b0b6afcb211b579d4eb0cb516c9a7ed3e1258852f53377f859a929275f47638d

Analysis

max time kernel
119s
max time network
116s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
13-04-2023 23:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

spacedesk_driver_Win_10_64_v1066_BETA.msi
Size

4.7MB
MD5

04072d7d08fff3ed15ed1abb4568726c
SHA1

a31cc1b1d316a3fcb95a551c92a44fcb9d04d89b
SHA256

b0b6afcb211b579d4eb0cb516c9a7ed3e1258852f53377f859a929275f47638d
SHA512

d00422cc73551983818f1266f131854097b0e1cdccaee74357f8aa9c24209a21d8dd1ed945fa682b0158fcc568306d5c6ae11b68acfbf7bcc0a3c466feabb442
SSDEEP

98304:k/26iEhhOy1H/41ag4ZUzRJUutpSFqG0cbE:k/2shhjiyZ+RJUuWqG0

Score

8^/10

persistence

Malware Config

Signatures

Blocklisted process makes network request 2 IoCs

flow	pid	Process
3	3760	msiexec.exe
7	3760	msiexec.exe

Drops file in Drivers directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\drivers\spacedeskDriverAndroidControl.sys	DrvInst.exe
File opened for modification	C:\Windows\System32\drivers\SET58FD.tmp	DrvInst.exe
File created	C:\Windows\System32\drivers\SET58FD.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\drivers\spacedeskDriverBus.sys	DrvInst.exe

Executes dropped EXE 16 IoCs

pid	Process
3872	MSI346F.tmp
380	MSI354A.tmp
2540	MSI35B9.tmp
4196	MSI3EB3.tmp
1496	MSI42CB.tmp
4916	MSI4750.tmp
3260	MSI4B87.tmp
4816	MSI5145.tmp
3868	MSI559B.tmp
2508	MSI5A30.tmp
1920	spacedeskService.exe
2908	spacedeskServiceTray.exe
1952	MSI62BC.tmp
2520	MSI631B.tmp
4972	MSI6407.tmp
2464	spacedeskConsole.exe

Loads dropped DLL 1 IoCs

pid	Process
4352	MsiExec.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\GrpConv = "grpconv -o"	MSI5A30.tmp

Enumerates connected drives 3 TTPs 48 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\F:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\F:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\DriverStore\Temp\{053d1fa6-dfb6-0747-97f1-c8bca8e46b45}\SET44CA.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{eec42266-ca95-3540-9fb5-e8e9283ffffd}	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{d6519fe3-399c-914c-9aed-885bd43f50ef}\SET52D3.tmp	DrvInst.exe
File created	C:\Windows\System32\SET5E4C.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{54a3049d-57a5-444f-8018-455a4ffbc93f}\SET571A.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{54a3049d-57a5-444f-8018-455a4ffbc93f}\amd64\SET573A.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{39a7bccd-14c9-2a42-9ba1-44bb252ea01b}\SET3809.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{38aa8aba-e526-a84e-b951-95a4a617a8f2}\spacedeskDriverAndroidUsb.inf	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{386019e2-b2fa-3b4c-a1e8-0a17587c3873}\amd64\SET491F.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{d6519fe3-399c-914c-9aed-885bd43f50ef}\SET52E4.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\SET5E4C.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{053d1fa6-dfb6-0747-97f1-c8bca8e46b45}\amd64\spacedeskKtmInput.sys	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{386019e2-b2fa-3b4c-a1e8-0a17587c3873}\amd64\spacedeskDriverHid.dll	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\spacedeskdriveraudio.inf_amd64_4a35dfb48bc606c4\spacedeskDriverAudio.inf	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\spacedeskservice.inf_amd64_1c3f8f401f4d63d0\amd64\spacedeskService.exe	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{f98a59ee-e053-9d4b-81bf-0f80d68b5085}\SET5AB3.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{f98a59ee-e053-9d4b-81bf-0f80d68b5085}\amd64	DrvInst.exe
File opened for modification	C:\Windows\System32\SET5E7C.tmp	DrvInst.exe
File created	C:\Windows\System32\SET5E7C.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{54a3049d-57a5-444f-8018-455a4ffbc93f}\amd64	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{f98a59ee-e053-9d4b-81bf-0f80d68b5085}\amd64\SET5AB6.tmp	DrvInst.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log	powershell.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{39a7bccd-14c9-2a42-9ba1-44bb252ea01b}\amd64\SET3819.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\spacedeskdriverandroidcontrol.inf_amd64_8a29a93905f73ba7\spacedeskDriverAndroidControl.inf	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{54a3049d-57a5-444f-8018-455a4ffbc93f}\amd64\spacedeskDriverBus.sys	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\spacedeskdriverbus.inf_amd64_503d9e2357fbbe42\amd64\spacedeskDriverBus.sys	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{f98a59ee-e053-9d4b-81bf-0f80d68b5085}\amd64\spacedeskServiceTray.exe	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\spacedeskservice.inf_amd64_1c3f8f401f4d63d0\amd64\spacedeskServiceTray.exe	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{39a7bccd-14c9-2a42-9ba1-44bb252ea01b}\SET37F8.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{eec42266-ca95-3540-9fb5-e8e9283ffffd}\amd64\SET4E32.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\drvstore.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{f98a59ee-e053-9d4b-81bf-0f80d68b5085}\SET5AB3.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\spacedeskdisplay.inf_amd64_85d5c014420a5409\amd64\spacedeskDisplayUmode1_2.dll	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{f98a59ee-e053-9d4b-81bf-0f80d68b5085}\amd64\SET5AC6.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{39a7bccd-14c9-2a42-9ba1-44bb252ea01b}\amd64	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{053d1fa6-dfb6-0747-97f1-c8bca8e46b45}\SET44CB.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{053d1fa6-dfb6-0747-97f1-c8bca8e46b45}\spacedeskKtmInputmouse.inf	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{386019e2-b2fa-3b4c-a1e8-0a17587c3873}\amd64	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{053d1fa6-dfb6-0747-97f1-c8bca8e46b45}\SET44CA.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{f98a59ee-e053-9d4b-81bf-0f80d68b5085}\amd64\SET5AC6.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{053d1fa6-dfb6-0747-97f1-c8bca8e46b45}\amd64	DrvInst.exe
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{d6519fe3-399c-914c-9aed-885bd43f50ef}\amd64	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{f98a59ee-e053-9d4b-81bf-0f80d68b5085}\amd64\spacedeskService.exe	DrvInst.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive	powershell.exe
File created	C:\Windows\System32\DriverStore\Temp\{38aa8aba-e526-a84e-b951-95a4a617a8f2}\amd64\SET4016.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{38aa8aba-e526-a84e-b951-95a4a617a8f2}	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\spacedeskdisplay.inf_amd64_85d5c014420a5409\spacedeskdisplay.inf	DrvInst.exe
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\spacedeskservice.inf_amd64_1c3f8f401f4d63d0\spacedeskService.inf	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\spacedeskdisplay.inf_amd64_85d5c014420a5409\spacedeskDisplay.cat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{d6519fe3-399c-914c-9aed-885bd43f50ef}\spacedeskdriveraudio.cat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\spacedeskdriveraudio.inf_amd64_4a35dfb48bc606c4\spacedeskdriveraudio.cat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\spacedeskservice.inf_amd64_1c3f8f401f4d63d0\spacedeskService.cat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{f98a59ee-e053-9d4b-81bf-0f80d68b5085}\amd64\SET5AB5.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\spacedeskService.exe	DrvInst.exe
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{eec42266-ca95-3540-9fb5-e8e9283ffffd}\amd64	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{d6519fe3-399c-914c-9aed-885bd43f50ef}\amd64\SET52F4.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{d6519fe3-399c-914c-9aed-885bd43f50ef}	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{39a7bccd-14c9-2a42-9ba1-44bb252ea01b}\spacedeskDriverAndroidControl.inf	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{eec42266-ca95-3540-9fb5-e8e9283ffffd}\SET4DD3.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{eec42266-ca95-3540-9fb5-e8e9283ffffd}\amd64\SET4E32.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{f98a59ee-e053-9d4b-81bf-0f80d68b5085}\amd64\spacedeskConsole.exe	DrvInst.exe

Drops file in Program Files directory 28 IoCs

description	ioc	Process
File created	C:\Program Files\datronicsoft\spacedeskTemporarySetupFiles\spacedeskdriveraudio.cat	msiexec.exe
File created	C:\Program Files\datronicsoft\spacedeskTemporarySetupFiles\amd64\spacedeskDriverAudio.sys	msiexec.exe
File created	C:\Program Files\datronicsoft\spacedeskTemporarySetupFiles\spacedeskdriverhid.cat	msiexec.exe
File created	C:\Program Files\datronicsoft\spacedeskTemporarySetupFiles\amd64\spacedeskKtmInput.sys	msiexec.exe
File created	C:\Program Files\datronicsoft\spacedeskTemporarySetupFiles\amd64\spacedeskServiceTray.exe	msiexec.exe
File created	C:\Program Files\datronicsoft\spacedeskTemporarySetupFiles\spacedeskktminputmouse.inf	msiexec.exe
File created	C:\Program Files\datronicsoft\spacedeskTemporarySetupFiles\SpacedeskSetupCustomAction64.exe	msiexec.exe
File created	C:\Program Files\datronicsoft\spacedeskTemporarySetupFiles\amd64\spacedeskConsole.exe	msiexec.exe
File created	C:\Program Files\datronicsoft\spacedeskTemporarySetupFiles\spacedeskdisplay.cat	msiexec.exe
File created	C:\Program Files\datronicsoft\spacedeskTemporarySetupFiles\spacedeskDriverAndroidControl.cat	msiexec.exe
File created	C:\Program Files\datronicsoft\spacedeskTemporarySetupFiles\spacedeskDriverAndroidUsb.cat	msiexec.exe
File created	C:\Program Files\datronicsoft\spacedeskTemporarySetupFiles\spacedeskDriverAndroidUsb.inf	msiexec.exe
File created	C:\Program Files\datronicsoft\spacedeskTemporarySetupFiles\spacedeskdriverbus.cat	msiexec.exe
File created	C:\Program Files\datronicsoft\spacedeskTemporarySetupFiles\amd64\spacedeskDriverBus.sys	msiexec.exe
File created	C:\Program Files\datronicsoft\spacedeskTemporarySetupFiles\amd64\spacedeskDriverHid.dll	msiexec.exe
File created	C:\Program Files\datronicsoft\spacedeskTemporarySetupFiles\spacedeskktminputmouse.cat	msiexec.exe
File created	C:\Program Files\datronicsoft\spacedeskTemporarySetupFiles\amd64\spacedeskService.exe	msiexec.exe
File created	C:\Program Files\datronicsoft\spacedeskTemporarySetupFiles\spacedeskservice.cat	msiexec.exe
File created	C:\Program Files\datronicsoft\spacedeskTemporarySetupFiles\spacedeskdisplay.inf	msiexec.exe
File created	C:\Program Files\datronicsoft\spacedeskTemporarySetupFiles\amd64\spacedeskDisplayUmode1_0.dll	msiexec.exe
File created	C:\Program Files\datronicsoft\spacedeskTemporarySetupFiles\spacedeskDriverBus.inf	msiexec.exe
File created	C:\Program Files\datronicsoft\spacedeskTemporarySetupFiles\amd64\spacedeskDisplayUmode1_2.dll	msiexec.exe
File created	C:\Program Files\datronicsoft\spacedeskTemporarySetupFiles\amd64\spacedeskDriverAndroidUsb.sys	msiexec.exe
File created	C:\Program Files\datronicsoft\spacedeskTemporarySetupFiles\spacedeskDriverAudio.inf	msiexec.exe
File created	C:\Program Files\datronicsoft\spacedeskTemporarySetupFiles\spacedeskDriverHid.inf	msiexec.exe
File created	C:\Program Files\datronicsoft\spacedeskTemporarySetupFiles\amd64\spacedeskDriverAndroidControl.sys	msiexec.exe
File created	C:\Program Files\datronicsoft\spacedeskTemporarySetupFiles\spacedeskService.inf	msiexec.exe
File created	C:\Program Files\datronicsoft\spacedeskTemporarySetupFiles\spacedeskDriverAndroidControl.inf	msiexec.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Installer\MSI6407.tmp	msiexec.exe
File opened for modification	C:\Windows\inf\oem7.inf	DrvInst.exe
File opened for modification	C:\Windows\Installer\MSI35B9.tmp	msiexec.exe
File opened for modification	C:\Windows\inf\oem3.inf	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	MSI42CB.tmp
File created	C:\Windows\inf\oem7.inf	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	MSI5A30.tmp
File opened for modification	C:\Windows\Installer\MSI32C8.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI346F.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI559B.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI62BC.tmp	msiexec.exe
File created	C:\Windows\Installer\{26EB1A9A-6F23-4AE4-8BD9-B43C3FA07550}\ShortCutIcon.exe	msiexec.exe
File created	C:\Windows\INF\oem2.PNF	MSI346F.tmp
File opened for modification	C:\Windows\Installer\MSI3EB3.tmp	msiexec.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\inf\oem8.inf	DrvInst.exe
File opened for modification	C:\Windows\Installer\MSI5A30.tmp	msiexec.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File created	C:\Windows\Installer\{26EB1A9A-6F23-4AE4-8BD9-B43C3FA07550}\installerIcon.ico	msiexec.exe
File created	C:\Windows\Installer\SourceHash{26EB1A9A-6F23-4AE4-8BD9-B43C3FA07550}	msiexec.exe
File created	C:\Windows\inf\oem4.inf	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\Installer\MSI42CB.tmp	msiexec.exe
File created	C:\Windows\inf\oem10.inf	DrvInst.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\INF\oem0.PNF	MSI346F.tmp
File opened for modification	C:\Windows\INF\setupapi.dev.log	MSI5145.tmp
File created	C:\Windows\inf\oem8.inf	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	MSI4750.tmp
File opened for modification	C:\Windows\INF\setupapi.dev.log	MSI4B87.tmp
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File created	C:\Windows\INF\oem1.PNF	MSI346F.tmp
File opened for modification	C:\Windows\inf\oem4.inf	DrvInst.exe
File opened for modification	C:\Windows\inf\oem6.inf	DrvInst.exe
File created	C:\Windows\inf\oem9.inf	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	MSI35B9.tmp
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\inf\oem5.inf	DrvInst.exe
File opened for modification	C:\Windows\Installer\MSI4B87.tmp	msiexec.exe
File created	C:\Windows\Installer\e5730e3.msi	msiexec.exe
File created	C:\Windows\inf\oem3.inf	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\inf\oem9.inf	DrvInst.exe
File opened for modification	C:\Windows\Installer\MSI631B.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\{26EB1A9A-6F23-4AE4-8BD9-B43C3FA07550}\ShortCutIcon.exe	msiexec.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	MSI3EB3.tmp
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File created	C:\Windows\Installer\e5730e5.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI354A.tmp	msiexec.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	svchost.exe
File opened for modification	C:\Windows\inf\oem10.inf	DrvInst.exe
File opened for modification	C:\Windows\Installer\{26EB1A9A-6F23-4AE4-8BD9-B43C3FA07550}\installerIcon.ico	msiexec.exe
File opened for modification	C:\Windows\Installer\e5730e3.msi	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File created	C:\Windows\inf\oem5.inf	DrvInst.exe
File created	C:\Windows\inf\oem6.inf	DrvInst.exe
File opened for modification	C:\Windows\Installer\MSI5145.tmp	msiexec.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	MSI559B.tmp
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\Installer\MSI4750.tmp	msiexec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Phantom	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Filters	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Phantom	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs	MSI5145.tmp
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	MSI35B9.tmp
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	MSI4B87.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	MSI559B.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Filters	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	MSI4750.tmp
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	MSI5145.tmp
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Phantom	MSI5145.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	MSI35B9.tmp
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	MSI4750.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\UpperFilters	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Filters	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs	MSI4750.tmp
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs	MSI35B9.tmp
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\LowerFilters	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\LowerFilters	DrvInst.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr	vssvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	MSI42CB.tmp
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	MSI42CB.tmp
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID	MSI4750.tmp
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	MSI4B87.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	MSI5145.tmp
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	MSI4750.tmp
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	MSI4B87.tmp
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID	MSI4B87.tmp
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000f9d6c693febb2fce0000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000f9d6c6930000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3f000000ffffffff000000000700010000680900f9d6c693000000000000d0120000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000f9d6c69300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000f9d6c69300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	MSI35B9.tmp
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	MSI5145.tmp
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Phantom	MSI4750.tmp
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs	DrvInst.exe

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	runonce.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	runonce.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0"	runonce.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\	runonce.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe

Modifies registry class 23 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\A9A1BE6232F64EA4B89D4BC3F30A5705	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A9A1BE6232F64EA4B89D4BC3F30A5705	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A9A1BE6232F64EA4B89D4BC3F30A5705\Assignment = "1"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\B7D4CBC34A6B7014BBE966DEFF93900B\A9A1BE6232F64EA4B89D4BC3F30A5705	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A9A1BE6232F64EA4B89D4BC3F30A5705\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Local\\Temp\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A9A1BE6232F64EA4B89D4BC3F30A5705\PackageCode = "A0D27A9439CCDC04D8A545912C1B23D2"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A9A1BE6232F64EA4B89D4BC3F30A5705\InstanceType = "0"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A9A1BE6232F64EA4B89D4BC3F30A5705\AuthorizedLUAApp = "0"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A9A1BE6232F64EA4B89D4BC3F30A5705\DeploymentFlags = "3"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A9A1BE6232F64EA4B89D4BC3F30A5705\SourceList\Media	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A9A1BE6232F64EA4B89D4BC3F30A5705\Language = "1033"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\B7D4CBC34A6B7014BBE966DEFF93900B	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A9A1BE6232F64EA4B89D4BC3F30A5705\SourceList\PackageName = "spacedesk_driver_Win_10_64_v1066_BETA.msi"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A9A1BE6232F64EA4B89D4BC3F30A5705\SourceList\Net	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\A9A1BE6232F64EA4B89D4BC3F30A5705\ProductFeature	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A9A1BE6232F64EA4B89D4BC3F30A5705\ProductName = "spacedesk Windows DRIVER"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A9A1BE6232F64EA4B89D4BC3F30A5705\Version = "16777282"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A9A1BE6232F64EA4B89D4BC3F30A5705\AdvertiseFlags = "388"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A9A1BE6232F64EA4B89D4BC3F30A5705\ProductIcon = "C:\\Windows\\Installer\\{26EB1A9A-6F23-4AE4-8BD9-B43C3FA07550}\\installerIcon.ico"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A9A1BE6232F64EA4B89D4BC3F30A5705\SourceList	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A9A1BE6232F64EA4B89D4BC3F30A5705\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A9A1BE6232F64EA4B89D4BC3F30A5705\SourceList\Media\1 = ";"	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A9A1BE6232F64EA4B89D4BC3F30A5705\Clients = 3a0000000000	msiexec.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
4484	msiexec.exe
4484	msiexec.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3760	msiexec.exe
Token: SeIncreaseQuotaPrivilege	3760	msiexec.exe
Token: SeSecurityPrivilege	4484	msiexec.exe
Token: SeCreateTokenPrivilege	3760	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	3760	msiexec.exe
Token: SeLockMemoryPrivilege	3760	msiexec.exe
Token: SeIncreaseQuotaPrivilege	3760	msiexec.exe
Token: SeMachineAccountPrivilege	3760	msiexec.exe
Token: SeTcbPrivilege	3760	msiexec.exe
Token: SeSecurityPrivilege	3760	msiexec.exe
Token: SeTakeOwnershipPrivilege	3760	msiexec.exe
Token: SeLoadDriverPrivilege	3760	msiexec.exe
Token: SeSystemProfilePrivilege	3760	msiexec.exe
Token: SeSystemtimePrivilege	3760	msiexec.exe
Token: SeProfSingleProcessPrivilege	3760	msiexec.exe
Token: SeIncBasePriorityPrivilege	3760	msiexec.exe
Token: SeCreatePagefilePrivilege	3760	msiexec.exe
Token: SeCreatePermanentPrivilege	3760	msiexec.exe
Token: SeBackupPrivilege	3760	msiexec.exe
Token: SeRestorePrivilege	3760	msiexec.exe
Token: SeShutdownPrivilege	3760	msiexec.exe
Token: SeDebugPrivilege	3760	msiexec.exe
Token: SeAuditPrivilege	3760	msiexec.exe
Token: SeSystemEnvironmentPrivilege	3760	msiexec.exe
Token: SeChangeNotifyPrivilege	3760	msiexec.exe
Token: SeRemoteShutdownPrivilege	3760	msiexec.exe
Token: SeUndockPrivilege	3760	msiexec.exe
Token: SeSyncAgentPrivilege	3760	msiexec.exe
Token: SeEnableDelegationPrivilege	3760	msiexec.exe
Token: SeManageVolumePrivilege	3760	msiexec.exe
Token: SeImpersonatePrivilege	3760	msiexec.exe
Token: SeCreateGlobalPrivilege	3760	msiexec.exe
Token: SeCreateTokenPrivilege	3760	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	3760	msiexec.exe
Token: SeLockMemoryPrivilege	3760	msiexec.exe
Token: SeIncreaseQuotaPrivilege	3760	msiexec.exe
Token: SeMachineAccountPrivilege	3760	msiexec.exe
Token: SeTcbPrivilege	3760	msiexec.exe
Token: SeSecurityPrivilege	3760	msiexec.exe
Token: SeTakeOwnershipPrivilege	3760	msiexec.exe
Token: SeLoadDriverPrivilege	3760	msiexec.exe
Token: SeSystemProfilePrivilege	3760	msiexec.exe
Token: SeSystemtimePrivilege	3760	msiexec.exe
Token: SeProfSingleProcessPrivilege	3760	msiexec.exe
Token: SeIncBasePriorityPrivilege	3760	msiexec.exe
Token: SeCreatePagefilePrivilege	3760	msiexec.exe
Token: SeCreatePermanentPrivilege	3760	msiexec.exe
Token: SeBackupPrivilege	3760	msiexec.exe
Token: SeRestorePrivilege	3760	msiexec.exe
Token: SeShutdownPrivilege	3760	msiexec.exe
Token: SeDebugPrivilege	3760	msiexec.exe
Token: SeAuditPrivilege	3760	msiexec.exe
Token: SeSystemEnvironmentPrivilege	3760	msiexec.exe
Token: SeChangeNotifyPrivilege	3760	msiexec.exe
Token: SeRemoteShutdownPrivilege	3760	msiexec.exe
Token: SeUndockPrivilege	3760	msiexec.exe
Token: SeSyncAgentPrivilege	3760	msiexec.exe
Token: SeEnableDelegationPrivilege	3760	msiexec.exe
Token: SeManageVolumePrivilege	3760	msiexec.exe
Token: SeImpersonatePrivilege	3760	msiexec.exe
Token: SeCreateGlobalPrivilege	3760	msiexec.exe
Token: SeCreateTokenPrivilege	3760	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	3760	msiexec.exe
Token: SeLockMemoryPrivilege	3760	msiexec.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3760	msiexec.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
2908	spacedeskServiceTray.exe
2908	spacedeskServiceTray.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
3760	msiexec.exe
980	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
2908	spacedeskServiceTray.exe
2908	spacedeskServiceTray.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4484 wrote to memory of 4352	4484	msiexec.exe	93
PID 4484 wrote to memory of 4352	4484	msiexec.exe	93
PID 4484 wrote to memory of 4352	4484	msiexec.exe	93
PID 4484 wrote to memory of 3632	4484	msiexec.exe	99
PID 4484 wrote to memory of 3632	4484	msiexec.exe	99
PID 4484 wrote to memory of 3872	4484	msiexec.exe	101
PID 4484 wrote to memory of 3872	4484	msiexec.exe	101
PID 4484 wrote to memory of 380	4484	msiexec.exe	102
PID 4484 wrote to memory of 380	4484	msiexec.exe	102
PID 4484 wrote to memory of 2540	4484	msiexec.exe	103
PID 4484 wrote to memory of 2540	4484	msiexec.exe	103
PID 3472 wrote to memory of 4936	3472	svchost.exe	105
PID 3472 wrote to memory of 4936	3472	svchost.exe	105
PID 3472 wrote to memory of 4316	3472	svchost.exe	106
PID 3472 wrote to memory of 4316	3472	svchost.exe	106
PID 4484 wrote to memory of 4196	4484	msiexec.exe	107
PID 4484 wrote to memory of 4196	4484	msiexec.exe	107
PID 3472 wrote to memory of 2076	3472	svchost.exe	108
PID 3472 wrote to memory of 2076	3472	svchost.exe	108
PID 4484 wrote to memory of 1496	4484	msiexec.exe	109
PID 4484 wrote to memory of 1496	4484	msiexec.exe	109
PID 3472 wrote to memory of 4292	3472	svchost.exe	110
PID 3472 wrote to memory of 4292	3472	svchost.exe	110
PID 4484 wrote to memory of 4916	4484	msiexec.exe	111
PID 4484 wrote to memory of 4916	4484	msiexec.exe	111
PID 3472 wrote to memory of 2156	3472	svchost.exe	112
PID 3472 wrote to memory of 2156	3472	svchost.exe	112
PID 4484 wrote to memory of 3260	4484	msiexec.exe	113
PID 4484 wrote to memory of 3260	4484	msiexec.exe	113
PID 3472 wrote to memory of 3272	3472	svchost.exe	114
PID 3472 wrote to memory of 3272	3472	svchost.exe	114
PID 4484 wrote to memory of 4816	4484	msiexec.exe	115
PID 4484 wrote to memory of 4816	4484	msiexec.exe	115
PID 3472 wrote to memory of 2052	3472	svchost.exe	116
PID 3472 wrote to memory of 2052	3472	svchost.exe	116
PID 4484 wrote to memory of 3868	4484	msiexec.exe	117
PID 4484 wrote to memory of 3868	4484	msiexec.exe	117
PID 3472 wrote to memory of 3032	3472	svchost.exe	118
PID 3472 wrote to memory of 3032	3472	svchost.exe	118
PID 3472 wrote to memory of 380	3472	svchost.exe	119
PID 3472 wrote to memory of 380	3472	svchost.exe	119
PID 4484 wrote to memory of 2508	4484	msiexec.exe	120
PID 4484 wrote to memory of 2508	4484	msiexec.exe	120
PID 3472 wrote to memory of 964	3472	svchost.exe	121
PID 3472 wrote to memory of 964	3472	svchost.exe	121
PID 3472 wrote to memory of 412	3472	svchost.exe	122
PID 3472 wrote to memory of 412	3472	svchost.exe	122
PID 1920 wrote to memory of 2908	1920	spacedeskService.exe	124
PID 1920 wrote to memory of 2908	1920	spacedeskService.exe	124
PID 1920 wrote to memory of 2908	1920	spacedeskService.exe	124
PID 2508 wrote to memory of 3164	2508	MSI5A30.tmp	125
PID 2508 wrote to memory of 3164	2508	MSI5A30.tmp	125
PID 3164 wrote to memory of 3424	3164	runonce.exe	126
PID 3164 wrote to memory of 3424	3164	runonce.exe	126
PID 4484 wrote to memory of 1952	4484	msiexec.exe	128
PID 4484 wrote to memory of 1952	4484	msiexec.exe	128
PID 4484 wrote to memory of 2520	4484	msiexec.exe	129
PID 4484 wrote to memory of 2520	4484	msiexec.exe	129
PID 4484 wrote to memory of 4972	4484	msiexec.exe	130
PID 4484 wrote to memory of 4972	4484	msiexec.exe	130
PID 2908 wrote to memory of 2464	2908	spacedeskServiceTray.exe	131
PID 2908 wrote to memory of 2464	2908	spacedeskServiceTray.exe	131
PID 2464 wrote to memory of 3624	2464	spacedeskConsole.exe	132
PID 2464 wrote to memory of 3624	2464	spacedeskConsole.exe	132

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\system32\msiexec.exe
msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\spacedesk_driver_Win_10_64_v1066_BETA.msi
1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3760

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4484
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 3EC741701D891EF06285D15359494D24 C
  2⤵
  - Loads dropped DLL
  PID:4352
- C:\Windows\system32\srtasks.exe
  C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
  2⤵
  PID:3632
- C:\Windows\Installer\MSI346F.tmp
  "C:\Windows\Installer\MSI346F.tmp" -preInstallCheck_W10
  2⤵
  - Executes dropped EXE
  - Drops file in Windows directory
  PID:3872
- C:\Windows\Installer\MSI354A.tmp
  "C:\Windows\Installer\MSI354A.tmp" -qWaveCheck
  2⤵
  - Executes dropped EXE
  PID:380
- C:\Windows\Installer\MSI35B9.tmp
  "C:\Windows\Installer\MSI35B9.tmp" -install_android_control,C:\Program Files\datronicsoft\spacedeskTemporarySetupFiles\
  2⤵
  - Executes dropped EXE
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  PID:2540
- C:\Windows\Installer\MSI3EB3.tmp
  "C:\Windows\Installer\MSI3EB3.tmp" -install_android_usb,C:\Program Files\datronicsoft\spacedeskTemporarySetupFiles\
  2⤵
  - Executes dropped EXE
  - Drops file in Windows directory
  PID:4196
- C:\Windows\Installer\MSI42CB.tmp
  "C:\Windows\Installer\MSI42CB.tmp" -install_ktm,C:\Program Files\datronicsoft\spacedeskTemporarySetupFiles\
  2⤵
  - Executes dropped EXE
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  PID:1496
- C:\Windows\Installer\MSI4750.tmp
  "C:\Windows\Installer\MSI4750.tmp" -install_hid,C:\Program Files\datronicsoft\spacedeskTemporarySetupFiles\
  2⤵
  - Executes dropped EXE
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  PID:4916
- C:\Windows\Installer\MSI4B87.tmp
  "C:\Windows\Installer\MSI4B87.tmp" -install_iddcx,C:\Program Files\datronicsoft\spacedeskTemporarySetupFiles\,0
  2⤵
  - Executes dropped EXE
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  PID:3260
- C:\Windows\Installer\MSI5145.tmp
  "C:\Windows\Installer\MSI5145.tmp" -install_audio,C:\Program Files\datronicsoft\spacedeskTemporarySetupFiles\
  2⤵
  - Executes dropped EXE
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  PID:4816
- C:\Windows\Installer\MSI559B.tmp
  "C:\Windows\Installer\MSI559B.tmp" -install_bus,C:\Program Files\datronicsoft\spacedeskTemporarySetupFiles\
  2⤵
  - Executes dropped EXE
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  PID:3868
- C:\Windows\Installer\MSI5A30.tmp
  "C:\Windows\Installer\MSI5A30.tmp" -install_server,C:\Program Files\datronicsoft\spacedeskTemporarySetupFiles\
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:2508
- - C:\Windows\system32\runonce.exe
    "C:\Windows\system32\runonce.exe" -r
    3⤵
    - Checks processor information in registry
    - Modifies data under HKEY_USERS
    - Suspicious use of WriteProcessMemory
    PID:3164
  - - C:\Windows\System32\grpconv.exe
      "C:\Windows\System32\grpconv.exe" -o
      4⤵
      PID:3424
- C:\Windows\Installer\MSI62BC.tmp
  "C:\Windows\Installer\MSI62BC.tmp" -openFirewall
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\Installer\MSI631B.tmp
  "C:\Windows\Installer\MSI631B.tmp" -spacedeskProgramFilesDelete,C:\Program Files\datronicsoft\spacedeskTemporarySetupFiles\
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\Installer\MSI6407.tmp
  "C:\Windows\Installer\MSI6407.tmp" -otherFirewallCheck
  2⤵
  - Executes dropped EXE
  PID:4972

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Checks SCSI registry key(s)
PID:2952

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:980

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious use of WriteProcessMemory
PID:3472
- C:\Windows\system32\DrvInst.exe
  DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{1c3f3a74-dc59-3643-bb1f-01c8bf24cd79}\spacedeskDriverAndroidControl.inf" "9" "45b7ea1ef" "0000000000000148" "WinSta0\Default" "0000000000000160" "208" "C:\Program Files\datronicsoft\spacedeskTemporarySetupFiles"
  2⤵
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  - Modifies data under HKEY_USERS
  PID:4936
- C:\Windows\system32\DrvInst.exe
  DrvInst.exe "2" "1" "ROOT\SPACEDESK_ANDROID_CONTROL\0000" "C:\Windows\System32\DriverStore\FileRepository\spacedeskdriverandroidcontrol.inf_amd64_8a29a93905f73ba7\spacedeskdriverandroidcontrol.inf" "oem3.inf:*:*:1.0.434.7:ROOT\VID_DATRONICSOFT_PID_SPACEDESK_DRIVER_USB_ANDROID_0001," "45b7ea1ef" "0000000000000148"
  2⤵
  - Drops file in Drivers directory
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  PID:4316
- C:\Windows\system32\DrvInst.exe
  DrvInst.exe "4" "1" "C:\Program Files\datronicsoft\spacedeskTemporarySetupFiles\spacedeskDriverAndroidUsb.inf" "9" "4133ae017" "0000000000000170" "WinSta0\Default" "0000000000000178" "208" "C:\Program Files\datronicsoft\spacedeskTemporarySetupFiles"
  2⤵
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  - Modifies data under HKEY_USERS
  PID:2076
- C:\Windows\system32\DrvInst.exe
  DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{5ea91d6f-3da8-f64f-9957-5e0e1e07501d}\spacedeskKtmInputmouse.inf" "9" "4f3ed3867" "0000000000000184" "WinSta0\Default" "0000000000000188" "208" "C:\Program Files\datronicsoft\spacedeskTemporarySetupFiles"
  2⤵
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  - Modifies data under HKEY_USERS
  PID:4292
- C:\Windows\system32\DrvInst.exe
  DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{b77e2d98-a30c-3341-817e-883b1939e045}\spacedeskDriverHid.inf" "9" "47864f973" "0000000000000188" "WinSta0\Default" "0000000000000178" "208" "C:\Program Files\datronicsoft\spacedeskTemporarySetupFiles"
  2⤵
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  - Modifies data under HKEY_USERS
  PID:2156
- C:\Windows\system32\DrvInst.exe
  DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{6ff52508-2d34-4b43-a358-1a13337e3744}\spacedeskdisplay.inf" "9" "41bc176d3" "0000000000000178" "WinSta0\Default" "0000000000000170" "208" "C:\Program Files\datronicsoft\spacedeskTemporarySetupFiles"
  2⤵
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  - Modifies data under HKEY_USERS
  PID:3272
- C:\Windows\system32\DrvInst.exe
  DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{9de0e912-7c47-0d40-b48f-373a539fd2ba}\spacedeskDriverAudio.inf" "9" "4ae9ee12f" "0000000000000170" "WinSta0\Default" "0000000000000188" "208" "C:\Program Files\datronicsoft\spacedeskTemporarySetupFiles"
  2⤵
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  - Modifies data under HKEY_USERS
  PID:2052
- C:\Windows\system32\DrvInst.exe
  DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{c00d8d87-92c3-5c4d-a490-f35a7a0f9d5b}\spacedeskDriverBus.inf" "9" "488184413" "0000000000000180" "WinSta0\Default" "0000000000000188" "208" "C:\Program Files\datronicsoft\spacedeskTemporarySetupFiles"
  2⤵
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  - Modifies data under HKEY_USERS
  PID:3032
- C:\Windows\system32\DrvInst.exe
  DrvInst.exe "2" "1" "ROOT\SPACEDESK_VIRTUAL_BUS\0000" "C:\Windows\System32\DriverStore\FileRepository\spacedeskdriverbus.inf_amd64_503d9e2357fbbe42\spacedeskdriverbus.inf" "oem9.inf:*:*:1.0.437.38:Root\VID_DATRONICSOFT_PID_SPACEDESK_VIRTUAL_BUS_0001," "488184413" "0000000000000180"
  2⤵
  - Drops file in Drivers directory
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  PID:380
- C:\Windows\system32\DrvInst.exe
  DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{7422adae-2875-3340-b08c-fd0c0a98ab3a}\spacedeskService.inf" "9" "452179f9f" "0000000000000148" "WinSta0\Default" "0000000000000154" "208" "C:\Program Files\datronicsoft\spacedeskTemporarySetupFiles"
  2⤵
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  - Modifies data under HKEY_USERS
  PID:964
- C:\Windows\system32\DrvInst.exe
  DrvInst.exe "8" "4" "C:\Windows\System32\DriverStore\FileRepository\spacedeskservice.inf_amd64_1c3f8f401f4d63d0\spacedeskservice.inf" "0" "452179f9f" "0000000000000154" "WinSta0\Default"
  2⤵
  - Drops file in System32 directory
  - Drops file in Windows directory
  PID:412

C:\Windows\System32\spacedeskService.exe
C:\Windows\System32\spacedeskService.exe
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1920
- C:\Windows\System32\spacedeskServiceTray.exe
  This is spacedesk Service calling.
  2⤵
  - Executes dropped EXE
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:2908
- - C:\Windows\System32\spacedeskConsole.exe
    "C:\Windows\System32\spacedeskConsole.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:2464
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "powershell.exe" /c Get-NetConnectionProfile > "C:\Users\Public\netconnectionprofile.txt"
      4⤵
      Drops file in System32 directory
      PID:3624

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e5730e4.rbs

Filesize
543KB

MD5
2bde0953cda9209dbfb0815ecf5d6441

SHA1
c34f97fa3b989f8ff8da6e9b0b3a018d2a8eaaff

SHA256
21a07fcb14bc82249e3f09a3c5288bc51eb64146f096ddfabb646bf077429e62

SHA512
78d900592badf92d0751cf5931c4cc8c346843ab85761e557cd6398c15c749a9f7f49586fb2a0c1fa55a3ce072ef01a28ff8be18e95b4391002665bff8c98c80

Download Submit
C:\PROGRA~1\DATRON~1\SPACED~1\amd64\spacedeskDisplayUmode1_0.dll

Filesize
131KB

MD5
a5d67223de9dc8d32ac37c0a3afbce80

SHA1
0be537fbe1d23454d41c804f6c21145fdff759da

SHA256
5398801ea494ebea59ad54250309dc23b3c46e32e9cd535b42c8940f96f0e2aa

SHA512
fffd12babbbefaf4aaa445ad57130b97d4cd2a4c0bfdf9f46cf982b2861722a44ba99e692008ea27b09a107a1bf38f22573932c0f60e925cd78058f1f4ddf412

Download Submit
C:\PROGRA~1\DATRON~1\SPACED~1\amd64\spacedeskDisplayUmode1_2.dll

Filesize
131KB

MD5
c1466e2047fc90563d193d4c70290f47

SHA1
613254751bfbc1a87d10674d6f1da6f4b9853544

SHA256
335598d0f03b7170b6e1857b1f81a73ad75d833104a7715b7f3fbc4d43a8c105

SHA512
6286d06c2d2aa0cc0705e189988fbc83e5404bd0344d5b98306c0aed55535542974e2f478064ab24910061553413085109985f2c599bb004249053f5d675ffac

Download Submit
C:\PROGRA~1\DATRON~1\SPACED~1\amd64\spacedeskDriverAndroidControl.sys

Filesize
47KB

MD5
05f332d22f5fa50dc42e7470eca00d98

SHA1
3d229f79476a422f26041453b2d490ca79bda9ae

SHA256
75c7699876ce8b1a847043bfa1d410462fd89d70726df3ec01ce1e9c593bfec9

SHA512
eabaa87554a0191363db7d4ca58910a15a6ce6fc3293501e4de7245fd09d88048363492a09132c3d339b17e2d58e8120e994b1830894fa5b865bf37e368b33ee

Download Submit
C:\PROGRA~1\DATRON~1\SPACED~1\amd64\spacedeskDriverAndroidUsb.sys

Filesize
41KB

MD5
380881d0c57ec7737b381be7a4889e4d

SHA1
f7cbf374ab38ab8d0be9428a19eed7f86815f488

SHA256
03624bdc09765cca89bc3b7e81a28238cdc244083308758ef63595a0b98a5e20

SHA512
94bafee8a3939747dc1f8089bb5f1706b16c5abec1dadbb19b0fac4e63ec56da5b7b53bc383135d95094f6e23d9da5c38320d4efd5e8c694215c651cd57d5423

Download Submit
C:\PROGRA~1\DATRON~1\SPACED~1\amd64\spacedeskDriverHid.dll

Filesize
91KB

MD5
3e96c8bd6b65314399ed52979a63da52

SHA1
a56eb8c5b2da5fadbf75c528c4b8f011bada3b37

SHA256
a52e20aafc3534166122aa29c809f54cce576ea519e0b727a2881577e3951774

SHA512
c0c6f5fbd9ecc6ae537ab8f3e731e26ea702d66126570a86d6cce9433753b04472ab04d85b30b36f39b0cfc2500bfe00c1b2b15431d97f0e893c5e200b028a80

Download Submit
C:\PROGRA~1\DATRON~1\SPACED~1\amd64\spacedeskKtmInput.sys

Filesize
41KB

MD5
fad80e5e02e03e48609c852a489f6cd3

SHA1
b711d9025e0b6f6567d1407d65d7f67daca292a5

SHA256
398582f8456f404653129df83d04b40f85c6b61cf213c86b75766cf77d323386

SHA512
fcc2bac894faae66c28168775bb97d75a708443bb4000c64e74ca21a3c357215f6a7bd626bbdbc090e6a55eec707de2faa7e7631129d3d4ed196fc6804033c06

Download Submit
C:\PROGRA~1\DATRON~1\SPACED~1\spacedeskDisplay.cat

Filesize
13KB

MD5
d9296fd9abadde342fca14c0a8e92705

SHA1
ae65804e13f741c1abd38e25afbaa8f86bcdbf48

SHA256
6f7cb73f3a70a5934ac6dbd06e14fa6739b78a1fbf56fb3c36b774904be8c14f

SHA512
451a1abfe18ad5e5482cff1b1ef630f1a6bf2f36c6ab6a71f1f0b2342e540e2b2cd794b1f29e7cbd694aedc67e3b2062063cdeb1f0c53977955780b0cd0ce0cd

Download Submit
C:\PROGRA~1\DATRON~1\SPACED~1\spacedeskDriverAndroidControl.cat

Filesize
12KB

MD5
2e8ca099c8558f49867d380b1e0e08da

SHA1
6efda9cc44e089641531f7bcc280055bf9528039

SHA256
6149d6a4dc9e22847d60c39921ff3d31c28cd9d1071f16bd0656bd3c2dc54548

SHA512
90a4730d101c8434369e9f6acf83c2af02ed9bedb0cf42006e1aa317b9a0b63f47f29b6559650514cd3267fcf6e92d674201244c862046a6a4be25411124eaa8

Download Submit
C:\PROGRA~1\DATRON~1\SPACED~1\spacedeskDriverAndroidUsb.cat

Filesize
12KB

MD5
92ada09b4ea4ef2ddf3bac8f286d4cef

SHA1
dff136e5f9ef6acebbbfee8097839276b29ffb67

SHA256
6846a9626d0f62c845a41577d6246d05812c472ab2e042dac97341223ad19e53

SHA512
40f057a845af608cc3c32465c5d51ab3446304ce56c72f26f46565e01698bf92686e2c92f51b3777b5d8777ccb97f56031bc2f7a3e2d709394b62908163a6fac

Download Submit
C:\PROGRA~1\DATRON~1\SPACED~1\spacedeskDriverHid.cat

Filesize
12KB

MD5
894f3b9cab2a4d5c913653cf4f40027e

SHA1
4359db25a8118e4eeef5d8cf5e9978a42ba008e9

SHA256
7c650417d441c9d16d13235622d227416370707bd75a7cbc7a252f07ca7e4b75

SHA512
50aa17e8fc28d7fcf9e445ded1715882feff76289ac5318a75085a07921a04e20f89d5883a7c1ec4a915bb6f00cfb5e830e5d60befd0e7a146da8fb1f882adf8

Download Submit
C:\PROGRA~1\DATRON~1\SPACED~1\spacedeskKtmInputmouse.cat

Filesize
12KB

MD5
42a4ed6e6b94e1b74e9c5538ea3af0b4

SHA1
b394e9f6c9cde7985a86c87ab2823641f32c8eea

SHA256
6d363492a43aa06bf2e5ee919c3a1d4cdd4de1ae6eca0c6d94cedd0490d1e530

SHA512
5d9620a8f7c6b7033ead1e99ef74976c6fec066d56e5ba51abfbb616b93c970e73961aae8511656779a36d6c799363f1cf57eec889bb06223077a304a9f8848a

Download Submit
C:\Program Files\datronicsoft\spacedeskTemporarySetupFiles\spacedeskDriverAndroidControl.inf

Filesize
3KB

MD5
1cc3e04aa6d4141a0eb97364ca00fb97

SHA1
11e508ad624cf5f31ae6a579bd397599d2c36b28

SHA256
3a741c7b1a53ea35dd2c23615b1d0bab2adf3e150e60b4d14878466f811648bc

SHA512
9758c8022b2e3967a440de12442a39d958ae342a17d4420754c3e053ba11f50d5b2051fea8f452eda3dc2b0f9da051a3c90d45e80e9a148b776ff386d64a1b07

Download Submit
C:\Program Files\datronicsoft\spacedeskTemporarySetupFiles\spacedeskDriverAndroidUsb.inf

Filesize
4KB

MD5
5aeb0a4a73db16b2889ff3cf0d65dd91

SHA1
a6e47f400bda7743d83aaf6c8764a8ef530f1362

SHA256
5d496cec369994b0ddbf71f372e9956d7c9926ff8326889da5f89b3e156c6bb1

SHA512
70b14af7e12160699a332abc6bb7004410da55ad996baf1b1cb582777c817d70095919e9874cb9dd944739b6537fbe26d6dcbbe044cd8afba781fb1c86fb47da

Download Submit
C:\Program Files\datronicsoft\spacedeskTemporarySetupFiles\spacedeskDriverHid.inf

Filesize
6KB

MD5
d8ba40f9b6ff7678dff9f873a1e0c8e8

SHA1
ffb7a0ddd17c39be81331ef0d5f70933d51d2cdc

SHA256
8b4348e96347ab2380116a36d4e5da7c68f65b47dfe641cd64822c319179ea20

SHA512
804b167161b29e4254ec54f0c485ca76a71da09b66c7a3d3d6bec1e3271dc0e3a97e74febef73cf5d5cc3a62313d8beb90703c5fa2ee600203d9cc535f980007

Download Submit
C:\Program Files\datronicsoft\spacedeskTemporarySetupFiles\spacedeskKtmInputmouse.inf

Filesize
2KB

MD5
c8e701ea27a2a1d0abc8bfa99509c5c4

SHA1
b3bd4debbd0ae0499a9da6867c83014f7328753d

SHA256
bfd53b3c4e0bbbda52a631f882eafb946d62c50ae6f8df0f446984b64eb5b474

SHA512
7dcc00c31c952d84858c34354214f738f58e1d20698a2f33ba5692b6ceda41e0dec78923739427392cbe14c7114dc73a0d89429727661b86fab21a260a335bef

Download Submit
C:\Program Files\datronicsoft\spacedeskTemporarySetupFiles\spacedeskdisplay.inf

Filesize
4KB

MD5
8b7854e3dbf68388f67e4309301ffe26

SHA1
2cae3c2e8879e6f8114d1954633005c51cb7a3fe

SHA256
865120a7ed7d0ca9b065fc16e56c2693280d2efd5ab8134c3ace2f15bb92d062

SHA512
c1e5530b0c43a9ec2d014b050c67e52b609067bb119aeb8e80b2728f2308cc8ba38ebd9678cb3776f3566b45a57632fe7fa76cb691a4422646bb9192c9ccf4d9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

Filesize
471B

MD5
a750a34bb24e24ccde27cea029afb01b

SHA1
3625463c6a7a7ce87ad718f0bd3e3d75197084ca

SHA256
1c6a52c1a28f8b9136d1dc7309c7cb73c33ba386c00de4632c8c7756ffc33cea

SHA512
f7dfbb501a1486e95639daa9f1f6b7c1b7a0e906a4f5793ec575504cc22a44a12fe136f2a30ff6449a376cb30ac198759d5976cb84c60f2782863407ec1d166c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_15A751EAC52E3BDD7E5151D6C1F63C61

Filesize
727B

MD5
fc1fb714de73374db1962f23791d283f

SHA1
8ac7cb7b9a8a6df09901f7428bbd4f05125d26d2

SHA256
eeb8c36a5d4abdbce63decc763e95c2e9a5595ffaffb18989d8b5748449ea455

SHA512
32459675d8859819ab561d481319f05fe768494dd7624a8c34f83a6f564bb4c7cdc0f50e71cdcc17bd5458f4bab42fb7d58c277100a6beda433359b67dffc416

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

Filesize
727B

MD5
69edc4a6d0793b296b26086c68d1e587

SHA1
c7aedf83759f9a8727a3c005c616a213ade4cfb3

SHA256
064dfd6e5199825337bb2352d67353bb73a40ec7a6f4327117d03fc66776359b

SHA512
16fe2c2a05aef91e35301a9eac593a0f6659cc276583e64e549dbf357f51e36fde22cd5a157c0118b2e782c44817917314e847d4af9294f0cb78041a06dd2ebd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

Filesize
430B

MD5
132ded101f9e00d637863c7bfb4815f6

SHA1
8d9173a9e33f7770a2d3987b635cb99dfa6ff8a4

SHA256
8bd4b0dae59cc2b6585b02e5c44a68a33bd8c1c1bb4dcfce19566f0b5e00cf96

SHA512
72d79826562f80fb050dd468d9e4ed0c083cc65bbda3d01ffc07f95c182095d984012774d81ef74c485c782ddbc47a2ff70255929b00e0ba6dad06256be988b9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_15A751EAC52E3BDD7E5151D6C1F63C61

Filesize
438B

MD5
c07ac51391d2645e1e74f38981c462e1

SHA1
6843f8d8580feb70eb7d8a109cfea026a9b28860

SHA256
66139d7d8097c5fde1f775c86861d04b39a2846367871f7e96ce63514ed79f7e

SHA512
3804f2d5191751f75a313fe4bb9e8d91ff64f0194d1472efbafdbe39060f5a9651ff575083ad7eb4a1b0bf2611bb56f3e7d746c3d4c3574898a0443f2abdee15

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

Filesize
442B

MD5
8a3f225ccaff9af1702471a7a0775468

SHA1
7ce2c96ddae8c41694a7a31e7bd7e09f1ab364a0

SHA256
2955369b426ab94f0bb225f66ccad2a08f88393d4898458c030e8878f4975acf

SHA512
8200d0434a3e104945d767637ae86d071b1c0426c029e91d8ac1b40adc3fd863e4d895da2415272b985d5b96039dd3c478830785980ff73e01902b5b3b004bd7

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI9FFE.tmp

Filesize
113KB

MD5
4fdd16752561cf585fed1506914d73e0

SHA1
f00023b9ae3c8ce5b7bb92f25011eaebe6f9d424

SHA256
aecd2d2fe766f6d439acc2bbf1346930ecc535012cf5ad7b3273d2875237b7e7

SHA512
3695e7eb1e35ec959243a91ab5b4454eb59aeef0f2699aa5de8e03de8fbb89f756a89130526da5c08815408cb700284a17936522ad2cad594c3e6e9d18a3f600

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI9FFE.tmp

Filesize
113KB

MD5
4fdd16752561cf585fed1506914d73e0

SHA1
f00023b9ae3c8ce5b7bb92f25011eaebe6f9d424

SHA256
aecd2d2fe766f6d439acc2bbf1346930ecc535012cf5ad7b3273d2875237b7e7

SHA512
3695e7eb1e35ec959243a91ab5b4454eb59aeef0f2699aa5de8e03de8fbb89f756a89130526da5c08815408cb700284a17936522ad2cad594c3e6e9d18a3f600

Download Submit
C:\Users\Admin\AppData\Local\Temp\{1C3F3~1\amd64\spacedeskDriverAndroidControl.sys

Filesize
47KB

MD5
05f332d22f5fa50dc42e7470eca00d98

SHA1
3d229f79476a422f26041453b2d490ca79bda9ae

SHA256
75c7699876ce8b1a847043bfa1d410462fd89d70726df3ec01ce1e9c593bfec9

SHA512
eabaa87554a0191363db7d4ca58910a15a6ce6fc3293501e4de7245fd09d88048363492a09132c3d339b17e2d58e8120e994b1830894fa5b865bf37e368b33ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\{1C3F3~1\spacedeskDriverAndroidControl.cat

Filesize
12KB

MD5
2e8ca099c8558f49867d380b1e0e08da

SHA1
6efda9cc44e089641531f7bcc280055bf9528039

SHA256
6149d6a4dc9e22847d60c39921ff3d31c28cd9d1071f16bd0656bd3c2dc54548

SHA512
90a4730d101c8434369e9f6acf83c2af02ed9bedb0cf42006e1aa317b9a0b63f47f29b6559650514cd3267fcf6e92d674201244c862046a6a4be25411124eaa8

Download Submit
C:\Users\Admin\AppData\Local\Temp\{1c3f3a74-dc59-3643-bb1f-01c8bf24cd79}\spacedeskDriverAndroidControl.inf

Filesize
3KB

MD5
1cc3e04aa6d4141a0eb97364ca00fb97

SHA1
11e508ad624cf5f31ae6a579bd397599d2c36b28

SHA256
3a741c7b1a53ea35dd2c23615b1d0bab2adf3e150e60b4d14878466f811648bc

SHA512
9758c8022b2e3967a440de12442a39d958ae342a17d4420754c3e053ba11f50d5b2051fea8f452eda3dc2b0f9da051a3c90d45e80e9a148b776ff386d64a1b07

Download Submit
C:\Users\Admin\AppData\Local\Temp\{5EA91~1\amd64\spacedeskKtmInput.sys

Filesize
41KB

MD5
fad80e5e02e03e48609c852a489f6cd3

SHA1
b711d9025e0b6f6567d1407d65d7f67daca292a5

SHA256
398582f8456f404653129df83d04b40f85c6b61cf213c86b75766cf77d323386

SHA512
fcc2bac894faae66c28168775bb97d75a708443bb4000c64e74ca21a3c357215f6a7bd626bbdbc090e6a55eec707de2faa7e7631129d3d4ed196fc6804033c06

Download Submit
C:\Users\Admin\AppData\Local\Temp\{5EA91~1\spacedeskKtmInputmouse.cat

Filesize
12KB

MD5
42a4ed6e6b94e1b74e9c5538ea3af0b4

SHA1
b394e9f6c9cde7985a86c87ab2823641f32c8eea

SHA256
6d363492a43aa06bf2e5ee919c3a1d4cdd4de1ae6eca0c6d94cedd0490d1e530

SHA512
5d9620a8f7c6b7033ead1e99ef74976c6fec066d56e5ba51abfbb616b93c970e73961aae8511656779a36d6c799363f1cf57eec889bb06223077a304a9f8848a

Download Submit
C:\Users\Admin\AppData\Local\Temp\{5ea91d6f-3da8-f64f-9957-5e0e1e07501d}\spacedeskKtmInputmouse.inf

Filesize
2KB

MD5
c8e701ea27a2a1d0abc8bfa99509c5c4

SHA1
b3bd4debbd0ae0499a9da6867c83014f7328753d

SHA256
bfd53b3c4e0bbbda52a631f882eafb946d62c50ae6f8df0f446984b64eb5b474

SHA512
7dcc00c31c952d84858c34354214f738f58e1d20698a2f33ba5692b6ceda41e0dec78923739427392cbe14c7114dc73a0d89429727661b86fab21a260a335bef

Download Submit
C:\Users\Admin\AppData\Local\Temp\{6FF52~1\amd64\spacedeskDisplayUmode1_0.dll

Filesize
131KB

MD5
a5d67223de9dc8d32ac37c0a3afbce80

SHA1
0be537fbe1d23454d41c804f6c21145fdff759da

SHA256
5398801ea494ebea59ad54250309dc23b3c46e32e9cd535b42c8940f96f0e2aa

SHA512
fffd12babbbefaf4aaa445ad57130b97d4cd2a4c0bfdf9f46cf982b2861722a44ba99e692008ea27b09a107a1bf38f22573932c0f60e925cd78058f1f4ddf412

Download Submit
C:\Users\Admin\AppData\Local\Temp\{6FF52~1\amd64\spacedeskDisplayUmode1_2.dll

Filesize
131KB

MD5
c1466e2047fc90563d193d4c70290f47

SHA1
613254751bfbc1a87d10674d6f1da6f4b9853544

SHA256
335598d0f03b7170b6e1857b1f81a73ad75d833104a7715b7f3fbc4d43a8c105

SHA512
6286d06c2d2aa0cc0705e189988fbc83e5404bd0344d5b98306c0aed55535542974e2f478064ab24910061553413085109985f2c599bb004249053f5d675ffac

Download Submit
C:\Users\Admin\AppData\Local\Temp\{6FF52~1\spacedeskDisplay.cat

Filesize
13KB

MD5
d9296fd9abadde342fca14c0a8e92705

SHA1
ae65804e13f741c1abd38e25afbaa8f86bcdbf48

SHA256
6f7cb73f3a70a5934ac6dbd06e14fa6739b78a1fbf56fb3c36b774904be8c14f

SHA512
451a1abfe18ad5e5482cff1b1ef630f1a6bf2f36c6ab6a71f1f0b2342e540e2b2cd794b1f29e7cbd694aedc67e3b2062063cdeb1f0c53977955780b0cd0ce0cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\{6ff52508-2d34-4b43-a358-1a13337e3744}\spacedeskdisplay.inf

Filesize
4KB

MD5
8b7854e3dbf68388f67e4309301ffe26

SHA1
2cae3c2e8879e6f8114d1954633005c51cb7a3fe

SHA256
865120a7ed7d0ca9b065fc16e56c2693280d2efd5ab8134c3ace2f15bb92d062

SHA512
c1e5530b0c43a9ec2d014b050c67e52b609067bb119aeb8e80b2728f2308cc8ba38ebd9678cb3776f3566b45a57632fe7fa76cb691a4422646bb9192c9ccf4d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\{7422adae-2875-3340-b08c-fd0c0a98ab3a}\spacedeskservice.inf

Filesize
2KB

MD5
855055b5ea20d1c8372e4a5dee8b9aeb

SHA1
093694e4d184cfba394188429e16a43845b9e756

SHA256
41bd6862447b1e72dc21f65c913c551bada41b2932005af92b401e9637ff622c

SHA512
4ef19865af0cb8cd408df08340fdfe1039350ce4f779a432ee868f1a9662b05a2079b5e96984c529520990df3a3f6c4361f84149d321d2c3d093635edaab1052

Download Submit
C:\Users\Admin\AppData\Local\Temp\{B77E2~1\amd64\spacedeskDriverHid.dll

Filesize
91KB

MD5
3e96c8bd6b65314399ed52979a63da52

SHA1
a56eb8c5b2da5fadbf75c528c4b8f011bada3b37

SHA256
a52e20aafc3534166122aa29c809f54cce576ea519e0b727a2881577e3951774

SHA512
c0c6f5fbd9ecc6ae537ab8f3e731e26ea702d66126570a86d6cce9433753b04472ab04d85b30b36f39b0cfc2500bfe00c1b2b15431d97f0e893c5e200b028a80

Download Submit
C:\Users\Admin\AppData\Local\Temp\{B77E2~1\spacedeskDriverHid.cat

Filesize
12KB

MD5
894f3b9cab2a4d5c913653cf4f40027e

SHA1
4359db25a8118e4eeef5d8cf5e9978a42ba008e9

SHA256
7c650417d441c9d16d13235622d227416370707bd75a7cbc7a252f07ca7e4b75

SHA512
50aa17e8fc28d7fcf9e445ded1715882feff76289ac5318a75085a07921a04e20f89d5883a7c1ec4a915bb6f00cfb5e830e5d60befd0e7a146da8fb1f882adf8

Download Submit
C:\Users\Admin\AppData\Local\Temp\{b77e2d98-a30c-3341-817e-883b1939e045}\spacedeskDriverHid.inf

Filesize
6KB

MD5
d8ba40f9b6ff7678dff9f873a1e0c8e8

SHA1
ffb7a0ddd17c39be81331ef0d5f70933d51d2cdc

SHA256
8b4348e96347ab2380116a36d4e5da7c68f65b47dfe641cd64822c319179ea20

SHA512
804b167161b29e4254ec54f0c485ca76a71da09b66c7a3d3d6bec1e3271dc0e3a97e74febef73cf5d5cc3a62313d8beb90703c5fa2ee600203d9cc535f980007

Download Submit
C:\Users\Public\spacedeskSetup.log

Filesize
565B

MD5
aa373342f7a2bb50020b70667045c385

SHA1
e68f20c777da14fe32c091bca7a3ace3494f9384

SHA256
ad25f13b21cd3aafd8275bf6e1a1fb5398cfea9e0fd9bedcac91d63d6bcb7ca9

SHA512
4ca76c88dade1d57af7cefdc54976909c6de927c96e9a18815be05c039d13346dcf10eddffb3211d516202e4fbc7a92c185898c96c3debb0528966af16660577

Download Submit
C:\Users\Public\spacedeskSetup.log

Filesize
1KB

MD5
2ac62621b0b1db1147dc339ad67162d6

SHA1
77a5923b8fa8bd70ddce96a46a0659eace0b44e6

SHA256
8d4221ffdc9091208817bd9f1ba160c3f1cb1f644e6358780e7cf9008bd9f90b

SHA512
8353f159756bbbc066ac291a5d4cfcd4ae5daa97ca03fa0a40f3db4f1a89e6a1119e403a2fc47be4f2d3792bfe7c710fcc7426f74f584562286795f2a2d4035a

Download Submit
C:\Users\Public\spacedeskSetup.log

Filesize
2KB

MD5
b8336ed52522f5dcd2051956de341445

SHA1
f0cf5c8e60ed8bdb3f5f1f02589967e4b0de3dd6

SHA256
eac1a6602b9acb49f47b5e5da696b919d4e79822d88237ee5cb2f5feb919affc

SHA512
46bb4e2a46f1df1bd15112159cbf2409e3df1cb828b7b7fb07b36c4f65488723a79d844c8bec34d58aae81c3ddd90621ae9fae963c591d7823142a1bfda4f40b

Download Submit
C:\Users\Public\spacedeskSetup.log

Filesize
2KB

MD5
dd51fb65eface654b12468e2e7d26570

SHA1
0977a61b0af74b223a8f44c2dc36517b6353da9a

SHA256
c715d0de2561a1c1632a7d99762c862e70c21ce6299d8156cfc9e2d0559b4da2

SHA512
7d55a26d6ab268a6d633fb4e5b0221e04e0d7723f620b55f4f472cadd9f91b9b63b87d3780cb22d5c9019c395a6dce36fec076b4df67b12662a5a3197b79f63e

Download Submit
C:\Users\Public\spacedeskSetup.log

Filesize
3KB

MD5
a1fc21509b8847918bb791f0cb49988a

SHA1
0988266ad7d6c508666cd3798d4481f23811c912

SHA256
5e1316113338401e962170960a801da00102afe63c7a4920126f69e2bd145c4f

SHA512
facd2b66bdbd9a4faa74958920c172d7eafe1fcff49eb801778c35fe7834fac454ed2dbf116889e634c7c82424e2284360961a427bb27f3d52a24ac40a202892

Download Submit
C:\Users\Public\spacedeskSetup.log

Filesize
3KB

MD5
a1fc21509b8847918bb791f0cb49988a

SHA1
0988266ad7d6c508666cd3798d4481f23811c912

SHA256
5e1316113338401e962170960a801da00102afe63c7a4920126f69e2bd145c4f

SHA512
facd2b66bdbd9a4faa74958920c172d7eafe1fcff49eb801778c35fe7834fac454ed2dbf116889e634c7c82424e2284360961a427bb27f3d52a24ac40a202892

Download Submit
C:\Users\Public\spacedeskSetup.log

Filesize
3KB

MD5
c6e0a200f2bcb69169e467e995ab3079

SHA1
bddaa92087c4a49c0eda9206d862a9ee4f168bdd

SHA256
828b8f30492e6abf6d386e9f57596fc2ec062055ca3878fc9f48682dc16e1193

SHA512
98552f229966094db72fe042efe0bf3b12d2ccdcac95b9c0d80255f1a0b2fd0445bc25db5e9ce176b6a057657654e17c757cccb0a8e49a374bb5392b86015b9f

Download Submit
C:\Users\Public\spacedeskSetup.log

Filesize
3KB

MD5
c6e0a200f2bcb69169e467e995ab3079

SHA1
bddaa92087c4a49c0eda9206d862a9ee4f168bdd

SHA256
828b8f30492e6abf6d386e9f57596fc2ec062055ca3878fc9f48682dc16e1193

SHA512
98552f229966094db72fe042efe0bf3b12d2ccdcac95b9c0d80255f1a0b2fd0445bc25db5e9ce176b6a057657654e17c757cccb0a8e49a374bb5392b86015b9f

Download Submit
C:\Users\Public\spacedeskSetup.log

Filesize
4KB

MD5
2924cbb6c068e7bebab0b4b79b284e01

SHA1
ab2d621fe7dfce01931ced4cbafb2b26a9d7b9a7

SHA256
3fe15579b4023a00f17d0759c7689795ca5c4c1dc62d89269e49eca90b07c90f

SHA512
3c14679062349ecf00c4b6dec7cc867c4aa639d9b964385c31e7360c55c102661f8da62521006caa9f6361f3e89889acabddb2961ff41a07a6143368985c4cf8

Download Submit
C:\Users\Public\spacedeskSetup.log

Filesize
4KB

MD5
2924cbb6c068e7bebab0b4b79b284e01

SHA1
ab2d621fe7dfce01931ced4cbafb2b26a9d7b9a7

SHA256
3fe15579b4023a00f17d0759c7689795ca5c4c1dc62d89269e49eca90b07c90f

SHA512
3c14679062349ecf00c4b6dec7cc867c4aa639d9b964385c31e7360c55c102661f8da62521006caa9f6361f3e89889acabddb2961ff41a07a6143368985c4cf8

Download Submit
C:\Users\Public\spacedeskSetup.log

Filesize
4KB

MD5
f4ce6bda8094d3fcb2b334090a70a39c

SHA1
4a630d3e884753b2ace99c96e42fbff13695b18b

SHA256
d1cfa53c8e7482979dc9e34634ed4ab75f6884867d7e656d28fdd99df8c6d71e

SHA512
1919ba8856d2297b2407e50c569625c667d55130100ab61284cc64726b9e1caf5f37bba926a1f20c22072c7070c0486f8d5435a92ee7701fee7553922ffeb6cd

Download Submit
C:\Users\Public\spacedeskSetup.log

Filesize
5KB

MD5
acc15162a3dcd6e7a89a31c1f78c5002

SHA1
565efafe0780f41b01828de29cff10eeb7259635

SHA256
97f98a2b81f5af925df2468bc7db6da0140fdf234af2f3301db0fadbcaea6dd7

SHA512
ea1906979910e6947f6c2a3cbe8785ff4505c86b3a31a9fac05d6132eb878da6fc08f86c273f95cf920c0d19b38f8ede22d8eff4312cdd3ced44f52c933e369c

Download Submit
C:\Windows\Installer\MSI346F.tmp

Filesize
527KB

MD5
254066fe0aa25af7a2c9e58a69dfe554

SHA1
459dc3ad13f0ccf80bbb530062891f10fd942201

SHA256
216dfa488fe75f19791842832433c8dcb3ec4ecbb901b73c5726ebfc61b78037

SHA512
5e1356019bb36e675fa4b2bd40eb8450d9100784557ae069639f2a40af959c07123a46056f77733e6ad63f9ec71850ba243c18dae7854df0c8389bdc57c5eb0d

Download Submit
C:\Windows\Installer\MSI354A.tmp

Filesize
527KB

MD5
254066fe0aa25af7a2c9e58a69dfe554

SHA1
459dc3ad13f0ccf80bbb530062891f10fd942201

SHA256
216dfa488fe75f19791842832433c8dcb3ec4ecbb901b73c5726ebfc61b78037

SHA512
5e1356019bb36e675fa4b2bd40eb8450d9100784557ae069639f2a40af959c07123a46056f77733e6ad63f9ec71850ba243c18dae7854df0c8389bdc57c5eb0d

Download Submit
C:\Windows\Installer\MSI354A.tmp

Filesize
527KB

MD5
254066fe0aa25af7a2c9e58a69dfe554

SHA1
459dc3ad13f0ccf80bbb530062891f10fd942201

SHA256
216dfa488fe75f19791842832433c8dcb3ec4ecbb901b73c5726ebfc61b78037

SHA512
5e1356019bb36e675fa4b2bd40eb8450d9100784557ae069639f2a40af959c07123a46056f77733e6ad63f9ec71850ba243c18dae7854df0c8389bdc57c5eb0d

Download Submit
C:\Windows\Installer\MSI35B9.tmp

Filesize
527KB

MD5
254066fe0aa25af7a2c9e58a69dfe554

SHA1
459dc3ad13f0ccf80bbb530062891f10fd942201

SHA256
216dfa488fe75f19791842832433c8dcb3ec4ecbb901b73c5726ebfc61b78037

SHA512
5e1356019bb36e675fa4b2bd40eb8450d9100784557ae069639f2a40af959c07123a46056f77733e6ad63f9ec71850ba243c18dae7854df0c8389bdc57c5eb0d

Download Submit
C:\Windows\Installer\MSI3EB3.tmp

Filesize
527KB

MD5
254066fe0aa25af7a2c9e58a69dfe554

SHA1
459dc3ad13f0ccf80bbb530062891f10fd942201

SHA256
216dfa488fe75f19791842832433c8dcb3ec4ecbb901b73c5726ebfc61b78037

SHA512
5e1356019bb36e675fa4b2bd40eb8450d9100784557ae069639f2a40af959c07123a46056f77733e6ad63f9ec71850ba243c18dae7854df0c8389bdc57c5eb0d

Download Submit
C:\Windows\Installer\MSI42CB.tmp

Filesize
527KB

MD5
254066fe0aa25af7a2c9e58a69dfe554

SHA1
459dc3ad13f0ccf80bbb530062891f10fd942201

SHA256
216dfa488fe75f19791842832433c8dcb3ec4ecbb901b73c5726ebfc61b78037

SHA512
5e1356019bb36e675fa4b2bd40eb8450d9100784557ae069639f2a40af959c07123a46056f77733e6ad63f9ec71850ba243c18dae7854df0c8389bdc57c5eb0d

Download Submit
C:\Windows\Installer\MSI4750.tmp

Filesize
527KB

MD5
254066fe0aa25af7a2c9e58a69dfe554

SHA1
459dc3ad13f0ccf80bbb530062891f10fd942201

SHA256
216dfa488fe75f19791842832433c8dcb3ec4ecbb901b73c5726ebfc61b78037

SHA512
5e1356019bb36e675fa4b2bd40eb8450d9100784557ae069639f2a40af959c07123a46056f77733e6ad63f9ec71850ba243c18dae7854df0c8389bdc57c5eb0d

Download Submit
C:\Windows\Installer\MSI4B87.tmp

Filesize
527KB

MD5
254066fe0aa25af7a2c9e58a69dfe554

SHA1
459dc3ad13f0ccf80bbb530062891f10fd942201

SHA256
216dfa488fe75f19791842832433c8dcb3ec4ecbb901b73c5726ebfc61b78037

SHA512
5e1356019bb36e675fa4b2bd40eb8450d9100784557ae069639f2a40af959c07123a46056f77733e6ad63f9ec71850ba243c18dae7854df0c8389bdc57c5eb0d

Download Submit
C:\Windows\Installer\e5730e3.msi

Filesize
4.7MB

MD5
04072d7d08fff3ed15ed1abb4568726c

SHA1
a31cc1b1d316a3fcb95a551c92a44fcb9d04d89b

SHA256
b0b6afcb211b579d4eb0cb516c9a7ed3e1258852f53377f859a929275f47638d

SHA512
d00422cc73551983818f1266f131854097b0e1cdccaee74357f8aa9c24209a21d8dd1ed945fa682b0158fcc568306d5c6ae11b68acfbf7bcc0a3c466feabb442

Download Submit
C:\Windows\System32\CatRoot2\dberr.txt

Filesize
146KB

MD5
8bd36458d28e9e0fb0dcd4164bdeacc3

SHA1
2c595d7902d798e6e23067eaedf15d0d3621ac99

SHA256
5552776301489ffb3416f8ba790d48536496f7e61c157ebe5e0260245e4a527a

SHA512
39f46ead6668beee67cafdafee1f473c09b4427efdf80aa91eb35b9edf7476421d0446f342326533aadd7cceb19cb0b068ec09a22894391849aceabe423451d5

Download Submit
C:\Windows\System32\CatRoot2\dberr.txt

Filesize
146KB

MD5
9eefe6590a4db249caa34af5fd4eb4ef

SHA1
7995c5c91c59a9b7a8ede4dc960f43ca4f3a188f

SHA256
b2ffd810c45e680ee15d36b18a5dbb797da3a37e639b5cc3c931f3a1f36c1e51

SHA512
36c80c3e49e5aede29724060a7bece5ac3359b3285a833b66716738a0779d938eb2b9e293bf0dab40262a2869dfc44d99b0776193aff974cbe2a7b7e8b7e85f2

Download Submit
C:\Windows\System32\CatRoot2\dberr.txt

Filesize
146KB

MD5
dd846f2fd475d8d49102a985e6ab998e

SHA1
d5862e69f4c851b0e3393464b4145da8e583ce4a

SHA256
dd503169e583e8dd3d634bb16571ea66e0d33e630aac917f3ad75bccfe349393

SHA512
72c8695eebc80b0dd9950a59f2b4ec8d18c4efadb07543a29745f8526473dc579e07c66ceead159a2335287b154f46487bf4a2b3875a0aaeacf5bc3c0e547200

Download Submit
C:\Windows\System32\CatRoot2\dberr.txt

Filesize
146KB

MD5
e288923115bc05611a25d9eea635bc31

SHA1
89124512bce061e25877e799e03f34c1b0823de7

SHA256
83c8e58b9f42c7322fd2a7a603d84af117e8d456cdb28b5d2e2e4b81f7e8c3ad

SHA512
9c3fdb3c7a71540d793c32cbb23c32f8abff52a7c323a349d185a9dadfc0539877a1136030387bfe9ac876b45ae2c203134a0e1cc95ac5063dc66a8f64885d43

Download Submit
C:\Windows\System32\DriverStore\FileRepository\SPACED~1.INF\amd64\spacedeskDriverAndroidControl.sys

Filesize
47KB

MD5
05f332d22f5fa50dc42e7470eca00d98

SHA1
3d229f79476a422f26041453b2d490ca79bda9ae

SHA256
75c7699876ce8b1a847043bfa1d410462fd89d70726df3ec01ce1e9c593bfec9

SHA512
eabaa87554a0191363db7d4ca58910a15a6ce6fc3293501e4de7245fd09d88048363492a09132c3d339b17e2d58e8120e994b1830894fa5b865bf37e368b33ee

Download Submit
C:\Windows\System32\DriverStore\FileRepository\spacedeskdisplay.inf_amd64_85d5c014420a5409\spacedeskdisplay.inf

Filesize
4KB

MD5
8b7854e3dbf68388f67e4309301ffe26

SHA1
2cae3c2e8879e6f8114d1954633005c51cb7a3fe

SHA256
865120a7ed7d0ca9b065fc16e56c2693280d2efd5ab8134c3ace2f15bb92d062

SHA512
c1e5530b0c43a9ec2d014b050c67e52b609067bb119aeb8e80b2728f2308cc8ba38ebd9678cb3776f3566b45a57632fe7fa76cb691a4422646bb9192c9ccf4d9

Download Submit
C:\Windows\System32\DriverStore\FileRepository\spacedeskdriverandroidcontrol.inf_amd64_8a29a93905f73ba7\spacedeskdriverandroidcontrol.inf

Filesize
3KB

MD5
1cc3e04aa6d4141a0eb97364ca00fb97

SHA1
11e508ad624cf5f31ae6a579bd397599d2c36b28

SHA256
3a741c7b1a53ea35dd2c23615b1d0bab2adf3e150e60b4d14878466f811648bc

SHA512
9758c8022b2e3967a440de12442a39d958ae342a17d4420754c3e053ba11f50d5b2051fea8f452eda3dc2b0f9da051a3c90d45e80e9a148b776ff386d64a1b07

Download Submit
C:\Windows\System32\DriverStore\FileRepository\spacedeskdriverhid.inf_amd64_88a3a3d2a8b57203\spacedeskdriverhid.inf

Filesize
6KB

MD5
d8ba40f9b6ff7678dff9f873a1e0c8e8

SHA1
ffb7a0ddd17c39be81331ef0d5f70933d51d2cdc

SHA256
8b4348e96347ab2380116a36d4e5da7c68f65b47dfe641cd64822c319179ea20

SHA512
804b167161b29e4254ec54f0c485ca76a71da09b66c7a3d3d6bec1e3271dc0e3a97e74febef73cf5d5cc3a62313d8beb90703c5fa2ee600203d9cc535f980007

Download Submit
C:\Windows\System32\DriverStore\FileRepository\spacedeskktminputmouse.inf_amd64_96adfd1912f06435\spacedeskktminputmouse.inf

Filesize
2KB

MD5
c8e701ea27a2a1d0abc8bfa99509c5c4

SHA1
b3bd4debbd0ae0499a9da6867c83014f7328753d

SHA256
bfd53b3c4e0bbbda52a631f882eafb946d62c50ae6f8df0f446984b64eb5b474

SHA512
7dcc00c31c952d84858c34354214f738f58e1d20698a2f33ba5692b6ceda41e0dec78923739427392cbe14c7114dc73a0d89429727661b86fab21a260a335bef

Download Submit
C:\Windows\System32\DriverStore\Temp\{053d1fa6-dfb6-0747-97f1-c8bca8e46b45}\SET44CA.tmp

Filesize
12KB

MD5
42a4ed6e6b94e1b74e9c5538ea3af0b4

SHA1
b394e9f6c9cde7985a86c87ab2823641f32c8eea

SHA256
6d363492a43aa06bf2e5ee919c3a1d4cdd4de1ae6eca0c6d94cedd0490d1e530

SHA512
5d9620a8f7c6b7033ead1e99ef74976c6fec066d56e5ba51abfbb616b93c970e73961aae8511656779a36d6c799363f1cf57eec889bb06223077a304a9f8848a

Download Submit
C:\Windows\System32\DriverStore\Temp\{053d1fa6-dfb6-0747-97f1-c8bca8e46b45}\SET44CB.tmp

Filesize
2KB

MD5
c8e701ea27a2a1d0abc8bfa99509c5c4

SHA1
b3bd4debbd0ae0499a9da6867c83014f7328753d

SHA256
bfd53b3c4e0bbbda52a631f882eafb946d62c50ae6f8df0f446984b64eb5b474

SHA512
7dcc00c31c952d84858c34354214f738f58e1d20698a2f33ba5692b6ceda41e0dec78923739427392cbe14c7114dc73a0d89429727661b86fab21a260a335bef

Download Submit
C:\Windows\System32\DriverStore\Temp\{053d1fa6-dfb6-0747-97f1-c8bca8e46b45}\amd64\SET44AA.tmp

Filesize
41KB

MD5
fad80e5e02e03e48609c852a489f6cd3

SHA1
b711d9025e0b6f6567d1407d65d7f67daca292a5

SHA256
398582f8456f404653129df83d04b40f85c6b61cf213c86b75766cf77d323386

SHA512
fcc2bac894faae66c28168775bb97d75a708443bb4000c64e74ca21a3c357215f6a7bd626bbdbc090e6a55eec707de2faa7e7631129d3d4ed196fc6804033c06

Download Submit
C:\Windows\System32\DriverStore\Temp\{386019e2-b2fa-3b4c-a1e8-0a17587c3873}\SET4920.tmp

Filesize
12KB

MD5
894f3b9cab2a4d5c913653cf4f40027e

SHA1
4359db25a8118e4eeef5d8cf5e9978a42ba008e9

SHA256
7c650417d441c9d16d13235622d227416370707bd75a7cbc7a252f07ca7e4b75

SHA512
50aa17e8fc28d7fcf9e445ded1715882feff76289ac5318a75085a07921a04e20f89d5883a7c1ec4a915bb6f00cfb5e830e5d60befd0e7a146da8fb1f882adf8

Download Submit
C:\Windows\System32\DriverStore\Temp\{386019e2-b2fa-3b4c-a1e8-0a17587c3873}\SET4930.tmp

Filesize
6KB

MD5
d8ba40f9b6ff7678dff9f873a1e0c8e8

SHA1
ffb7a0ddd17c39be81331ef0d5f70933d51d2cdc

SHA256
8b4348e96347ab2380116a36d4e5da7c68f65b47dfe641cd64822c319179ea20

SHA512
804b167161b29e4254ec54f0c485ca76a71da09b66c7a3d3d6bec1e3271dc0e3a97e74febef73cf5d5cc3a62313d8beb90703c5fa2ee600203d9cc535f980007

Download Submit
C:\Windows\System32\DriverStore\Temp\{386019e2-b2fa-3b4c-a1e8-0a17587c3873}\amd64\SET491F.tmp

Filesize
91KB

MD5
3e96c8bd6b65314399ed52979a63da52

SHA1
a56eb8c5b2da5fadbf75c528c4b8f011bada3b37

SHA256
a52e20aafc3534166122aa29c809f54cce576ea519e0b727a2881577e3951774

SHA512
c0c6f5fbd9ecc6ae537ab8f3e731e26ea702d66126570a86d6cce9433753b04472ab04d85b30b36f39b0cfc2500bfe00c1b2b15431d97f0e893c5e200b028a80

Download Submit
C:\Windows\System32\DriverStore\Temp\{38aa8aba-e526-a84e-b951-95a4a617a8f2}\amd64\spacedeskDriverAndroidUsb.sys

Filesize
41KB

MD5
380881d0c57ec7737b381be7a4889e4d

SHA1
f7cbf374ab38ab8d0be9428a19eed7f86815f488

SHA256
03624bdc09765cca89bc3b7e81a28238cdc244083308758ef63595a0b98a5e20

SHA512
94bafee8a3939747dc1f8089bb5f1706b16c5abec1dadbb19b0fac4e63ec56da5b7b53bc383135d95094f6e23d9da5c38320d4efd5e8c694215c651cd57d5423

Download Submit
C:\Windows\System32\DriverStore\Temp\{38aa8aba-e526-a84e-b951-95a4a617a8f2}\spacedeskDriverAndroidUsb.cat

Filesize
12KB

MD5
92ada09b4ea4ef2ddf3bac8f286d4cef

SHA1
dff136e5f9ef6acebbbfee8097839276b29ffb67

SHA256
6846a9626d0f62c845a41577d6246d05812c472ab2e042dac97341223ad19e53

SHA512
40f057a845af608cc3c32465c5d51ab3446304ce56c72f26f46565e01698bf92686e2c92f51b3777b5d8777ccb97f56031bc2f7a3e2d709394b62908163a6fac

Download Submit
C:\Windows\System32\DriverStore\Temp\{38aa8aba-e526-a84e-b951-95a4a617a8f2}\spacedeskDriverAndroidUsb.inf

Filesize
4KB

MD5
5aeb0a4a73db16b2889ff3cf0d65dd91

SHA1
a6e47f400bda7743d83aaf6c8764a8ef530f1362

SHA256
5d496cec369994b0ddbf71f372e9956d7c9926ff8326889da5f89b3e156c6bb1

SHA512
70b14af7e12160699a332abc6bb7004410da55ad996baf1b1cb582777c817d70095919e9874cb9dd944739b6537fbe26d6dcbbe044cd8afba781fb1c86fb47da

Download Submit
C:\Windows\System32\DriverStore\Temp\{39a7bccd-14c9-2a42-9ba1-44bb252ea01b}\SET37F8.tmp

Filesize
12KB

MD5
2e8ca099c8558f49867d380b1e0e08da

SHA1
6efda9cc44e089641531f7bcc280055bf9528039

SHA256
6149d6a4dc9e22847d60c39921ff3d31c28cd9d1071f16bd0656bd3c2dc54548

SHA512
90a4730d101c8434369e9f6acf83c2af02ed9bedb0cf42006e1aa317b9a0b63f47f29b6559650514cd3267fcf6e92d674201244c862046a6a4be25411124eaa8

Download Submit
C:\Windows\System32\DriverStore\Temp\{39a7bccd-14c9-2a42-9ba1-44bb252ea01b}\SET3809.tmp

Filesize
3KB

MD5
1cc3e04aa6d4141a0eb97364ca00fb97

SHA1
11e508ad624cf5f31ae6a579bd397599d2c36b28

SHA256
3a741c7b1a53ea35dd2c23615b1d0bab2adf3e150e60b4d14878466f811648bc

SHA512
9758c8022b2e3967a440de12442a39d958ae342a17d4420754c3e053ba11f50d5b2051fea8f452eda3dc2b0f9da051a3c90d45e80e9a148b776ff386d64a1b07

Download Submit
C:\Windows\System32\DriverStore\Temp\{39a7bccd-14c9-2a42-9ba1-44bb252ea01b}\amd64\SET3819.tmp

Filesize
47KB

MD5
05f332d22f5fa50dc42e7470eca00d98

SHA1
3d229f79476a422f26041453b2d490ca79bda9ae

SHA256
75c7699876ce8b1a847043bfa1d410462fd89d70726df3ec01ce1e9c593bfec9

SHA512
eabaa87554a0191363db7d4ca58910a15a6ce6fc3293501e4de7245fd09d88048363492a09132c3d339b17e2d58e8120e994b1830894fa5b865bf37e368b33ee

Download Submit
C:\Windows\System32\DriverStore\Temp\{54a3049d-57a5-444f-8018-455a4ffbc93f}\SET56F9.tmp

Filesize
12KB

MD5
257f1118fa840c7fc136625ee360dd29

SHA1
2ec722139361bd94deb37727cc6a19ede8341ccc

SHA256
ed5d2e6360dd41496b208bdfc85c157cf8ed0cac58bf5b95a45642e195155151

SHA512
6089d65eb4ce337a883cf044cd7d4325b41ac22236c4a57b798ecba433dbfbe0513d3ac42ac93f4db0aa51559e51ac8f7d5b8d4b4cbcc9323c91f2ad67f50669

Download Submit
C:\Windows\System32\DriverStore\Temp\{54a3049d-57a5-444f-8018-455a4ffbc93f}\SET571A.tmp

Filesize
2KB

MD5
e4a71dc7a2cf40381179c092150064c3

SHA1
9b49c3ee05b8edea1610c7cd2f10dded8b164265

SHA256
3c6b2deab77f62bda5b57ebad398d04602bd8b1d643ae24e1bd31b1d87d95b1b

SHA512
d9d5d82f4b1c07be9807f733e5cfa15252176f275d85076db87ed109d8c1b975a204175326d0ad77c088cf1724c2aa9dca9a392d0a840bbcfe2d8e1aa5fa76bb

Download Submit
C:\Windows\System32\DriverStore\Temp\{54a3049d-57a5-444f-8018-455a4ffbc93f}\amd64\SET573A.tmp

Filesize
105KB

MD5
aef51c00b095526b38f775d227a2e607

SHA1
cb6e88213611d546d993a43d2935f8bdbb011d11

SHA256
7612ff442b7b83e7249f5949ed5b7af21dabd9d1ff69ec02172d66173a6170fe

SHA512
913479db3257c782c6529471c0ec90a957856dbca061028d2640a0a2aa156f7783a001cdc3f48b75b31d4d8629facc59c16cbe1d84655b86f8da61bd9072cff2

Download Submit
C:\Windows\System32\DriverStore\Temp\{d6519fe3-399c-914c-9aed-885bd43f50ef}\SET52D3.tmp

Filesize
15KB

MD5
eaa5a93c958dcb5e54612a87cc605fbb

SHA1
7521184f1ebbc40b6dec14c3d5e34bd1fb429a22

SHA256
34c6b09782ea1bd9d90ce0f7bb9adad7d05475d252a49b255fc7e5d838ba3a24

SHA512
783d5edbbf0fddff515bacaaff429ec94f97d1508188d809ed5302644dc7bf5206d65c5c22d50cf33dae9aa9547cb7d8dafe621e61a6cac791015d39e9b40536

Download Submit
C:\Windows\System32\DriverStore\Temp\{d6519fe3-399c-914c-9aed-885bd43f50ef}\SET52E4.tmp

Filesize
20KB

MD5
c01f81df451759ae373aaaf51e433a07

SHA1
41acf9dfff185779b50aa7e59620e1b242c715e6

SHA256
050efdc13bdec314eec0ec87e04f06fdc251e302679f0608ed038ed178c333b0

SHA512
b21a8aa1315a28f7c634e770d78ade643921c4b307b8d02a4f0103e08e4a96b6979baf50a58e6d9303abcd6f526643b2bfe37cb49d515602e29810a22075900e

Download Submit
C:\Windows\System32\DriverStore\Temp\{d6519fe3-399c-914c-9aed-885bd43f50ef}\amd64\SET52F4.tmp

Filesize
124KB

MD5
7db333aa18b4f19fbcfd6da3c9c7da01

SHA1
ca7302ac56c7cc996161aa515b4e3631205f52b5

SHA256
22e2cad8efe3ec6b58f43d263bc5c35a47a8786b445a2164e1719c52aedec2f5

SHA512
a655408408c2f53c01cafc4da13e40d8c9628fc5226d5638a9956324354de891041d06aceb96e2f2c1a47c98f050cadc59407cfaa33cf956c87720fb8c015159

Download Submit
C:\Windows\System32\DriverStore\Temp\{eec42266-ca95-3540-9fb5-e8e9283ffffd}\SET4DB2.tmp

Filesize
13KB

MD5
d9296fd9abadde342fca14c0a8e92705

SHA1
ae65804e13f741c1abd38e25afbaa8f86bcdbf48

SHA256
6f7cb73f3a70a5934ac6dbd06e14fa6739b78a1fbf56fb3c36b774904be8c14f

SHA512
451a1abfe18ad5e5482cff1b1ef630f1a6bf2f36c6ab6a71f1f0b2342e540e2b2cd794b1f29e7cbd694aedc67e3b2062063cdeb1f0c53977955780b0cd0ce0cd

Download Submit
C:\Windows\System32\DriverStore\Temp\{eec42266-ca95-3540-9fb5-e8e9283ffffd}\SET4DD3.tmp

Filesize
4KB

MD5
8b7854e3dbf68388f67e4309301ffe26

SHA1
2cae3c2e8879e6f8114d1954633005c51cb7a3fe

SHA256
865120a7ed7d0ca9b065fc16e56c2693280d2efd5ab8134c3ace2f15bb92d062

SHA512
c1e5530b0c43a9ec2d014b050c67e52b609067bb119aeb8e80b2728f2308cc8ba38ebd9678cb3776f3566b45a57632fe7fa76cb691a4422646bb9192c9ccf4d9

Download Submit
C:\Windows\System32\DriverStore\Temp\{eec42266-ca95-3540-9fb5-e8e9283ffffd}\amd64\SET4E22.tmp

Filesize
131KB

MD5
a5d67223de9dc8d32ac37c0a3afbce80

SHA1
0be537fbe1d23454d41c804f6c21145fdff759da

SHA256
5398801ea494ebea59ad54250309dc23b3c46e32e9cd535b42c8940f96f0e2aa

SHA512
fffd12babbbefaf4aaa445ad57130b97d4cd2a4c0bfdf9f46cf982b2861722a44ba99e692008ea27b09a107a1bf38f22573932c0f60e925cd78058f1f4ddf412

Download Submit
C:\Windows\System32\DriverStore\Temp\{eec42266-ca95-3540-9fb5-e8e9283ffffd}\amd64\SET4E32.tmp

Filesize
131KB

MD5
c1466e2047fc90563d193d4c70290f47

SHA1
613254751bfbc1a87d10674d6f1da6f4b9853544

SHA256
335598d0f03b7170b6e1857b1f81a73ad75d833104a7715b7f3fbc4d43a8c105

SHA512
6286d06c2d2aa0cc0705e189988fbc83e5404bd0344d5b98306c0aed55535542974e2f478064ab24910061553413085109985f2c599bb004249053f5d675ffac

Download Submit
C:\Windows\System32\DriverStore\Temp\{f98a59ee-e053-9d4b-81bf-0f80d68b5085}\SET5AB3.tmp

Filesize
13KB

MD5
35cf12fd1a846dfa9f754b0ff7bd2b13

SHA1
408c4ec38b2ebcd9fbd773e6e59a422e0e5fa8c5

SHA256
a9fdeb237b29cd3bd45bf40774042d1ed4025b203c92f4ea652b13c80caf3ac1

SHA512
3e36d36162dd6ac3a0d4405dde5b11c206fae463670286b41ef1d271281bc4e8e6c2078609d1fd3db411e0309a823bd061cd7e8499edabeec024f3de785d687a

Download Submit
C:\Windows\System32\DriverStore\Temp\{f98a59ee-e053-9d4b-81bf-0f80d68b5085}\amd64\SET5AB5.tmp

Filesize
4.6MB

MD5
ccb50521e9882fc761a3c473308ceeaa

SHA1
5532af67f9282f9f020fc6dc2cfe405fc9c41238

SHA256
9c57c0c85c056f555832e4a25e4f4c575e0e8e8e51b211b54cd31c6e6831171f

SHA512
eb972d5910f3891bca12439e34d418af0a815998861f2b658a2ff7740bf2b3e2ebaa22caae40d4dca5d3bcb4dbeb0b3377ec81f0b3e9afda038ed30040bd10f2

Download Submit
C:\Windows\System32\DriverStore\Temp\{f98a59ee-e053-9d4b-81bf-0f80d68b5085}\amd64\SET5AB6.tmp

Filesize
425KB

MD5
03a886ce5176d3e4a13b507857fb11d1

SHA1
6dbcc1c6cea4c6da87faae335de2b4e545c8ba1d

SHA256
5681a09f392efd7de13bf291b7309e5fc733eaf8fb73c9bfe992619f2d55f85d

SHA512
4a329fa4c374db8530a0db1ba0ca5dd41d743035ec6bd321511b1fee802bfaf486f319731b8c952dfff4889a5aae60f9705a54068395ae54ce8ace1c6f3dde0f

Download Submit
C:\Windows\System32\DriverStore\Temp\{f98a59ee-e053-9d4b-81bf-0f80d68b5085}\amd64\SET5AC6.tmp

Filesize
480KB

MD5
1da414d4fab1829e858ad0460e293a1a

SHA1
a137a8f52cc5336d1e5546d0df27db745c7de63b

SHA256
e940e3bdb702fbe9fbec391a46a32396d7cbc3b99fad07f8a603548f971c5c97

SHA512
96ff5316ada612e91c3f3a16e1b8358f1a8668b7e86d714c32be3415d09069a91289b15038a1d61c792fb9c0b95011382aad1c87397168b7ab00d14765a56475

Download Submit
C:\Windows\System32\catroot2\dberr.txt

Filesize
146KB

MD5
e288923115bc05611a25d9eea635bc31

SHA1
89124512bce061e25877e799e03f34c1b0823de7

SHA256
83c8e58b9f42c7322fd2a7a603d84af117e8d456cdb28b5d2e2e4b81f7e8c3ad

SHA512
9c3fdb3c7a71540d793c32cbb23c32f8abff52a7c323a349d185a9dadfc0539877a1136030387bfe9ac876b45ae2c203134a0e1cc95ac5063dc66a8f64885d43

Download Submit
C:\Windows\Temp\__PSScriptPolicyTest_11mdokkx.zuw.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
\??\c:\windows\installer\msi35b9.tmp

Filesize
527KB

MD5
254066fe0aa25af7a2c9e58a69dfe554

SHA1
459dc3ad13f0ccf80bbb530062891f10fd942201

SHA256
216dfa488fe75f19791842832433c8dcb3ec4ecbb901b73c5726ebfc61b78037

SHA512
5e1356019bb36e675fa4b2bd40eb8450d9100784557ae069639f2a40af959c07123a46056f77733e6ad63f9ec71850ba243c18dae7854df0c8389bdc57c5eb0d

Download Submit
\??\c:\windows\installer\msi3eb3.tmp

Filesize
527KB

MD5
254066fe0aa25af7a2c9e58a69dfe554

SHA1
459dc3ad13f0ccf80bbb530062891f10fd942201

SHA256
216dfa488fe75f19791842832433c8dcb3ec4ecbb901b73c5726ebfc61b78037

SHA512
5e1356019bb36e675fa4b2bd40eb8450d9100784557ae069639f2a40af959c07123a46056f77733e6ad63f9ec71850ba243c18dae7854df0c8389bdc57c5eb0d

Download Submit
\??\c:\windows\installer\msi42cb.tmp

Filesize
527KB

MD5
254066fe0aa25af7a2c9e58a69dfe554

SHA1
459dc3ad13f0ccf80bbb530062891f10fd942201

SHA256
216dfa488fe75f19791842832433c8dcb3ec4ecbb901b73c5726ebfc61b78037

SHA512
5e1356019bb36e675fa4b2bd40eb8450d9100784557ae069639f2a40af959c07123a46056f77733e6ad63f9ec71850ba243c18dae7854df0c8389bdc57c5eb0d

Download Submit
\??\c:\windows\installer\msi4750.tmp

Filesize
527KB

MD5
254066fe0aa25af7a2c9e58a69dfe554

SHA1
459dc3ad13f0ccf80bbb530062891f10fd942201

SHA256
216dfa488fe75f19791842832433c8dcb3ec4ecbb901b73c5726ebfc61b78037

SHA512
5e1356019bb36e675fa4b2bd40eb8450d9100784557ae069639f2a40af959c07123a46056f77733e6ad63f9ec71850ba243c18dae7854df0c8389bdc57c5eb0d

Download Submit
\??\c:\windows\installer\msi4b87.tmp

Filesize
527KB

MD5
254066fe0aa25af7a2c9e58a69dfe554

SHA1
459dc3ad13f0ccf80bbb530062891f10fd942201

SHA256
216dfa488fe75f19791842832433c8dcb3ec4ecbb901b73c5726ebfc61b78037

SHA512
5e1356019bb36e675fa4b2bd40eb8450d9100784557ae069639f2a40af959c07123a46056f77733e6ad63f9ec71850ba243c18dae7854df0c8389bdc57c5eb0d

Download Submit
memory/980-160-0x0000021375B40000-0x0000021375B41000-memory.dmp

Filesize
4KB

Download
memory/980-154-0x0000021375B40000-0x0000021375B41000-memory.dmp

Filesize
4KB

Download
memory/980-155-0x0000021375B40000-0x0000021375B41000-memory.dmp

Filesize
4KB

Download
memory/980-150-0x0000021375B40000-0x0000021375B41000-memory.dmp

Filesize
4KB

Download
memory/980-157-0x0000021375B40000-0x0000021375B41000-memory.dmp

Filesize
4KB

Download
memory/980-159-0x0000021375B40000-0x0000021375B41000-memory.dmp

Filesize
4KB

Download
memory/980-156-0x0000021375B40000-0x0000021375B41000-memory.dmp

Filesize
4KB

Download
memory/980-158-0x0000021375B40000-0x0000021375B41000-memory.dmp

Filesize
4KB

Download
memory/980-149-0x0000021375B40000-0x0000021375B41000-memory.dmp

Filesize
4KB

Download
memory/980-148-0x0000021375B40000-0x0000021375B41000-memory.dmp

Filesize
4KB

Download
memory/2464-991-0x000001AF631E0000-0x000001AF6324C000-memory.dmp

Filesize
432KB

Download
memory/2464-1026-0x000001AF63590000-0x000001AF635A0000-memory.dmp

Filesize
64KB

Download
memory/2464-994-0x000001AF63590000-0x000001AF635A0000-memory.dmp

Filesize
64KB

Download
memory/2464-995-0x000001AF63630000-0x000001AF63638000-memory.dmp

Filesize
32KB

Download
memory/2464-996-0x000001AF7D7C0000-0x000001AF7D7F8000-memory.dmp

Filesize
224KB

Download
memory/2464-997-0x000001AF63640000-0x000001AF6364E000-memory.dmp

Filesize
56KB

Download
memory/2464-993-0x000001AF63590000-0x000001AF635A0000-memory.dmp

Filesize
64KB

Download
memory/2464-1033-0x000001AF63590000-0x000001AF635A0000-memory.dmp

Filesize
64KB

Download
memory/2464-1008-0x000001AF63590000-0x000001AF635A0000-memory.dmp

Filesize
64KB

Download
memory/2464-1031-0x000001AF63590000-0x000001AF635A0000-memory.dmp

Filesize
64KB

Download
memory/2464-1030-0x000001AF63590000-0x000001AF635A0000-memory.dmp

Filesize
64KB

Download
memory/2464-1029-0x000001AF63590000-0x000001AF635A0000-memory.dmp

Filesize
64KB

Download
memory/2464-1028-0x000001AF63590000-0x000001AF635A0000-memory.dmp

Filesize
64KB

Download
memory/3624-1003-0x0000021BDAD20000-0x0000021BDAD42000-memory.dmp

Filesize
136KB

Download
memory/3624-1025-0x0000021BC1C90000-0x0000021BC2751000-memory.dmp

Filesize
10.8MB

Download
memory/3624-1022-0x0000021BDB320000-0x0000021BDB33C000-memory.dmp

Filesize
112KB

Download
memory/3624-1021-0x00007FF40AC80000-0x00007FF40AC90000-memory.dmp

Filesize
64KB

Download
memory/3624-1020-0x0000021BDAF90000-0x0000021BDAF9A000-memory.dmp

Filesize
40KB

Download
memory/3624-1019-0x0000021BDAEB0000-0x0000021BDAECC000-memory.dmp

Filesize
112KB

Download
memory/3624-1009-0x0000021BDAD70000-0x0000021BDAD80000-memory.dmp

Filesize
64KB

Download
memory/4484-300-0x000001D555170000-0x000001D555C31000-memory.dmp

Filesize
10.8MB

Download