Analysis Overview
SHA256
df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c
Threat Level: Known bad
The file df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c was found to be: Known bad.
Malicious Activity Summary
CryptBot
Executes dropped EXE
Blocklisted process makes network request
Loads dropped DLL
Enumerates connected drives
Drops file in Windows directory
Enumerates physical storage devices
Suspicious use of FindShellTrayWindow
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Checks processor information in registry
Modifies system certificate store
Suspicious use of WriteProcessMemory
Delays execution with timeout.exe
MITRE ATT&CK
Enterprise Matrix V6
Analysis: static1
Detonation Overview
Reported
2022-01-19 16:34
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2022-01-19 16:34
Reported
2022-01-19 16:37
Platform
win7-en-20211208
Max time kernel
120s
Max time network
120s
Command Line
Signatures
CryptBot
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software\spacecore.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software\spacecore.exe | N/A |
Enumerates connected drives
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Installer\MSI72E7.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\f766940.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\f76693e.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI6DA5.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI6E81.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI7057.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI8ADB.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\f76693e.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI6F2D.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\f766940.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software\spacecore.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software\spacecore.exe | N/A |
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 | C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 | C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 | C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 | C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe
"C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe"
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 2EF1C291F8D076292722549F385C59D0 C
C:\Windows\SysWOW64\msiexec.exe
"C:\Windows\system32\msiexec.exe" /i "C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\adv2.msi" AI_SETUPEXEPATH=C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe SETUPEXEDIR=C:\Users\Admin\AppData\Local\Temp\ EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1642350708 " AI_EUIMSI=""
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding A58EE943C1F5B2A363CFD95F03787415
C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software\spacecore.exe
"C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software\spacecore.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c rd /s /q C:\Users\Admin\AppData\Local\Temp\IlQiEvXJt & timeout 4 & del /f /q "C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software\spacecore.exe"
C:\Windows\SysWOW64\timeout.exe
timeout 4
Network
Files
memory/1896-54-0x0000000076C61000-0x0000000076C63000-memory.dmp
\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\decoder.dll
| MD5 | 831e0b597db11a6eb6f3f797105f7be8 |
| SHA1 | d89154670218f9fba4515b0c1c634ae0900ca6d4 |
| SHA256 | e3404d4af16702a67dcaa4da4c5a8776ef350343b179ae6e7f2d347e7e1d1fb7 |
| SHA512 | e5e71a62c937e7d1c2cf7698bc80fa42732ddd82735ba0ccaee28aee7a7ea7b2132650dfd2c483eb6fb93f447b59643e1a3d6d077a50f0cd42b6f3fc78c1ad8f |
\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\decoder.dll
| MD5 | 831e0b597db11a6eb6f3f797105f7be8 |
| SHA1 | d89154670218f9fba4515b0c1c634ae0900ca6d4 |
| SHA256 | e3404d4af16702a67dcaa4da4c5a8776ef350343b179ae6e7f2d347e7e1d1fb7 |
| SHA512 | e5e71a62c937e7d1c2cf7698bc80fa42732ddd82735ba0ccaee28aee7a7ea7b2132650dfd2c483eb6fb93f447b59643e1a3d6d077a50f0cd42b6f3fc78c1ad8f |
memory/1676-57-0x000007FEFC321000-0x000007FEFC323000-memory.dmp
\Users\Admin\AppData\Local\Temp\MSI5C4D.tmp
| MD5 | a32decee57c661563b038d4f324e2b42 |
| SHA1 | 3f381a7e31f450a40c8c2cf2c40c36a61fb7a4c2 |
| SHA256 | fcf24b9b574ed026d3f68b7b70aa6533806ba7fc566c476ccb62e6493ac28f04 |
| SHA512 | e17c125adad4702c9a30639858e22a2f0dc4f2926fca89758d544c62fe1fb95360dabd5bd2de2f62a607158bd9ef108c60d8cb5ce709c634668ee509988214f9 |
C:\Users\Admin\AppData\Local\Temp\MSI5C4D.tmp
| MD5 | a32decee57c661563b038d4f324e2b42 |
| SHA1 | 3f381a7e31f450a40c8c2cf2c40c36a61fb7a4c2 |
| SHA256 | fcf24b9b574ed026d3f68b7b70aa6533806ba7fc566c476ccb62e6493ac28f04 |
| SHA512 | e17c125adad4702c9a30639858e22a2f0dc4f2926fca89758d544c62fe1fb95360dabd5bd2de2f62a607158bd9ef108c60d8cb5ce709c634668ee509988214f9 |
\Users\Admin\AppData\Local\Temp\MSI617C.tmp
| MD5 | 4e2e67fc241ab6e440ad2789f705fc69 |
| SHA1 | bda5f46c1f51656d3cbad481fa2c76a553f03aba |
| SHA256 | 98f4ebaa6ea1083e98ea0dd5c74c2cb22b1375c55b6a12cfdc5d877f716de392 |
| SHA512 | 452df66dd2b09485bf92d92b72b3ad2638cbf0a570741b80309056d1e67e68a18cbd0ad3616a2943bb29de62a057848a7382b6c64c3821335a51b0a03131564c |
C:\Users\Admin\AppData\Local\Temp\MSI617C.tmp
| MD5 | 4e2e67fc241ab6e440ad2789f705fc69 |
| SHA1 | bda5f46c1f51656d3cbad481fa2c76a553f03aba |
| SHA256 | 98f4ebaa6ea1083e98ea0dd5c74c2cb22b1375c55b6a12cfdc5d877f716de392 |
| SHA512 | 452df66dd2b09485bf92d92b72b3ad2638cbf0a570741b80309056d1e67e68a18cbd0ad3616a2943bb29de62a057848a7382b6c64c3821335a51b0a03131564c |
C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\adv2.msi
| MD5 | 1d67aa686a91e14c7b5c1536f7e3a4b6 |
| SHA1 | 1e63565b198b80e3facef004b72de841df06bc85 |
| SHA256 | 88094bafb610ebbe34ddc0ed85e13cd636010975bfe66febdc416a621fd48522 |
| SHA512 | 259bf8eb99c22a8c6579f618d2ffde99adc36104e8abc52cef85c06a3e73dbe6e60aa3880004776687025f5d839bd6a6e74322ab52dacbc2fbdef18cc437e613 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 511e6fb9e70c35d29f0975ecd84c6c72 |
| SHA1 | dccb66214fdabd6f132e35f55f65d7ff2e4505f6 |
| SHA256 | e220782ac11381b61e0f3daa04a38083e0c084cfee1906f372db573bae9ad619 |
| SHA512 | 2c271e08e41d246da3cdec2cbaecd365f002db577ea2772f98b16535241d3441d7cfffe8fd8619aca473589ec2e778c8747127e3ae7221883eb86a26183a8199 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b59cd10d8ed0d39ec6f57d6f8abc3da5 |
| SHA1 | be0a68ba7f8fa1f039cb3d013bd0c1f15333f379 |
| SHA256 | 53d126f8d5eabf36635169ac9ca9b9cfb866966d0b7aeaf037c66430b19c991d |
| SHA512 | 1ddb24a43c6016a761cf894d91990e2c27e1c5e169b1409890468d14d1397c851b72f1667afd3c201cf3df9d113ff51e9f296284bb20881d4406b28e671c03c4 |
\Windows\Installer\MSI6DA5.tmp
| MD5 | a32decee57c661563b038d4f324e2b42 |
| SHA1 | 3f381a7e31f450a40c8c2cf2c40c36a61fb7a4c2 |
| SHA256 | fcf24b9b574ed026d3f68b7b70aa6533806ba7fc566c476ccb62e6493ac28f04 |
| SHA512 | e17c125adad4702c9a30639858e22a2f0dc4f2926fca89758d544c62fe1fb95360dabd5bd2de2f62a607158bd9ef108c60d8cb5ce709c634668ee509988214f9 |
C:\Windows\Installer\MSI6DA5.tmp
| MD5 | a32decee57c661563b038d4f324e2b42 |
| SHA1 | 3f381a7e31f450a40c8c2cf2c40c36a61fb7a4c2 |
| SHA256 | fcf24b9b574ed026d3f68b7b70aa6533806ba7fc566c476ccb62e6493ac28f04 |
| SHA512 | e17c125adad4702c9a30639858e22a2f0dc4f2926fca89758d544c62fe1fb95360dabd5bd2de2f62a607158bd9ef108c60d8cb5ce709c634668ee509988214f9 |
C:\Windows\Installer\MSI6E81.tmp
| MD5 | a32decee57c661563b038d4f324e2b42 |
| SHA1 | 3f381a7e31f450a40c8c2cf2c40c36a61fb7a4c2 |
| SHA256 | fcf24b9b574ed026d3f68b7b70aa6533806ba7fc566c476ccb62e6493ac28f04 |
| SHA512 | e17c125adad4702c9a30639858e22a2f0dc4f2926fca89758d544c62fe1fb95360dabd5bd2de2f62a607158bd9ef108c60d8cb5ce709c634668ee509988214f9 |
\Windows\Installer\MSI6E81.tmp
| MD5 | a32decee57c661563b038d4f324e2b42 |
| SHA1 | 3f381a7e31f450a40c8c2cf2c40c36a61fb7a4c2 |
| SHA256 | fcf24b9b574ed026d3f68b7b70aa6533806ba7fc566c476ccb62e6493ac28f04 |
| SHA512 | e17c125adad4702c9a30639858e22a2f0dc4f2926fca89758d544c62fe1fb95360dabd5bd2de2f62a607158bd9ef108c60d8cb5ce709c634668ee509988214f9 |
C:\Windows\Installer\MSI6F2D.tmp
| MD5 | 4e2e67fc241ab6e440ad2789f705fc69 |
| SHA1 | bda5f46c1f51656d3cbad481fa2c76a553f03aba |
| SHA256 | 98f4ebaa6ea1083e98ea0dd5c74c2cb22b1375c55b6a12cfdc5d877f716de392 |
| SHA512 | 452df66dd2b09485bf92d92b72b3ad2638cbf0a570741b80309056d1e67e68a18cbd0ad3616a2943bb29de62a057848a7382b6c64c3821335a51b0a03131564c |
\Windows\Installer\MSI6F2D.tmp
| MD5 | 4e2e67fc241ab6e440ad2789f705fc69 |
| SHA1 | bda5f46c1f51656d3cbad481fa2c76a553f03aba |
| SHA256 | 98f4ebaa6ea1083e98ea0dd5c74c2cb22b1375c55b6a12cfdc5d877f716de392 |
| SHA512 | 452df66dd2b09485bf92d92b72b3ad2638cbf0a570741b80309056d1e67e68a18cbd0ad3616a2943bb29de62a057848a7382b6c64c3821335a51b0a03131564c |
C:\Windows\Installer\MSI7057.tmp
| MD5 | a32decee57c661563b038d4f324e2b42 |
| SHA1 | 3f381a7e31f450a40c8c2cf2c40c36a61fb7a4c2 |
| SHA256 | fcf24b9b574ed026d3f68b7b70aa6533806ba7fc566c476ccb62e6493ac28f04 |
| SHA512 | e17c125adad4702c9a30639858e22a2f0dc4f2926fca89758d544c62fe1fb95360dabd5bd2de2f62a607158bd9ef108c60d8cb5ce709c634668ee509988214f9 |
\Windows\Installer\MSI7057.tmp
| MD5 | a32decee57c661563b038d4f324e2b42 |
| SHA1 | 3f381a7e31f450a40c8c2cf2c40c36a61fb7a4c2 |
| SHA256 | fcf24b9b574ed026d3f68b7b70aa6533806ba7fc566c476ccb62e6493ac28f04 |
| SHA512 | e17c125adad4702c9a30639858e22a2f0dc4f2926fca89758d544c62fe1fb95360dabd5bd2de2f62a607158bd9ef108c60d8cb5ce709c634668ee509988214f9 |
C:\Windows\Installer\MSI72E7.tmp
| MD5 | 0be7cdee6c5103c740539d18a94acbd0 |
| SHA1 | a364c342ff150f69b471b922c0d065630a0989bb |
| SHA256 | 41abe8eb54a1910e6fc97fcea4de37a67058b7527badae8f39fba3788c46de14 |
| SHA512 | f96ef5458fdc985501e0dca9cac3c912b3f2308be29eb8e6a305a3b02a3c61b129c4db2c98980b32fd01779566fa5173b2d841755d3cb30885e2f130e4ad6e2c |
\Windows\Installer\MSI72E7.tmp
| MD5 | 0be7cdee6c5103c740539d18a94acbd0 |
| SHA1 | a364c342ff150f69b471b922c0d065630a0989bb |
| SHA256 | 41abe8eb54a1910e6fc97fcea4de37a67058b7527badae8f39fba3788c46de14 |
| SHA512 | f96ef5458fdc985501e0dca9cac3c912b3f2308be29eb8e6a305a3b02a3c61b129c4db2c98980b32fd01779566fa5173b2d841755d3cb30885e2f130e4ad6e2c |
\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\decoder.dll
| MD5 | 831e0b597db11a6eb6f3f797105f7be8 |
| SHA1 | d89154670218f9fba4515b0c1c634ae0900ca6d4 |
| SHA256 | e3404d4af16702a67dcaa4da4c5a8776ef350343b179ae6e7f2d347e7e1d1fb7 |
| SHA512 | e5e71a62c937e7d1c2cf7698bc80fa42732ddd82735ba0ccaee28aee7a7ea7b2132650dfd2c483eb6fb93f447b59643e1a3d6d077a50f0cd42b6f3fc78c1ad8f |
C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\lcms-5.0.dll
| MD5 | 4a7ec88ed3b6f8d7c70e859ca35010ce |
| SHA1 | c9440c6650e5f345a8aa30764b87531480ac63fc |
| SHA256 | 15a65d64c55006f966e694a8e4b65635d1fac975354fd35213cdfc5dde675803 |
| SHA512 | 2a46db6bde8970019ddedd003484bb655ef74e37d4421e7f41322c4801d250377ac7534729f4f976ce5bb208238ce4e1fa618e9897ba949d9e9cd035c36030dd |
C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\spacecore.exe
| MD5 | 36698c857fdd6cc9b024cea38118c779 |
| SHA1 | 875c5f6bcf9b005fe265936de92e53ed35e6ab2d |
| SHA256 | dfbc344151d958d97f0db5d0c5a82fd0b521d21d89697354c4a1bbd809a71442 |
| SHA512 | 23fa5b77bb720fa9cccc19eb8fa7e37f4395e968171c2e4798da21897cd35f7b223da205c1fb5d828846dbba9fb02c1e1bfe1f4f9929a5862f2161359360f468 |
C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\gt
| MD5 | ccc8c7ca004997b3f868ac2e379daae3 |
| SHA1 | f3558231bfc980eba40a7be8d8783a8790f01f18 |
| SHA256 | 59f5de28c59dbeab22e7240d905d7072194edf15a21277a67dcebdd4e2e78e71 |
| SHA512 | c869263fe48c085789c6e7d8a6d1beb93be416c1d9768b2cf431fc570247f7709163f3e0ebfe057799c2b636d5f9297c0fc6580c66d1fe4e2d18c25142f6ff7b |
C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\unins000.dat
| MD5 | 0feceec346d9be16f42c1f12f8de1783 |
| SHA1 | fae175c74ebbccf28be4113ba7e8595c5269135c |
| SHA256 | 8de68ee615623cd757422453e7cca4f1a219fe0e29e783a04d2a63b113a0d3e7 |
| SHA512 | 116817978ad76faf1415b5fa41749510a44fc589cbd95c74f075923882b68f78806005b9399db5c0b0ef26d8d50c557e752ad33c2c0b965ca09c5a33c161af61 |
C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\libffi-6.dll
| MD5 | f68c187d209127bb0a4487b23ec29a25 |
| SHA1 | 54726179bdde7a6bd341b2ba3464e3b79cea08c7 |
| SHA256 | 23fd4daab07107bfb9fd0950c0490ba65df2fbc21680e46d9b93800e38bd1943 |
| SHA512 | 7364e67cbe7449c35930649c1b1360b88448893ccc207d1dcf5d3216f6c9ce33c9f4b0873a1e6aac8c151a76f9d082b4c5c1e42dba5800b789b72f74c9065540 |
C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\libgpg-error6-0.dll
| MD5 | 8c72fc2d0c83e1698b0fc50775310b16 |
| SHA1 | d8c49bb33e9239cfbd76ffcce8a95485a90a46bf |
| SHA256 | 31a3dded0e009827e09be2b2bec6fc033cb06c147af67fbe818ea82fd5541be2 |
| SHA512 | b9630c7b6e53b276fc0c101e054530e51493989870aead05207ba4ce36bcea946dddb0b130ef5a2379f10930dca4af2036e32af75ff38d6430145d89ae9e0b37 |
C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\libintl-8.dll
| MD5 | 082a8171c726e58c1618da3781ab7833 |
| SHA1 | 5d74e7f8f5e14c1a70331a03456c68bb33ac17e2 |
| SHA256 | ae1a1179289d1ab3b406f4bb347284464123c51be50c1bcf38f2b5dd691e065c |
| SHA512 | 837433aa29dff1bd35aeb800b8dc69fb881bb2c435bf5bba0ad7e809ad4cea765b179db4024a53f92e6b905fc964f23ed79949fa84424f864bbb88f140bd8682 |
C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\libnettle-4-6.dll
| MD5 | 854c550450beddebaafe1dd74f073641 |
| SHA1 | 3db1545773ea7756d6a87b3693148abcd1cdab86 |
| SHA256 | 8561d32e30b3dec9ffd24b1bd87e96444fd6d3d304d64f80c6d99e112411dc48 |
| SHA512 | 42af4079f184a0f8e22689f55dfa225f10b20ff8c0816d728ce022573e5ef1f1412b87000f0ef375d7dfc2a1d734a2047d539597ea4fe8ef1d5a2895053c50d1 |
C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\libtasn1-6.dll
| MD5 | 266fa5bac8fab45a57b3eb68495334f4 |
| SHA1 | c845b88a5f2279e348886e4d6246f855acaa85b9 |
| SHA256 | c8a3b86d6e930b21f428a3cac3cc8fb432716d16043824df886731565bfe8a23 |
| SHA512 | ef8caef0a926865d4b1fe0ce51dc9542b814eb76392f85895a042ac514c529426519c83bcec2eb976848d174d504e2852fa854c06a70d21f4e16debd533e3d0a |
C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\tsharkdecode.dll
| MD5 | 8e8285aac0ef77a6cede53eafe9c5298 |
| SHA1 | 8a4715c1c8591b83b925282af5ba72832c1ca0fc |
| SHA256 | 3a94a8e5f9ab0eca82611f95dc78c07c5093574c772b9c19d590f8e959191973 |
| SHA512 | 04f24cfa4f187fbe897033359eb3a2da19c4225b514e0d6ee269d741c8bf86d9f7a5860ae2de676df1748c0d64ccb9dd58758cbe1524ff938c99224afd30997f |
C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\ChangeLog.txt
| MD5 | 61c46e382917c01f64e005738fa1f59f |
| SHA1 | 305198169b890f515b1441fea9e6985de0b2f44a |
| SHA256 | 9331c7593d1eb170cded8443a8aa4598e8cbf545c0b695c1dac4e9e3c82d0dfe |
| SHA512 | d33a47a5c0b19d997225029a56d1328681b111727b6a4ae447d03e826fb58241ba5016038250aa3189f2db2e21b2f610d788b18cb8253b4f7f94f2edc3a1ebfc |
C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\README.txt
| MD5 | 96f787726bed75443f47f1bb5e4e19de |
| SHA1 | 1ba7176db00594d5c3ce47789f0544a9dc7f1db1 |
| SHA256 | 6d38db59babe7ff7845e2adb2f5c3e1bbd6c18c0277648571bbbd17171b3ca54 |
| SHA512 | 582a21330f999a3c44d977952583d335606bf53877e91c674439b01c602adc7eb419c6a58e9bba4a8cd827bbb37c705160ac2166005a9c701e85a77cb0313e68 |
C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\AUTHORS.txt
| MD5 | 23b204bfc8b025fd359fe7069a800b40 |
| SHA1 | a5739e6e3695faaf1760e6fc0f7e0abd255675c7 |
| SHA256 | 6e482045bc1b80adead9529673bbed9172a0710d7fd76e6262dc949c1438f173 |
| SHA512 | 2f9c6284ec16bf3dcfc821db158fb85d94e0f5a4b05fccd6487b905caedd6e637963d9cfeb5710de88c863b53f896f178434148a0924b8ca065b25bcb6594837 |
C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\celestia.cfg
| MD5 | 92513be6702ae3c8941969464b678e62 |
| SHA1 | 5cc2d188c41f56a9e8ae24c41c77c6ef3d299bab |
| SHA256 | 894a0e66cae012092a04aea0e03d68dc319c71f5c3f650778c6625b25afe7ed0 |
| SHA512 | 1e9dd3a0b22d3b75ba739bd9d1c52b7a4075a9935bb4d0784ccd3284e4ef4c3527fc5cfeae4655e4eb088b96eee38be241e08b1fb6809ca9b66e87629024ee22 |
C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\controls.txt
| MD5 | e6293f0615f816001b42126622aa2ade |
| SHA1 | 6a1de7ca8e183cac0052a10720d67b584530f23a |
| SHA256 | 2c2aa408e2111770b79be7718815045537f72b98cce1804a8ddf795db9a76d7a |
| SHA512 | 44aa52ff50ddfc5671d2542ca4863951ae9a0941ba04cac65117df6c067ebaafab5693b1ea327eac9acc16a72f6f1b15df9693bf31ad9124c21dfdf18d342d6e |
C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\COPYING
| MD5 | a6f083039dfeaa430255fbe130b520fa |
| SHA1 | 4b6413ce03744bbaab9bfc695d0968781c6b9cdf |
| SHA256 | 48722d2ee3b224e96eeda12d0c3be740a6e1feac786834415b6a739435df0b0c |
| SHA512 | 72588d13b3f0f13096501d89d1c31bad698dbe18dd1f6b3152262e5b3897f001951a6a74ca16f5d542517e189e325229456ef62eff9fdf2234046ec74214ec22 |
C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\demo.cel
| MD5 | 5d013e073e2eb6932f59dc6332b42109 |
| SHA1 | 45f2cb0b4a511feb07c7aebc0fd1cc5c6f10c7c8 |
| SHA256 | aaddad734fc8474dcfb682a975fd4d8c9b9ce8b02bf84e8a6c4680faf22b2eb4 |
| SHA512 | ad7f49e5ff77478f59293f3bdb09627c86798df64e9b9a5b93e030cc5d3381c7a2974a98cde136dde652b0ded69d1873564a3c9254bb846a19fa33cdfc9e6515 |
C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\guide.cel
| MD5 | 1f45419d63c816e3ef100ae0256bded2 |
| SHA1 | 53165678d1b52bc9e41aa890ffb45caf6cf948cc |
| SHA256 | 67dc6fef406b3a02025cebb44255ad3d20b91bfc592a77c2ffacb58c470ac264 |
| SHA512 | 44933d8b514996eaf2393395f44cfcc28ba959f7e45aca74364f6e3775b7ca060fc788b9153a1e2a91bfe5ed9bfd0678846962063c0f431e127fea9b972ad2ce |
C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\start.cel
| MD5 | f90feff750243a7820ebc61c94de6397 |
| SHA1 | 687d385b21c31e72950b2cccb4b2a0a9a1cfac3f |
| SHA256 | 6326dfdc0e24ae1791e4a63f0a02f7daa20654ced20c02d475b6b8acf8d472c7 |
| SHA512 | 50e60400e2a1ca0bac44086a9da61da83a4672d48a6fd424bc00751199c6de8ff17f279ce47e1c2542dc2ab9435a184925489135ea1ce91d9c609910b02b16c1 |
C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\TRANSLATORS.txt
| MD5 | d9ab3fc66b552f8546137f50f785ae45 |
| SHA1 | db46ae2b28a5e3dc1f4d24e596bf0770b13c58e7 |
| SHA256 | 720940189fe39212917a65fa51e775a92c58f729b15d7186eb7c541ef2aee672 |
| SHA512 | 185e1ff98d2575854f281e1510287ace67aa76f682bd9d3fd0aafce42b8bb51eb699e28358d65d6f7b6a889d3b64a270d4cf1fd9cd8527846c98648025188936 |
C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\microsoft.vc90.crt.manifest
| MD5 | c1eda860810e6299f690459006e4c655 |
| SHA1 | 3e6b132ebd31297eafabed808e336ef1aa0c502a |
| SHA256 | df2e70333883fa14f1ab0eb04665a26dbd5334edd5c5a886a72075fbebc57ea3 |
| SHA512 | 836d24e7a4f222db0a1374d624ef3297ebb6aae3601f31cc1f0607b4851eecf520b2898ea7d4883f97aeea1adf890b666557590a6f3631f2f25cb821f65be611 |
C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\msvcm90.dll
| MD5 | 7b37f8ec25c9ad853e8126c1d0992201 |
| SHA1 | fd87d19fb51010dcdd31ea0c1f14e075132239b0 |
| SHA256 | 866f51d4416b6a0bfbe8442cc8c1716152e4c3ee3137c375d05185e8171096a7 |
| SHA512 | 5d3455fdd261c689bc77fd603c09f5272c04a3438449dce7adf816b69686fea03abc2139404be4b21aa62247a479a6968be976b88fd7eb301ee923b92bcf02c8 |
C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\lua5.1.dll
| MD5 | 09819d1beef0f0beec849b6fd3581247 |
| SHA1 | 09b348154111b90ec9263d7d95ba9ac459d1130c |
| SHA256 | 92e33b5b7993a36567542111dd664e4dc2d376c71a823878127db3b01a90a89c |
| SHA512 | 0c8a4f47e2db6743cad9157eae808a713bb53d10fb416f682e45aa51f557cc20c56c9dd7a48dc54d52e71791e2bc1236c66b76ac3a5298054645b39ad46010e1 |
C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\intl.dll
| MD5 | 8b63ee08625b5606debfc04500973555 |
| SHA1 | ebfb93c4e76d55ba3549b253784596c403413e18 |
| SHA256 | 3a28ecedfb5118885f74b0bd820797e0957974e1948871414b171c711f4ae471 |
| SHA512 | 880d7480591f6cc72e1b99084b43a8b0efdeea59982513c24657ada9e34d49bb8831e85e94f92a1ebadea2bcff34aef5bd10fbdfbf96d301151c0404867d8594 |
C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\doc\ABOUT-NLS
| MD5 | b5a080b27b5b4c1a160d2bed1fcfaf9f |
| SHA1 | b50287b75a3b098301455e34c8d8e52a09fa8938 |
| SHA256 | 4c825530ca79e944b63c56ed30be58ef792b4adab6f7f38abab8c054432f4a86 |
| SHA512 | 4efce9472e21b052b8fe8113dd3b5480586c06cd27c8535712b10bae2f7e32f33530a9e8c8da6f6d8fead682ee556eaec0cda2525ce9121ec95b6e25f3075696 |
C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\doc\AUTHORS
| MD5 | 4b8e4f960d80b0458acbeea70d025895 |
| SHA1 | 8222d99b7f2cc775471bf0b55502627a457202b5 |
| SHA256 | 37d3194dbd584985c5544e805e293c3f2a8833d7ccaf0935ac8678895665dcb3 |
| SHA512 | e7ccbdfd356a67b757c7b119189ac2c5a4707017afa589644c9b43ebd72640c73182353eee74267f9cdb7c66c59eb4fc0e821147a34e16eee0a347106b915c80 |
C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\doc\ChangeLog
| MD5 | dd4e1b9708ef55f30d06198198ad2b03 |
| SHA1 | 34092f4338fd69e66f8c4525201bcf760fd55019 |
| SHA256 | 07dec805477121755d2c4309547017bbf6ae4a439c8d3925b7d928cab2ffeea7 |
| SHA512 | 71a3423f3f68b99ecbad311c00bbd00d9806037d71ddc5378d91d6e01ee64ef44da8569da027498d4f94cd0293c5dd504a042b64dedf875df92d9d96ce450352 |
C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\doc\COPYING
| MD5 | cbbd794e2a0a289b9dfcc9f513d1996e |
| SHA1 | 2d29c273fda30310211bbf6a24127d589be09b6c |
| SHA256 | 67f82e045cf7acfef853ea0f426575a8359161a0a325e19f02b529a87c4b6c34 |
| SHA512 | c1d6aa39a08542c0c92057946fa1e6a65759575de1c446b0d11cdf922b2f41eb088b7dc007cd3858ff4ac8c22d6f02e4faa94ff6a697064613f073c432fb1ef1 |
C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\doc\howtotheme.html
| MD5 | 4c5fddc1be71c19d6e1ae718916f5878 |
| SHA1 | 4f8df91ebf3df62f98b4fc92836d1cb36a986de5 |
| SHA256 | 83bb9ea4e0e5609a959e8ed34d56ab6dd7cba40d449ec22077abfd2173a22ed8 |
| SHA512 | ddc83945b172cf4038e8e7ce97b856fd238e29b8ee05ec1df196f5b9fd43bc20780b201b8d0438d1a67bd3bf0389bb96a1673c14cb6a722051ec569bf687ba3e |
C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\doc\INSTALL
| MD5 | 8fb227c6e1b6375d0afd0deed289e0b4 |
| SHA1 | 8c30d1e996821d2ba9e84e86214f24cbc094a005 |
| SHA256 | c4add274c0889e61f7f6b591c601842f9f9c3e7c17d36e4374afef4e1f899a50 |
| SHA512 | 6bc7638be91afd98e0dc37b91007c1997b32cafdff524a6b4c06bc5dd61e28e9d184a2b662dbf55765f88ca3bb2df3c7ebb00ca6287a011001c2d1af1fa279af |
C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\doc\lesson_scripting_reference.html
| MD5 | aadcc5c24b7aa66773a82c8dcf90dc3f |
| SHA1 | 35ab43174c9489801e957ed0e19e50abd6ed655d |
| SHA256 | 9c8c1508e4255c98c0ecbffb6184c50711e32b2b150346ce2b53aa58bd5749dc |
| SHA512 | 5127b56915677b5e1e17c8fb9b8b9b26bca07b53e9585437b38b1e94f422eda5ed7b59ba86dfbfe0247e75a8351c61bae505874ae3d2a3410275aa51154cc6c9 |
C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\doc\OFL
| MD5 | 969851e3a70122069a4d9ee61dd5a2ed |
| SHA1 | c450c836db375b12ab7a4c10b09375513d905a68 |
| SHA256 | ce243fd4a62b1b76c959ffba6ec16a7a3146b2362d441ae4f9f7f32fc3750d6c |
| SHA512 | 54b335554f88e01ef0b07ed5f20c7fbc86ede2e6395ba53afc7b5ddf8c7da728309a70e178acd5aa8afd16bcdf64527a1acbb54d51d693a2966d34218f963dce |
C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\doc\README
| MD5 | f5e6311a96b7bd0715ffdd86cf1e1553 |
| SHA1 | bb80358a88f84f8e6a310d9920b92d8f30ff4c14 |
| SHA256 | f5259f91c0d622d456fa99be940184bd1eeb8ebd9d4ec28b44669bdd98176b45 |
| SHA512 | 2ed6167b6227a83dc361b175e7acb0fb23b126e782153b76758d54748ac396d0c19bc6e54e1659a6f4f6b5ae36891ebfae075d8bbc8c992faa01388f990d096b |
C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\doc\TODO
| MD5 | 4d1b4bfad0c4d377505c3c14b7b60ebb |
| SHA1 | 07cbb76c647e8334506d1d63855689d4d001c4e2 |
| SHA256 | d00691de52a7961695100061c9717e57cffaa2d390a9a25311fb6775122830d5 |
| SHA512 | 83d9bd9811edff42acc72aedb6df95c28abffc197cc9521f3b3b62cd03b9a577f63e537fd8a6d941e61e6e24c6be00977b3c98dc6608dbdf302ed6c28ae24449 |
C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\doc\TuxType_port_Mac.txt
| MD5 | 12cd9a17b7741cb9989fea8aebf82c6f |
| SHA1 | b321c8b0122548853c9fcede1dca4640c13711dd |
| SHA256 | 685964cbda0311a79d10b315c503b15a7ce3ef9ec60c62ad8ce73dba21a5986b |
| SHA512 | 488c19fe3d911fa5a8ec15e3712550bd1f6a2f3beaf0a98e4432f86c77b891e044e724426f322fca70b4d88e929f094454fcf890d2eeec25b209447b95193fe1 |
C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\fonts\Kedage-n.ttf
| MD5 | 16024bea0eb7a59995c59edf5df20d8f |
| SHA1 | 33710d5ceea4684ce09c4616dbe03b881058640f |
| SHA256 | 9ac4c694374e9bdd49c74e5852a990eaf1256d92de859e6f2cbc42272102c1a5 |
| SHA512 | c3b7e12d526745b189aa1606b14e950e1f7913491ef105a8264705e699e0352830f541190477403f8fc3616f1de6ca9cc111d6a9c96505587b3b0bccfbabeb0a |
C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\fonts\lohit_hi.ttf
| MD5 | 4808ddf3a48dc3b6a4f93dbd3d17eb4e |
| SHA1 | 0629a606cf59c08ebcf53dcd9535ae0d30755903 |
| SHA256 | 5ea6d5af952385a37b83eb3821253d46542af509673add90075e7feaf1d8b453 |
| SHA512 | f48b68dc4f4c90125347a8327f8d5c91636630528b5b033045401c784b088fd00fc812b978d4466779419c3ec1ad726b1da41308079e86a1db62fbb7e8caee88 |
C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\fonts\lohit_pa.ttf
| MD5 | cc2ee1b756fc72a58c52294854fa35d7 |
| SHA1 | 58e6658240c710dd7eb9de46fdd8515390219196 |
| SHA256 | b9920211b0e1d19b55fbef3cb602248fa8f0ff87598878769188209cbb7f6eac |
| SHA512 | 1bcc638f7d8901cfe4dca2983f9c6efb31c7a5fcaeeeae06f6252e428111e709f3edfa55868ffea412d7bb10f995d81ac7e0c36ba37f8aabb6c985b5b2dc15ef |
C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\fonts\lohit_ta.ttf
| MD5 | 2e6070e9b26ac1377f9208c320d62591 |
| SHA1 | a5c6d4ac71748c0979968a40180a575f611c73d4 |
| SHA256 | 9499f3b7446292dc164a7acdabd8b6b38ae3d94b9d092004c1ed48dcbb83bb44 |
| SHA512 | 06eb42262382e78d83d48d554ea4453afb36887c57643ced6128139b71d4465544b79689d939de52f6eb426788153f71b79f1e3d70563d51632a12d743e5714f |
C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\scripts\mark-lg.celx
| MD5 | b6d3b1e04405cbea8c570111b105b5c0 |
| SHA1 | e2d6d06e26dbdca50c617bc7ab2428bc197bf26d |
| SHA256 | 13252fafc1621a6aa411d6be66e571c73cda5b043f9198f8d0551dbfaa4f209b |
| SHA512 | fdcf578cc9f0d780486c4bf7d246de8abf96f535f04f047c277416c62dfec2bd3abfda3764a462a53e106fb213b7e8ff2151418f14d86b8ae04cf7081eb0aa1e |
C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\scripts\z-dist.celx
| MD5 | fcde4a48cb6b7782a07a6d8c019f0eb5 |
| SHA1 | d7f9547ea8a92df6bb1ba075ad37a39b665c997a |
| SHA256 | be9a96e334e84e8737dcd924b58471218b9fcb84bb6b6912554b3e24f106f2a3 |
| SHA512 | 809cca4f3aa2827931270d734a42fb12d9a0a530e9e8ae403a89568bc492069cb2796136a4a427fc30a30d9c9add4e3b53223fca29c3c23596d57204879f8e38 |
C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\shaders\bumpdiffuse.vp
| MD5 | 9a62a92876b80c17dcf366eb8ae0559f |
| SHA1 | 00c5e1f452c8133d8d51981581b36f6d59b278f7 |
| SHA256 | 0c05593444c81f9d276c491f430931c0c39f05909e0c480696e1d4792f77fce3 |
| SHA512 | 5e84fa176715038b8f60fcae76df328ca02b85abfbbd77bf5f79fadbf94d234ed3710758f40494a84ef7dc69f4b8da008c49c42cea1f35b082aa116b892b3e97 |
C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\shaders\bumpdiffuse_arb.vp
| MD5 | ee2522c34f159e0e12826d7799c28410 |
| SHA1 | ddabf087a9aad927f8ad05c9bbd7ef903a660b5a |
| SHA256 | c3b122c6b034870dc4a1e62c97aec9af7a35aaac27fe36a113e1de730dbfa8e1 |
| SHA512 | f0505c436964a3e44175d4a617a4c8bd72185f7ad9c82cb8684a4620b655efc44ff35fdb62ded8905f3fa9825144aef30741383a9f95f17144bef46f63b470f6 |
C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\shaders\bumpdiffuse_nv.fp
| MD5 | 3f3d6f471062f54b8f683125d02814c1 |
| SHA1 | 054a6701b052566283a0ee52c5dc386fe0afc917 |
| SHA256 | f3d891f6c3d6acdd2ac8edc73689104b38c86e8b48402dd0116b3c9326a5488d |
| SHA512 | 4ddc145eef2763fdedfea933106710957b59362c033803dd647c0ce82c3759b7e58ba91e130a8333b577b7421066b5a9bfb7805c3fed1c83447bdcb970ca51e3 |
memory/1640-124-0x0000000000D40000-0x000000000125F000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2022-01-19 16:34
Reported
2022-01-19 16:37
Platform
win10v2004-en-20220112
Max time kernel
165s
Max time network
174s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software\spacecore.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software\spacecore.exe | N/A |
Enumerates connected drives
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Installer\SourceHash{240D6483-FC6E-46CB-8691-47B9208B14CD} | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIA8BD.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIAC87.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIAD63.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\inprogressinstallinfo.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIADC2.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIB9F8.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\1cea0ec.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\1cea0ec.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIA3F9.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIAC19.tmp | C:\Windows\system32\msiexec.exe | N/A |
Enumerates physical storage devices
Modifies system certificate store
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 | C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 5c000000010000000400000000080000190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f6200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa604000000010000001000000087ce0b7b2a0e4900e158719b37a893722000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 | C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 | C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 | C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe
"C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe"
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding A572A529F60B14EA50C2687097B1D209 C
C:\Windows\SysWOW64\msiexec.exe
"C:\Windows\system32\msiexec.exe" /i "C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\adv2.msi" AI_SETUPEXEPATH=C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe SETUPEXEDIR=C:\Users\Admin\AppData\Local\Temp\ EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1642583397 " AI_EUIMSI=""
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 020BA608F1A07773F487CA1A7753E5BE
C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software\spacecore.exe
"C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software\spacecore.exe"
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService
Network
| Country | Destination | Domain | Proto |
| N/A | 127.0.0.1:5985 | tcp |
Files
C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\decoder.dll
| MD5 | 831e0b597db11a6eb6f3f797105f7be8 |
| SHA1 | d89154670218f9fba4515b0c1c634ae0900ca6d4 |
| SHA256 | e3404d4af16702a67dcaa4da4c5a8776ef350343b179ae6e7f2d347e7e1d1fb7 |
| SHA512 | e5e71a62c937e7d1c2cf7698bc80fa42732ddd82735ba0ccaee28aee7a7ea7b2132650dfd2c483eb6fb93f447b59643e1a3d6d077a50f0cd42b6f3fc78c1ad8f |
C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\decoder.dll
| MD5 | 831e0b597db11a6eb6f3f797105f7be8 |
| SHA1 | d89154670218f9fba4515b0c1c634ae0900ca6d4 |
| SHA256 | e3404d4af16702a67dcaa4da4c5a8776ef350343b179ae6e7f2d347e7e1d1fb7 |
| SHA512 | e5e71a62c937e7d1c2cf7698bc80fa42732ddd82735ba0ccaee28aee7a7ea7b2132650dfd2c483eb6fb93f447b59643e1a3d6d077a50f0cd42b6f3fc78c1ad8f |
C:\Users\Admin\AppData\Local\Temp\MSI9C2A.tmp
| MD5 | a32decee57c661563b038d4f324e2b42 |
| SHA1 | 3f381a7e31f450a40c8c2cf2c40c36a61fb7a4c2 |
| SHA256 | fcf24b9b574ed026d3f68b7b70aa6533806ba7fc566c476ccb62e6493ac28f04 |
| SHA512 | e17c125adad4702c9a30639858e22a2f0dc4f2926fca89758d544c62fe1fb95360dabd5bd2de2f62a607158bd9ef108c60d8cb5ce709c634668ee509988214f9 |
C:\Users\Admin\AppData\Local\Temp\MSI9C2A.tmp
| MD5 | a32decee57c661563b038d4f324e2b42 |
| SHA1 | 3f381a7e31f450a40c8c2cf2c40c36a61fb7a4c2 |
| SHA256 | fcf24b9b574ed026d3f68b7b70aa6533806ba7fc566c476ccb62e6493ac28f04 |
| SHA512 | e17c125adad4702c9a30639858e22a2f0dc4f2926fca89758d544c62fe1fb95360dabd5bd2de2f62a607158bd9ef108c60d8cb5ce709c634668ee509988214f9 |
C:\Users\Admin\AppData\Local\Temp\MSI9D63.tmp
| MD5 | 4e2e67fc241ab6e440ad2789f705fc69 |
| SHA1 | bda5f46c1f51656d3cbad481fa2c76a553f03aba |
| SHA256 | 98f4ebaa6ea1083e98ea0dd5c74c2cb22b1375c55b6a12cfdc5d877f716de392 |
| SHA512 | 452df66dd2b09485bf92d92b72b3ad2638cbf0a570741b80309056d1e67e68a18cbd0ad3616a2943bb29de62a057848a7382b6c64c3821335a51b0a03131564c |
C:\Users\Admin\AppData\Local\Temp\MSI9D63.tmp
| MD5 | 4e2e67fc241ab6e440ad2789f705fc69 |
| SHA1 | bda5f46c1f51656d3cbad481fa2c76a553f03aba |
| SHA256 | 98f4ebaa6ea1083e98ea0dd5c74c2cb22b1375c55b6a12cfdc5d877f716de392 |
| SHA512 | 452df66dd2b09485bf92d92b72b3ad2638cbf0a570741b80309056d1e67e68a18cbd0ad3616a2943bb29de62a057848a7382b6c64c3821335a51b0a03131564c |
C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\adv2.msi
| MD5 | 1d67aa686a91e14c7b5c1536f7e3a4b6 |
| SHA1 | 1e63565b198b80e3facef004b72de841df06bc85 |
| SHA256 | 88094bafb610ebbe34ddc0ed85e13cd636010975bfe66febdc416a621fd48522 |
| SHA512 | 259bf8eb99c22a8c6579f618d2ffde99adc36104e8abc52cef85c06a3e73dbe6e60aa3880004776687025f5d839bd6a6e74322ab52dacbc2fbdef18cc437e613 |
C:\Windows\Installer\MSIA3F9.tmp
| MD5 | a32decee57c661563b038d4f324e2b42 |
| SHA1 | 3f381a7e31f450a40c8c2cf2c40c36a61fb7a4c2 |
| SHA256 | fcf24b9b574ed026d3f68b7b70aa6533806ba7fc566c476ccb62e6493ac28f04 |
| SHA512 | e17c125adad4702c9a30639858e22a2f0dc4f2926fca89758d544c62fe1fb95360dabd5bd2de2f62a607158bd9ef108c60d8cb5ce709c634668ee509988214f9 |
C:\Windows\Installer\MSIA3F9.tmp
| MD5 | a32decee57c661563b038d4f324e2b42 |
| SHA1 | 3f381a7e31f450a40c8c2cf2c40c36a61fb7a4c2 |
| SHA256 | fcf24b9b574ed026d3f68b7b70aa6533806ba7fc566c476ccb62e6493ac28f04 |
| SHA512 | e17c125adad4702c9a30639858e22a2f0dc4f2926fca89758d544c62fe1fb95360dabd5bd2de2f62a607158bd9ef108c60d8cb5ce709c634668ee509988214f9 |
C:\Windows\Installer\MSIA8BD.tmp
| MD5 | a32decee57c661563b038d4f324e2b42 |
| SHA1 | 3f381a7e31f450a40c8c2cf2c40c36a61fb7a4c2 |
| SHA256 | fcf24b9b574ed026d3f68b7b70aa6533806ba7fc566c476ccb62e6493ac28f04 |
| SHA512 | e17c125adad4702c9a30639858e22a2f0dc4f2926fca89758d544c62fe1fb95360dabd5bd2de2f62a607158bd9ef108c60d8cb5ce709c634668ee509988214f9 |
C:\Windows\Installer\MSIA8BD.tmp
| MD5 | a32decee57c661563b038d4f324e2b42 |
| SHA1 | 3f381a7e31f450a40c8c2cf2c40c36a61fb7a4c2 |
| SHA256 | fcf24b9b574ed026d3f68b7b70aa6533806ba7fc566c476ccb62e6493ac28f04 |
| SHA512 | e17c125adad4702c9a30639858e22a2f0dc4f2926fca89758d544c62fe1fb95360dabd5bd2de2f62a607158bd9ef108c60d8cb5ce709c634668ee509988214f9 |
C:\Windows\Installer\MSIAC19.tmp
| MD5 | a32decee57c661563b038d4f324e2b42 |
| SHA1 | 3f381a7e31f450a40c8c2cf2c40c36a61fb7a4c2 |
| SHA256 | fcf24b9b574ed026d3f68b7b70aa6533806ba7fc566c476ccb62e6493ac28f04 |
| SHA512 | e17c125adad4702c9a30639858e22a2f0dc4f2926fca89758d544c62fe1fb95360dabd5bd2de2f62a607158bd9ef108c60d8cb5ce709c634668ee509988214f9 |
C:\Windows\Installer\MSIAC19.tmp
| MD5 | a32decee57c661563b038d4f324e2b42 |
| SHA1 | 3f381a7e31f450a40c8c2cf2c40c36a61fb7a4c2 |
| SHA256 | fcf24b9b574ed026d3f68b7b70aa6533806ba7fc566c476ccb62e6493ac28f04 |
| SHA512 | e17c125adad4702c9a30639858e22a2f0dc4f2926fca89758d544c62fe1fb95360dabd5bd2de2f62a607158bd9ef108c60d8cb5ce709c634668ee509988214f9 |
C:\Windows\Installer\MSIAC87.tmp
| MD5 | 4e2e67fc241ab6e440ad2789f705fc69 |
| SHA1 | bda5f46c1f51656d3cbad481fa2c76a553f03aba |
| SHA256 | 98f4ebaa6ea1083e98ea0dd5c74c2cb22b1375c55b6a12cfdc5d877f716de392 |
| SHA512 | 452df66dd2b09485bf92d92b72b3ad2638cbf0a570741b80309056d1e67e68a18cbd0ad3616a2943bb29de62a057848a7382b6c64c3821335a51b0a03131564c |
C:\Windows\Installer\MSIAC87.tmp
| MD5 | 4e2e67fc241ab6e440ad2789f705fc69 |
| SHA1 | bda5f46c1f51656d3cbad481fa2c76a553f03aba |
| SHA256 | 98f4ebaa6ea1083e98ea0dd5c74c2cb22b1375c55b6a12cfdc5d877f716de392 |
| SHA512 | 452df66dd2b09485bf92d92b72b3ad2638cbf0a570741b80309056d1e67e68a18cbd0ad3616a2943bb29de62a057848a7382b6c64c3821335a51b0a03131564c |
C:\Windows\Installer\MSIAD63.tmp
| MD5 | a32decee57c661563b038d4f324e2b42 |
| SHA1 | 3f381a7e31f450a40c8c2cf2c40c36a61fb7a4c2 |
| SHA256 | fcf24b9b574ed026d3f68b7b70aa6533806ba7fc566c476ccb62e6493ac28f04 |
| SHA512 | e17c125adad4702c9a30639858e22a2f0dc4f2926fca89758d544c62fe1fb95360dabd5bd2de2f62a607158bd9ef108c60d8cb5ce709c634668ee509988214f9 |
C:\Windows\Installer\MSIAD63.tmp
| MD5 | a32decee57c661563b038d4f324e2b42 |
| SHA1 | 3f381a7e31f450a40c8c2cf2c40c36a61fb7a4c2 |
| SHA256 | fcf24b9b574ed026d3f68b7b70aa6533806ba7fc566c476ccb62e6493ac28f04 |
| SHA512 | e17c125adad4702c9a30639858e22a2f0dc4f2926fca89758d544c62fe1fb95360dabd5bd2de2f62a607158bd9ef108c60d8cb5ce709c634668ee509988214f9 |
C:\Windows\Installer\MSIADC2.tmp
| MD5 | 0be7cdee6c5103c740539d18a94acbd0 |
| SHA1 | a364c342ff150f69b471b922c0d065630a0989bb |
| SHA256 | 41abe8eb54a1910e6fc97fcea4de37a67058b7527badae8f39fba3788c46de14 |
| SHA512 | f96ef5458fdc985501e0dca9cac3c912b3f2308be29eb8e6a305a3b02a3c61b129c4db2c98980b32fd01779566fa5173b2d841755d3cb30885e2f130e4ad6e2c |
C:\Windows\Installer\MSIADC2.tmp
| MD5 | 0be7cdee6c5103c740539d18a94acbd0 |
| SHA1 | a364c342ff150f69b471b922c0d065630a0989bb |
| SHA256 | 41abe8eb54a1910e6fc97fcea4de37a67058b7527badae8f39fba3788c46de14 |
| SHA512 | f96ef5458fdc985501e0dca9cac3c912b3f2308be29eb8e6a305a3b02a3c61b129c4db2c98980b32fd01779566fa5173b2d841755d3cb30885e2f130e4ad6e2c |
C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\decoder.dll
| MD5 | 831e0b597db11a6eb6f3f797105f7be8 |
| SHA1 | d89154670218f9fba4515b0c1c634ae0900ca6d4 |
| SHA256 | e3404d4af16702a67dcaa4da4c5a8776ef350343b179ae6e7f2d347e7e1d1fb7 |
| SHA512 | e5e71a62c937e7d1c2cf7698bc80fa42732ddd82735ba0ccaee28aee7a7ea7b2132650dfd2c483eb6fb93f447b59643e1a3d6d077a50f0cd42b6f3fc78c1ad8f |
C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\lcms-5.0.dll
| MD5 | 4a7ec88ed3b6f8d7c70e859ca35010ce |
| SHA1 | c9440c6650e5f345a8aa30764b87531480ac63fc |
| SHA256 | 15a65d64c55006f966e694a8e4b65635d1fac975354fd35213cdfc5dde675803 |
| SHA512 | 2a46db6bde8970019ddedd003484bb655ef74e37d4421e7f41322c4801d250377ac7534729f4f976ce5bb208238ce4e1fa618e9897ba949d9e9cd035c36030dd |
C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\spacecore.exe
| MD5 | 36698c857fdd6cc9b024cea38118c779 |
| SHA1 | 875c5f6bcf9b005fe265936de92e53ed35e6ab2d |
| SHA256 | dfbc344151d958d97f0db5d0c5a82fd0b521d21d89697354c4a1bbd809a71442 |
| SHA512 | 23fa5b77bb720fa9cccc19eb8fa7e37f4395e968171c2e4798da21897cd35f7b223da205c1fb5d828846dbba9fb02c1e1bfe1f4f9929a5862f2161359360f468 |
C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\gt
| MD5 | ccc8c7ca004997b3f868ac2e379daae3 |
| SHA1 | f3558231bfc980eba40a7be8d8783a8790f01f18 |
| SHA256 | 59f5de28c59dbeab22e7240d905d7072194edf15a21277a67dcebdd4e2e78e71 |
| SHA512 | c869263fe48c085789c6e7d8a6d1beb93be416c1d9768b2cf431fc570247f7709163f3e0ebfe057799c2b636d5f9297c0fc6580c66d1fe4e2d18c25142f6ff7b |
C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\msvcm90.dll
| MD5 | 7b37f8ec25c9ad853e8126c1d0992201 |
| SHA1 | fd87d19fb51010dcdd31ea0c1f14e075132239b0 |
| SHA256 | 866f51d4416b6a0bfbe8442cc8c1716152e4c3ee3137c375d05185e8171096a7 |
| SHA512 | 5d3455fdd261c689bc77fd603c09f5272c04a3438449dce7adf816b69686fea03abc2139404be4b21aa62247a479a6968be976b88fd7eb301ee923b92bcf02c8 |
C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\ChangeLog.txt
| MD5 | 61c46e382917c01f64e005738fa1f59f |
| SHA1 | 305198169b890f515b1441fea9e6985de0b2f44a |
| SHA256 | 9331c7593d1eb170cded8443a8aa4598e8cbf545c0b695c1dac4e9e3c82d0dfe |
| SHA512 | d33a47a5c0b19d997225029a56d1328681b111727b6a4ae447d03e826fb58241ba5016038250aa3189f2db2e21b2f610d788b18cb8253b4f7f94f2edc3a1ebfc |
C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\themes\espanol\words\words2.txt
| MD5 | f9c58618d446e7b389fb8e02c6273040 |
| SHA1 | 42dccdd29c96f3563873c01a5f384fe8bf460aaa |
| SHA256 | abbd3e51aabe561d95ca78d723c4468c97cb7163a29346d9efaefe74464d37dd |
| SHA512 | 856e71fcf8935be1518c6e9bceb0a82e2d66bf46ca46977e2142d1dbf86532a0216d34fb79d47f0949a1f4e53298cf1afb4e4e3ba717ed2293ef6671b1909ef9 |
C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\shaders\diffuse_texoff_arb.vp
| MD5 | dfdb07a9d65f43edb1f1ef5553b0b2a6 |
| SHA1 | c440f2df72caa75bedb2531ea35a097020962d69 |
| SHA256 | 539fa2ae65255fee1fb45c8a1332fe0a7b6079bb96f29bf3502565daf4e785d2 |
| SHA512 | 9bea4338de024360dc5330818f67c54697fc5698de63dd0cd0a7b04dfa5dc849432f31e7b9631d013c871c2a9f97399c6c206edd1dbc03152cf73f173dd53d8a |
C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\shaders\bumpdiffuse_arb.vp
| MD5 | ee2522c34f159e0e12826d7799c28410 |
| SHA1 | ddabf087a9aad927f8ad05c9bbd7ef903a660b5a |
| SHA256 | c3b122c6b034870dc4a1e62c97aec9af7a35aaac27fe36a113e1de730dbfa8e1 |
| SHA512 | f0505c436964a3e44175d4a617a4c8bd72185f7ad9c82cb8684a4620b655efc44ff35fdb62ded8905f3fa9825144aef30741383a9f95f17144bef46f63b470f6 |
C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\themes\czech\words\prsty.txt
| MD5 | b237fa0e4fdb0c0154545e11ad7bbade |
| SHA1 | e35f41a43984fa817f4e239681aa3f1eea85c64e |
| SHA256 | 94c63c7bd4828b56a6994c28c70c9bce6b1a6671354332febccfdda663367846 |
| SHA512 | 08ebbe90fbdc4b71776a27527831fc22d5abbadd81ab4859f4bfcdbb09fb4636371c0e5eb933e382bd97d04b1f7e0a422c53adb2e24c4a6f9f14287d6f7fc202 |
C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\shaders\haze2_arb.vp
| MD5 | a23ea89fdff90b741b05d557aada2fdf |
| SHA1 | cfbfeb40f4b246310d960ae4612a1275e437b1cd |
| SHA256 | eef13ac168ced397bff5a5d66afbaae64be3d70ed14595a85d75c3eb60e0d928 |
| SHA512 | 7ebc841a664fbf20f6e0762a7de19866b35909daa1ad201aa09ec0d79b24b89055620a78f62410a3ed65098e4394945afefaefb44b73695407f90844dce2e5ee |
C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\doc\ChangeLog
| MD5 | dd4e1b9708ef55f30d06198198ad2b03 |
| SHA1 | 34092f4338fd69e66f8c4525201bcf760fd55019 |
| SHA256 | 07dec805477121755d2c4309547017bbf6ae4a439c8d3925b7d928cab2ffeea7 |
| SHA512 | 71a3423f3f68b99ecbad311c00bbd00d9806037d71ddc5378d91d6e01ee64ef44da8569da027498d4f94cd0293c5dd504a042b64dedf875df92d9d96ce450352 |
C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\shaders\night_arb.vp
| MD5 | 8813ef376ae5bc5d0b473d05083bafe9 |
| SHA1 | b50d824dee3b289f64828a84a79fdb4153d16e0d |
| SHA256 | ba2b523e425078ffc086f8696f9cef0138f9e38b3b88dacec218255e1a065c0c |
| SHA512 | c4dd2087834cdbf2e517b84fb7e5aa92d556cc4793d6f0d08b7f8fb45c52dcf025d1a068438dc374b4593d14d02ef66f27e3273b16767de2609cdeb36596fea9 |
C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\themes\czech\settings.txt
| MD5 | 97c705d1301f982e0010876c8fda614e |
| SHA1 | acdb1d10a6b7aea47932a100d36a6f9d867c40c1 |
| SHA256 | db42c3bc77f54b145d013c395509a5496da3b5a8d4730c5f593e2835f1f2d7f5 |
| SHA512 | 170cd69f3cf93eb7315390a569d4d03bb9cb1d606d8de8b63b267bc2e1e8b45e8683baf929016e0f45840c68a221e0c3b58b7a6a48e89715234e450d5d3f2377 |
C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\shaders\diffuse_texoff2_arb.vp
| MD5 | d0c3be48642c0920fbcf2af1e70c94bc |
| SHA1 | 1204a62d3a3df6fd590a0ab3287ddf02f6ce5fbc |
| SHA256 | 62ca2db2f22820a8ca02c1f2ee4d42ae0170ab43893d36f87f87b37453965d50 |
| SHA512 | a0f9ebeeef41a746d32bbd4466256f6349bd91d9b00b0ecdb6d3fa1845c9ac613a3a501d17ae031cc29d5dfb0eb2dba2644976e5299d0cab05752736b5ce6b3b |
C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\unins000.dat
| MD5 | 0feceec346d9be16f42c1f12f8de1783 |
| SHA1 | fae175c74ebbccf28be4113ba7e8595c5269135c |
| SHA256 | 8de68ee615623cd757422453e7cca4f1a219fe0e29e783a04d2a63b113a0d3e7 |
| SHA512 | 116817978ad76faf1415b5fa41749510a44fc589cbd95c74f075923882b68f78806005b9399db5c0b0ef26d8d50c557e752ad33c2c0b965ca09c5a33c161af61 |
C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\fonts\lohit_hi.ttf
| MD5 | 4808ddf3a48dc3b6a4f93dbd3d17eb4e |
| SHA1 | 0629a606cf59c08ebcf53dcd9535ae0d30755903 |
| SHA256 | 5ea6d5af952385a37b83eb3821253d46542af509673add90075e7feaf1d8b453 |
| SHA512 | f48b68dc4f4c90125347a8327f8d5c91636630528b5b033045401c784b088fd00fc812b978d4466779419c3ec1ad726b1da41308079e86a1db62fbb7e8caee88 |
C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\words\alphabet.txt
| MD5 | 712b83a5039b83e8ea588c5fad1103ed |
| SHA1 | 41eaa1481fdf1fbdafd223628b59137a01eccdc8 |
| SHA256 | 8cb96dae0b17ac655c0dc6ae5d5c90c28fd393841a11074d59a6f10d0f22b8c7 |
| SHA512 | d5aec644f8cbe68f8689597d2baa4660455e4005df56269fc612182a946c2718b8b0b6872efd5f72dc69def48f59cad24112e7874101034a56344044f4f229bb |
C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\themes\french\words\fingers.txt
| MD5 | 54f52456338c263b32636aa9ec295678 |
| SHA1 | 0c8b9e5b3e003ec12ace1917503b25b80ed0900e |
| SHA256 | 7907b6ded9db9e28883ecf76cca4fdd3820702cebe8f49551176aa7c04307489 |
| SHA512 | 7d3da19d2e00ae2cf729f53a1e01e6b2b3c046cd265b1573163f0de374915207e0155b3151c1db24914e47e93754bd707490f6076952521dfde34d5d5f74c017 |
C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\themes\french\scripts\les_jours_de_la_semaine.xml
| MD5 | ee7088a04b51a20bc21db311b2f80abc |
| SHA1 | ac8d413b24d1401c7d23083c5ca5bae1af69bcd8 |
| SHA256 | 0b5271f60333791b776e16c321950e7e9010a4f9ad9d5cdfe7685668e5bb0334 |
| SHA512 | 8dc21b2b77b1f99c17bf967cc21c822247b1b0f70f635f24a942dabab4b5b7b09e34ee3cf7b5831d949eb1933af26efd4492e6210f744856fbd2ae2127f521bd |
C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\themes\french\keyboard.lst
| MD5 | 981b6c37967966f0bd3b7395c0304f30 |
| SHA1 | 4bfbe224c64178c33dfa435612e0916ca49962a7 |
| SHA256 | c844b1474570fb7af91b16614801168a6b14cb8883dbb4a59c107f2925a2db4d |
| SHA512 | 96e8e59c53b4326898a8c45c467636805bed13c41318feb3ae3ae8b8780df77177425a9c0df2a83d7795e70135a4aebff5be13dba36274cb57978b79bc773198 |
C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\themes\espanol\words\words1.txt
| MD5 | 8a3514ad4f81c6b9b9b746a33a67c76f |
| SHA1 | 9fbd6b0f32dcfdd097180dc99793091b866ea443 |
| SHA256 | 996de48b37c5aeeb01efb32c25b8b4845507068be844fc5e985af3e6b67fc746 |
| SHA512 | 46a8252111afc67e222533f8c3414f227f6e960a76e7adfd8e3788c3cab2c667d3d2ad9e60c73c09ebe564bdd2b39c8265fc5257a379288a652658c5ffbd5344 |
C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\themes\espanol\keyboard.lst
| MD5 | b10b2b44f8137740e14363e0ce4b7e47 |
| SHA1 | f13d25f608b9f73a38d0f17ed53c82d4bbdc3eb2 |
| SHA256 | 5fd920d2a0c23d4eb0d5704b676e48726a50db7122e8ed2dbb740f2c71144822 |
| SHA512 | 0e1fb991278ba7aadea8f2dc357d0e32ccf282ffb093aefcd496be7b3ca6985032c71bbe56e8ca882ec20aeacc4dc99d166cfe65bcbfb2cfe1b4ce2eb2ac9463 |
C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\themes\espanol\images\map.png
| MD5 | 30a29eb1970d70f3e7630e2f6129b623 |
| SHA1 | fe02af80d8d9bbbc4231a1fcf3f43f105eb1ab44 |
| SHA256 | 445d653649defcca4d8f72b2e91cfa5ef7c39d2eb660b23f5d45d937d4eecba0 |
| SHA512 | b276b3b6830cf89ae8aff6fc451a7c6f51e2555c1fd6cc06453dd75640d91fff24aaa8bc553172cb0cc9cce8ddb68def2a85c9021b64f58a3e62faf41e66bf92 |
C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\themes\deutsch\words\kurz2-3-mit.txt
| MD5 | d932b1ffc8b5321ee9c7a9ef7cbb8bfa |
| SHA1 | 5e6ace040d0a3291687dc129a2ab02db4dc5c1fc |
| SHA256 | 041068a572c5265693a0369e79e2080055f5eddce35a80024985ed45d150a2c4 |
| SHA512 | c9d4250a1aca4cd7c342acbd17bd5b6eaa957364c2f535dc87d27e1b85a8e9493b5c8f743f8fff14a509c5a78e4130c185720662abd9086f8b56b214111e7d1e |
C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\themes\deutsch\keyboard.lst
| MD5 | 73e29cd1bbf3a6420a590f85a288f5dd |
| SHA1 | f21fe09f412f784231a5759fe09da29857dec9ce |
| SHA256 | 9198fd4883326b94f1a0c7a6ccdf0314f78dec4a2ac7f415e6e11c58d5d8a1c1 |
| SHA512 | 3e6049d302826efc67a909a6c36e972020c0993bc1a69851e61d82cbbb1c10712fc11cec6dd8428d76063f863c2f5de2ce9ad83dbf675fd70f8215df4d57f0f2 |
C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\themes\czech\words\abeceda.txt
| MD5 | ca1d4315a55a43ce742942bd35034034 |
| SHA1 | 5149927e633b4320d00600fdd5a12a367956d49e |
| SHA256 | 77891560cac7b7f2ed6ae01e7bfc979efc1af6ab686c534f03cfbcaeab002a3b |
| SHA512 | 18c88c698b33ac6312be9ed7eb8d8840605ad33d3ab87650f643e964871ea7171ddd4c69fc121d64548cf5b192bec5d634a3059dcc876227f7702af201643823 |
C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\themes\czech\keyboard.lst
| MD5 | 2e5417f883e221dad966c8c7851294c2 |
| SHA1 | ab1b82343073a226cd8d12875e2abab05249c6a9 |
| SHA256 | 440e0557c735d1af2dc425c5fb095f3df4b3a12bb95f65ce04cad9ccdd5fca2d |
| SHA512 | 2e2326391189fc0b98f727a6eac5211f600c4d9a2bd7a986c696ad6220dc2ab33d28d4afc2f551d1f68ffc5dfa5c73faada067bd13c5333dc3b9b3a9e99e1e7e |
C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\shaders\bumpdiffuse.vp
| MD5 | 9a62a92876b80c17dcf366eb8ae0559f |
| SHA1 | 00c5e1f452c8133d8d51981581b36f6d59b278f7 |
| SHA256 | 0c05593444c81f9d276c491f430931c0c39f05909e0c480696e1d4792f77fce3 |
| SHA512 | 5e84fa176715038b8f60fcae76df328ca02b85abfbbd77bf5f79fadbf94d234ed3710758f40494a84ef7dc69f4b8da008c49c42cea1f35b082aa116b892b3e97 |
C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\scripts\mark-lg.celx
| MD5 | b6d3b1e04405cbea8c570111b105b5c0 |
| SHA1 | e2d6d06e26dbdca50c617bc7ab2428bc197bf26d |
| SHA256 | 13252fafc1621a6aa411d6be66e571c73cda5b043f9198f8d0551dbfaa4f209b |
| SHA512 | fdcf578cc9f0d780486c4bf7d246de8abf96f535f04f047c277416c62dfec2bd3abfda3764a462a53e106fb213b7e8ff2151418f14d86b8ae04cf7081eb0aa1e |
C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\fonts\Kedage-n.ttf
| MD5 | 16024bea0eb7a59995c59edf5df20d8f |
| SHA1 | 33710d5ceea4684ce09c4616dbe03b881058640f |
| SHA256 | 9ac4c694374e9bdd49c74e5852a990eaf1256d92de859e6f2cbc42272102c1a5 |
| SHA512 | c3b7e12d526745b189aa1606b14e950e1f7913491ef105a8264705e699e0352830f541190477403f8fc3616f1de6ca9cc111d6a9c96505587b3b0bccfbabeb0a |
C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\doc\ABOUT-NLS
| MD5 | b5a080b27b5b4c1a160d2bed1fcfaf9f |
| SHA1 | b50287b75a3b098301455e34c8d8e52a09fa8938 |
| SHA256 | 4c825530ca79e944b63c56ed30be58ef792b4adab6f7f38abab8c054432f4a86 |
| SHA512 | 4efce9472e21b052b8fe8113dd3b5480586c06cd27c8535712b10bae2f7e32f33530a9e8c8da6f6d8fead682ee556eaec0cda2525ce9121ec95b6e25f3075696 |
C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\intl.dll
| MD5 | 8b63ee08625b5606debfc04500973555 |
| SHA1 | ebfb93c4e76d55ba3549b253784596c403413e18 |
| SHA256 | 3a28ecedfb5118885f74b0bd820797e0957974e1948871414b171c711f4ae471 |
| SHA512 | 880d7480591f6cc72e1b99084b43a8b0efdeea59982513c24657ada9e34d49bb8831e85e94f92a1ebadea2bcff34aef5bd10fbdfbf96d301151c0404867d8594 |
C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\lua5.1.dll
| MD5 | 09819d1beef0f0beec849b6fd3581247 |
| SHA1 | 09b348154111b90ec9263d7d95ba9ac459d1130c |
| SHA256 | 92e33b5b7993a36567542111dd664e4dc2d376c71a823878127db3b01a90a89c |
| SHA512 | 0c8a4f47e2db6743cad9157eae808a713bb53d10fb416f682e45aa51f557cc20c56c9dd7a48dc54d52e71791e2bc1236c66b76ac3a5298054645b39ad46010e1 |
C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\tsharkdecode.dll
| MD5 | 8e8285aac0ef77a6cede53eafe9c5298 |
| SHA1 | 8a4715c1c8591b83b925282af5ba72832c1ca0fc |
| SHA256 | 3a94a8e5f9ab0eca82611f95dc78c07c5093574c772b9c19d590f8e959191973 |
| SHA512 | 04f24cfa4f187fbe897033359eb3a2da19c4225b514e0d6ee269d741c8bf86d9f7a5860ae2de676df1748c0d64ccb9dd58758cbe1524ff938c99224afd30997f |
C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\libtasn1-6.dll
| MD5 | 266fa5bac8fab45a57b3eb68495334f4 |
| SHA1 | c845b88a5f2279e348886e4d6246f855acaa85b9 |
| SHA256 | c8a3b86d6e930b21f428a3cac3cc8fb432716d16043824df886731565bfe8a23 |
| SHA512 | ef8caef0a926865d4b1fe0ce51dc9542b814eb76392f85895a042ac514c529426519c83bcec2eb976848d174d504e2852fa854c06a70d21f4e16debd533e3d0a |
C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\libnettle-4-6.dll
| MD5 | 854c550450beddebaafe1dd74f073641 |
| SHA1 | 3db1545773ea7756d6a87b3693148abcd1cdab86 |
| SHA256 | 8561d32e30b3dec9ffd24b1bd87e96444fd6d3d304d64f80c6d99e112411dc48 |
| SHA512 | 42af4079f184a0f8e22689f55dfa225f10b20ff8c0816d728ce022573e5ef1f1412b87000f0ef375d7dfc2a1d734a2047d539597ea4fe8ef1d5a2895053c50d1 |
C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\libintl-8.dll
| MD5 | 082a8171c726e58c1618da3781ab7833 |
| SHA1 | 5d74e7f8f5e14c1a70331a03456c68bb33ac17e2 |
| SHA256 | ae1a1179289d1ab3b406f4bb347284464123c51be50c1bcf38f2b5dd691e065c |
| SHA512 | 837433aa29dff1bd35aeb800b8dc69fb881bb2c435bf5bba0ad7e809ad4cea765b179db4024a53f92e6b905fc964f23ed79949fa84424f864bbb88f140bd8682 |
C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\libgpg-error6-0.dll
| MD5 | 8c72fc2d0c83e1698b0fc50775310b16 |
| SHA1 | d8c49bb33e9239cfbd76ffcce8a95485a90a46bf |
| SHA256 | 31a3dded0e009827e09be2b2bec6fc033cb06c147af67fbe818ea82fd5541be2 |
| SHA512 | b9630c7b6e53b276fc0c101e054530e51493989870aead05207ba4ce36bcea946dddb0b130ef5a2379f10930dca4af2036e32af75ff38d6430145d89ae9e0b37 |
C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\libffi-6.dll
| MD5 | f68c187d209127bb0a4487b23ec29a25 |
| SHA1 | 54726179bdde7a6bd341b2ba3464e3b79cea08c7 |
| SHA256 | 23fd4daab07107bfb9fd0950c0490ba65df2fbc21680e46d9b93800e38bd1943 |
| SHA512 | 7364e67cbe7449c35930649c1b1360b88448893ccc207d1dcf5d3216f6c9ce33c9f4b0873a1e6aac8c151a76f9d082b4c5c1e42dba5800b789b72f74c9065540 |
C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\fonts\lohit_pa.ttf
| MD5 | cc2ee1b756fc72a58c52294854fa35d7 |
| SHA1 | 58e6658240c710dd7eb9de46fdd8515390219196 |
| SHA256 | b9920211b0e1d19b55fbef3cb602248fa8f0ff87598878769188209cbb7f6eac |
| SHA512 | 1bcc638f7d8901cfe4dca2983f9c6efb31c7a5fcaeeeae06f6252e428111e709f3edfa55868ffea412d7bb10f995d81ac7e0c36ba37f8aabb6c985b5b2dc15ef |
C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\shaders\eclipse2_nv.fp
| MD5 | 4ed4a5f31f1a05d6a3558f492b9cabcf |
| SHA1 | 6f421e2c02d7f2976e0ce53efe369225a2b2b368 |
| SHA256 | 7049a3b711927a4057b207db29ffa45e8068874674ace057f8b817e583546308 |
| SHA512 | 09a4ea51ac4adfe2ddf2812641a8cd560550c7983a09f77a81055ecf1f3d38e4eb82e46593e90c9f7e18336375596b31835b76ceb2dd6407efb4c1913ebb4769 |
C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\README.txt
| MD5 | 96f787726bed75443f47f1bb5e4e19de |
| SHA1 | 1ba7176db00594d5c3ce47789f0544a9dc7f1db1 |
| SHA256 | 6d38db59babe7ff7845e2adb2f5c3e1bbd6c18c0277648571bbbd17171b3ca54 |
| SHA512 | 582a21330f999a3c44d977952583d335606bf53877e91c674439b01c602adc7eb419c6a58e9bba4a8cd827bbb37c705160ac2166005a9c701e85a77cb0313e68 |
C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\scripts\z-dist.celx
| MD5 | fcde4a48cb6b7782a07a6d8c019f0eb5 |
| SHA1 | d7f9547ea8a92df6bb1ba075ad37a39b665c997a |
| SHA256 | be9a96e334e84e8737dcd924b58471218b9fcb84bb6b6912554b3e24f106f2a3 |
| SHA512 | 809cca4f3aa2827931270d734a42fb12d9a0a530e9e8ae403a89568bc492069cb2796136a4a427fc30a30d9c9add4e3b53223fca29c3c23596d57204879f8e38 |
C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\shaders\night.vp
| MD5 | 1bc69e35fc02290722e3a91cd9cb3114 |
| SHA1 | 2659a2d55568909ec01701f501d0fa54cb67c700 |
| SHA256 | d4e5a662eacd2d84db82e30abe5cd77e6ad7d9ab5462713a3490b09a14b2fc19 |
| SHA512 | 48fbbe29086901c6ce4adf0c09dda5cec6336700fb9c2f2a82b67bae32c43a1d699b7d58cd7368717abf716772e78e3203501d327a387f9b1fdc2de810671f21 |
memory/3280-222-0x0000000000550000-0x0000000000A6F000-memory.dmp