Malware Analysis Report

2025-06-16 05:18

Sample ID 220119-t3a7tsbfa4
Target df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c
SHA256 df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c
Tags
cryptbot spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c

Threat Level: Known bad

The file df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c was found to be: Known bad.

Malicious Activity Summary

cryptbot spyware stealer

CryptBot

Executes dropped EXE

Blocklisted process makes network request

Loads dropped DLL

Enumerates connected drives

Drops file in Windows directory

Enumerates physical storage devices

Suspicious use of FindShellTrayWindow

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Checks processor information in registry

Modifies system certificate store

Suspicious use of WriteProcessMemory

Delays execution with timeout.exe

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2022-01-19 16:34

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2022-01-19 16:34

Reported

2022-01-19 16:37

Platform

win7-en-20211208

Max time kernel

120s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe"

Signatures

CryptBot

spyware stealer cryptbot

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software\spacecore.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
File opened (read-only) \??\G: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\F: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
File opened (read-only) \??\N: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\F: C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\F: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
File opened (read-only) \??\E: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Installer\MSI72E7.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\f766940.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\f76693e.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI6DA5.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI6E81.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI7057.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI8ADB.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f76693e.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI6F2D.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f766940.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software\spacecore.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software\spacecore.exe N/A

Delays execution with timeout.exe

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeAuditPrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeUndockPrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeAuditPrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeUndockPrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1676 wrote to memory of 1840 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1676 wrote to memory of 1840 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1676 wrote to memory of 1840 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1676 wrote to memory of 1840 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1676 wrote to memory of 1840 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1676 wrote to memory of 1840 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1676 wrote to memory of 1840 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1896 wrote to memory of 1648 N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe C:\Windows\SysWOW64\msiexec.exe
PID 1896 wrote to memory of 1648 N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe C:\Windows\SysWOW64\msiexec.exe
PID 1896 wrote to memory of 1648 N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe C:\Windows\SysWOW64\msiexec.exe
PID 1896 wrote to memory of 1648 N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe C:\Windows\SysWOW64\msiexec.exe
PID 1896 wrote to memory of 1648 N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe C:\Windows\SysWOW64\msiexec.exe
PID 1896 wrote to memory of 1648 N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe C:\Windows\SysWOW64\msiexec.exe
PID 1896 wrote to memory of 1648 N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe C:\Windows\SysWOW64\msiexec.exe
PID 1676 wrote to memory of 1720 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1676 wrote to memory of 1720 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1676 wrote to memory of 1720 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1676 wrote to memory of 1720 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1676 wrote to memory of 1720 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1676 wrote to memory of 1720 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1676 wrote to memory of 1720 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1676 wrote to memory of 1640 N/A C:\Windows\system32\msiexec.exe C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software\spacecore.exe
PID 1676 wrote to memory of 1640 N/A C:\Windows\system32\msiexec.exe C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software\spacecore.exe
PID 1676 wrote to memory of 1640 N/A C:\Windows\system32\msiexec.exe C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software\spacecore.exe
PID 1676 wrote to memory of 1640 N/A C:\Windows\system32\msiexec.exe C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software\spacecore.exe
PID 1640 wrote to memory of 1968 N/A C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software\spacecore.exe C:\Windows\SysWOW64\cmd.exe
PID 1640 wrote to memory of 1968 N/A C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software\spacecore.exe C:\Windows\SysWOW64\cmd.exe
PID 1640 wrote to memory of 1968 N/A C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software\spacecore.exe C:\Windows\SysWOW64\cmd.exe
PID 1640 wrote to memory of 1968 N/A C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software\spacecore.exe C:\Windows\SysWOW64\cmd.exe
PID 1968 wrote to memory of 1940 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\timeout.exe
PID 1968 wrote to memory of 1940 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\timeout.exe
PID 1968 wrote to memory of 1940 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\timeout.exe
PID 1968 wrote to memory of 1940 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\timeout.exe

Processes

C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe

"C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe"

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 2EF1C291F8D076292722549F385C59D0 C

C:\Windows\SysWOW64\msiexec.exe

"C:\Windows\system32\msiexec.exe" /i "C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\adv2.msi" AI_SETUPEXEPATH=C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe SETUPEXEDIR=C:\Users\Admin\AppData\Local\Temp\ EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1642350708 " AI_EUIMSI=""

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding A58EE943C1F5B2A363CFD95F03787415

C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software\spacecore.exe

"C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software\spacecore.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c rd /s /q C:\Users\Admin\AppData\Local\Temp\IlQiEvXJt & timeout 4 & del /f /q "C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software\spacecore.exe"

C:\Windows\SysWOW64\timeout.exe

timeout 4

Network

Files

memory/1896-54-0x0000000076C61000-0x0000000076C63000-memory.dmp

\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\decoder.dll

MD5 831e0b597db11a6eb6f3f797105f7be8
SHA1 d89154670218f9fba4515b0c1c634ae0900ca6d4
SHA256 e3404d4af16702a67dcaa4da4c5a8776ef350343b179ae6e7f2d347e7e1d1fb7
SHA512 e5e71a62c937e7d1c2cf7698bc80fa42732ddd82735ba0ccaee28aee7a7ea7b2132650dfd2c483eb6fb93f447b59643e1a3d6d077a50f0cd42b6f3fc78c1ad8f

\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\decoder.dll

MD5 831e0b597db11a6eb6f3f797105f7be8
SHA1 d89154670218f9fba4515b0c1c634ae0900ca6d4
SHA256 e3404d4af16702a67dcaa4da4c5a8776ef350343b179ae6e7f2d347e7e1d1fb7
SHA512 e5e71a62c937e7d1c2cf7698bc80fa42732ddd82735ba0ccaee28aee7a7ea7b2132650dfd2c483eb6fb93f447b59643e1a3d6d077a50f0cd42b6f3fc78c1ad8f

memory/1676-57-0x000007FEFC321000-0x000007FEFC323000-memory.dmp

\Users\Admin\AppData\Local\Temp\MSI5C4D.tmp

MD5 a32decee57c661563b038d4f324e2b42
SHA1 3f381a7e31f450a40c8c2cf2c40c36a61fb7a4c2
SHA256 fcf24b9b574ed026d3f68b7b70aa6533806ba7fc566c476ccb62e6493ac28f04
SHA512 e17c125adad4702c9a30639858e22a2f0dc4f2926fca89758d544c62fe1fb95360dabd5bd2de2f62a607158bd9ef108c60d8cb5ce709c634668ee509988214f9

C:\Users\Admin\AppData\Local\Temp\MSI5C4D.tmp

MD5 a32decee57c661563b038d4f324e2b42
SHA1 3f381a7e31f450a40c8c2cf2c40c36a61fb7a4c2
SHA256 fcf24b9b574ed026d3f68b7b70aa6533806ba7fc566c476ccb62e6493ac28f04
SHA512 e17c125adad4702c9a30639858e22a2f0dc4f2926fca89758d544c62fe1fb95360dabd5bd2de2f62a607158bd9ef108c60d8cb5ce709c634668ee509988214f9

\Users\Admin\AppData\Local\Temp\MSI617C.tmp

MD5 4e2e67fc241ab6e440ad2789f705fc69
SHA1 bda5f46c1f51656d3cbad481fa2c76a553f03aba
SHA256 98f4ebaa6ea1083e98ea0dd5c74c2cb22b1375c55b6a12cfdc5d877f716de392
SHA512 452df66dd2b09485bf92d92b72b3ad2638cbf0a570741b80309056d1e67e68a18cbd0ad3616a2943bb29de62a057848a7382b6c64c3821335a51b0a03131564c

C:\Users\Admin\AppData\Local\Temp\MSI617C.tmp

MD5 4e2e67fc241ab6e440ad2789f705fc69
SHA1 bda5f46c1f51656d3cbad481fa2c76a553f03aba
SHA256 98f4ebaa6ea1083e98ea0dd5c74c2cb22b1375c55b6a12cfdc5d877f716de392
SHA512 452df66dd2b09485bf92d92b72b3ad2638cbf0a570741b80309056d1e67e68a18cbd0ad3616a2943bb29de62a057848a7382b6c64c3821335a51b0a03131564c

C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\adv2.msi

MD5 1d67aa686a91e14c7b5c1536f7e3a4b6
SHA1 1e63565b198b80e3facef004b72de841df06bc85
SHA256 88094bafb610ebbe34ddc0ed85e13cd636010975bfe66febdc416a621fd48522
SHA512 259bf8eb99c22a8c6579f618d2ffde99adc36104e8abc52cef85c06a3e73dbe6e60aa3880004776687025f5d839bd6a6e74322ab52dacbc2fbdef18cc437e613

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 511e6fb9e70c35d29f0975ecd84c6c72
SHA1 dccb66214fdabd6f132e35f55f65d7ff2e4505f6
SHA256 e220782ac11381b61e0f3daa04a38083e0c084cfee1906f372db573bae9ad619
SHA512 2c271e08e41d246da3cdec2cbaecd365f002db577ea2772f98b16535241d3441d7cfffe8fd8619aca473589ec2e778c8747127e3ae7221883eb86a26183a8199

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b59cd10d8ed0d39ec6f57d6f8abc3da5
SHA1 be0a68ba7f8fa1f039cb3d013bd0c1f15333f379
SHA256 53d126f8d5eabf36635169ac9ca9b9cfb866966d0b7aeaf037c66430b19c991d
SHA512 1ddb24a43c6016a761cf894d91990e2c27e1c5e169b1409890468d14d1397c851b72f1667afd3c201cf3df9d113ff51e9f296284bb20881d4406b28e671c03c4

\Windows\Installer\MSI6DA5.tmp

MD5 a32decee57c661563b038d4f324e2b42
SHA1 3f381a7e31f450a40c8c2cf2c40c36a61fb7a4c2
SHA256 fcf24b9b574ed026d3f68b7b70aa6533806ba7fc566c476ccb62e6493ac28f04
SHA512 e17c125adad4702c9a30639858e22a2f0dc4f2926fca89758d544c62fe1fb95360dabd5bd2de2f62a607158bd9ef108c60d8cb5ce709c634668ee509988214f9

C:\Windows\Installer\MSI6DA5.tmp

MD5 a32decee57c661563b038d4f324e2b42
SHA1 3f381a7e31f450a40c8c2cf2c40c36a61fb7a4c2
SHA256 fcf24b9b574ed026d3f68b7b70aa6533806ba7fc566c476ccb62e6493ac28f04
SHA512 e17c125adad4702c9a30639858e22a2f0dc4f2926fca89758d544c62fe1fb95360dabd5bd2de2f62a607158bd9ef108c60d8cb5ce709c634668ee509988214f9

C:\Windows\Installer\MSI6E81.tmp

MD5 a32decee57c661563b038d4f324e2b42
SHA1 3f381a7e31f450a40c8c2cf2c40c36a61fb7a4c2
SHA256 fcf24b9b574ed026d3f68b7b70aa6533806ba7fc566c476ccb62e6493ac28f04
SHA512 e17c125adad4702c9a30639858e22a2f0dc4f2926fca89758d544c62fe1fb95360dabd5bd2de2f62a607158bd9ef108c60d8cb5ce709c634668ee509988214f9

\Windows\Installer\MSI6E81.tmp

MD5 a32decee57c661563b038d4f324e2b42
SHA1 3f381a7e31f450a40c8c2cf2c40c36a61fb7a4c2
SHA256 fcf24b9b574ed026d3f68b7b70aa6533806ba7fc566c476ccb62e6493ac28f04
SHA512 e17c125adad4702c9a30639858e22a2f0dc4f2926fca89758d544c62fe1fb95360dabd5bd2de2f62a607158bd9ef108c60d8cb5ce709c634668ee509988214f9

C:\Windows\Installer\MSI6F2D.tmp

MD5 4e2e67fc241ab6e440ad2789f705fc69
SHA1 bda5f46c1f51656d3cbad481fa2c76a553f03aba
SHA256 98f4ebaa6ea1083e98ea0dd5c74c2cb22b1375c55b6a12cfdc5d877f716de392
SHA512 452df66dd2b09485bf92d92b72b3ad2638cbf0a570741b80309056d1e67e68a18cbd0ad3616a2943bb29de62a057848a7382b6c64c3821335a51b0a03131564c

\Windows\Installer\MSI6F2D.tmp

MD5 4e2e67fc241ab6e440ad2789f705fc69
SHA1 bda5f46c1f51656d3cbad481fa2c76a553f03aba
SHA256 98f4ebaa6ea1083e98ea0dd5c74c2cb22b1375c55b6a12cfdc5d877f716de392
SHA512 452df66dd2b09485bf92d92b72b3ad2638cbf0a570741b80309056d1e67e68a18cbd0ad3616a2943bb29de62a057848a7382b6c64c3821335a51b0a03131564c

C:\Windows\Installer\MSI7057.tmp

MD5 a32decee57c661563b038d4f324e2b42
SHA1 3f381a7e31f450a40c8c2cf2c40c36a61fb7a4c2
SHA256 fcf24b9b574ed026d3f68b7b70aa6533806ba7fc566c476ccb62e6493ac28f04
SHA512 e17c125adad4702c9a30639858e22a2f0dc4f2926fca89758d544c62fe1fb95360dabd5bd2de2f62a607158bd9ef108c60d8cb5ce709c634668ee509988214f9

\Windows\Installer\MSI7057.tmp

MD5 a32decee57c661563b038d4f324e2b42
SHA1 3f381a7e31f450a40c8c2cf2c40c36a61fb7a4c2
SHA256 fcf24b9b574ed026d3f68b7b70aa6533806ba7fc566c476ccb62e6493ac28f04
SHA512 e17c125adad4702c9a30639858e22a2f0dc4f2926fca89758d544c62fe1fb95360dabd5bd2de2f62a607158bd9ef108c60d8cb5ce709c634668ee509988214f9

C:\Windows\Installer\MSI72E7.tmp

MD5 0be7cdee6c5103c740539d18a94acbd0
SHA1 a364c342ff150f69b471b922c0d065630a0989bb
SHA256 41abe8eb54a1910e6fc97fcea4de37a67058b7527badae8f39fba3788c46de14
SHA512 f96ef5458fdc985501e0dca9cac3c912b3f2308be29eb8e6a305a3b02a3c61b129c4db2c98980b32fd01779566fa5173b2d841755d3cb30885e2f130e4ad6e2c

\Windows\Installer\MSI72E7.tmp

MD5 0be7cdee6c5103c740539d18a94acbd0
SHA1 a364c342ff150f69b471b922c0d065630a0989bb
SHA256 41abe8eb54a1910e6fc97fcea4de37a67058b7527badae8f39fba3788c46de14
SHA512 f96ef5458fdc985501e0dca9cac3c912b3f2308be29eb8e6a305a3b02a3c61b129c4db2c98980b32fd01779566fa5173b2d841755d3cb30885e2f130e4ad6e2c

\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\decoder.dll

MD5 831e0b597db11a6eb6f3f797105f7be8
SHA1 d89154670218f9fba4515b0c1c634ae0900ca6d4
SHA256 e3404d4af16702a67dcaa4da4c5a8776ef350343b179ae6e7f2d347e7e1d1fb7
SHA512 e5e71a62c937e7d1c2cf7698bc80fa42732ddd82735ba0ccaee28aee7a7ea7b2132650dfd2c483eb6fb93f447b59643e1a3d6d077a50f0cd42b6f3fc78c1ad8f

C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\lcms-5.0.dll

MD5 4a7ec88ed3b6f8d7c70e859ca35010ce
SHA1 c9440c6650e5f345a8aa30764b87531480ac63fc
SHA256 15a65d64c55006f966e694a8e4b65635d1fac975354fd35213cdfc5dde675803
SHA512 2a46db6bde8970019ddedd003484bb655ef74e37d4421e7f41322c4801d250377ac7534729f4f976ce5bb208238ce4e1fa618e9897ba949d9e9cd035c36030dd

C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\spacecore.exe

MD5 36698c857fdd6cc9b024cea38118c779
SHA1 875c5f6bcf9b005fe265936de92e53ed35e6ab2d
SHA256 dfbc344151d958d97f0db5d0c5a82fd0b521d21d89697354c4a1bbd809a71442
SHA512 23fa5b77bb720fa9cccc19eb8fa7e37f4395e968171c2e4798da21897cd35f7b223da205c1fb5d828846dbba9fb02c1e1bfe1f4f9929a5862f2161359360f468

C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\gt

MD5 ccc8c7ca004997b3f868ac2e379daae3
SHA1 f3558231bfc980eba40a7be8d8783a8790f01f18
SHA256 59f5de28c59dbeab22e7240d905d7072194edf15a21277a67dcebdd4e2e78e71
SHA512 c869263fe48c085789c6e7d8a6d1beb93be416c1d9768b2cf431fc570247f7709163f3e0ebfe057799c2b636d5f9297c0fc6580c66d1fe4e2d18c25142f6ff7b

C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\unins000.dat

MD5 0feceec346d9be16f42c1f12f8de1783
SHA1 fae175c74ebbccf28be4113ba7e8595c5269135c
SHA256 8de68ee615623cd757422453e7cca4f1a219fe0e29e783a04d2a63b113a0d3e7
SHA512 116817978ad76faf1415b5fa41749510a44fc589cbd95c74f075923882b68f78806005b9399db5c0b0ef26d8d50c557e752ad33c2c0b965ca09c5a33c161af61

C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\libffi-6.dll

MD5 f68c187d209127bb0a4487b23ec29a25
SHA1 54726179bdde7a6bd341b2ba3464e3b79cea08c7
SHA256 23fd4daab07107bfb9fd0950c0490ba65df2fbc21680e46d9b93800e38bd1943
SHA512 7364e67cbe7449c35930649c1b1360b88448893ccc207d1dcf5d3216f6c9ce33c9f4b0873a1e6aac8c151a76f9d082b4c5c1e42dba5800b789b72f74c9065540

C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\libgpg-error6-0.dll

MD5 8c72fc2d0c83e1698b0fc50775310b16
SHA1 d8c49bb33e9239cfbd76ffcce8a95485a90a46bf
SHA256 31a3dded0e009827e09be2b2bec6fc033cb06c147af67fbe818ea82fd5541be2
SHA512 b9630c7b6e53b276fc0c101e054530e51493989870aead05207ba4ce36bcea946dddb0b130ef5a2379f10930dca4af2036e32af75ff38d6430145d89ae9e0b37

C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\libintl-8.dll

MD5 082a8171c726e58c1618da3781ab7833
SHA1 5d74e7f8f5e14c1a70331a03456c68bb33ac17e2
SHA256 ae1a1179289d1ab3b406f4bb347284464123c51be50c1bcf38f2b5dd691e065c
SHA512 837433aa29dff1bd35aeb800b8dc69fb881bb2c435bf5bba0ad7e809ad4cea765b179db4024a53f92e6b905fc964f23ed79949fa84424f864bbb88f140bd8682

C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\libnettle-4-6.dll

MD5 854c550450beddebaafe1dd74f073641
SHA1 3db1545773ea7756d6a87b3693148abcd1cdab86
SHA256 8561d32e30b3dec9ffd24b1bd87e96444fd6d3d304d64f80c6d99e112411dc48
SHA512 42af4079f184a0f8e22689f55dfa225f10b20ff8c0816d728ce022573e5ef1f1412b87000f0ef375d7dfc2a1d734a2047d539597ea4fe8ef1d5a2895053c50d1

C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\libtasn1-6.dll

MD5 266fa5bac8fab45a57b3eb68495334f4
SHA1 c845b88a5f2279e348886e4d6246f855acaa85b9
SHA256 c8a3b86d6e930b21f428a3cac3cc8fb432716d16043824df886731565bfe8a23
SHA512 ef8caef0a926865d4b1fe0ce51dc9542b814eb76392f85895a042ac514c529426519c83bcec2eb976848d174d504e2852fa854c06a70d21f4e16debd533e3d0a

C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\tsharkdecode.dll

MD5 8e8285aac0ef77a6cede53eafe9c5298
SHA1 8a4715c1c8591b83b925282af5ba72832c1ca0fc
SHA256 3a94a8e5f9ab0eca82611f95dc78c07c5093574c772b9c19d590f8e959191973
SHA512 04f24cfa4f187fbe897033359eb3a2da19c4225b514e0d6ee269d741c8bf86d9f7a5860ae2de676df1748c0d64ccb9dd58758cbe1524ff938c99224afd30997f

C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\ChangeLog.txt

MD5 61c46e382917c01f64e005738fa1f59f
SHA1 305198169b890f515b1441fea9e6985de0b2f44a
SHA256 9331c7593d1eb170cded8443a8aa4598e8cbf545c0b695c1dac4e9e3c82d0dfe
SHA512 d33a47a5c0b19d997225029a56d1328681b111727b6a4ae447d03e826fb58241ba5016038250aa3189f2db2e21b2f610d788b18cb8253b4f7f94f2edc3a1ebfc

C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\README.txt

MD5 96f787726bed75443f47f1bb5e4e19de
SHA1 1ba7176db00594d5c3ce47789f0544a9dc7f1db1
SHA256 6d38db59babe7ff7845e2adb2f5c3e1bbd6c18c0277648571bbbd17171b3ca54
SHA512 582a21330f999a3c44d977952583d335606bf53877e91c674439b01c602adc7eb419c6a58e9bba4a8cd827bbb37c705160ac2166005a9c701e85a77cb0313e68

C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\AUTHORS.txt

MD5 23b204bfc8b025fd359fe7069a800b40
SHA1 a5739e6e3695faaf1760e6fc0f7e0abd255675c7
SHA256 6e482045bc1b80adead9529673bbed9172a0710d7fd76e6262dc949c1438f173
SHA512 2f9c6284ec16bf3dcfc821db158fb85d94e0f5a4b05fccd6487b905caedd6e637963d9cfeb5710de88c863b53f896f178434148a0924b8ca065b25bcb6594837

C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\celestia.cfg

MD5 92513be6702ae3c8941969464b678e62
SHA1 5cc2d188c41f56a9e8ae24c41c77c6ef3d299bab
SHA256 894a0e66cae012092a04aea0e03d68dc319c71f5c3f650778c6625b25afe7ed0
SHA512 1e9dd3a0b22d3b75ba739bd9d1c52b7a4075a9935bb4d0784ccd3284e4ef4c3527fc5cfeae4655e4eb088b96eee38be241e08b1fb6809ca9b66e87629024ee22

C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\controls.txt

MD5 e6293f0615f816001b42126622aa2ade
SHA1 6a1de7ca8e183cac0052a10720d67b584530f23a
SHA256 2c2aa408e2111770b79be7718815045537f72b98cce1804a8ddf795db9a76d7a
SHA512 44aa52ff50ddfc5671d2542ca4863951ae9a0941ba04cac65117df6c067ebaafab5693b1ea327eac9acc16a72f6f1b15df9693bf31ad9124c21dfdf18d342d6e

C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\COPYING

MD5 a6f083039dfeaa430255fbe130b520fa
SHA1 4b6413ce03744bbaab9bfc695d0968781c6b9cdf
SHA256 48722d2ee3b224e96eeda12d0c3be740a6e1feac786834415b6a739435df0b0c
SHA512 72588d13b3f0f13096501d89d1c31bad698dbe18dd1f6b3152262e5b3897f001951a6a74ca16f5d542517e189e325229456ef62eff9fdf2234046ec74214ec22

C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\demo.cel

MD5 5d013e073e2eb6932f59dc6332b42109
SHA1 45f2cb0b4a511feb07c7aebc0fd1cc5c6f10c7c8
SHA256 aaddad734fc8474dcfb682a975fd4d8c9b9ce8b02bf84e8a6c4680faf22b2eb4
SHA512 ad7f49e5ff77478f59293f3bdb09627c86798df64e9b9a5b93e030cc5d3381c7a2974a98cde136dde652b0ded69d1873564a3c9254bb846a19fa33cdfc9e6515

C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\guide.cel

MD5 1f45419d63c816e3ef100ae0256bded2
SHA1 53165678d1b52bc9e41aa890ffb45caf6cf948cc
SHA256 67dc6fef406b3a02025cebb44255ad3d20b91bfc592a77c2ffacb58c470ac264
SHA512 44933d8b514996eaf2393395f44cfcc28ba959f7e45aca74364f6e3775b7ca060fc788b9153a1e2a91bfe5ed9bfd0678846962063c0f431e127fea9b972ad2ce

C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\start.cel

MD5 f90feff750243a7820ebc61c94de6397
SHA1 687d385b21c31e72950b2cccb4b2a0a9a1cfac3f
SHA256 6326dfdc0e24ae1791e4a63f0a02f7daa20654ced20c02d475b6b8acf8d472c7
SHA512 50e60400e2a1ca0bac44086a9da61da83a4672d48a6fd424bc00751199c6de8ff17f279ce47e1c2542dc2ab9435a184925489135ea1ce91d9c609910b02b16c1

C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\TRANSLATORS.txt

MD5 d9ab3fc66b552f8546137f50f785ae45
SHA1 db46ae2b28a5e3dc1f4d24e596bf0770b13c58e7
SHA256 720940189fe39212917a65fa51e775a92c58f729b15d7186eb7c541ef2aee672
SHA512 185e1ff98d2575854f281e1510287ace67aa76f682bd9d3fd0aafce42b8bb51eb699e28358d65d6f7b6a889d3b64a270d4cf1fd9cd8527846c98648025188936

C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\microsoft.vc90.crt.manifest

MD5 c1eda860810e6299f690459006e4c655
SHA1 3e6b132ebd31297eafabed808e336ef1aa0c502a
SHA256 df2e70333883fa14f1ab0eb04665a26dbd5334edd5c5a886a72075fbebc57ea3
SHA512 836d24e7a4f222db0a1374d624ef3297ebb6aae3601f31cc1f0607b4851eecf520b2898ea7d4883f97aeea1adf890b666557590a6f3631f2f25cb821f65be611

C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\msvcm90.dll

MD5 7b37f8ec25c9ad853e8126c1d0992201
SHA1 fd87d19fb51010dcdd31ea0c1f14e075132239b0
SHA256 866f51d4416b6a0bfbe8442cc8c1716152e4c3ee3137c375d05185e8171096a7
SHA512 5d3455fdd261c689bc77fd603c09f5272c04a3438449dce7adf816b69686fea03abc2139404be4b21aa62247a479a6968be976b88fd7eb301ee923b92bcf02c8

C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\lua5.1.dll

MD5 09819d1beef0f0beec849b6fd3581247
SHA1 09b348154111b90ec9263d7d95ba9ac459d1130c
SHA256 92e33b5b7993a36567542111dd664e4dc2d376c71a823878127db3b01a90a89c
SHA512 0c8a4f47e2db6743cad9157eae808a713bb53d10fb416f682e45aa51f557cc20c56c9dd7a48dc54d52e71791e2bc1236c66b76ac3a5298054645b39ad46010e1

C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\intl.dll

MD5 8b63ee08625b5606debfc04500973555
SHA1 ebfb93c4e76d55ba3549b253784596c403413e18
SHA256 3a28ecedfb5118885f74b0bd820797e0957974e1948871414b171c711f4ae471
SHA512 880d7480591f6cc72e1b99084b43a8b0efdeea59982513c24657ada9e34d49bb8831e85e94f92a1ebadea2bcff34aef5bd10fbdfbf96d301151c0404867d8594

C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\doc\ABOUT-NLS

MD5 b5a080b27b5b4c1a160d2bed1fcfaf9f
SHA1 b50287b75a3b098301455e34c8d8e52a09fa8938
SHA256 4c825530ca79e944b63c56ed30be58ef792b4adab6f7f38abab8c054432f4a86
SHA512 4efce9472e21b052b8fe8113dd3b5480586c06cd27c8535712b10bae2f7e32f33530a9e8c8da6f6d8fead682ee556eaec0cda2525ce9121ec95b6e25f3075696

C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\doc\AUTHORS

MD5 4b8e4f960d80b0458acbeea70d025895
SHA1 8222d99b7f2cc775471bf0b55502627a457202b5
SHA256 37d3194dbd584985c5544e805e293c3f2a8833d7ccaf0935ac8678895665dcb3
SHA512 e7ccbdfd356a67b757c7b119189ac2c5a4707017afa589644c9b43ebd72640c73182353eee74267f9cdb7c66c59eb4fc0e821147a34e16eee0a347106b915c80

C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\doc\ChangeLog

MD5 dd4e1b9708ef55f30d06198198ad2b03
SHA1 34092f4338fd69e66f8c4525201bcf760fd55019
SHA256 07dec805477121755d2c4309547017bbf6ae4a439c8d3925b7d928cab2ffeea7
SHA512 71a3423f3f68b99ecbad311c00bbd00d9806037d71ddc5378d91d6e01ee64ef44da8569da027498d4f94cd0293c5dd504a042b64dedf875df92d9d96ce450352

C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\doc\COPYING

MD5 cbbd794e2a0a289b9dfcc9f513d1996e
SHA1 2d29c273fda30310211bbf6a24127d589be09b6c
SHA256 67f82e045cf7acfef853ea0f426575a8359161a0a325e19f02b529a87c4b6c34
SHA512 c1d6aa39a08542c0c92057946fa1e6a65759575de1c446b0d11cdf922b2f41eb088b7dc007cd3858ff4ac8c22d6f02e4faa94ff6a697064613f073c432fb1ef1

C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\doc\howtotheme.html

MD5 4c5fddc1be71c19d6e1ae718916f5878
SHA1 4f8df91ebf3df62f98b4fc92836d1cb36a986de5
SHA256 83bb9ea4e0e5609a959e8ed34d56ab6dd7cba40d449ec22077abfd2173a22ed8
SHA512 ddc83945b172cf4038e8e7ce97b856fd238e29b8ee05ec1df196f5b9fd43bc20780b201b8d0438d1a67bd3bf0389bb96a1673c14cb6a722051ec569bf687ba3e

C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\doc\INSTALL

MD5 8fb227c6e1b6375d0afd0deed289e0b4
SHA1 8c30d1e996821d2ba9e84e86214f24cbc094a005
SHA256 c4add274c0889e61f7f6b591c601842f9f9c3e7c17d36e4374afef4e1f899a50
SHA512 6bc7638be91afd98e0dc37b91007c1997b32cafdff524a6b4c06bc5dd61e28e9d184a2b662dbf55765f88ca3bb2df3c7ebb00ca6287a011001c2d1af1fa279af

C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\doc\lesson_scripting_reference.html

MD5 aadcc5c24b7aa66773a82c8dcf90dc3f
SHA1 35ab43174c9489801e957ed0e19e50abd6ed655d
SHA256 9c8c1508e4255c98c0ecbffb6184c50711e32b2b150346ce2b53aa58bd5749dc
SHA512 5127b56915677b5e1e17c8fb9b8b9b26bca07b53e9585437b38b1e94f422eda5ed7b59ba86dfbfe0247e75a8351c61bae505874ae3d2a3410275aa51154cc6c9

C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\doc\OFL

MD5 969851e3a70122069a4d9ee61dd5a2ed
SHA1 c450c836db375b12ab7a4c10b09375513d905a68
SHA256 ce243fd4a62b1b76c959ffba6ec16a7a3146b2362d441ae4f9f7f32fc3750d6c
SHA512 54b335554f88e01ef0b07ed5f20c7fbc86ede2e6395ba53afc7b5ddf8c7da728309a70e178acd5aa8afd16bcdf64527a1acbb54d51d693a2966d34218f963dce

C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\doc\README

MD5 f5e6311a96b7bd0715ffdd86cf1e1553
SHA1 bb80358a88f84f8e6a310d9920b92d8f30ff4c14
SHA256 f5259f91c0d622d456fa99be940184bd1eeb8ebd9d4ec28b44669bdd98176b45
SHA512 2ed6167b6227a83dc361b175e7acb0fb23b126e782153b76758d54748ac396d0c19bc6e54e1659a6f4f6b5ae36891ebfae075d8bbc8c992faa01388f990d096b

C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\doc\TODO

MD5 4d1b4bfad0c4d377505c3c14b7b60ebb
SHA1 07cbb76c647e8334506d1d63855689d4d001c4e2
SHA256 d00691de52a7961695100061c9717e57cffaa2d390a9a25311fb6775122830d5
SHA512 83d9bd9811edff42acc72aedb6df95c28abffc197cc9521f3b3b62cd03b9a577f63e537fd8a6d941e61e6e24c6be00977b3c98dc6608dbdf302ed6c28ae24449

C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\doc\TuxType_port_Mac.txt

MD5 12cd9a17b7741cb9989fea8aebf82c6f
SHA1 b321c8b0122548853c9fcede1dca4640c13711dd
SHA256 685964cbda0311a79d10b315c503b15a7ce3ef9ec60c62ad8ce73dba21a5986b
SHA512 488c19fe3d911fa5a8ec15e3712550bd1f6a2f3beaf0a98e4432f86c77b891e044e724426f322fca70b4d88e929f094454fcf890d2eeec25b209447b95193fe1

C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\fonts\Kedage-n.ttf

MD5 16024bea0eb7a59995c59edf5df20d8f
SHA1 33710d5ceea4684ce09c4616dbe03b881058640f
SHA256 9ac4c694374e9bdd49c74e5852a990eaf1256d92de859e6f2cbc42272102c1a5
SHA512 c3b7e12d526745b189aa1606b14e950e1f7913491ef105a8264705e699e0352830f541190477403f8fc3616f1de6ca9cc111d6a9c96505587b3b0bccfbabeb0a

C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\fonts\lohit_hi.ttf

MD5 4808ddf3a48dc3b6a4f93dbd3d17eb4e
SHA1 0629a606cf59c08ebcf53dcd9535ae0d30755903
SHA256 5ea6d5af952385a37b83eb3821253d46542af509673add90075e7feaf1d8b453
SHA512 f48b68dc4f4c90125347a8327f8d5c91636630528b5b033045401c784b088fd00fc812b978d4466779419c3ec1ad726b1da41308079e86a1db62fbb7e8caee88

C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\fonts\lohit_pa.ttf

MD5 cc2ee1b756fc72a58c52294854fa35d7
SHA1 58e6658240c710dd7eb9de46fdd8515390219196
SHA256 b9920211b0e1d19b55fbef3cb602248fa8f0ff87598878769188209cbb7f6eac
SHA512 1bcc638f7d8901cfe4dca2983f9c6efb31c7a5fcaeeeae06f6252e428111e709f3edfa55868ffea412d7bb10f995d81ac7e0c36ba37f8aabb6c985b5b2dc15ef

C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\fonts\lohit_ta.ttf

MD5 2e6070e9b26ac1377f9208c320d62591
SHA1 a5c6d4ac71748c0979968a40180a575f611c73d4
SHA256 9499f3b7446292dc164a7acdabd8b6b38ae3d94b9d092004c1ed48dcbb83bb44
SHA512 06eb42262382e78d83d48d554ea4453afb36887c57643ced6128139b71d4465544b79689d939de52f6eb426788153f71b79f1e3d70563d51632a12d743e5714f

C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\scripts\mark-lg.celx

MD5 b6d3b1e04405cbea8c570111b105b5c0
SHA1 e2d6d06e26dbdca50c617bc7ab2428bc197bf26d
SHA256 13252fafc1621a6aa411d6be66e571c73cda5b043f9198f8d0551dbfaa4f209b
SHA512 fdcf578cc9f0d780486c4bf7d246de8abf96f535f04f047c277416c62dfec2bd3abfda3764a462a53e106fb213b7e8ff2151418f14d86b8ae04cf7081eb0aa1e

C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\scripts\z-dist.celx

MD5 fcde4a48cb6b7782a07a6d8c019f0eb5
SHA1 d7f9547ea8a92df6bb1ba075ad37a39b665c997a
SHA256 be9a96e334e84e8737dcd924b58471218b9fcb84bb6b6912554b3e24f106f2a3
SHA512 809cca4f3aa2827931270d734a42fb12d9a0a530e9e8ae403a89568bc492069cb2796136a4a427fc30a30d9c9add4e3b53223fca29c3c23596d57204879f8e38

C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\shaders\bumpdiffuse.vp

MD5 9a62a92876b80c17dcf366eb8ae0559f
SHA1 00c5e1f452c8133d8d51981581b36f6d59b278f7
SHA256 0c05593444c81f9d276c491f430931c0c39f05909e0c480696e1d4792f77fce3
SHA512 5e84fa176715038b8f60fcae76df328ca02b85abfbbd77bf5f79fadbf94d234ed3710758f40494a84ef7dc69f4b8da008c49c42cea1f35b082aa116b892b3e97

C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\shaders\bumpdiffuse_arb.vp

MD5 ee2522c34f159e0e12826d7799c28410
SHA1 ddabf087a9aad927f8ad05c9bbd7ef903a660b5a
SHA256 c3b122c6b034870dc4a1e62c97aec9af7a35aaac27fe36a113e1de730dbfa8e1
SHA512 f0505c436964a3e44175d4a617a4c8bd72185f7ad9c82cb8684a4620b655efc44ff35fdb62ded8905f3fa9825144aef30741383a9f95f17144bef46f63b470f6

C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\shaders\bumpdiffuse_nv.fp

MD5 3f3d6f471062f54b8f683125d02814c1
SHA1 054a6701b052566283a0ee52c5dc386fe0afc917
SHA256 f3d891f6c3d6acdd2ac8edc73689104b38c86e8b48402dd0116b3c9326a5488d
SHA512 4ddc145eef2763fdedfea933106710957b59362c033803dd647c0ce82c3759b7e58ba91e130a8333b577b7421066b5a9bfb7805c3fed1c83447bdcb970ca51e3

memory/1640-124-0x0000000000D40000-0x000000000125F000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2022-01-19 16:34

Reported

2022-01-19 16:37

Platform

win10v2004-en-20220112

Max time kernel

165s

Max time network

174s

Command Line

"C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software\spacecore.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
File opened (read-only) \??\G: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
File opened (read-only) \??\H: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
File opened (read-only) \??\M: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\F: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\F: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\F: C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Installer\SourceHash{240D6483-FC6E-46CB-8691-47B9208B14CD} C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIA8BD.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIAC87.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIAD63.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\inprogressinstallinfo.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIADC2.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIB9F8.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\1cea0ec.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\1cea0ec.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIA3F9.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIAC19.tmp C:\Windows\system32\msiexec.exe N/A

Enumerates physical storage devices

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 5c000000010000000400000000080000190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f6200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa604000000010000001000000087ce0b7b2a0e4900e158719b37a893722000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeAuditPrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeUndockPrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeAuditPrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeUndockPrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2076 wrote to memory of 332 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2076 wrote to memory of 332 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2076 wrote to memory of 332 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1772 wrote to memory of 3008 N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe C:\Windows\SysWOW64\msiexec.exe
PID 1772 wrote to memory of 3008 N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe C:\Windows\SysWOW64\msiexec.exe
PID 1772 wrote to memory of 3008 N/A C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe C:\Windows\SysWOW64\msiexec.exe
PID 2076 wrote to memory of 1840 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2076 wrote to memory of 1840 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2076 wrote to memory of 1840 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2076 wrote to memory of 3280 N/A C:\Windows\system32\msiexec.exe C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software\spacecore.exe
PID 2076 wrote to memory of 3280 N/A C:\Windows\system32\msiexec.exe C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software\spacecore.exe
PID 2076 wrote to memory of 3280 N/A C:\Windows\system32\msiexec.exe C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software\spacecore.exe

Processes

C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe

"C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe"

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding A572A529F60B14EA50C2687097B1D209 C

C:\Windows\SysWOW64\msiexec.exe

"C:\Windows\system32\msiexec.exe" /i "C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\adv2.msi" AI_SETUPEXEPATH=C:\Users\Admin\AppData\Local\Temp\df7f07f9b0c6ff27b0011f3a6daa5ca4b73f554b6a1ed319dce05919c3c4e18c.exe SETUPEXEDIR=C:\Users\Admin\AppData\Local\Temp\ EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1642583397 " AI_EUIMSI=""

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 020BA608F1A07773F487CA1A7753E5BE

C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software\spacecore.exe

"C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software\spacecore.exe"

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalService

Network

Country Destination Domain Proto
N/A 127.0.0.1:5985 tcp

Files

C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\decoder.dll

MD5 831e0b597db11a6eb6f3f797105f7be8
SHA1 d89154670218f9fba4515b0c1c634ae0900ca6d4
SHA256 e3404d4af16702a67dcaa4da4c5a8776ef350343b179ae6e7f2d347e7e1d1fb7
SHA512 e5e71a62c937e7d1c2cf7698bc80fa42732ddd82735ba0ccaee28aee7a7ea7b2132650dfd2c483eb6fb93f447b59643e1a3d6d077a50f0cd42b6f3fc78c1ad8f

C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\decoder.dll

MD5 831e0b597db11a6eb6f3f797105f7be8
SHA1 d89154670218f9fba4515b0c1c634ae0900ca6d4
SHA256 e3404d4af16702a67dcaa4da4c5a8776ef350343b179ae6e7f2d347e7e1d1fb7
SHA512 e5e71a62c937e7d1c2cf7698bc80fa42732ddd82735ba0ccaee28aee7a7ea7b2132650dfd2c483eb6fb93f447b59643e1a3d6d077a50f0cd42b6f3fc78c1ad8f

C:\Users\Admin\AppData\Local\Temp\MSI9C2A.tmp

MD5 a32decee57c661563b038d4f324e2b42
SHA1 3f381a7e31f450a40c8c2cf2c40c36a61fb7a4c2
SHA256 fcf24b9b574ed026d3f68b7b70aa6533806ba7fc566c476ccb62e6493ac28f04
SHA512 e17c125adad4702c9a30639858e22a2f0dc4f2926fca89758d544c62fe1fb95360dabd5bd2de2f62a607158bd9ef108c60d8cb5ce709c634668ee509988214f9

C:\Users\Admin\AppData\Local\Temp\MSI9C2A.tmp

MD5 a32decee57c661563b038d4f324e2b42
SHA1 3f381a7e31f450a40c8c2cf2c40c36a61fb7a4c2
SHA256 fcf24b9b574ed026d3f68b7b70aa6533806ba7fc566c476ccb62e6493ac28f04
SHA512 e17c125adad4702c9a30639858e22a2f0dc4f2926fca89758d544c62fe1fb95360dabd5bd2de2f62a607158bd9ef108c60d8cb5ce709c634668ee509988214f9

C:\Users\Admin\AppData\Local\Temp\MSI9D63.tmp

MD5 4e2e67fc241ab6e440ad2789f705fc69
SHA1 bda5f46c1f51656d3cbad481fa2c76a553f03aba
SHA256 98f4ebaa6ea1083e98ea0dd5c74c2cb22b1375c55b6a12cfdc5d877f716de392
SHA512 452df66dd2b09485bf92d92b72b3ad2638cbf0a570741b80309056d1e67e68a18cbd0ad3616a2943bb29de62a057848a7382b6c64c3821335a51b0a03131564c

C:\Users\Admin\AppData\Local\Temp\MSI9D63.tmp

MD5 4e2e67fc241ab6e440ad2789f705fc69
SHA1 bda5f46c1f51656d3cbad481fa2c76a553f03aba
SHA256 98f4ebaa6ea1083e98ea0dd5c74c2cb22b1375c55b6a12cfdc5d877f716de392
SHA512 452df66dd2b09485bf92d92b72b3ad2638cbf0a570741b80309056d1e67e68a18cbd0ad3616a2943bb29de62a057848a7382b6c64c3821335a51b0a03131564c

C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\adv2.msi

MD5 1d67aa686a91e14c7b5c1536f7e3a4b6
SHA1 1e63565b198b80e3facef004b72de841df06bc85
SHA256 88094bafb610ebbe34ddc0ed85e13cd636010975bfe66febdc416a621fd48522
SHA512 259bf8eb99c22a8c6579f618d2ffde99adc36104e8abc52cef85c06a3e73dbe6e60aa3880004776687025f5d839bd6a6e74322ab52dacbc2fbdef18cc437e613

C:\Windows\Installer\MSIA3F9.tmp

MD5 a32decee57c661563b038d4f324e2b42
SHA1 3f381a7e31f450a40c8c2cf2c40c36a61fb7a4c2
SHA256 fcf24b9b574ed026d3f68b7b70aa6533806ba7fc566c476ccb62e6493ac28f04
SHA512 e17c125adad4702c9a30639858e22a2f0dc4f2926fca89758d544c62fe1fb95360dabd5bd2de2f62a607158bd9ef108c60d8cb5ce709c634668ee509988214f9

C:\Windows\Installer\MSIA3F9.tmp

MD5 a32decee57c661563b038d4f324e2b42
SHA1 3f381a7e31f450a40c8c2cf2c40c36a61fb7a4c2
SHA256 fcf24b9b574ed026d3f68b7b70aa6533806ba7fc566c476ccb62e6493ac28f04
SHA512 e17c125adad4702c9a30639858e22a2f0dc4f2926fca89758d544c62fe1fb95360dabd5bd2de2f62a607158bd9ef108c60d8cb5ce709c634668ee509988214f9

C:\Windows\Installer\MSIA8BD.tmp

MD5 a32decee57c661563b038d4f324e2b42
SHA1 3f381a7e31f450a40c8c2cf2c40c36a61fb7a4c2
SHA256 fcf24b9b574ed026d3f68b7b70aa6533806ba7fc566c476ccb62e6493ac28f04
SHA512 e17c125adad4702c9a30639858e22a2f0dc4f2926fca89758d544c62fe1fb95360dabd5bd2de2f62a607158bd9ef108c60d8cb5ce709c634668ee509988214f9

C:\Windows\Installer\MSIA8BD.tmp

MD5 a32decee57c661563b038d4f324e2b42
SHA1 3f381a7e31f450a40c8c2cf2c40c36a61fb7a4c2
SHA256 fcf24b9b574ed026d3f68b7b70aa6533806ba7fc566c476ccb62e6493ac28f04
SHA512 e17c125adad4702c9a30639858e22a2f0dc4f2926fca89758d544c62fe1fb95360dabd5bd2de2f62a607158bd9ef108c60d8cb5ce709c634668ee509988214f9

C:\Windows\Installer\MSIAC19.tmp

MD5 a32decee57c661563b038d4f324e2b42
SHA1 3f381a7e31f450a40c8c2cf2c40c36a61fb7a4c2
SHA256 fcf24b9b574ed026d3f68b7b70aa6533806ba7fc566c476ccb62e6493ac28f04
SHA512 e17c125adad4702c9a30639858e22a2f0dc4f2926fca89758d544c62fe1fb95360dabd5bd2de2f62a607158bd9ef108c60d8cb5ce709c634668ee509988214f9

C:\Windows\Installer\MSIAC19.tmp

MD5 a32decee57c661563b038d4f324e2b42
SHA1 3f381a7e31f450a40c8c2cf2c40c36a61fb7a4c2
SHA256 fcf24b9b574ed026d3f68b7b70aa6533806ba7fc566c476ccb62e6493ac28f04
SHA512 e17c125adad4702c9a30639858e22a2f0dc4f2926fca89758d544c62fe1fb95360dabd5bd2de2f62a607158bd9ef108c60d8cb5ce709c634668ee509988214f9

C:\Windows\Installer\MSIAC87.tmp

MD5 4e2e67fc241ab6e440ad2789f705fc69
SHA1 bda5f46c1f51656d3cbad481fa2c76a553f03aba
SHA256 98f4ebaa6ea1083e98ea0dd5c74c2cb22b1375c55b6a12cfdc5d877f716de392
SHA512 452df66dd2b09485bf92d92b72b3ad2638cbf0a570741b80309056d1e67e68a18cbd0ad3616a2943bb29de62a057848a7382b6c64c3821335a51b0a03131564c

C:\Windows\Installer\MSIAC87.tmp

MD5 4e2e67fc241ab6e440ad2789f705fc69
SHA1 bda5f46c1f51656d3cbad481fa2c76a553f03aba
SHA256 98f4ebaa6ea1083e98ea0dd5c74c2cb22b1375c55b6a12cfdc5d877f716de392
SHA512 452df66dd2b09485bf92d92b72b3ad2638cbf0a570741b80309056d1e67e68a18cbd0ad3616a2943bb29de62a057848a7382b6c64c3821335a51b0a03131564c

C:\Windows\Installer\MSIAD63.tmp

MD5 a32decee57c661563b038d4f324e2b42
SHA1 3f381a7e31f450a40c8c2cf2c40c36a61fb7a4c2
SHA256 fcf24b9b574ed026d3f68b7b70aa6533806ba7fc566c476ccb62e6493ac28f04
SHA512 e17c125adad4702c9a30639858e22a2f0dc4f2926fca89758d544c62fe1fb95360dabd5bd2de2f62a607158bd9ef108c60d8cb5ce709c634668ee509988214f9

C:\Windows\Installer\MSIAD63.tmp

MD5 a32decee57c661563b038d4f324e2b42
SHA1 3f381a7e31f450a40c8c2cf2c40c36a61fb7a4c2
SHA256 fcf24b9b574ed026d3f68b7b70aa6533806ba7fc566c476ccb62e6493ac28f04
SHA512 e17c125adad4702c9a30639858e22a2f0dc4f2926fca89758d544c62fe1fb95360dabd5bd2de2f62a607158bd9ef108c60d8cb5ce709c634668ee509988214f9

C:\Windows\Installer\MSIADC2.tmp

MD5 0be7cdee6c5103c740539d18a94acbd0
SHA1 a364c342ff150f69b471b922c0d065630a0989bb
SHA256 41abe8eb54a1910e6fc97fcea4de37a67058b7527badae8f39fba3788c46de14
SHA512 f96ef5458fdc985501e0dca9cac3c912b3f2308be29eb8e6a305a3b02a3c61b129c4db2c98980b32fd01779566fa5173b2d841755d3cb30885e2f130e4ad6e2c

C:\Windows\Installer\MSIADC2.tmp

MD5 0be7cdee6c5103c740539d18a94acbd0
SHA1 a364c342ff150f69b471b922c0d065630a0989bb
SHA256 41abe8eb54a1910e6fc97fcea4de37a67058b7527badae8f39fba3788c46de14
SHA512 f96ef5458fdc985501e0dca9cac3c912b3f2308be29eb8e6a305a3b02a3c61b129c4db2c98980b32fd01779566fa5173b2d841755d3cb30885e2f130e4ad6e2c

C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\decoder.dll

MD5 831e0b597db11a6eb6f3f797105f7be8
SHA1 d89154670218f9fba4515b0c1c634ae0900ca6d4
SHA256 e3404d4af16702a67dcaa4da4c5a8776ef350343b179ae6e7f2d347e7e1d1fb7
SHA512 e5e71a62c937e7d1c2cf7698bc80fa42732ddd82735ba0ccaee28aee7a7ea7b2132650dfd2c483eb6fb93f447b59643e1a3d6d077a50f0cd42b6f3fc78c1ad8f

C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\lcms-5.0.dll

MD5 4a7ec88ed3b6f8d7c70e859ca35010ce
SHA1 c9440c6650e5f345a8aa30764b87531480ac63fc
SHA256 15a65d64c55006f966e694a8e4b65635d1fac975354fd35213cdfc5dde675803
SHA512 2a46db6bde8970019ddedd003484bb655ef74e37d4421e7f41322c4801d250377ac7534729f4f976ce5bb208238ce4e1fa618e9897ba949d9e9cd035c36030dd

C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\spacecore.exe

MD5 36698c857fdd6cc9b024cea38118c779
SHA1 875c5f6bcf9b005fe265936de92e53ed35e6ab2d
SHA256 dfbc344151d958d97f0db5d0c5a82fd0b521d21d89697354c4a1bbd809a71442
SHA512 23fa5b77bb720fa9cccc19eb8fa7e37f4395e968171c2e4798da21897cd35f7b223da205c1fb5d828846dbba9fb02c1e1bfe1f4f9929a5862f2161359360f468

C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\gt

MD5 ccc8c7ca004997b3f868ac2e379daae3
SHA1 f3558231bfc980eba40a7be8d8783a8790f01f18
SHA256 59f5de28c59dbeab22e7240d905d7072194edf15a21277a67dcebdd4e2e78e71
SHA512 c869263fe48c085789c6e7d8a6d1beb93be416c1d9768b2cf431fc570247f7709163f3e0ebfe057799c2b636d5f9297c0fc6580c66d1fe4e2d18c25142f6ff7b

C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\msvcm90.dll

MD5 7b37f8ec25c9ad853e8126c1d0992201
SHA1 fd87d19fb51010dcdd31ea0c1f14e075132239b0
SHA256 866f51d4416b6a0bfbe8442cc8c1716152e4c3ee3137c375d05185e8171096a7
SHA512 5d3455fdd261c689bc77fd603c09f5272c04a3438449dce7adf816b69686fea03abc2139404be4b21aa62247a479a6968be976b88fd7eb301ee923b92bcf02c8

C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\ChangeLog.txt

MD5 61c46e382917c01f64e005738fa1f59f
SHA1 305198169b890f515b1441fea9e6985de0b2f44a
SHA256 9331c7593d1eb170cded8443a8aa4598e8cbf545c0b695c1dac4e9e3c82d0dfe
SHA512 d33a47a5c0b19d997225029a56d1328681b111727b6a4ae447d03e826fb58241ba5016038250aa3189f2db2e21b2f610d788b18cb8253b4f7f94f2edc3a1ebfc

C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\themes\espanol\words\words2.txt

MD5 f9c58618d446e7b389fb8e02c6273040
SHA1 42dccdd29c96f3563873c01a5f384fe8bf460aaa
SHA256 abbd3e51aabe561d95ca78d723c4468c97cb7163a29346d9efaefe74464d37dd
SHA512 856e71fcf8935be1518c6e9bceb0a82e2d66bf46ca46977e2142d1dbf86532a0216d34fb79d47f0949a1f4e53298cf1afb4e4e3ba717ed2293ef6671b1909ef9

C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\shaders\diffuse_texoff_arb.vp

MD5 dfdb07a9d65f43edb1f1ef5553b0b2a6
SHA1 c440f2df72caa75bedb2531ea35a097020962d69
SHA256 539fa2ae65255fee1fb45c8a1332fe0a7b6079bb96f29bf3502565daf4e785d2
SHA512 9bea4338de024360dc5330818f67c54697fc5698de63dd0cd0a7b04dfa5dc849432f31e7b9631d013c871c2a9f97399c6c206edd1dbc03152cf73f173dd53d8a

C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\shaders\bumpdiffuse_arb.vp

MD5 ee2522c34f159e0e12826d7799c28410
SHA1 ddabf087a9aad927f8ad05c9bbd7ef903a660b5a
SHA256 c3b122c6b034870dc4a1e62c97aec9af7a35aaac27fe36a113e1de730dbfa8e1
SHA512 f0505c436964a3e44175d4a617a4c8bd72185f7ad9c82cb8684a4620b655efc44ff35fdb62ded8905f3fa9825144aef30741383a9f95f17144bef46f63b470f6

C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\themes\czech\words\prsty.txt

MD5 b237fa0e4fdb0c0154545e11ad7bbade
SHA1 e35f41a43984fa817f4e239681aa3f1eea85c64e
SHA256 94c63c7bd4828b56a6994c28c70c9bce6b1a6671354332febccfdda663367846
SHA512 08ebbe90fbdc4b71776a27527831fc22d5abbadd81ab4859f4bfcdbb09fb4636371c0e5eb933e382bd97d04b1f7e0a422c53adb2e24c4a6f9f14287d6f7fc202

C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\shaders\haze2_arb.vp

MD5 a23ea89fdff90b741b05d557aada2fdf
SHA1 cfbfeb40f4b246310d960ae4612a1275e437b1cd
SHA256 eef13ac168ced397bff5a5d66afbaae64be3d70ed14595a85d75c3eb60e0d928
SHA512 7ebc841a664fbf20f6e0762a7de19866b35909daa1ad201aa09ec0d79b24b89055620a78f62410a3ed65098e4394945afefaefb44b73695407f90844dce2e5ee

C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\doc\ChangeLog

MD5 dd4e1b9708ef55f30d06198198ad2b03
SHA1 34092f4338fd69e66f8c4525201bcf760fd55019
SHA256 07dec805477121755d2c4309547017bbf6ae4a439c8d3925b7d928cab2ffeea7
SHA512 71a3423f3f68b99ecbad311c00bbd00d9806037d71ddc5378d91d6e01ee64ef44da8569da027498d4f94cd0293c5dd504a042b64dedf875df92d9d96ce450352

C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\shaders\night_arb.vp

MD5 8813ef376ae5bc5d0b473d05083bafe9
SHA1 b50d824dee3b289f64828a84a79fdb4153d16e0d
SHA256 ba2b523e425078ffc086f8696f9cef0138f9e38b3b88dacec218255e1a065c0c
SHA512 c4dd2087834cdbf2e517b84fb7e5aa92d556cc4793d6f0d08b7f8fb45c52dcf025d1a068438dc374b4593d14d02ef66f27e3273b16767de2609cdeb36596fea9

C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\themes\czech\settings.txt

MD5 97c705d1301f982e0010876c8fda614e
SHA1 acdb1d10a6b7aea47932a100d36a6f9d867c40c1
SHA256 db42c3bc77f54b145d013c395509a5496da3b5a8d4730c5f593e2835f1f2d7f5
SHA512 170cd69f3cf93eb7315390a569d4d03bb9cb1d606d8de8b63b267bc2e1e8b45e8683baf929016e0f45840c68a221e0c3b58b7a6a48e89715234e450d5d3f2377

C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\shaders\diffuse_texoff2_arb.vp

MD5 d0c3be48642c0920fbcf2af1e70c94bc
SHA1 1204a62d3a3df6fd590a0ab3287ddf02f6ce5fbc
SHA256 62ca2db2f22820a8ca02c1f2ee4d42ae0170ab43893d36f87f87b37453965d50
SHA512 a0f9ebeeef41a746d32bbd4466256f6349bd91d9b00b0ecdb6d3fa1845c9ac613a3a501d17ae031cc29d5dfb0eb2dba2644976e5299d0cab05752736b5ce6b3b

C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\unins000.dat

MD5 0feceec346d9be16f42c1f12f8de1783
SHA1 fae175c74ebbccf28be4113ba7e8595c5269135c
SHA256 8de68ee615623cd757422453e7cca4f1a219fe0e29e783a04d2a63b113a0d3e7
SHA512 116817978ad76faf1415b5fa41749510a44fc589cbd95c74f075923882b68f78806005b9399db5c0b0ef26d8d50c557e752ad33c2c0b965ca09c5a33c161af61

C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\fonts\lohit_hi.ttf

MD5 4808ddf3a48dc3b6a4f93dbd3d17eb4e
SHA1 0629a606cf59c08ebcf53dcd9535ae0d30755903
SHA256 5ea6d5af952385a37b83eb3821253d46542af509673add90075e7feaf1d8b453
SHA512 f48b68dc4f4c90125347a8327f8d5c91636630528b5b033045401c784b088fd00fc812b978d4466779419c3ec1ad726b1da41308079e86a1db62fbb7e8caee88

C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\words\alphabet.txt

MD5 712b83a5039b83e8ea588c5fad1103ed
SHA1 41eaa1481fdf1fbdafd223628b59137a01eccdc8
SHA256 8cb96dae0b17ac655c0dc6ae5d5c90c28fd393841a11074d59a6f10d0f22b8c7
SHA512 d5aec644f8cbe68f8689597d2baa4660455e4005df56269fc612182a946c2718b8b0b6872efd5f72dc69def48f59cad24112e7874101034a56344044f4f229bb

C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\themes\french\words\fingers.txt

MD5 54f52456338c263b32636aa9ec295678
SHA1 0c8b9e5b3e003ec12ace1917503b25b80ed0900e
SHA256 7907b6ded9db9e28883ecf76cca4fdd3820702cebe8f49551176aa7c04307489
SHA512 7d3da19d2e00ae2cf729f53a1e01e6b2b3c046cd265b1573163f0de374915207e0155b3151c1db24914e47e93754bd707490f6076952521dfde34d5d5f74c017

C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\themes\french\scripts\les_jours_de_la_semaine.xml

MD5 ee7088a04b51a20bc21db311b2f80abc
SHA1 ac8d413b24d1401c7d23083c5ca5bae1af69bcd8
SHA256 0b5271f60333791b776e16c321950e7e9010a4f9ad9d5cdfe7685668e5bb0334
SHA512 8dc21b2b77b1f99c17bf967cc21c822247b1b0f70f635f24a942dabab4b5b7b09e34ee3cf7b5831d949eb1933af26efd4492e6210f744856fbd2ae2127f521bd

C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\themes\french\keyboard.lst

MD5 981b6c37967966f0bd3b7395c0304f30
SHA1 4bfbe224c64178c33dfa435612e0916ca49962a7
SHA256 c844b1474570fb7af91b16614801168a6b14cb8883dbb4a59c107f2925a2db4d
SHA512 96e8e59c53b4326898a8c45c467636805bed13c41318feb3ae3ae8b8780df77177425a9c0df2a83d7795e70135a4aebff5be13dba36274cb57978b79bc773198

C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\themes\espanol\words\words1.txt

MD5 8a3514ad4f81c6b9b9b746a33a67c76f
SHA1 9fbd6b0f32dcfdd097180dc99793091b866ea443
SHA256 996de48b37c5aeeb01efb32c25b8b4845507068be844fc5e985af3e6b67fc746
SHA512 46a8252111afc67e222533f8c3414f227f6e960a76e7adfd8e3788c3cab2c667d3d2ad9e60c73c09ebe564bdd2b39c8265fc5257a379288a652658c5ffbd5344

C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\themes\espanol\keyboard.lst

MD5 b10b2b44f8137740e14363e0ce4b7e47
SHA1 f13d25f608b9f73a38d0f17ed53c82d4bbdc3eb2
SHA256 5fd920d2a0c23d4eb0d5704b676e48726a50db7122e8ed2dbb740f2c71144822
SHA512 0e1fb991278ba7aadea8f2dc357d0e32ccf282ffb093aefcd496be7b3ca6985032c71bbe56e8ca882ec20aeacc4dc99d166cfe65bcbfb2cfe1b4ce2eb2ac9463

C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\themes\espanol\images\map.png

MD5 30a29eb1970d70f3e7630e2f6129b623
SHA1 fe02af80d8d9bbbc4231a1fcf3f43f105eb1ab44
SHA256 445d653649defcca4d8f72b2e91cfa5ef7c39d2eb660b23f5d45d937d4eecba0
SHA512 b276b3b6830cf89ae8aff6fc451a7c6f51e2555c1fd6cc06453dd75640d91fff24aaa8bc553172cb0cc9cce8ddb68def2a85c9021b64f58a3e62faf41e66bf92

C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\themes\deutsch\words\kurz2-3-mit.txt

MD5 d932b1ffc8b5321ee9c7a9ef7cbb8bfa
SHA1 5e6ace040d0a3291687dc129a2ab02db4dc5c1fc
SHA256 041068a572c5265693a0369e79e2080055f5eddce35a80024985ed45d150a2c4
SHA512 c9d4250a1aca4cd7c342acbd17bd5b6eaa957364c2f535dc87d27e1b85a8e9493b5c8f743f8fff14a509c5a78e4130c185720662abd9086f8b56b214111e7d1e

C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\themes\deutsch\keyboard.lst

MD5 73e29cd1bbf3a6420a590f85a288f5dd
SHA1 f21fe09f412f784231a5759fe09da29857dec9ce
SHA256 9198fd4883326b94f1a0c7a6ccdf0314f78dec4a2ac7f415e6e11c58d5d8a1c1
SHA512 3e6049d302826efc67a909a6c36e972020c0993bc1a69851e61d82cbbb1c10712fc11cec6dd8428d76063f863c2f5de2ce9ad83dbf675fd70f8215df4d57f0f2

C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\themes\czech\words\abeceda.txt

MD5 ca1d4315a55a43ce742942bd35034034
SHA1 5149927e633b4320d00600fdd5a12a367956d49e
SHA256 77891560cac7b7f2ed6ae01e7bfc979efc1af6ab686c534f03cfbcaeab002a3b
SHA512 18c88c698b33ac6312be9ed7eb8d8840605ad33d3ab87650f643e964871ea7171ddd4c69fc121d64548cf5b192bec5d634a3059dcc876227f7702af201643823

C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\themes\czech\keyboard.lst

MD5 2e5417f883e221dad966c8c7851294c2
SHA1 ab1b82343073a226cd8d12875e2abab05249c6a9
SHA256 440e0557c735d1af2dc425c5fb095f3df4b3a12bb95f65ce04cad9ccdd5fca2d
SHA512 2e2326391189fc0b98f727a6eac5211f600c4d9a2bd7a986c696ad6220dc2ab33d28d4afc2f551d1f68ffc5dfa5c73faada067bd13c5333dc3b9b3a9e99e1e7e

C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\shaders\bumpdiffuse.vp

MD5 9a62a92876b80c17dcf366eb8ae0559f
SHA1 00c5e1f452c8133d8d51981581b36f6d59b278f7
SHA256 0c05593444c81f9d276c491f430931c0c39f05909e0c480696e1d4792f77fce3
SHA512 5e84fa176715038b8f60fcae76df328ca02b85abfbbd77bf5f79fadbf94d234ed3710758f40494a84ef7dc69f4b8da008c49c42cea1f35b082aa116b892b3e97

C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\scripts\mark-lg.celx

MD5 b6d3b1e04405cbea8c570111b105b5c0
SHA1 e2d6d06e26dbdca50c617bc7ab2428bc197bf26d
SHA256 13252fafc1621a6aa411d6be66e571c73cda5b043f9198f8d0551dbfaa4f209b
SHA512 fdcf578cc9f0d780486c4bf7d246de8abf96f535f04f047c277416c62dfec2bd3abfda3764a462a53e106fb213b7e8ff2151418f14d86b8ae04cf7081eb0aa1e

C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\fonts\Kedage-n.ttf

MD5 16024bea0eb7a59995c59edf5df20d8f
SHA1 33710d5ceea4684ce09c4616dbe03b881058640f
SHA256 9ac4c694374e9bdd49c74e5852a990eaf1256d92de859e6f2cbc42272102c1a5
SHA512 c3b7e12d526745b189aa1606b14e950e1f7913491ef105a8264705e699e0352830f541190477403f8fc3616f1de6ca9cc111d6a9c96505587b3b0bccfbabeb0a

C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\doc\ABOUT-NLS

MD5 b5a080b27b5b4c1a160d2bed1fcfaf9f
SHA1 b50287b75a3b098301455e34c8d8e52a09fa8938
SHA256 4c825530ca79e944b63c56ed30be58ef792b4adab6f7f38abab8c054432f4a86
SHA512 4efce9472e21b052b8fe8113dd3b5480586c06cd27c8535712b10bae2f7e32f33530a9e8c8da6f6d8fead682ee556eaec0cda2525ce9121ec95b6e25f3075696

C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\intl.dll

MD5 8b63ee08625b5606debfc04500973555
SHA1 ebfb93c4e76d55ba3549b253784596c403413e18
SHA256 3a28ecedfb5118885f74b0bd820797e0957974e1948871414b171c711f4ae471
SHA512 880d7480591f6cc72e1b99084b43a8b0efdeea59982513c24657ada9e34d49bb8831e85e94f92a1ebadea2bcff34aef5bd10fbdfbf96d301151c0404867d8594

C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\lua5.1.dll

MD5 09819d1beef0f0beec849b6fd3581247
SHA1 09b348154111b90ec9263d7d95ba9ac459d1130c
SHA256 92e33b5b7993a36567542111dd664e4dc2d376c71a823878127db3b01a90a89c
SHA512 0c8a4f47e2db6743cad9157eae808a713bb53d10fb416f682e45aa51f557cc20c56c9dd7a48dc54d52e71791e2bc1236c66b76ac3a5298054645b39ad46010e1

C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\tsharkdecode.dll

MD5 8e8285aac0ef77a6cede53eafe9c5298
SHA1 8a4715c1c8591b83b925282af5ba72832c1ca0fc
SHA256 3a94a8e5f9ab0eca82611f95dc78c07c5093574c772b9c19d590f8e959191973
SHA512 04f24cfa4f187fbe897033359eb3a2da19c4225b514e0d6ee269d741c8bf86d9f7a5860ae2de676df1748c0d64ccb9dd58758cbe1524ff938c99224afd30997f

C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\libtasn1-6.dll

MD5 266fa5bac8fab45a57b3eb68495334f4
SHA1 c845b88a5f2279e348886e4d6246f855acaa85b9
SHA256 c8a3b86d6e930b21f428a3cac3cc8fb432716d16043824df886731565bfe8a23
SHA512 ef8caef0a926865d4b1fe0ce51dc9542b814eb76392f85895a042ac514c529426519c83bcec2eb976848d174d504e2852fa854c06a70d21f4e16debd533e3d0a

C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\libnettle-4-6.dll

MD5 854c550450beddebaafe1dd74f073641
SHA1 3db1545773ea7756d6a87b3693148abcd1cdab86
SHA256 8561d32e30b3dec9ffd24b1bd87e96444fd6d3d304d64f80c6d99e112411dc48
SHA512 42af4079f184a0f8e22689f55dfa225f10b20ff8c0816d728ce022573e5ef1f1412b87000f0ef375d7dfc2a1d734a2047d539597ea4fe8ef1d5a2895053c50d1

C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\libintl-8.dll

MD5 082a8171c726e58c1618da3781ab7833
SHA1 5d74e7f8f5e14c1a70331a03456c68bb33ac17e2
SHA256 ae1a1179289d1ab3b406f4bb347284464123c51be50c1bcf38f2b5dd691e065c
SHA512 837433aa29dff1bd35aeb800b8dc69fb881bb2c435bf5bba0ad7e809ad4cea765b179db4024a53f92e6b905fc964f23ed79949fa84424f864bbb88f140bd8682

C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\libgpg-error6-0.dll

MD5 8c72fc2d0c83e1698b0fc50775310b16
SHA1 d8c49bb33e9239cfbd76ffcce8a95485a90a46bf
SHA256 31a3dded0e009827e09be2b2bec6fc033cb06c147af67fbe818ea82fd5541be2
SHA512 b9630c7b6e53b276fc0c101e054530e51493989870aead05207ba4ce36bcea946dddb0b130ef5a2379f10930dca4af2036e32af75ff38d6430145d89ae9e0b37

C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\libffi-6.dll

MD5 f68c187d209127bb0a4487b23ec29a25
SHA1 54726179bdde7a6bd341b2ba3464e3b79cea08c7
SHA256 23fd4daab07107bfb9fd0950c0490ba65df2fbc21680e46d9b93800e38bd1943
SHA512 7364e67cbe7449c35930649c1b1360b88448893ccc207d1dcf5d3216f6c9ce33c9f4b0873a1e6aac8c151a76f9d082b4c5c1e42dba5800b789b72f74c9065540

C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\fonts\lohit_pa.ttf

MD5 cc2ee1b756fc72a58c52294854fa35d7
SHA1 58e6658240c710dd7eb9de46fdd8515390219196
SHA256 b9920211b0e1d19b55fbef3cb602248fa8f0ff87598878769188209cbb7f6eac
SHA512 1bcc638f7d8901cfe4dca2983f9c6efb31c7a5fcaeeeae06f6252e428111e709f3edfa55868ffea412d7bb10f995d81ac7e0c36ba37f8aabb6c985b5b2dc15ef

C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\shaders\eclipse2_nv.fp

MD5 4ed4a5f31f1a05d6a3558f492b9cabcf
SHA1 6f421e2c02d7f2976e0ce53efe369225a2b2b368
SHA256 7049a3b711927a4057b207db29ffa45e8068874674ace057f8b817e583546308
SHA512 09a4ea51ac4adfe2ddf2812641a8cd560550c7983a09f77a81055ecf1f3d38e4eb82e46593e90c9f7e18336375596b31835b76ceb2dd6407efb4c1913ebb4769

C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\README.txt

MD5 96f787726bed75443f47f1bb5e4e19de
SHA1 1ba7176db00594d5c3ce47789f0544a9dc7f1db1
SHA256 6d38db59babe7ff7845e2adb2f5c3e1bbd6c18c0277648571bbbd17171b3ca54
SHA512 582a21330f999a3c44d977952583d335606bf53877e91c674439b01c602adc7eb419c6a58e9bba4a8cd827bbb37c705160ac2166005a9c701e85a77cb0313e68

C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\scripts\z-dist.celx

MD5 fcde4a48cb6b7782a07a6d8c019f0eb5
SHA1 d7f9547ea8a92df6bb1ba075ad37a39b665c997a
SHA256 be9a96e334e84e8737dcd924b58471218b9fcb84bb6b6912554b3e24f106f2a3
SHA512 809cca4f3aa2827931270d734a42fb12d9a0a530e9e8ae403a89568bc492069cb2796136a4a427fc30a30d9c9add4e3b53223fca29c3c23596d57204879f8e38

C:\Users\Admin\AppData\Roaming\PC SOFT\PST Perfomance Software 1.3.0.0\install\08B14CD\shaders\night.vp

MD5 1bc69e35fc02290722e3a91cd9cb3114
SHA1 2659a2d55568909ec01701f501d0fa54cb67c700
SHA256 d4e5a662eacd2d84db82e30abe5cd77e6ad7d9ab5462713a3490b09a14b2fc19
SHA512 48fbbe29086901c6ce4adf0c09dda5cec6336700fb9c2f2a82b67bae32c43a1d699b7d58cd7368717abf716772e78e3203501d327a387f9b1fdc2de810671f21

memory/3280-222-0x0000000000550000-0x0000000000A6F000-memory.dmp