly = "Interop.EA, Version=2.10.238.1, Culture=neutral, PublicKeyToken=d28e1c76302f6a17"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4CD2CE1E-C301-4C16-9CA2-5A7EC4478C55}\TypeLib\ = "{64FB2BF4-9EFA-11D2-8307-C45586000000}"	EA.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DE16F301-9084-4D28-B032-CB7151E39BCB}\ProxyStubClsid32	EA.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E28DFECD-1073-4B66-B5E1-0E1B6F88578E}\TypeLib\Version = "2.a"	EA.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Enterprise Architect Document Handler\FriendlyTypeName = "Enterprise Architect Document Handler"	SSFileHandler.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8659C495-1D7A-420E-BF7B-0F26813DAC4B}\InprocServer32\RuntimeVersion = "v4.0.30319"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1C81CB92-E10C-40F8-99E4-7587BC300ABF}\ProxyStubClsid32	EA.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4FA6AFFD-2BD4-65A8-58C2-92DDEB4631D5}\ = "IDualSimulation"	EA.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{74AFC4B3-8593-4EB4-90DE-AA05DA85D4AD}\TypeLib\Version = "2.a"	EA.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6CACB07D-F4FD-4898-BB44-58AEBCA22E5A}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	EA.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8B30DE0F-05FF-436B-94B3-F4921A542B54}\TypeLib\ = "{64FB2BF4-9EFA-11D2-8307-C45586000000}"	EA.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Sparx.EA.xsl\ = "XSL Stylesheet"	SSFileHandler.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Sparx.EA.java\shell\open\command\ = "\"C:\\Program Files (x86)\\Sparx Systems\\EA Trial\\SSFileHandler.exe\" \"%1%\""	SSFileHandler.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B7B74ACC-8919-495F-A82B-E9CE8D702CD8}\TypeLib\Version = "1.0"	msiexec.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
3776	msedge.exe
3776	msedge.exe
2536	msedge.exe
2536	msedge.exe
4436	identity_helper.exe
4436	identity_helper.exe
1860	msedge.exe
1860	msedge.exe
2220	msiexec.exe
2220	msiexec.exe
4836	EA.exe
4836	EA.exe
4836	EA.exe
4836	EA.exe
3508	EA.exe
3508	EA.exe
3508	EA.exe
3508	EA.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3508	EA.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeRestorePrivilege	1200	7zG.exe
Token: 35	1200	7zG.exe
Token: SeSecurityPrivilege	1200	7zG.exe
Token: SeSecurityPrivilege	1200	7zG.exe
Token: SeShutdownPrivilege	3512	msiexec.exe
Token: SeIncreaseQuotaPrivilege	3512	msiexec.exe
Token: SeSecurityPrivilege	2220	msiexec.exe
Token: SeCreateTokenPrivilege	3512	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	3512	msiexec.exe
Token: SeLockMemoryPrivilege	3512	msiexec.exe
Token: SeIncreaseQuotaPrivilege	3512	msiexec.exe
Token: SeMachineAccountPrivilege	3512	msiexec.exe
Token: SeTcbPrivilege	3512	msiexec.exe
Token: SeSecurityPrivilege	3512	msiexec.exe
Token: SeTakeOwnershipPrivilege	3512	msiexec.exe
Token: SeLoadDriverPrivilege	3512	msiexec.exe
Token: SeSystemProfilePrivilege	3512	msiexec.exe
Token: SeSystemtimePrivilege	3512	msiexec.exe
Token: SeProfSingleProcessPrivilege	3512	msiexec.exe
Token: SeIncBasePriorityPrivilege	3512	msiexec.exe
Token: SeCreatePagefilePrivilege	3512	msiexec.exe
Token: SeCreatePermanentPrivilege	3512	msiexec.exe
Token: SeBackupPrivilege	3512	msiexec.exe
Token: SeRestorePrivilege	3512	msiexec.exe
Token: SeShutdownPrivilege	3512	msiexec.exe
Token: SeDebugPrivilege	3512	msiexec.exe
Token: SeAuditPrivilege	3512	msiexec.exe
Token: SeSystemEnvironmentPrivilege	3512	msiexec.exe
Token: SeChangeNotifyPrivilege	3512	msiexec.exe
Token: SeRemoteShutdownPrivilege	3512	msiexec.exe
Token: SeUndockPrivilege	3512	msiexec.exe
Token: SeSyncAgentPrivilege	3512	msiexec.exe
Token: SeEnableDelegationPrivilege	3512	msiexec.exe
Token: SeManageVolumePrivilege	3512	msiexec.exe
Token: SeImpersonatePrivilege	3512	msiexec.exe
Token: SeCreateGlobalPrivilege	3512	msiexec.exe
Token: SeCreateTokenPrivilege	3512	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	3512	msiexec.exe
Token: SeLockMemoryPrivilege	3512	msiexec.exe
Token: SeIncreaseQuotaPrivilege	3512	msiexec.exe
Token: SeMachineAccountPrivilege	3512	msiexec.exe
Token: SeTcbPrivilege	3512	msiexec.exe
Token: SeSecurityPrivilege	3512	msiexec.exe
Token: SeTakeOwnershipPrivilege	3512	msiexec.exe
Token: SeLoadDriverPrivilege	3512	msiexec.exe
Token: SeSystemProfilePrivilege	3512	msiexec.exe
Token: SeSystemtimePrivilege	3512	msiexec.exe
Token: SeProfSingleProcessPrivilege	3512	msiexec.exe
Token: SeIncBasePriorityPrivilege	3512	msiexec.exe
Token: SeCreatePagefilePrivilege	3512	msiexec.exe
Token: SeCreatePermanentPrivilege	3512	msiexec.exe
Token: SeBackupPrivilege	3512	msiexec.exe
Token: SeRestorePrivilege	3512	msiexec.exe
Token: SeShutdownPrivilege	3512	msiexec.exe
Token: SeDebugPrivilege	3512	msiexec.exe
Token: SeAuditPrivilege	3512	msiexec.exe
Token: SeSystemEnvironmentPrivilege	3512	msiexec.exe
Token: SeChangeNotifyPrivilege	3512	msiexec.exe
Token: SeRemoteShutdownPrivilege	3512	msiexec.exe
Token: SeUndockPrivilege	3512	msiexec.exe
Token: SeSyncAgentPrivilege	3512	msiexec.exe
Token: SeEnableDelegationPrivilege	3512	msiexec.exe
Token: SeManageVolumePrivilege	3512	msiexec.exe
Token: SeImpersonatePrivilege	3512	msiexec.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe

Suspicious use of SendNotifyMessage 40 IoCs

pid	Process
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
3508	EA.exe
3508	EA.exe
3508	EA.exe
3508	EA.exe
3508	EA.exe
3508	EA.exe
3508	EA.exe
3508	EA.exe
3508	EA.exe
3508	EA.exe
3508	EA.exe
3508	EA.exe
3508	EA.exe
3508	EA.exe
3508	EA.exe
3508	EA.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
4836	EA.exe
4836	EA.exe
4920	SSFileHandler.exe
3508	EA.exe
3508	EA.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2536 wrote to memory of 4136	2536	msedge.exe	84
PID 2536 wrote to memory of 4136	2536	msedge.exe	84
PID 2536 wrote to memory of 2340	2536	msedge.exe	85
PID 2536 wrote to memory of 2340	2536	msedge.exe	85
PID 2536 wrote to memory of 2340	2536	msedge.exe	85
PID 2536 wrote to memory of 2340	2536	msedge.exe	85
PID 2536 wrote to memory of 2340	2536	msedge.exe	85
PID 2536 wrote to memory of 2340	2536	msedge.exe	85
PID 2536 wrote to memory of 2340	2536	msedge.exe	85
PID 2536 wrote to memory of 2340	2536	msedge.exe	85
PID 2536 wrote to memory of 2340	2536	msedge.exe	85
PID 2536 wrote to memory of 2340	2536	msedge.exe	85
PID 2536 wrote to memory of 2340	2536	msedge.exe	85
PID 2536 wrote to memory of 2340	2536	msedge.exe	85
PID 2536 wrote to memory of 2340	2536	msedge.exe	85
PID 2536 wrote to memory of 2340	2536	msedge.exe	85
PID 2536 wrote to memory of 2340	2536	msedge.exe	85
PID 2536 wrote to memory of 2340	2536	msedge.exe	85
PID 2536 wrote to memory of 2340	2536	msedge.exe	85
PID 2536 wrote to memory of 2340	2536	msedge.exe	85
PID 2536 wrote to memory of 2340	2536	msedge.exe	85
PID 2536 wrote to memory of 2340	2536	msedge.exe	85
PID 2536 wrote to memory of 2340	2536	msedge.exe	85
PID 2536 wrote to memory of 2340	2536	msedge.exe	85
PID 2536 wrote to memory of 2340	2536	msedge.exe	85
PID 2536 wrote to memory of 2340	2536	msedge.exe	85
PID 2536 wrote to memory of 2340	2536	msedge.exe	85
PID 2536 wrote to memory of 2340	2536	msedge.exe	85
PID 2536 wrote to memory of 2340	2536	msedge.exe	85
PID 2536 wrote to memory of 2340	2536	msedge.exe	85
PID 2536 wrote to memory of 2340	2536	msedge.exe	85
PID 2536 wrote to memory of 2340	2536	msedge.exe	85
PID 2536 wrote to memory of 2340	2536	msedge.exe	85
PID 2536 wrote to memory of 2340	2536	msedge.exe	85
PID 2536 wrote to memory of 2340	2536	msedge.exe	85
PID 2536 wrote to memory of 2340	2536	msedge.exe	85
PID 2536 wrote to memory of 2340	2536	msedge.exe	85
PID 2536 wrote to memory of 2340	2536	msedge.exe	85
PID 2536 wrote to memory of 2340	2536	msedge.exe	85
PID 2536 wrote to memory of 2340	2536	msedge.exe	85
PID 2536 wrote to memory of 2340	2536	msedge.exe	85
PID 2536 wrote to memory of 2340	2536	msedge.exe	85
PID 2536 wrote to memory of 3776	2536	msedge.exe	86
PID 2536 wrote to memory of 3776	2536	msedge.exe	86
PID 2536 wrote to memory of 2344	2536	msedge.exe	87
PID 2536 wrote to memory of 2344	2536	msedge.exe	87
PID 2536 wrote to memory of 2344	2536	msedge.exe	87
PID 2536 wrote to memory of 2344	2536	msedge.exe	87
PID 2536 wrote to memory of 2344	2536	msedge.exe	87
PID 2536 wrote to memory of 2344	2536	msedge.exe	87
PID 2536 wrote to memory of 2344	2536	msedge.exe	87
PID 2536 wrote to memory of 2344	2536	msedge.exe	87
PID 2536 wrote to memory of 2344	2536	msedge.exe	87
PID 2536 wrote to memory of 2344	2536	msedge.exe	87
PID 2536 wrote to memory of 2344	2536	msedge.exe	87
PID 2536 wrote to memory of 2344	2536	msedge.exe	87
PID 2536 wrote to memory of 2344	2536	msedge.exe	87
PID 2536 wrote to memory of 2344	2536	msedge.exe	87
PID 2536 wrote to memory of 2344	2536	msedge.exe	87
PID 2536 wrote to memory of 2344	2536	msedge.exe	87
PID 2536 wrote to memory of 2344	2536	msedge.exe	87
PID 2536 wrote to memory of 2344	2536	msedge.exe	87
PID 2536 wrote to memory of 2344	2536	msedge.exe	87
PID 2536 wrote to memory of 2344	2536	msedge.exe	87

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1jCrCS9_HdasaQNv8QCZlNwg7x7aQ8TxY/view?usp=drive_link
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9b00e46f8,0x7ff9b00e4708,0x7ff9b00e4718
  2⤵
  PID:4136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,5229871281239602720,6005530266994960576,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:2340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,5229871281239602720,6005530266994960576,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,5229871281239602720,6005530266994960576,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8
  2⤵
  PID:2344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5229871281239602720,6005530266994960576,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:1444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5229871281239602720,6005530266994960576,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:1452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5229871281239602720,6005530266994960576,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
  2⤵
  PID:4124
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,5229871281239602720,6005530266994960576,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5400 /prefetch:8
  2⤵
  PID:4064
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,5229871281239602720,6005530266994960576,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5400 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5229871281239602720,6005530266994960576,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
  2⤵
  PID:808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5229871281239602720,6005530266994960576,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
  2⤵
  PID:1428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5229871281239602720,6005530266994960576,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
  2⤵
  PID:2708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5229871281239602720,6005530266994960576,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
  2⤵
  PID:3244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5229871281239602720,6005530266994960576,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
  2⤵
  PID:1200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2104,5229871281239602720,6005530266994960576,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5648 /prefetch:8
  2⤵
  PID:3560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5229871281239602720,6005530266994960576,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
  2⤵
  PID:2828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5229871281239602720,6005530266994960576,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2172 /prefetch:1
  2⤵
  PID:3500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --field-trial-handle=2104,5229871281239602720,6005530266994960576,131072 --lang=en-US --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=1972 /prefetch:8
  2⤵
  PID:2972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5229871281239602720,6005530266994960576,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6552 /prefetch:1
  2⤵
  PID:808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2104,5229871281239602720,6005530266994960576,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4764 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1860

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1316

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1732

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2244

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Sparx_Systems_Enterprise_Architect_16.0_Build_1604_x86_Downloadly.ir\" -spe -an -ai#7zMap14807:198:7zEvent9667
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1200

C:\Windows\System32\msiexec.exe
"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\Sparx_Systems_Enterprise_Architect_16.0_Build_1604_x86_Downloadly.ir\Sparx Systems Enterprise Architect 16.0 Build 1604 x86\easetup_x86_DownLoadLy.iR.MSI"
1⤵
- Identifies Wine through registry keys
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
PID:3512

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2220
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 44E3706474148EE0D89D4E866237CFD8 C
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2112
- C:\Windows\system32\srtasks.exe
  C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
  2⤵
  PID:3244
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 2259929929B981C36AA0F31893181205
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2680
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding A5101D6C5B1BBF8B4A3F461997143E3B E Global\MSI0000
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2212
- C:\Windows\syswow64\MsiExec.exe
  "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\DAO350.DLL"
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  PID:4288
- C:\Windows\syswow64\MsiExec.exe
  "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Windows\SysWOW64\MSJET35.DLL"
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:656
- C:\Program Files (x86)\Sparx Systems\EA Trial\EA.exe
  "C:\Program Files (x86)\Sparx Systems\EA Trial\EA.exe" /register
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - System Location Discovery: System Language Discovery
  - Modifies data under HKEY_USERS
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:4836
- - C:\Windows\splwow64.exe
    C:\Windows\splwow64.exe 16384
    3⤵
    - Modifies data under HKEY_USERS
    PID:2120
- C:\Program Files (x86)\Sparx Systems\EA Trial\SSFileHandler.exe
  "C:\Program Files (x86)\Sparx Systems\EA Trial\SSFileHandler.exe" "AF694DD0-4D2C-4abd-B8F1-E5EF047230F5"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:4920

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Checks SCSI registry key(s)
PID:516

C:\Program Files (x86)\Sparx Systems\EA Trial\EA.exe
"C:\Program Files (x86)\Sparx Systems\EA Trial\EA.exe"
1⤵
- Executes dropped EXE
- Identifies Wine through registry keys
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:3508
- C:\Windows\splwow64.exe
  C:\Windows\splwow64.exe 12288
  2⤵
  PID:1564

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc
1⤵
PID:3620

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e59293a.rbs

Filesize
1.1MB

MD5
0e7209496af8a0fa8a17dfc4abe4c6c2

SHA1
3f17c288e7c3934ff8130554f8e94f52218d8041

SHA256
9e268b4e96a1139f21df12fe10e7e37ff478c72951e12fe4a3b3596be11320bf

SHA512
4b6b8c04a6e653d8e3b43813b39f38915af4ba1bd84ddbf71cfcfc4fd2ab540275afe99fe6b9e1e9ed372a9f0f7fe6a35d48366fedfc66c1fd92c59f72b86472

Download Submit
C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\DAO350.DLL

Filesize
556KB

MD5
8888bdbd4e118d915d40a11748282bca

SHA1
4e8822d2242d175cc3d708843e2cd71b7ee7033d

SHA256
a4b20735be317a924d2e36707baaf911fbae890ca53c5044fb506f15d33bcb6d

SHA512
a96f5e72905571de84f515dd8a19c87d5143ead532bf01f0132da8262974bfaf910f24b466d49cd4ee83845fc65f02c273a550786854aec3e0f4fa713929b562

Download Submit
C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\dao2535.tlb

Filesize
71KB

MD5
6cd1ae8eac6a7377329af15e1c493ba5

SHA1
66b7385b8da563b5dc0b1828a7ec1a9bef53c450

SHA256
49135b5921186861112072a73c4945d10527b4c487789ceb20b6c1ca8c577230

SHA512
62d7980a447408b950209ca9480042218389d3a2438c4f704646ada3995a1cef95723ef87f12737e7a6768b14c292387e2ae9e4422e839479a383f3a84ce46ec

Download Submit
C:\Program Files (x86)\Sparx Systems\EA Trial\AppPatterns\Java\Java.ico

Filesize
29KB

MD5
ac0c5090c4a39df5f848c838d9bdde12

SHA1
2997ceb26ff49a7d7c5e7a2405b5fb50b62c7914

SHA256
158e0bd8825a280bdc9052ab8efa1a66e21bde2661e0478cc8c560973f0d9499

SHA512
3a3d6599e9a159e5a1e93be81addfe899af82ea73399af89d84d04f9a48a0b29825417e659d44b0fb920d8f29e9131dd39d379a1f99a2c68854c255840b834ad

Download Submit
C:\Program Files (x86)\Sparx Systems\EA Trial\AppPatterns\Microsoft C#\Repository\RepositoryInterface.ico

Filesize
1KB

MD5
d548b6d4e0f44346b1b4f1bfef5f0cfd

SHA1
82deb59581d26cc2d709c5b6980397c31c1e8b7e

SHA256
3dbbb53c0d458990962e863c180099068c1362f5690cfae5365a73e1f6c469bd

SHA512
5eedd710d51ef1cf0c829e8f658f4672fe24a5310769be92b538878ea394ff118bc114325ad8954ea6f611485f54eb36e44fe9e75b627532b84cb58d17233b06

Download Submit
C:\Program Files (x86)\Sparx Systems\EA Trial\BPEL160-32.dll

Filesize
2.1MB

MD5
672f984471c8ee7441de4629c0c7f603

SHA1
e775b6e619dfd74ced2f2153f85e5e635f8da281

SHA256
fe5eb32c66722feaae2a5572d65b376becedb7b27bae42cc6c056210a71046fe

SHA512
b95817fc4faec243d7e6bc2856888083b068b4bc77f95916359a9e727b4556980cba693e5d168565d2db061b5909bbe2542354a2d8052e12cfb8c055ffab8577

Download Submit
C:\Program Files (x86)\Sparx Systems\EA Trial\Cairo160-32.dll

Filesize
6.8MB

MD5
d17b92d8a1fdce50ac5c276d2e557c7a

SHA1
6ff55fda0a1687997260ddfb09014633d25d4fde

SHA256
cd8dfd7bdfb840f4b6494eca33e84a48c483e0f72d123901b1b6b9aa9bf672e1

SHA512
80c7cc3ebe7285ecbffcdef1d0de5f2e01135265e1ed32f4ea7e916a1529c9c9217497ce507dcd5aacedf4af9f82c4541316eb8f1d5ce27149ba840ea65e1039

Download Submit
C:\Program Files (x86)\Sparx Systems\EA Trial\CodeMiner160-32.dll

Filesize
1.5MB

MD5
675ea97596140931b0032d67cb6d03dc

SHA1
82a26bb7282e9a496e1fcbcdde672f5599396dbe

SHA256
c1874bd7a481950e51f32cad5df96c588a79db4e6ac2464fb0902acd0af35293

SHA512
f8b354982c43d100159c7cb971aef5b57b5665e475ec1e7774912264daec05ba5283a6ec25a799b72db7dda3bde5220867823409aea839e9dd1583b8ebb8497a

Download Submit
C:\Program Files (x86)\Sparx Systems\EA Trial\Config\Workspace Layouts\Right Orientation\2 Design\Schema Design.eaworkspace

Filesize
252KB

MD5
6a844086e0ac022cd4f4559b28c69329

SHA1
1d2f52291cc395c94e2e5446b848fd9feb58b8c1

SHA256
18dd136c2271dd025491f5a7b38622719d227ac13114f52e401badb233ddac67

SHA512
7957ef707d506d43083b9b4526484eddb3a48a1dcef2c039e2cd093dcb6e5b4be985d6ce994d3a638c7420df7a2ca63decb25707d77b918c8e3fb1e855eb3937

Download Submit
C:\Program Files (x86)\Sparx Systems\EA Trial\Config\Workspace Layouts\Right Orientation\3 Software\XSLT Debug.eaworkspace

Filesize
251KB

MD5
b490f88f401d36cfd48ddbe59b871509

SHA1
20d0c5e8088b3292509dda3817eeaa09e00aab40

SHA256
08a5f138c0d91c467063429efcd19f309bd7a762563f75917ddc76aa1bd008e4

SHA512
7a0ebdb3d91b6245991ba451ffb8ec6c778a4eda3367c579fa6bdd8da00578564045db0fd69ad4dc68ed415ec7a4c3ca6b4650f3d06bde1b979c42f868c236f5

Download Submit
C:\Program Files (x86)\Sparx Systems\EA Trial\Config\Workspace Layouts\Right Orientation\5 Construction\Support.eaworkspace

Filesize
252KB

MD5
eb3f4badfd216390f00e406d33fc2e8e

SHA1
f13fae61c3236bb6559b2fbd49e78baef29652a7

SHA256
d962df9d39a07feb374e4b1426d96fef86ac1da0b6170520d37d55ff393627c9

SHA512
f39bd10e1c3c5e1ed044e6bfbf5ae6a93d8d1e9d0f8a03aad00e8c0b7e68aa186f60585cf1a9a25eac7093e2051e0aa5d7abbf64129b64d398ed3ea454af9945

Download Submit
C:\Program Files (x86)\Sparx Systems\EA Trial\DrawEx160-32.dll

Filesize
226KB

MD5
440bbb8705eeade60604e333dbccda53

SHA1
2ac5339cba3764e3357e3096877f783955060b85

SHA256
d8ba4d7e19e7f875b6936153512e261cbe4775effcfa8312ffd28fede2b187bd

SHA512
0c3e6b147990c14a2b3ab5bc18fa60f287fc36a710e5a9cd2d978124b92cf46d287b1b1c7455370fa61abbee72cf14064cfbfe24041b79eaad3fbd5a54b24248

Download Submit
C:\Program Files (x86)\Sparx Systems\EA Trial\EA.exe

Filesize
38.0MB

MD5
07252572c3cfb676439b5fa8f241517c

SHA1
c5cef28343fc1037e4a67199e2fd84ae7a5aaee1

SHA256
288da1990e16433fb89a61d5d59634bee5a3ec677465b2558a8565f51606deb2

SHA512
b18fcd460e9fda4f4a2e1df795457a07449917cb467f9587973e2b3d7a5039d593901e7d9a17d67e619bf77197e2d34ca3d61d79bdf48ae8e110b7ec294c011e

Download Submit
C:\Program Files (x86)\Sparx Systems\EA Trial\EALayout160-32.dll

Filesize
629KB

MD5
d7893a7c9076378c10686e086c3660dc

SHA1
fcbcbb7cdd84f394b696a8d423203e16f677ea11

SHA256
606c8c96d1c87f53f44f539176279c19dd389a246222235eb5466d5022299c0b

SHA512
468504c29b4177472fff9acc3b9e0df7d5c236df2b544c2482385318f4275a2be23c3bf434e4e2dba92519c6e7ee4cc38c8aa07bbb502022f9bd2d7810858b98

Download Submit
C:\Program Files (x86)\Sparx Systems\EA Trial\EAModelPublisher160-32.dll

Filesize
2.3MB

MD5
c6464da2b46c77418bfb312b6fb65a9c

SHA1
d0137868eb47534648ba5137d7ad7a4f6034ea63

SHA256
75a47fb3bc8d5d8113ad009aba5e10d65c21fda169a8d805565716c830ea1b8d

SHA512
1bc1759adc1a54aef6482d3a6bef5cd7bf8d338bef936935253d89766a43f18477dc6f66876b546133a8db599b51bd025e5e27360ce3fae2907c8c0b2614fe00

Download Submit
C:\Program Files (x86)\Sparx Systems\EA Trial\HTS160-32.dll

Filesize
515KB

MD5
e3bae402053140fb67d02e865bd0d764

SHA1
0426a72db12f35331c6b4366caee754e106db1bf

SHA256
d15b2ee9919224011f5a1081b9ea0e662ef94b7304a3c8fb21eb4bad773327fd

SHA512
282d35dc92fb5ba773c8cc8a55088f5fe6c1b2c9f78fd5bb6fc2f19363088399e6c25b5df2f889d14339d11ceb06cbcae1b37daa9d4a31c7d82e5ddec4d81f65

Download Submit
C:\Program Files (x86)\Sparx Systems\EA Trial\ModelPatterns\DataMiner_simple-template-odbc.rtf

Filesize
62KB

MD5
a9694e7a884f8b26f9b4dc139b64954a

SHA1
66e927223e2f5f319519efdf669ba929ae59bdde

SHA256
0771dd5302fdf3bfc45eef58538e77aa75ab3abfe9897d45d7562ff4a684f698

SHA512
ec773a7b589dd2c650443b42ba8992e501c15c34a8353ac8cb36f93be940131b97ae02b14954f9de13a35d12df1176a9810ad514acc947371f0f46e917d4be1c

Download Submit
C:\Program Files (x86)\Sparx Systems\EA Trial\ModelPatterns\MARTE_Association-Class-Extension.rtf

Filesize
72KB

MD5
f7156e1e0ff237f77815dd92f4d0d8cc

SHA1
738f7d68ea244cf467a3e7cf6d80ae764ec66f26

SHA256
844a1e783cfac51db0f6dbee0e5b08675175a770a1efdac4abff3dddbb6673bb

SHA512
53339146907380566976cf1f1358e9deb161d32d0f2910ef3bfcb451a61806081273deb9e311bef0c6c8f03e43271651fa3bec7506ee85bb3a7a21c34462cda1

Download Submit
C:\Program Files (x86)\Sparx Systems\EA Trial\ModelPatterns\am3.0-strategy-viewpoint.rtf

Filesize
287KB

MD5
896b24c81235ec8007966a2486e7c987

SHA1
520fb506975c805e046de25043e4e32ee5c3ea9b

SHA256
c180e2db1b168bbbbc0c5978a3e04f2f95403a573d9b625fbd2ed64afd47fb93

SHA512
7869f8cc7dce3e04c01c1232a398cf30aeb7f33a2afa9bcfff959d5a4f68e44b71deed4f71914b75760fe6428f9c13c4621a2e8f24425cd881c9149eeaa23705

Download Submit
C:\Program Files (x86)\Sparx Systems\EA Trial\ModelPatterns\bk3.0-data-flow-diagrams.rtf

Filesize
331KB

MD5
3ae6b81a437a90ff315a5abc08f871e1

SHA1
7e40f69bc108f2b3771b52f376db3db0b54a45fb

SHA256
2579a76ed026d72ba8f03a3ee707a2212b9c0a2158ce9930dc0d7b810391ca92

SHA512
e9103c99657fcb474229e4750cb6fcab51627d6ce285cd4feb9c80376b12b7a543959b3f424ece1e572cf2a77619c759e211949b4477d18115119d8674a555ef

Download Submit
C:\Program Files (x86)\Sparx Systems\EA Trial\ModelPatterns\bk3.0-document-analysis.rtf

Filesize
1.5MB

MD5
c2b1d0788dd3a3d7f1293b8ac77f66ef

SHA1
f450d962dccb9007620d2a164e0e005c1c6c788d

SHA256
834fad6d2b354ddc8c84fc200a9dc6b2782e3ec33416c9c5231da168888790a7

SHA512
27f148842d269819c79d3d8bcca4c39109371f2341b611bcc4b61fec481d18d17b23564fd3ae7f323aded33908052e24f341a668709c319ab743ad272ce1d44b

Download Submit
C:\Program Files (x86)\Sparx Systems\EA Trial\ModelPatterns\ce2.0-basic-java-model.rtf

Filesize
602KB

MD5
500f118c7487e0a67067594c8671e912

SHA1
3f892574648e0485efdaf1b9028540d8eda3df5c

SHA256
cf87b2aa014bd6168db06ae0b9ea3419d6907a307c762b0334ef39b67fc49e31

SHA512
99a9b8e10b351bcd4cdf6137a76d39d1739cd7450a96a81c64d08b0f5bc54cca4cf11893324aa049cbd910599158b62d86454ab09719c23d12a2cbd0c4a47f5d

Download Submit
C:\Program Files (x86)\Sparx Systems\EA Trial\ModelPatterns\de1.0-basic-ingres-model.rtf

Filesize
8.3MB

MD5
76454d88d2a9bf0e9e4d9d92a76c3a0a

SHA1
6788d1fe1d03f5cf1201e5ac36544f7c9920e97b

SHA256
a3438d6893dbe4f8a026c19ea44179a2086457631da5601d2d025658adabcd67

SHA512
c6b0e3dffa93bc275f4c5ea4dd283ff65e3f7d450bf41eefefad81b5d3d25c6877d8818ce213c63ba63c6fc2b71210595b38ee93789bc82e26ac14bca9c4cd5a

Download Submit
C:\Program Files (x86)\Sparx Systems\EA Trial\ModelPatterns\de1.0-sqlserver-2005-model-structure.rtf

Filesize
1.6MB

MD5
b3c857e0fd4fc9483a4942af471508ca

SHA1
c8f129e99ca3c47683573cd85f7be4257ecc3dac

SHA256
f904a448a33ef2c67aeedbd4a64a9379a980812dff3c5f3f617008c21477de38

SHA512
5ed1fa76f1857e020feb3f048162a9035b657d3db2a096db328b09c1b7fdcf96982770a583eaa32bd00c5b46de65e636552ca5dc76a6601ba4051ccfd3dd678d

Download Submit
C:\Program Files (x86)\Sparx Systems\EA Trial\ModelPatterns\dm1.2-single-decision-and-information-model.rtf

Filesize
189KB

MD5
58e4e22cf79aef6db83435448d294eac

SHA1
047f27696578d6697f3498a2d6e4a617d7a4f862

SHA256
6faca7cc3912e8fb384011c2d2496a71b7df8b6f3c6a719ee8e1f98138614322

SHA512
efaf320891b19e9150bbb7f974743096158ca6a617cbc8b67f3776430f99e2f98e05ff36eec876ddd016189d8cf514e4b6df1d472fa052a6bf392c960fd361b8

Download Submit
C:\Program Files (x86)\Sparx Systems\EA Trial\ModelPatterns\gf1.1-decorator.rtf

Filesize
413KB

MD5
7f78fb10cace481b1271bb868302833d

SHA1
d1532db140ee9a3d7e15fd67e17e82120cc787e6

SHA256
6f274e66c4dff109876e21089c4f58dfb2b8d187d7b4310d130a754595d2aed6

SHA512
2edc6da3e0026bc0b0a864087a3c7855ed6c295e3a3de332d75ea44f85773d70ab4d0b4c49b0c7308134a95aadc6d465024d0c076e86415259fa01c53a9b1f56

Download Submit
C:\Program Files (x86)\Sparx Systems\EA Trial\ModelPatterns\gf1.1-observer.rtf

Filesize
422KB

MD5
2b431a8eaf95cc850d78647b4c5d5636

SHA1
9e578fed971d98932b7321348d23e022b64ed40c

SHA256
b09b639566504c6e1532731762098a6ae878366abbf32012a2ea56cefb0b1662

SHA512
293946343289a490e2b6dd1e412191dc4b051e8ef1b43cdd7f9e1b777f74353bc0cd11aaa90cb95bd1422ffc6689f6f8544f1ac90a2b620d5d2da0f40d92c589

Download Submit
C:\Program Files (x86)\Sparx Systems\EA Trial\ModelPatterns\gr1.0-gra-annotations-library.rtf

Filesize
14KB

MD5
cbce863fb5f55654c393d7f5b6ae7712

SHA1
6cbbaf5d0358b1af9338d6da7b770c9302f7008c

SHA256
bb7af228b995885c4d2f5f69e9dfc43afda7734458ffa49a18d5452bdd5e1433

SHA512
e8506d78a734068ecbdedf51a6f7aa28e151faf1090051db80ed977c11e234a8f3e5509aea57d8edd72cc0db22aa6a7029076c682151e9f6567dae93176b1966

Download Submit
C:\Program Files (x86)\Sparx Systems\EA Trial\ModelPatterns\procg-basic_keystore_install.rtf

Filesize
601KB

MD5
c65222173abd680b1ca00cfb5cfa1569

SHA1
dbc7e504cfdb3614102cd540cb08b08ba4fb5e5d

SHA256
1498529676aa994d8d2ceba6a31844a1deb9a9a7df8aa1b2f063a59527bfa5bc

SHA512
3de6eee0fc267073157e8926262f2b73f1dfc3cac3a45828c8654129b9d23b80f9e974619172e468c6d731ac6e17ba66a4a2ebd78d43bc61b01d0643fda44202

Download Submit
C:\Program Files (x86)\Sparx Systems\EA Trial\ModelPatterns\procg-generate_html_document.rtf

Filesize
277KB

MD5
4c74ef3c9a539b9f3b4e688359b2ebe8

SHA1
baa16b24ffafbd1d5b480abcc3acfe2f953d1bc5

SHA256
2535f247ec2adf8a5cb71d85235c79047bbc9ab383006008cdd06d9ccc4b31b1

SHA512
47ae9cd47ceeb7fe9376f9a44be56c2b7a2c98504d52199469915913fb2661171f23febd4d16d1abb8f716f8b39e315900e0ea028af3e812904cdf2170192ea6

Download Submit
C:\Program Files (x86)\Sparx Systems\EA Trial\ModelPatterns\procg-swm_coreframeworks_install.rtf

Filesize
84KB

MD5
4b472fe9ce00ce1a3082a21c1383aa21

SHA1
47329120763f938ddc21e77d6e1ec224a7e0bac6

SHA256
4c7678d48f59b4b166391d23e896ad91cf3b82304f3bee0b495494dce1073c7d

SHA512
ad35462c34eab9c9646c1e2c2ac2ebbcd8a62de3b4ce61e4fbd44c050bbb7ee633cab473c66d1ac89e24df8485c3c1c7656133cfe4afdc8b9eb39ee131b1dcc9

Download Submit
C:\Program Files (x86)\Sparx Systems\EA Trial\ModelPatterns\pub-document-risk-plan.rtf

Filesize
116KB

MD5
e8ecabb488ed5ec291cec43e4638e2c3

SHA1
9bd86ce4b6f72041fbfe0eb2484adba0cab8782b

SHA256
e0090621284d8cf20294ec68d0b63cd56dd4cb76604a2de383f197baa5008e67

SHA512
0d2b8f4f36017db3892a48db43f5e96a3f4fef928936dc1470f04cc551147e78af7123d8fad44d6517226296d1e29c38ecc1a22a7bc3325a1366de5893e64915

Download Submit
C:\Program Files (x86)\Sparx Systems\EA Trial\ModelPatterns\pub-starters-data-dictionary.rtf

Filesize
124KB

MD5
89d1e6009ddaeb21b0f932b943d60b64

SHA1
00ba377b1a7e45012a866ec777b640ea5b25a6a0

SHA256
704f55fb14179fa8efc497b9e360da7ed410c3b34f65c158a220e4b0397fbd2d

SHA512
ef1c386b5bf6e7c9516d7da4a189987d6b6ba831406ec2efafc152de3cd9bd0ad083d3bb4099306c1ec5250c2e4b30d38dcf749d650a4f910896505995742358

Download Submit
C:\Program Files (x86)\Sparx Systems\EA Trial\ModelPatterns\sg1.0-balanced-scorecard.rtf

Filesize
578KB

MD5
67c847d1ff8e6356b8b037b3128ca722

SHA1
10159dbdee856d0c1a6fc2e48fdd53f42d6b12f6

SHA256
920f7d05485980e1ff8cb20b1030efabc178ddeb7befec15f0bbdcdf98591d47

SHA512
ad39422c2a552b5324df4439371b2aa6a8fc182456298a1d5631b28dbad884296dc22c6cfbd3a4dde9fd9c0f8902b93c488a8f932ba3ca462cee23adac9b33e5

Download Submit
C:\Program Files (x86)\Sparx Systems\EA Trial\ModelPatterns\simple_Business-Capability.rtf

Filesize
336KB

MD5
3c7165c3741a5895dab3ec04046cd802

SHA1
575faa836b90f2912f738bd3ebd0500bd9c31132

SHA256
68f698fa8a3bacf51c652cac358405dae76ffbfa77ef9a834b354151c2576ba3

SHA512
71aa1b09b3987dda0e6f9f42aa1acddb140175d5fc6f2f4aab8b3b65927bc5f56894768f5b144797c3858d58bdfea0350c664fed6846695ed5798c1a6af4b2e1

Download Submit
C:\Program Files (x86)\Sparx Systems\EA Trial\ModelPatterns\sm1.4-composite-states.rtf

Filesize
681KB

MD5
f27b754b78fae88fae3320b00f24b6af

SHA1
2469020e50c24294fc5d83cc3e91ea8996b79e1e

SHA256
06df515f0df03e0bb7655deb72ac8633ee810fb5bc0d3b5617141c723b5dd054

SHA512
030792ab6b161f0f2a2027e99d16a0c87bd912cb035b61fc5ebbd35267e3dd081e063e2d4aaab9519d51590ef4e4ee6595b8011db357c659dd79ca2a4f90e0fb

Download Submit
C:\Program Files (x86)\Sparx Systems\EA Trial\ModelPatterns\ua1.0-project-roadmap-pj-rm.rtf

Filesize
267KB

MD5
b28e0d3cd91eaa5306a67b0735fa3acf

SHA1
05ec2e3e15d57d304fe3430355e340510fc63669

SHA256
82c6a03877a3c39b43972b5138f8e2f3c49cfa8d746b2f159b78d732ddb403ca

SHA512
2741d53efbfb46f2591ae54acbca1701935ccc442a677dff0c55706d2df8f18dc58d8dabfec38af4f2e0a79c779820720b17c83798f1175fe591e516a8988516

Download Submit
C:\Program Files (x86)\Sparx Systems\EA Trial\ModelPatterns\um2.5-composite-structure-diagram-with-collaboration.rtf

Filesize
196KB

MD5
0f1ccaeeb0a517ed1ff7d885731ade66

SHA1
9cb294e2cc4a8768a4159ef844c97983d905df18

SHA256
169ecafc2d0a4a01f13ae74b7165ca41b0a3bf1aa7649ba3596760aa7aaa9ca6

SHA512
136afb2a6d790290ed85a1dab3d385a649cd082d178c30fa144adeea0fe4655f6dec0f156dd4db8ce4b49bfb9bbeb4fc1b1a61415b85ff502531b2d2ef8cc6db

Download Submit
C:\Program Files (x86)\Sparx Systems\EA Trial\ModelPatterns\um2.5-node-with-component-and-artifact-instances.rtf

Filesize
289KB

MD5
4882788f4adced02bda3d451d352e57d

SHA1
da35f6eb785f96ff2bf592d58f826c4753f98aea

SHA256
50a578e3fb467b073149b3f66b57522bd91a7b6ba5f13d215f97615359883e04

SHA512
33690fadcfc31093e1a711345c85e0cfa2d6b06ac1ac9d413a4f903a7e8f9af010189426f80bc824ddb9dffcd7611c8bed9eeecf53d08b4bf19ed81efb181b2d

Download Submit
C:\Program Files (x86)\Sparx Systems\EA Trial\ModelPatterns\um2.5-one-level-package-hierarchy.rtf

Filesize
336KB

MD5
6cdf04ef78a058f56a843ed614c80665

SHA1
9a7daf0d47841d5db9e76c6e7fe05615686605de

SHA256
29b15ad2d261999633d1b481a30c2de74e379e84e09d943d15e7972d9add4cea

SHA512
425843b1b5b196cfc1bbcade0f9836f11105f8039a666eaf27568090329ae1b5646a06edb5f2b82a17b441ea4062c826393b02ab3cfd7ac7d366bf7d80dcb870

Download Submit
C:\Program Files (x86)\Sparx Systems\EA Trial\ModelPatterns\um2.5-starter-package-diagram.rtf

Filesize
204KB

MD5
b3b7cdcb5597e6496487c3d9f76f4a0f

SHA1
db053ea94750012bf76b7fff07fb76f19fc79615

SHA256
f4d20da9eebfe72e153510327d87ef843bb091191d2be195bca87949fda48c1e

SHA512
d265dc38038dc58a426f87ecbb9f78b3eec9a8a11bb9980062b014bdeac31cb763ef5a8daa7e1f47f550ee9c934ced740dcf71fa0d7f436cb9e7fa2c51d42bc4

Download Submit
C:\Program Files (x86)\Sparx Systems\EA Trial\ModelPatterns\up2.0-ov-4-organizational-relationships-chart.rtf

Filesize
341KB

MD5
a9df7b5232335caddc471f79c8e245d0

SHA1
ae745f7b42abd0333a5e81817e4500eeaa6f7990

SHA256
101252c3c0a0146d036191c30a926fdb46cce3a239821cb791d05f14b7a09f43

SHA512
9f16d460630073f27b737b39a402ff22827dd44dd662770208c31fa6377b35ff823627bbc2eff5118a0c8dd3aa4147f25d312da8e7ca3851e8c97049bdfef045

Download Submit
C:\Program Files (x86)\Sparx Systems\EA Trial\ModelPatterns\up2.0-pv-1-project-portfolio-relationships.rtf

Filesize
273KB

MD5
6f207496b9519071336948342bb0d20e

SHA1
18fae813a048e04a5bfac8cd838fa4e857d723e2

SHA256
99bdae84ad45c6e2186772f3144e5e40966a04934d6204aaa7dcc308c6d97ab5

SHA512
3d58f4b163851884d2d7b41f44b8648c93686d110e35786b7c63c554338a02d60e6393d8bfaf0658953e06ac2e8246c42af76a477e15939f62b8cb35ba3939e9

Download Submit
C:\Program Files (x86)\Sparx Systems\EA Trial\ModelPatterns\up2.0-sv-10c-systems-event-trace-description.rtf

Filesize
227KB

MD5
48f269ca4843d6885bd95c7cce488cf4

SHA1
c1b01e7d794a6d798c56bfbe675bca7a6b28a0fa

SHA256
ff23c272b842f4423c3dd815531720febeb596408b468403bc91133648e7237a

SHA512
f25bf22f0a911fc42b3fdf22c6afd071b5c690bd2081539baa95da6815a9d9417da1314ab62a54b07ce047826739834cc42c6439d6e8608de56be41610aa093c

Download Submit
C:\Program Files (x86)\Sparx Systems\EA Trial\ModelPatterns\up2.0-svcv-6-services-resource-flow-matrix.rtf

Filesize
185KB

MD5
a5db6762db004bf3323caa9e890bec0c

SHA1
9a26a0a796f1a3c09ba58f4a98d0779e46189aa0

SHA256
20d1d491df22cd494fe1d4db75027d0d9db9f68ad8185c28ddd0774e23d91657

SHA512
026cefd12302927e4b18e57afc053e12ddd4421594656ff75c85f7aebfbcfea82ff3978bdd71688c64f03f3a06ebc5c7a91b5509091cdc17dd63ed0171aca12b

Download Submit
C:\Program Files (x86)\Sparx Systems\EA Trial\ModelPatterns\vdml-measurement-dependency.rtf

Filesize
605KB

MD5
c6be8ef358e555fdf68fe01297cfa905

SHA1
9883d90e78c23937141795ca479560ed15d5d7e3

SHA256
6e4df867846ffad1b31ceb7e7e8e3c738c7aed92c5d43edf29366cda9e8c2569

SHA512
c4e8dbfa1669666eacd143ecc886be38a6dcf99609b2648f26e824e257d371f35a0066621607472a81b048d2a58e359fb8646a7df9e61be5bd2a256ee277cdbe

Download Submit
C:\Program Files (x86)\Sparx Systems\EA Trial\SSXML160-32.dll

Filesize
2.1MB

MD5
7faf3b67f5b121ff9f359035eb57226e

SHA1
3ab2913ab8a7421bb92df732e8f3eb881f33623a

SHA256
d2acf9cf2923267c8458ff7d0eb6bcd50421dd0720c59f7a0ab25e5223d077ae

SHA512
b818a147b9ec3a43655fd6de0da1c3b05762f85c7d43871ab0db92bb556bb3990d86a351dcf079af825a7c66242183693c5eccb5ef6700dba18a03cacaa64741

Download Submit
C:\Program Files (x86)\Sparx Systems\EA Trial\SSxerces-c_3_2.dll

Filesize
2.9MB

MD5
8112f5cb0fd65519c0907f7f55a5be2b

SHA1
412c532f6e53f7ba0aaa0743e981287609cb902a

SHA256
ca03b2d98484099f66fd2f309a84251c4f11deb3bbf60848cea02bd8ca988110

SHA512
bc5592c0b4ca74df974a173e0c404676e947db9e9b9dbe7b819310aef0048dfba3a32fde610e2f311179366ff2a58bcc095ed8330dab6356d88172f03d2d0da6

Download Submit
C:\Program Files (x86)\Sparx Systems\EA Trial\libmicrohttpd160-32.dll

Filesize
236KB

MD5
03e9bef76d36241eae4a2aa63d9f2307

SHA1
945c9ae27fe81546a645a64f8df54405bce87ed2

SHA256
5d6ccd229abb47c3bcd0d08a83c05ce4f7e999517b9668e4608b1177bf88833d

SHA512
7a99425cd8f0f68477770ec2cb4f4255034c5c24d5f3fd6ada6c8986a4358b9c9e38e0364a375baf14aeb1ef8a26785ccd4d7f16215abd0758f5514f77fe2800

Download Submit
C:\Program Files (x86)\Sparx Systems\EA Trial\pdc160-32.dll

Filesize
333KB

MD5
3be39e831e8fd79dd12b20bdc34b8a79

SHA1
fe721b5a0c97198d81e232c27a8e713432b99829

SHA256
1cc520ccc7050f50aed2abfc4b5e73e2005bb629f63b8ed2e66be2ccaae98f73

SHA512
aef4b3c9bf5334491f00314e0e289f0201a641d5f66be4546da50c038f17134b3ee732a44b809482027ffe87a4cd20531aa092b4b1ed0a121d861a45b8e871f0

Download Submit
C:\Program Files (x86)\Sparx Systems\EA Trial\ssce160-32.dll

Filesize
318KB

MD5
22d614e6f7f6e8619f800b7d82ed6413

SHA1
ebfecfac387135027a3ea58894ac384296a0b42f

SHA256
fbb4694340f15b6fddfd1d8d51a58db05e2f85835e6b4b4c6ab7821e62b75216

SHA512
5ed43e425025d98e5c3b30c5690d91b79d774a4c368581956525ed799518763c389ba6b88365264e76ed18ed5fc395ee3289dcc3e81abb4a48089db6f4b570c5

Download Submit
C:\Program Files (x86)\Sparx Systems\EA Trial\ter160-32.dll

Filesize
2.9MB

MD5
5a4b0edc481895dd4f029e33d5e187c6

SHA1
2bb1966c89f923b8cef194c866d0d642e1444a67

SHA256
7b1aa9fa4d9fbe0fafcf74188ac9832a619819e5ca0f086f040869d85d7870a2

SHA512
62f0aac928e6ad114d037addb115d42e4a5fed1c0a5b0c576d8c22cc5722eef6054ba290f750fcf3abbaf2f899e7bef4ed02ec42822d7ab4a261aec10b54069a

Download Submit
C:\Program Files (x86)\Sparx Systems\EA Trial\wthes160-32.dll

Filesize
189KB

MD5
0f69f7bd959b3e7a5d115d460e7b4e3f

SHA1
7199f7a0493498fbf2165ebf691b3f547ac720ae

SHA256
ea5157da91bcabffe886d6c013dd3e6b048a38e06b8d652fd699b256ee34fdcf

SHA512
ceaec8720cc09a9ec78761f69f7fafd06c0942acbf31354eee1d9abf9cbe43381dc658be0201c4738a80cb782a856c6da93188f46c8213df319e8b25ca523199

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b8880802fc2bb880a7a869faa01315b0

SHA1
51d1a3fa2c272f094515675d82150bfce08ee8d3

SHA256
467b8cd4aacac66557712f9843023dcedefcc26efc746f3e44157bc8dac73812

SHA512
e1c6dba2579357ba70de58968b167d2c529534d24bff70568144270c48ac18a48ee2af2d58d78ae741e5a36958fa78a57955bd2456f1df00b781fc1002e123d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ba6ef346187b40694d493da98d5da979

SHA1
643c15bec043f8673943885199bb06cd1652ee37

SHA256
d86eec91f295dfda8ed1c5fa99de426f2fe359282c7ebf67e3a40be739475d73

SHA512
2e6cc97330be8868d4b9c53be7e12c558f6eb1ac2c4080a611ba6c43561d0c5bb4791b8a11a8c2371599f0ba73ed1d9a7a2ea6dee2ae6a080f1912e0cb1f656c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
d8bd97b9ab416e3c0973c57762923185

SHA1
b1ae1263a70a14e3a88846fcc6d0910867a25a53

SHA256
8b733184ca9941bccaf362c01b2cc1372244d55919ce2d99274293e07b20fd62

SHA512
c5429c3606ffaa4aef79fe02920927691c73a6a6e14f75e72669fb455c4d3697e7601d02ecd2a87303540fefc83c1c0426c685262b23b0c9c76ef4cfb343398e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
3f17c88c45c130d2cec45e9cc2deb2b2

SHA1
d99c9808b12e4f590cda472fa49b030b48a142ba

SHA256
4c5aa732a499e475e86e06287fde0ac4be038e1b7dbd9601d1ebb1de5c093dc2

SHA512
c6bfb28d2bce9c48fb84b5065b077a51af1a231b5740c8d010c934d937ea0597b99f8e6dfbe42a8fe5b14dc06ef46e48e73762fb2ccd5681fecaf9eeb30c6972

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
93560b4491679a087b0db17986a291a2

SHA1
b338c401d09f0053f3e146c66926f2efa237cc06

SHA256
a7be2adcf27dc50a0684cf5e02b1ec3afb4ee9f6cc3be22c07559361197a80ef

SHA512
ffcd37fe6bcd9c26630aaf28ebc9e8e1949293f0087eade8a06e0356a65ca9c1f3f69ecadfa0a01d978e6953ab1e7a8be4c90d05aa03a68c240df5008c098bc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
314b69cc2e7037dc7fef890f0f1c9acf

SHA1
ac356a57068864a7cbca69c84f307d427513525c

SHA256
b6a5f99680f302b4a8cc58bd82400ffbad8789fb4d4824ca467d66dd2a7ccee1

SHA512
52a006a88dbe6009227bd221975f7269b127898ab0545d07dc584a5f20d7b4a60f6e03a59195fbdcfec5ecc3ed1c9c0b9049215d3b98bc06a1fc89040177b417

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
373289b25b01d4f6afe27dbcafc34da3

SHA1
9946e70c7b35c36cd1e91d0ab509979d9bf23d99

SHA256
28d99c2f3f1921f2cc6a396f64bdc457fb793dfba99ee10ff99ea138d2d4fbea

SHA512
d9495f7cd45849d3132d2f9bfd3179ad712ca6e05e7d55f90a349dc3c2af081b60fd382ee3e5c3a14bbd0d56b7dbf90cb639942bc3ab820406939039d207b2a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
169a7bb8ded3b839730744049006c794

SHA1
3792b831a5c3aa8184efa15d6e97ae5fe38fcce1

SHA256
13212192ac5b2b82deb7a7401c9c9dfb4f73897c1c2e3c2d61fce9f51105f972

SHA512
c0322926e1cf4c1daf573956202e7e47f3e4cb5d1b53ac51209433bfb736652342a66995e9ac759e856c5493b7cc55b6f24e92c708112b5f7a24c7b6dd019cc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1e193970616efd041586a80e0698c517

SHA1
92bf05baf7a60bd134952e07c3d4d4c06f269741

SHA256
44bbb584a95664c4714c86d48eb01fd77876611be5b2b18e48a185147b0bff49

SHA512
a0de46fc638c573f5ec720214d739ec11b1dd4e21752b01ba9cc9713323bc96b9fcf8fb529d17233ecf2ece48124064f81daf07d39b86019fe21900168365517

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
e5d1bf56a01feea7357619358c1711fe

SHA1
a3ef28b4dea3a860cd38af1ff3e498170d50eac4

SHA256
5aa0bddea57640de85f141974e820dd9510e21bccf23ecdb633f3ee17c082be5

SHA512
952102b2daa1342174a291811b202230c51e3c81c04281ee4644c52b85d2b2920df0652cc10da1f84d77edf4e6185a86ac97a5ff7a94ee6b8298b91ef6db5584

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIF603.tmp

Filesize
74KB

MD5
bb373102912c77f80a4bf5089391f1b7

SHA1
e5b67e597690af18e8f5271520946f856f86750a

SHA256
0fd225cb064e60e864a001c687274abb3dc774f1820f2afefc6b14b838e939f2

SHA512
0133669aa262f5392121f44616978c178dd7c7c63766dc0f25421b2616f6b301936b97759c453f537e600bdee3ea940c4d29a9d5b7acac20e69b7c4ba1b39dad

Download Submit
C:\Windows\Installer\MSI3E0A.tmp

Filesize
168KB

MD5
a0962dd193b82c1946dc67e140ddf895

SHA1
7f36c38d80b7c32e750e22907ac7e1f0df76e966

SHA256
b9e73e5ab78d033e0328fc74a9e4ebbd1af614bc4a7c894beb8c59d24ee3ede9

SHA512
118b0bd2941d48479446ed16ab23861073d23f9cc815f5f1d380f9977f18c34a71f61496c78b77b9a70f8b0a6cd08fe1edc1adb376dad5762ad0dd2068c64751

Download Submit
C:\Windows\SysWOW64\MSJET35.DLL

Filesize
1.0MB

MD5
44aa496b7002d420de0f4e45fed9e62c

SHA1
36a269baf7c0773bdf6331b5851145d8514a41c3

SHA256
81d413d9eb587ba07aba2eb71b74dbefccb4f93dfa9d93e9c8925556a6d21af6

SHA512
1c4f7b23f0b5c6fbee07c9f50f7e7032444a47178e19853c993e0c450658f700abbdb9d1d363696664d717d5d501ec9f151accce88b1a9cb518143a6fb778d77

Download Submit
\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2

Filesize
24.1MB

MD5
2e64af2a1f9f8ea905e87f15d9012dc9

SHA1
5d6f8abd7b7dc1825f57cd69c60dc8c4c73578fc

SHA256
f49170c091a99b9835658e3f446582e9df09f17a08bde84db4cbcb3d47e43314

SHA512
a53ea72bd7b9ff17480c5c8d8900c299a4092766413ffce66ecda33803a06ddd36815ad5a18e3cea7ef9d0a0c63a9f2cd1684c9a0645f2789f22310d397bce37

Download Submit
\??\Volume{f0eec59f-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{e52bd8d2-5ab2-4dff-8b9c-505cd84b7df5}_OnDiskSnapshotProp

Filesize
6KB

MD5
2458c784e5430dc32be0c873bcf5c78d

SHA1
2e0c77dbd924076402eb24605e8fbfe8f594e29c

SHA256
b7de4dc2687382e392cea4dda14f8fd28b1bee6bed63ff02cc252dcdbac8f6e9

SHA512
ad2ffc242cf6c4111f75df7ccf5cb15dc00f00fb4ca5d2b58382ec9bbc17dddbd88475612ce924c7a283d76fbca46ead47ac1849670fbb62aa87aedee57c3622

Download Submit
memory/3508-3745-0x000000000A090000-0x000000000A091000-memory.dmp

Filesize
4KB

Download
memory/3508-3744-0x0000000009F30000-0x0000000009F9E000-memory.dmp

Filesize
440KB

Download
memory/3508-3752-0x000000000C200000-0x000000000C201000-memory.dmp

Filesize
4KB

Download
memory/3508-3751-0x000000000C1F0000-0x000000000C1F1000-memory.dmp

Filesize
4KB

Download
memory/3508-3750-0x000000000C1E0000-0x000000000C1E1000-memory.dmp

Filesize
4KB

Download
memory/3508-3749-0x000000000C1D0000-0x000000000C1D1000-memory.dmp

Filesize
4KB

Download
memory/3508-3748-0x000000000C1C0000-0x000000000C1C1000-memory.dmp

Filesize
4KB

Download
memory/3508-3747-0x000000000C1B0000-0x000000000C1B1000-memory.dmp

Filesize
4KB

Download
memory/3508-3746-0x000000000A0A0000-0x000000000A0A1000-memory.dmp

Filesize
4KB

Download
memory/4836-3720-0x000000000CFA0000-0x000000000CFA1000-memory.dmp

Filesize
4KB

Download
memory/4836-3715-0x000000000CF30000-0x000000000CF31000-memory.dmp

Filesize
4KB

Download
memory/4836-3714-0x000000000A830000-0x000000000A89E000-memory.dmp

Filesize
440KB

Download
memory/4836-3723-0x0000000000400000-0x0000000001400000-memory.dmp

Filesize
16.0MB

Download
memory/4836-3722-0x000000000CFC0000-0x000000000CFC1000-memory.dmp

Filesize
4KB

Download
memory/4836-3721-0x000000000CFB0000-0x000000000CFB1000-memory.dmp

Filesize
4KB

Download
memory/4836-3716-0x000000000CF40000-0x000000000CF41000-memory.dmp

Filesize
4KB

Download
memory/4836-3719-0x000000000CF90000-0x000000000CF91000-memory.dmp

Filesize
4KB

Download
memory/4836-3718-0x000000000CF80000-0x000000000CF81000-memory.dmp

Filesize
4KB

Download
memory/4836-3717-0x000000000CF70000-0x000000000CF71000-memory.dmp

Filesize
4KB

Download