0753ad3ab09da170e8ed74c05bedd1efbeb772768dea6c54f976b0932a51df6b

Analysis

max time kernel
626s
max time network
631s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
07-06-2023 17:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0753ad3ab09da170e8ed74c05bedd1efbeb772768dea6c54f976b0932a51df6b.exe
Size

80.5MB
MD5

5d084b1901f13e46b747fcc82f7e10b1
SHA1

1635f3678d02291c5a5b78df8c429e273cca0b30
SHA256

0753ad3ab09da170e8ed74c05bedd1efbeb772768dea6c54f976b0932a51df6b
SHA512

d1a7e269925b50ecd44b97ed39372a918896a4e976c6b9ab09ae948a27af15205cb3c5aee698d80844096c293910d61e402120758e9a46c1def576e8a0d15f7b
SSDEEP

1572864:i0mBl123uKwMxmeK6GyXHdUoIL95a426hwN/T1xF6GXtayb5tBLGUOtFohz:33uKwFF6ubNhG1xgGXXtBaUzB

Score

8^/10

agilenet persistence

Malware Config

Signatures

Blocklisted process makes network request 5 IoCs

Processes:

msiexec.exemsiexec.exe

flow pid process

2 1676 msiexec.exe
7 524 msiexec.exe
12 524 msiexec.exe
14 524 msiexec.exe
16 524 msiexec.exe

flow	pid	process
2	1676	msiexec.exe
7	524	msiexec.exe
12	524	msiexec.exe
14	524	msiexec.exe
16	524	msiexec.exe

Drops file in Drivers directory 3 IoCs

Processes:

MsiExec.exe

description	ioc	process
File opened for modification	C:\Windows\system32\DRIVERS\SET7743.tmp	MsiExec.exe
File created	C:\Windows\system32\DRIVERS\SET7743.tmp	MsiExec.exe
File opened for modification	C:\Windows\system32\DRIVERS\monblanking.sys	MsiExec.exe

Registers new Print Monitor 2 TTPs 18 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

spoolsv.exespoolsv.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\Standard TCP/IP Port\Ports	spoolsv.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\WSD Port	spoolsv.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\novaPDF Port Monitor	spoolsv.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\novaPDF Port Monitor\Ports	spoolsv.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\novaPDF Port Monitor	spoolsv.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\GoToMyPC Port	spoolsv.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\Microsoft Shared Fax Monitor	spoolsv.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\novaPDF Port Monitor\Driver = "novamn8.dll"	spoolsv.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\Local Port	spoolsv.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\novaPDF Port Monitor\Ports\GoToPrintAssistPort	spoolsv.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\GoToMyPC Port	spoolsv.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\Microsoft Shared Fax Monitor	spoolsv.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\novaPDF Port Monitor\Ports	spoolsv.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\Standard TCP/IP Port	spoolsv.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\Standard TCP/IP Port\Ports	spoolsv.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\WSD Port	spoolsv.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\Local Port	spoolsv.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\Standard TCP/IP Port	spoolsv.exe

Obfuscated with Agile.Net obfuscator 4 IoCs

Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

agilenet

Processes:

resource	yara_rule
behavioral1/memory/2240-1015-0x00000000012F0000-0x0000000001300000-memory.dmp	agile_net
behavioral1/memory/2240-1020-0x00000000001D0000-0x00000000001E2000-memory.dmp	agile_net
behavioral1/memory/2240-1021-0x00000000005B0000-0x00000000005F0000-memory.dmp	agile_net
behavioral1/memory/2240-1022-0x0000000000200000-0x000000000020C000-memory.dmp	agile_net

Enumerates connected drives 3 TTPs 48 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

msiexec.exemsiexec.exe

description	ioc	process
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\F:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\F:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe

Drops file in System32 directory 64 IoCs

Processes:

DrvInst.exeMsiExec.exeDrvInst.exespoolsv.exeMsiExec.exemsiexec.exe

description	ioc	process
File opened for modification	C:\Windows\System32\DriverStore\Temp\{42026830-a4ea-0386-12e1-bf378ed84a32}\i386\SETB1A7.tmp	DrvInst.exe
File opened for modification	C:\Windows\system32\DRVSTORE	MsiExec.exe
File created	C:\Windows\system32\DRVSTORE\monblankin_36BCAB857E8A8CBC57146D819C5BB68CC4472E13\monblanking.sys	MsiExec.exe
File created	C:\Windows\System32\DriverStore\Temp\{517a1269-22c9-719a-2b43-e875f86ba310}\amd64\SETA828.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{517a1269-22c9-719a-2b43-e875f86ba310}\amd64\novasv8.dll	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{517a1269-22c9-719a-2b43-e875f86ba310}\amd64\SETA86A.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{517a1269-22c9-719a-2b43-e875f86ba310}\amd64\novaemex8.dll	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\infstor.dat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{42026830-a4ea-0386-12e1-bf378ed84a32}\i386\novaim8.dll	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{42026830-a4ea-0386-12e1-bf378ed84a32}\i386\SETB196.tmp	DrvInst.exe
File created	C:\Windows\system32\g2pcredprovider.dll	MsiExec.exe
File created	C:\Windows\System32\DriverStore\Temp\{517a1269-22c9-719a-2b43-e875f86ba310}\amd64\SETA7F7.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{517a1269-22c9-719a-2b43-e875f86ba310}\amd64\novaem8.exe	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{42026830-a4ea-0386-12e1-bf378ed84a32}\i386\SETB1E9.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{42026830-a4ea-0386-12e1-bf378ed84a32}\SETB1FC.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{42026830-a4ea-0386-12e1-bf378ed84a32}\SETB1FC.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\INFCACHE.0	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\nova8.inf_x86_neutral_727881fda5cf7db0\nova8.PNF	DrvInst.exe
File created	C:\Windows\system32\DRVSTORE\monblankin_36BCAB857E8A8CBC57146D819C5BB68CC4472E13\monblanking.cat	MsiExec.exe
File created	C:\Windows\System32\DriverStore\Temp\{517a1269-22c9-719a-2b43-e875f86ba310}\SETA7E4.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{517a1269-22c9-719a-2b43-e875f86ba310}\amd64\SETA87A.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\INFCACHE.0	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{42026830-a4ea-0386-12e1-bf378ed84a32}\i386\SETB195.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{42026830-a4ea-0386-12e1-bf378ed84a32}\i386\SETB196.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{42026830-a4ea-0386-12e1-bf378ed84a32}\i386\SETB1D8.tmp	DrvInst.exe
File created	C:\Windows\system32\spool\DRIVERS\W32X86\PCC\nova8.inf_x86_neutral_727881fda5cf7db0.cab	spoolsv.exe
File created	C:\Windows\system32\DRVSTORE\monblankin_36BCAB857E8A8CBC57146D819C5BB68CC4472E13\monblanking.inf	MsiExec.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{517a1269-22c9-719a-2b43-e875f86ba310}\SETA7E4.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{42026830-a4ea-0386-12e1-bf378ed84a32}\i386\SETB195.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{42026830-a4ea-0386-12e1-bf378ed84a32}\i386\SETB1A7.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{42026830-a4ea-0386-12e1-bf378ed84a32}\i386\SETB1E9.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{42026830-a4ea-0386-12e1-bf378ed84a32}\i386\SETB1EA.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\infstrng.dat	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{42026830-a4ea-0386-12e1-bf378ed84a32}\i386\SETB194.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{42026830-a4ea-0386-12e1-bf378ed84a32}\i386\SETB1D8.tmp	DrvInst.exe
File created	C:\Windows\system32\spool\DRIVERS\x64\PCC\nova8.inf_amd64_neutral_727881fda5cf7db0.cab	spoolsv.exe
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	MsiExec.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{517a1269-22c9-719a-2b43-e875f86ba310}\amd64\novacl8.exe	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{517a1269-22c9-719a-2b43-e875f86ba310}\amd64\SETA828.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{517a1269-22c9-719a-2b43-e875f86ba310}\amd64\SETA86A.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\infstor.dat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{42026830-a4ea-0386-12e1-bf378ed84a32}\nova8X86.cat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{517a1269-22c9-719a-2b43-e875f86ba310}\SETA7E5.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{517a1269-22c9-719a-2b43-e875f86ba310}\SETA7E5.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{517a1269-22c9-719a-2b43-e875f86ba310}\amd64\SETA807.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{517a1269-22c9-719a-2b43-e875f86ba310}\amd64\SETA807.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{517a1269-22c9-719a-2b43-e875f86ba310}\amd64\novaim8.dll	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\infpub.dat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{42026830-a4ea-0386-12e1-bf378ed84a32}\i386\novaui8.dll	DrvInst.exe
File created	C:\Windows\system32\spool\DRIVERS\x64\G2PrintUPD.txt	MsiExec.exe
File created	C:\Windows\System32\DriverStore\Temp\{517a1269-22c9-719a-2b43-e875f86ba310}\amd64\SETA839.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\FileRepository\nova8.inf_amd64_neutral_727881fda5cf7db0\nova8.PNF	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{42026830-a4ea-0386-12e1-bf378ed84a32}\i386\novaemex8.dll	DrvInst.exe
File opened for modification	C:\Windows\system32\gotomon_x64.dll	MsiExec.exe
File created	C:\Windows\system32\novamn8.dll	msiexec.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{517a1269-22c9-719a-2b43-e875f86ba310}\amd64\SETA7E6.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{517a1269-22c9-719a-2b43-e875f86ba310}\amd64\SETA87A.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{42026830-a4ea-0386-12e1-bf378ed84a32}\i386\SETB194.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\infpub.dat	DrvInst.exe
File created	C:\Windows\system32\spool\DRIVERS\x64\G2PrintUPDDriver_x64.dll	MsiExec.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{517a1269-22c9-719a-2b43-e875f86ba310}\nova8X64.cat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{517a1269-22c9-719a-2b43-e875f86ba310}\amd64\SETA7F7.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{517a1269-22c9-719a-2b43-e875f86ba310}\amd64\novapr8.dll	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{42026830-a4ea-0386-12e1-bf378ed84a32}\i386\novaem8.dll	DrvInst.exe

Checks system information in the registry 2 TTPs 1 IoCs
System information is often read in order to detect sandboxing environments.

Query Registry
T1012

System Information Discovery
T1082

Processes:

g2tray.exe

description ioc process

Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName g2tray.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	g2tray.exe

Drops file in Program Files directory 64 IoCs

Processes:

msiexec.exe

description	ioc	process
File created	C:\Program Files\Softland\novaPDF 8\Editor\NovaImportx86.dll	msiexec.exe
File created	C:\Program Files\Softland\novaPDF 8\Editor\NovaPDFUtils.XMLSerializers.dll	msiexec.exe
File created	C:\Program Files\Softland\novaPDF 8\Driver\AgileDotNetRT64.dll	msiexec.exe
File created	C:\Program Files\Softland\novaPDF 8\Driver\PrinterManager.exe	msiexec.exe
File created	C:\Program Files\Softland\novaPDF 8\Driver\ServiceClient.dll	msiexec.exe
File created	C:\Program Files\Softland\novaPDF 8\Editor\ko\NovaPDFUtils.resources.dll	msiexec.exe
File created	C:\Program Files\Softland\novaPDF 8\Driver\ro\NovaPDFUtils.resources.dll	msiexec.exe
File created	C:\Program Files\Softland\novaPDF 8\Editor\NovaImportx64.dll	msiexec.exe
File created	C:\Program Files\Softland\novaPDF 8\Editor\hr\WAFramework.resources.dll	msiexec.exe
File created	C:\Program Files\Softland\novaPDF 8\Driver\vi\StartupDo.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\GoToMyPC\x64\monblanking.inf	msiexec.exe
File created	C:\Program Files (x86)\GoToMyPC\ResourceHost_en_us.dll	msiexec.exe
File created	C:\Program Files\Softland\novaPDF 8\Driver\UpdateApplication.exe	msiexec.exe
File created	C:\Program Files\Softland\novaPDF 8\Editor\zh-CN\NovaPDFComponent.resources.dll	msiexec.exe
File created	C:\Program Files\Softland\novaPDF 8\Driver\sk\NovaPDFUtils.resources.dll	msiexec.exe
File created	C:\Program Files\Softland\novaPDF 8\Driver\de\StartupDo.resources.dll	msiexec.exe
File created	C:\Program Files\Softland\novaPDF 8\Driver\vi\ActivationClientLibrary.resources.dll	msiexec.exe
File created	C:\Program Files\Softland\novaPDF 8\Editor\el\DeactivationClientLibrary.resources.dll	msiexec.exe
File created	C:\Program Files\Softland\novaPDF 8\Editor\ro\DeactivationClientLibrary.resources.dll	msiexec.exe
File created	C:\Program Files\Softland\novaPDF 8\Editor\en\NovaPDFComponent.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\GoToMyPC\G2PrintUPD.txt	msiexec.exe
File created	C:\Program Files\Softland\novaPDF 8\Driver\tr\DeactivationClientLibrary.resources.dll	msiexec.exe
File created	C:\Program Files\Softland\novaPDF 8\Driver\sk\PrinterManager.resources.dll	msiexec.exe
File created	C:\Program Files\Softland\novaPDF 8\Driver\pt\WAFramework.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\GoToMyPC\G2PrintUPDDriver_x64.dll	msiexec.exe
File created	C:\Program Files (x86)\GoToMyPC\g2simpleft.exe	msiexec.exe
File created	C:\Program Files\Softland\novaPDF 8\Driver\Kit\nova8x86.cat	msiexec.exe
File created	C:\Program Files\Softland\novaPDF 8\Driver\DeactivationClient.exe	msiexec.exe
File created	C:\Program Files\Softland\novaPDF 8\Server\x86\SQLite.Interop.dll	msiexec.exe
File created	C:\Program Files (x86)\GoToMyPC\g2comm.exe	msiexec.exe
File created	C:\Program Files (x86)\GoToMyPC\ScreenCaptureWin8Dll.dll	msiexec.exe
File created	C:\Program Files\Softland\novaPDF 8\Driver\StartupDo.exe	msiexec.exe
File created	C:\Program Files\Softland\novaPDF 8\Editor\pt-BR\NovaPDFUtils.resources.dll	msiexec.exe
File created	C:\Program Files\Softland\novaPDF 8\Driver\pt-BR\Startup.resources.dll	msiexec.exe
File created	C:\Program Files\Softland\novaPDF 8\Server\WAFServicePlugin.dll	msiexec.exe
File created	C:\Program Files (x86)\GoToMyPC\gotomon.dll	msiexec.exe
File created	C:\Program Files\Softland\novaPDF 8\Editor\en\LayoutEditor.resources.dll	msiexec.exe
File created	C:\Program Files\Softland\novaPDF 8\Driver\hr\NovaPDFUtils.resources.dll	msiexec.exe
File created	C:\Program Files\Softland\novaPDF 8\Driver\fr\PrinterManager.resources.dll	msiexec.exe
File created	C:\Program Files\Softland\novaPDF 8\Driver\sk\Startup.resources.dll	msiexec.exe
File created	C:\Program Files\Softland\novaPDF 8\Driver\vi\Startup.resources.dll	msiexec.exe
File created	C:\Program Files\Softland\novaPDF 8\Driver\da\WAFramework.resources.dll	msiexec.exe
File created	C:\Program Files\Softland\novaPDF 8\Server\x64\SQLite.Interop.dll	msiexec.exe
File created	C:\Program Files\Softland\novaPDF 8\Driver\Kit\amd64\novacl8.exe	msiexec.exe
File created	C:\Program Files\Softland\novaPDF 8\Driver\vi\NovaPDFUtils.resources.dll	msiexec.exe
File created	C:\Program Files\Softland\novaPDF 8\Driver\zh-CN\NovaPDFUtils.resources.dll	msiexec.exe
File created	C:\Program Files\Softland\novaPDF 8\Editor\ko\ProfileManager.resources.dll	msiexec.exe
File created	C:\Program Files\Softland\novaPDF 8\Driver\el\Startup.resources.dll	msiexec.exe
File created	C:\Program Files\Softland\novaPDF 8\Driver\hr\Startup.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\GoToMyPC\g2pre.exe	msiexec.exe
File created	C:\Program Files\Softland\novaPDF 8\Driver\lt\DeactivationClientLibrary.resources.dll	msiexec.exe
File created	C:\Program Files\Softland\novaPDF 8\Driver\Kit\i386\novaemex8.exe	msiexec.exe
File created	C:\Program Files\Softland\novaPDF 8\Editor\NovaPDFComponent.dll	msiexec.exe
File created	C:\Program Files\Softland\novaPDF 8\Driver\el\PrinterManager.resources.dll	msiexec.exe
File created	C:\Program Files\Softland\novaPDF 8\Driver\zh-CN\PrinterManager.resources.dll	msiexec.exe
File created	C:\Program Files\Softland\novaPDF 8\Editor\ProfileManager.exe.config	msiexec.exe
File created	C:\Program Files\Softland\novaPDF 8\Driver\ro\Startup.resources.dll	msiexec.exe
File created	C:\Program Files\Softland\novaPDF 8\Editor\pt\DeactivationClientLibrary.resources.dll	msiexec.exe
File created	C:\Program Files\Softland\novaPDF 8\Editor\hr\LayoutEditor.resources.dll	msiexec.exe
File created	C:\Program Files\Softland\novaPDF 8\Driver\cs\NovaPDFUtils.resources.dll	msiexec.exe
File created	C:\Program Files\Softland\novaPDF 8\Driver\de\NovaPDFUtils.resources.dll	msiexec.exe
File created	C:\Program Files\Softland\novaPDF 8\Editor\lt\NovaPDFUtils.resources.dll	msiexec.exe
File created	C:\Program Files\Softland\novaPDF 8\Editor\hr\ProfileManager.resources.dll	msiexec.exe
File created	C:\Program Files\Softland\novaPDF 8\Editor\id\WAFramework.resources.dll	msiexec.exe

Drops file in Windows directory 64 IoCs

Processes:

DrvInst.exemsiexec.exeDrvInst.exeDrvInst.exeMsiExec.exeMsiExec.exerundll32.exerundll32.exe

description	ioc	process
File opened for modification	C:\Windows\INF\setupapi.ev3	DrvInst.exe
File opened for modification	C:\Windows\Installer\MSI7652.tmp	msiexec.exe
File opened for modification	C:\Windows\INF\oem2.inf	DrvInst.exe
File opened for modification	C:\Windows\Installer\MSI590D.tmp	msiexec.exe
File opened for modification	C:\Windows\INF\oem3.inf	DrvInst.exe
File opened for modification	C:\Windows\Installer\MSI302C.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI38F9.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\{57414DD3-55A7-4D2E-916F-2F1407AABE91}\PrinterIcon.ACC28440_DBF2_4762_B900_A720EA521CA2.ico	msiexec.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File created	C:\Windows\Installer\6e4b96.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI258F.tmp	msiexec.exe
File created	C:\Windows\Installer\{57414DD3-55A7-4D2E-916F-2F1407AABE91}\NovaIcon.ACC28440_DBF2_4762_B900_A720EA521CA2.ico	msiexec.exe
File opened for modification	C:\Windows\Installer\{57414DD3-55A7-4D2E-916F-2F1407AABE91}\DoIcon.ACC28440_DBF2_4762_B900_A720EA521CA2.ico	msiexec.exe
File created	C:\Windows\Installer\6e4b95.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIA4B6.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\6e4b9d.ipi	msiexec.exe
File created	C:\Windows\Installer\6e4b93.ipi	msiexec.exe
File opened for modification	C:\Windows\INF\setupapi.app.log	MsiExec.exe
File opened for modification	C:\Windows\Installer\MSI9854.tmp	msiexec.exe
File created	C:\Windows\Installer\wix{1A9E9E77-B29B-47C6-ADEB-9E7D6F7A08CE}.SchedServiceConfig.rmi	MsiExec.exe
File opened for modification	C:\Windows\Installer\MSICD11.tmp	msiexec.exe
File opened for modification	C:\Windows\INF\setupapi.ev1	DrvInst.exe
File opened for modification	C:\Windows\Installer\MSI9874.tmp	msiexec.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\Installer\6e4b93.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI9352.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\6e4b9b.msi	msiexec.exe
File created	C:\Windows\Installer\{57414DD3-55A7-4D2E-916F-2F1407AABE91}\DoIcon.ACC28440_DBF2_4762_B900_A720EA521CA2.ico	msiexec.exe
File opened for modification	C:\Windows\Installer\6e4b92.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI4E52.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\{9969E88A-AF6D-4DB8-B737-684B34EB8703}\ICON_ID_GOTOMYPC	msiexec.exe
File created	C:\Windows\INF\oem3.inf	DrvInst.exe
File opened for modification	C:\Windows\Installer\MSI387A.tmp	msiexec.exe
File created	C:\Windows\Installer\{57414DD3-55A7-4D2E-916F-2F1407AABE91}\PrinterIcon.ACC28440_DBF2_4762_B900_A720EA521CA2.ico	msiexec.exe
File opened for modification	C:\Windows\Installer\6e4b98.ipi	msiexec.exe
File created	C:\Windows\Installer\6e4b9b.msi	msiexec.exe
File created	C:\Windows\Installer\6e4b9d.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\{57414DD3-55A7-4D2E-916F-2F1407AABE91}\NovaIcon.ACC28440_DBF2_4762_B900_A720EA521CA2.ico	msiexec.exe
File created	C:\Windows\Installer\6e4b9f.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI79BF.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIB98F.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSICA81.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI73D1.tmp	msiexec.exe
File created	C:\Windows\Installer\6e4b98.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSID4C0.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI7382.tmp	msiexec.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	rundll32.exe
File created	C:\Windows\INF\oem2.inf	DrvInst.exe
File opened for modification	C:\Windows\Installer\MSID378.tmp	msiexec.exe
File created	C:\Windows\Installer\{9969E88A-AF6D-4DB8-B737-684B34EB8703}\ICON_ID_GOTOMYPC	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI74CB.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIB846.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI3D1F.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI4F7B.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI777C.tmp	msiexec.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	rundll32.exe
File opened for modification	C:\Windows\Installer\6e4b96.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI96BC.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI9759.tmp	msiexec.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File created	C:\Windows\Installer\6e4b9a.msi	msiexec.exe
File created	C:\Windows\Installer\6e4b92.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI7961.tmp	msiexec.exe

Executes dropped EXE 9 IoCs

Processes:

g2svc.exeg2svc.exeg2svc.exeg2comm.exeg2pre.exeg2tray.exenovapdfs.exesqlite3.exesqlite3.exe

pid process

980 g2svc.exe
1384 g2svc.exe
304 g2svc.exe
1556 g2comm.exe
820 g2pre.exe
1520 g2tray.exe
2240 novapdfs.exe
2868 sqlite3.exe
2876 sqlite3.exe

pid	process
980	g2svc.exe
1384	g2svc.exe
304	g2svc.exe
1556	g2comm.exe
820	g2pre.exe
1520	g2tray.exe
2240	novapdfs.exe
2868	sqlite3.exe
2876	sqlite3.exe

Loads dropped DLL 45 IoCs

Processes:

MsiExec.exeMsiExec.exeMsiExec.exeg2svc.exeg2comm.exeMsiExec.exeMsiExec.exeMsiExec.exeMsiExec.exenovapdfs.exespoolsv.exeMsiExec.exeMsiExec.exespoolsv.exe

pid	process
880	MsiExec.exe
1512	MsiExec.exe
1056	MsiExec.exe
1056	MsiExec.exe
1056	MsiExec.exe
1512	MsiExec.exe
1512	MsiExec.exe
1056	MsiExec.exe
1012
1012
1012
1012
1012
1012
1012
1012
1012
1056	MsiExec.exe
1512	MsiExec.exe
880	MsiExec.exe
304	g2svc.exe
1556	g2comm.exe
1556	g2comm.exe
2248	MsiExec.exe
2348	MsiExec.exe
2348	MsiExec.exe
2348	MsiExec.exe
2828	MsiExec.exe
2056	MsiExec.exe
2056	MsiExec.exe
2240	novapdfs.exe
2828	MsiExec.exe
2828	MsiExec.exe
2828	MsiExec.exe
2524	spoolsv.exe
2524	spoolsv.exe
2524	spoolsv.exe
2828	MsiExec.exe
2828	MsiExec.exe
2348	MsiExec.exe
1056	MsiExec.exe
912	MsiExec.exe
2940	spoolsv.exe
2940	spoolsv.exe
2940	spoolsv.exe

Registers COM server for autorun 1 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Processes:

MsiExec.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5B6F824A-21BF-4147-A014-827DA4893903}\InprocServer32\ = "C:\\Windows\\system32\\g2pcredprovider.dll"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5B6F824A-21BF-4147-A014-827DA4893903}\InprocServer32\ThreadingModel = "Apartment"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5B6F824A-21BF-4147-A014-827DA4893903}\InprocServer32	MsiExec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

Processes:

msiexec.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{07C9EF18-AAB1-43EF-8617-74434E4FA18}\AppPath = "C:\\Windows\\System32\\spool\\drivers\\x64\\3"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{07C9EF18-AAB1-43EF-8617-74434E4FA18}\Policy = "3"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{07C9EF18-AAB1-43EF-8617-74434E4FA18}	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{07C9EF18-AAB1-43EF-8617-74434E4FA18}\AppName = "novacl8.exe"	msiexec.exe

Modifies data under HKEY_USERS 64 IoCs

Processes:

DrvInst.exeDrvInst.exeDrvInst.exespoolsv.exespoolsv.exemsiexec.exe

description	ioc	process
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2e\52C64B7E	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\PrinterPorts	spoolsv.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs	DrvInst.exe
Set value (str)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\PrinterPorts\Microsoft XPS Document Writer = "winspool,Ne00:,15,45"	spoolsv.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2E\52C64B7E\@%SystemRoot%\system32\p2pcollab.dll,-8042 = "Peer to Peer Trust"	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Set value (str)	\REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Devices\Microsoft XPS Document Writer = "winspool,Ne00:"	spoolsv.exe
Set value (str)	\REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\PrinterPorts\Microsoft XPS Document Writer = "winspool,Ne00:,15,45"	spoolsv.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Set value (str)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\PrinterPorts\Fax = "winspool,Ne01:,15,45"	spoolsv.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Set value (str)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\Devices\Fax = "winspool,Ne01:"	spoolsv.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2E\52C64B7E\@%SystemRoot%\system32\dnsapi.dll,-103 = "Domain Name System (DNS) Server Trust"	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Set value (str)	\REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\PrinterPorts\Fax = "winspool,Ne01:,15,45"	spoolsv.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2E\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\PrinterPorts	spoolsv.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	DrvInst.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	DrvInst.exe
Set value (str)	\REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Devices\GoToMyPC Print Assistant = "winspool,Ne02:"	spoolsv.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\PrinterPorts	spoolsv.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	DrvInst.exe

Modifies registry class 64 IoCs

Processes:

msiexec.exeg2svc.exeMsiExec.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\77E9E9A1B92B6C74DABEE9D7F6A780EC\ProductName = "novaPDF 8 Printer Driver"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\3DD414757A55E2D419F6F24170AAEB19\SourceList\Media\1 = ";"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A88E9699D6FA8BD47B7386B443BE7830\SourceList\Media	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\g2svc.exe\AppID = "{BE717152-DFB4-4b6c-85C4-2B7C6B5D117C}"	g2svc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{BE717152-DFB4-4b6c-85C4-2B7C6B5D117C}\LocalService = "GoToMyPC"	g2svc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CC79D7F8-2A04-4B81-AE23-8AB2993EC440}	g2svc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\GoToMyPC.StartHereLoader\ = "StartHereLoader"	g2svc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\77E9E9A1B92B6C74DABEE9D7F6A780EC	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\77E9E9A1B92B6C74DABEE9D7F6A780EC\AdvertiseFlags = "388"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\77E9E9A1B92B6C74DABEE9D7F6A780EC\AuthorizedLUAApp = "0"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5B6F824A-21BF-4147-A014-827DA4893903}\InprocServer32	MsiExec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\77E9E9A1B92B6C74DABEE9D7F6A780EC\Clients = 3a0000000000	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\3DD414757A55E2D419F6F24170AAEB19\AdvertiseFlags = "388"	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\3DD414757A55E2D419F6F24170AAEB19\Clients = 3a0000000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\DCF93E3BBE556B1429BEC4A500C00734\77E9E9A1B92B6C74DABEE9D7F6A780EC	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\GoToMyPC.StartHereLoader.1	g2svc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\GoToMyPC.StartHereLoader.1\CLSID	g2svc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\77E9E9A1B92B6C74DABEE9D7F6A780EC\PackageCode = "816ADC6D4595A13498FF12F85D8B1970"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\77E9E9A1B92B6C74DABEE9D7F6A780EC\SourceList\Net	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\3DD414757A55E2D419F6F24170AAEB19\SourceList\LastUsedSource = "n;1;C:\\Program Files (x86)\\GoToMyPC\\PDFPrinterSetup\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CC79D7F8-2A04-4B81-AE23-8AB2993EC440}\ProgID\ = "GoToMyPC.StartHereLoader.1"	g2svc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\3DD414757A55E2D419F6F24170AAEB19\ProductName = "GoToMyPC Print Assistant"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\3DD414757A55E2D419F6F24170AAEB19\AuthorizedLUAApp = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CC79D7F8-2A04-4B81-AE23-8AB2993EC440}\VersionIndependentProgID\ = "GoToMyPC.StartHereLoader"	g2svc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\GoToMyPC.StartHereLoader\CLSID	g2svc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A88E9699D6FA8BD47B7386B443BE7830\PackageCode = "84EB65BDCE4483343B150714D93D3A4D"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A88E9699D6FA8BD47B7386B443BE7830\SourceList\Media\1 = ";"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A88E9699D6FA8BD47B7386B443BE7830\SourceList\LastUsedSource = "n;1;C:\\ProgramData\\GoToMyPC\\G2P_3694\\"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\77E9E9A1B92B6C74DABEE9D7F6A780EC\DeploymentFlags = "3"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\3DD414757A55E2D419F6F24170AAEB19	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\3DD414757A55E2D419F6F24170AAEB19\SourceList\Media	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{BE717152-DFB4-4b6c-85C4-2B7C6B5D117C}\ServiceParameters = "-Service"	g2svc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A88E9699D6FA8BD47B7386B443BE7830\ProductName = "GoToMyPC"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A88E9699D6FA8BD47B7386B443BE7830\AdvertiseFlags = "388"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A88E9699D6FA8BD47B7386B443BE7830\SourceList	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\77E9E9A1B92B6C74DABEE9D7F6A780EC\Language = "1033"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\77E9E9A1B92B6C74DABEE9D7F6A780EC\InstanceType = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\77E9E9A1B92B6C74DABEE9D7F6A780EC\SourceList\PackageName = "novaPDF8PrinterDriver(x64).msi"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\77E9E9A1B92B6C74DABEE9D7F6A780EC\SourceList\Net\1 = "C:\\Program Files (x86)\\GoToMyPC\\PDFPrinterSetup\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\A88E9699D6FA8BD47B7386B443BE7830\ProductFeaturex86	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\77E9E9A1B92B6C74DABEE9D7F6A780EC\SourceList\Media\1 = ";"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\\g2svc.exe	g2svc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CC79D7F8-2A04-4B81-AE23-8AB2993EC440}\LocalServer32\ = "C:\\Program Files (x86)\\GoToMyPC\\g2svc.exe"	g2svc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\A88E9699D6FA8BD47B7386B443BE7830	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A88E9699D6FA8BD47B7386B443BE7830\Language = "1033"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A88E9699D6FA8BD47B7386B443BE7830\Version = "386076270"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\77E9E9A1B92B6C74DABEE9D7F6A780EC\Assignment = "1"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\3DD414757A55E2D419F6F24170AAEB19\PackageCode = "3DD414757A55E2D419F6F24170AAEB19"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5B6F824A-21BF-4147-A014-827DA4893903}\InprocServer32\ = "C:\\Windows\\system32\\g2pcredprovider.dll"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\3DD414757A55E2D419F6F24170AAEB19\SourceList\Net	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\3DD414757A55E2D419F6F24170AAEB19\DeploymentFlags = "3"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5B6F824A-21BF-4147-A014-827DA4893903}\InprocServer32\ThreadingModel = "Apartment"	MsiExec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A88E9699D6FA8BD47B7386B443BE7830\Assignment = "1"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\DCF93E3BBE556B1429BEC4A500C00734	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\3DD414757A55E2D419F6F24170AAEB19\SourceList	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\3DD414757A55E2D419F6F24170AAEB19\SourceList\PackageName = "novaPDF8OEM(x64).msi"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5B6F824A-21BF-4147-A014-827DA4893903}\ = "GoToMyPC Credential Provider"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\GoToMyPC.StartHereLoader	g2svc.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A88E9699D6FA8BD47B7386B443BE7830\AuthorizedLUAApp = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\4D35A00D0B0B10944BA78997B4E04FE5\A88E9699D6FA8BD47B7386B443BE7830	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A88E9699D6FA8BD47B7386B443BE7830\SourceList\Net	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A88E9699D6FA8BD47B7386B443BE7830\Clients = 3a0000000000	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\77E9E9A1B92B6C74DABEE9D7F6A780EC\Version = "134611886"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\77E9E9A1B92B6C74DABEE9D7F6A780EC\SourceList\Media	msiexec.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

msiexec.exe

pid process

524 msiexec.exe
524 msiexec.exe
524 msiexec.exe
524 msiexec.exe
524 msiexec.exe
524 msiexec.exe
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

msiexec.exe

pid process

1676 msiexec.exe

pid	process
524	msiexec.exe
524	msiexec.exe
524	msiexec.exe
524	msiexec.exe
524	msiexec.exe
524	msiexec.exe

pid	process
1676	msiexec.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

msiexec.exemsiexec.exe

description	pid	process
Token: SeShutdownPrivilege	1676	msiexec.exe
Token: SeIncreaseQuotaPrivilege	1676	msiexec.exe
Token: SeRestorePrivilege	524	msiexec.exe
Token: SeTakeOwnershipPrivilege	524	msiexec.exe
Token: SeSecurityPrivilege	524	msiexec.exe
Token: SeCreateTokenPrivilege	1676	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	1676	msiexec.exe
Token: SeLockMemoryPrivilege	1676	msiexec.exe
Token: SeIncreaseQuotaPrivilege	1676	msiexec.exe
Token: SeMachineAccountPrivilege	1676	msiexec.exe
Token: SeTcbPrivilege	1676	msiexec.exe
Token: SeSecurityPrivilege	1676	msiexec.exe
Token: SeTakeOwnershipPrivilege	1676	msiexec.exe
Token: SeLoadDriverPrivilege	1676	msiexec.exe
Token: SeSystemProfilePrivilege	1676	msiexec.exe
Token: SeSystemtimePrivilege	1676	msiexec.exe
Token: SeProfSingleProcessPrivilege	1676	msiexec.exe
Token: SeIncBasePriorityPrivilege	1676	msiexec.exe
Token: SeCreatePagefilePrivilege	1676	msiexec.exe
Token: SeCreatePermanentPrivilege	1676	msiexec.exe
Token: SeBackupPrivilege	1676	msiexec.exe
Token: SeRestorePrivilege	1676	msiexec.exe
Token: SeShutdownPrivilege	1676	msiexec.exe
Token: SeDebugPrivilege	1676	msiexec.exe
Token: SeAuditPrivilege	1676	msiexec.exe
Token: SeSystemEnvironmentPrivilege	1676	msiexec.exe
Token: SeChangeNotifyPrivilege	1676	msiexec.exe
Token: SeRemoteShutdownPrivilege	1676	msiexec.exe
Token: SeUndockPrivilege	1676	msiexec.exe
Token: SeSyncAgentPrivilege	1676	msiexec.exe
Token: SeEnableDelegationPrivilege	1676	msiexec.exe
Token: SeManageVolumePrivilege	1676	msiexec.exe
Token: SeImpersonatePrivilege	1676	msiexec.exe
Token: SeCreateGlobalPrivilege	1676	msiexec.exe
Token: SeCreateTokenPrivilege	1676	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	1676	msiexec.exe
Token: SeLockMemoryPrivilege	1676	msiexec.exe
Token: SeIncreaseQuotaPrivilege	1676	msiexec.exe
Token: SeMachineAccountPrivilege	1676	msiexec.exe
Token: SeTcbPrivilege	1676	msiexec.exe
Token: SeSecurityPrivilege	1676	msiexec.exe
Token: SeTakeOwnershipPrivilege	1676	msiexec.exe
Token: SeLoadDriverPrivilege	1676	msiexec.exe
Token: SeSystemProfilePrivilege	1676	msiexec.exe
Token: SeSystemtimePrivilege	1676	msiexec.exe
Token: SeProfSingleProcessPrivilege	1676	msiexec.exe
Token: SeIncBasePriorityPrivilege	1676	msiexec.exe
Token: SeCreatePagefilePrivilege	1676	msiexec.exe
Token: SeCreatePermanentPrivilege	1676	msiexec.exe
Token: SeBackupPrivilege	1676	msiexec.exe
Token: SeRestorePrivilege	1676	msiexec.exe
Token: SeShutdownPrivilege	1676	msiexec.exe
Token: SeDebugPrivilege	1676	msiexec.exe
Token: SeAuditPrivilege	1676	msiexec.exe
Token: SeSystemEnvironmentPrivilege	1676	msiexec.exe
Token: SeChangeNotifyPrivilege	1676	msiexec.exe
Token: SeRemoteShutdownPrivilege	1676	msiexec.exe
Token: SeUndockPrivilege	1676	msiexec.exe
Token: SeSyncAgentPrivilege	1676	msiexec.exe
Token: SeEnableDelegationPrivilege	1676	msiexec.exe
Token: SeManageVolumePrivilege	1676	msiexec.exe
Token: SeImpersonatePrivilege	1676	msiexec.exe
Token: SeCreateGlobalPrivilege	1676	msiexec.exe
Token: SeCreateTokenPrivilege	1676	msiexec.exe

Suspicious use of FindShellTrayWindow 2 IoCs

Processes:

msiexec.exe

pid process

1676 msiexec.exe
1676 msiexec.exe
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

g2tray.exe

pid process

1520 g2tray.exe

pid	process
1676	msiexec.exe
1676	msiexec.exe

pid	process
1520	g2tray.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

0753ad3ab09da170e8ed74c05bedd1efbeb772768dea6c54f976b0932a51df6b.exemsiexec.exemsiexec.exeg2svc.exeg2comm.exe

description	pid	process	target process
PID 2012 wrote to memory of 1676	2012	0753ad3ab09da170e8ed74c05bedd1efbeb772768dea6c54f976b0932a51df6b.exe	msiexec.exe
PID 2012 wrote to memory of 1676	2012	0753ad3ab09da170e8ed74c05bedd1efbeb772768dea6c54f976b0932a51df6b.exe	msiexec.exe
PID 2012 wrote to memory of 1676	2012	0753ad3ab09da170e8ed74c05bedd1efbeb772768dea6c54f976b0932a51df6b.exe	msiexec.exe
PID 2012 wrote to memory of 1676	2012	0753ad3ab09da170e8ed74c05bedd1efbeb772768dea6c54f976b0932a51df6b.exe	msiexec.exe
PID 2012 wrote to memory of 1676	2012	0753ad3ab09da170e8ed74c05bedd1efbeb772768dea6c54f976b0932a51df6b.exe	msiexec.exe
PID 2012 wrote to memory of 1676	2012	0753ad3ab09da170e8ed74c05bedd1efbeb772768dea6c54f976b0932a51df6b.exe	msiexec.exe
PID 2012 wrote to memory of 1676	2012	0753ad3ab09da170e8ed74c05bedd1efbeb772768dea6c54f976b0932a51df6b.exe	msiexec.exe
PID 524 wrote to memory of 880	524	msiexec.exe	MsiExec.exe
PID 524 wrote to memory of 880	524	msiexec.exe	MsiExec.exe
PID 524 wrote to memory of 880	524	msiexec.exe	MsiExec.exe
PID 524 wrote to memory of 880	524	msiexec.exe	MsiExec.exe
PID 524 wrote to memory of 880	524	msiexec.exe	MsiExec.exe
PID 524 wrote to memory of 880	524	msiexec.exe	MsiExec.exe
PID 524 wrote to memory of 880	524	msiexec.exe	MsiExec.exe
PID 524 wrote to memory of 1512	524	msiexec.exe	MsiExec.exe
PID 524 wrote to memory of 1512	524	msiexec.exe	MsiExec.exe
PID 524 wrote to memory of 1512	524	msiexec.exe	MsiExec.exe
PID 524 wrote to memory of 1512	524	msiexec.exe	MsiExec.exe
PID 524 wrote to memory of 1512	524	msiexec.exe	MsiExec.exe
PID 524 wrote to memory of 1056	524	msiexec.exe	MsiExec.exe
PID 524 wrote to memory of 1056	524	msiexec.exe	MsiExec.exe
PID 524 wrote to memory of 1056	524	msiexec.exe	MsiExec.exe
PID 524 wrote to memory of 1056	524	msiexec.exe	MsiExec.exe
PID 524 wrote to memory of 1056	524	msiexec.exe	MsiExec.exe
PID 524 wrote to memory of 1056	524	msiexec.exe	MsiExec.exe
PID 524 wrote to memory of 1056	524	msiexec.exe	MsiExec.exe
PID 524 wrote to memory of 980	524	msiexec.exe	g2svc.exe
PID 524 wrote to memory of 980	524	msiexec.exe	g2svc.exe
PID 524 wrote to memory of 980	524	msiexec.exe	g2svc.exe
PID 524 wrote to memory of 980	524	msiexec.exe	g2svc.exe
PID 1676 wrote to memory of 1384	1676	msiexec.exe	g2svc.exe
PID 1676 wrote to memory of 1384	1676	msiexec.exe	g2svc.exe
PID 1676 wrote to memory of 1384	1676	msiexec.exe	g2svc.exe
PID 1676 wrote to memory of 1384	1676	msiexec.exe	g2svc.exe
PID 304 wrote to memory of 1556	304	g2svc.exe	g2comm.exe
PID 304 wrote to memory of 1556	304	g2svc.exe	g2comm.exe
PID 304 wrote to memory of 1556	304	g2svc.exe	g2comm.exe
PID 304 wrote to memory of 1556	304	g2svc.exe	g2comm.exe
PID 1556 wrote to memory of 820	1556	g2comm.exe	g2pre.exe
PID 1556 wrote to memory of 820	1556	g2comm.exe	g2pre.exe
PID 1556 wrote to memory of 820	1556	g2comm.exe	g2pre.exe
PID 1556 wrote to memory of 820	1556	g2comm.exe	g2pre.exe
PID 1556 wrote to memory of 1520	1556	g2comm.exe	g2tray.exe
PID 1556 wrote to memory of 1520	1556	g2comm.exe	g2tray.exe
PID 1556 wrote to memory of 1520	1556	g2comm.exe	g2tray.exe
PID 1556 wrote to memory of 1520	1556	g2comm.exe	g2tray.exe
PID 2012 wrote to memory of 1920	2012	0753ad3ab09da170e8ed74c05bedd1efbeb772768dea6c54f976b0932a51df6b.exe	msiexec.exe
PID 2012 wrote to memory of 1920	2012	0753ad3ab09da170e8ed74c05bedd1efbeb772768dea6c54f976b0932a51df6b.exe	msiexec.exe
PID 2012 wrote to memory of 1920	2012	0753ad3ab09da170e8ed74c05bedd1efbeb772768dea6c54f976b0932a51df6b.exe	msiexec.exe
PID 2012 wrote to memory of 1920	2012	0753ad3ab09da170e8ed74c05bedd1efbeb772768dea6c54f976b0932a51df6b.exe	msiexec.exe
PID 2012 wrote to memory of 1920	2012	0753ad3ab09da170e8ed74c05bedd1efbeb772768dea6c54f976b0932a51df6b.exe	msiexec.exe
PID 2012 wrote to memory of 1920	2012	0753ad3ab09da170e8ed74c05bedd1efbeb772768dea6c54f976b0932a51df6b.exe	msiexec.exe
PID 2012 wrote to memory of 1920	2012	0753ad3ab09da170e8ed74c05bedd1efbeb772768dea6c54f976b0932a51df6b.exe	msiexec.exe
PID 524 wrote to memory of 2248	524	msiexec.exe	MsiExec.exe
PID 524 wrote to memory of 2248	524	msiexec.exe	MsiExec.exe
PID 524 wrote to memory of 2248	524	msiexec.exe	MsiExec.exe
PID 524 wrote to memory of 2248	524	msiexec.exe	MsiExec.exe
PID 524 wrote to memory of 2248	524	msiexec.exe	MsiExec.exe
PID 524 wrote to memory of 2348	524	msiexec.exe	MsiExec.exe
PID 524 wrote to memory of 2348	524	msiexec.exe	MsiExec.exe
PID 524 wrote to memory of 2348	524	msiexec.exe	MsiExec.exe
PID 524 wrote to memory of 2348	524	msiexec.exe	MsiExec.exe
PID 524 wrote to memory of 2348	524	msiexec.exe	MsiExec.exe
PID 524 wrote to memory of 2348	524	msiexec.exe	MsiExec.exe

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\0753ad3ab09da170e8ed74c05bedd1efbeb772768dea6c54f976b0932a51df6b.exe
"C:\Users\Admin\AppData\Local\Temp\0753ad3ab09da170e8ed74c05bedd1efbeb772768dea6c54f976b0932a51df6b.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2012

C:\Windows\SysWOW64\msiexec.exe
"C:\Windows\System32\msiexec.exe" /i "C:\ProgramData\GoToMyPC\G2P_3694\GoToMyPCSetup_x64.msi" REINSTALLMODE=dmus /l*v "C:\Users\Admin\AppData\Local\Temp\G2_3694\GoToMyPC_Installation.log"G2P_REINSTALL="YES"
2⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1676

C:\Program Files (x86)\GoToMyPC\g2svc.exe
"C:\Program Files (x86)\GoToMyPC\g2svc.exe"
3⤵
- Executes dropped EXE
PID:1384

C:\Windows\SysWOW64\msiexec.exe
"C:\Windows\System32\msiexec.exe" /i "C:\Program Files (x86)\GoToMyPC\PDFPrinterSetup\novaPDF8PrinterDriver(x64).msi"/qn REINSTALLMODE=dmus
2⤵
PID:1920

C:\Windows\SysWOW64\msiexec.exe
"C:\Windows\System32\msiexec.exe" /i "C:\Program Files (x86)\GoToMyPC\PDFPrinterSetup\novaPDF8OEM(x64).msi"/qn REINSTALLMODE=dmus
2⤵
PID:2064

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:524

C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 4DDFA4D01B00475742E90FC49F5CF520 C
2⤵
- Loads dropped DLL
PID:880

C:\Windows\system32\MsiExec.exe
C:\Windows\system32\MsiExec.exe -Embedding 4676B2C2D051D01703DEF3298154DBC0
2⤵
- Drops file in Drivers directory
- Drops file in System32 directory
- Drops file in Windows directory
- Loads dropped DLL
- Registers COM server for autorun
- Modifies registry class
PID:1512

C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 228C869EADA17DA0816C3C34D7DFB253
2⤵
- Drops file in System32 directory
- Loads dropped DLL
PID:1056

C:\Program Files (x86)\GoToMyPC\g2svc.exe
"C:\Program Files (x86)\GoToMyPC\g2svc.exe" install_auto
2⤵
- Executes dropped EXE
- Modifies registry class
PID:980

C:\Windows\system32\MsiExec.exe
C:\Windows\system32\MsiExec.exe -Embedding 27E132DCC7DCCB43387274F1F8DE7B63
2⤵
- Loads dropped DLL
PID:2248

C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding C4AA18C124C133A8765FA75281330E10
2⤵
- Loads dropped DLL
PID:2348

C:\Windows\system32\MsiExec.exe
C:\Windows\system32\MsiExec.exe -Embedding C026AB71AF9559A4DF491C89D9243833 M Global\MSI0000
2⤵
- Loads dropped DLL
PID:2828

C:\Windows\system32\rundll32.exe
rundll32 printui.dll,PrintUIEntry /ia /m "novaPDF 8" /K /h "x64" /v 3 /f "nova8.inf"
2⤵
- Drops file in Windows directory
PID:2864

C:\Windows\system32\rundll32.exe
rundll32 printui.dll,PrintUIEntry /ia /m "novaPDF 8" /K /h "x86" /v 3 /f "nova8.inf"
2⤵
- Drops file in Windows directory
PID:2488

C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 4EE8FDBD6CFC85CF85A795DDA6863E8F M Global\MSI0000
2⤵
- Drops file in Windows directory
- Loads dropped DLL
PID:2056

C:\Windows\system32\MsiExec.exe
C:\Windows\system32\MsiExec.exe -Embedding 7BFC4F916327BB51A42C69DC244C3B95 M Global\MSI0000
2⤵
- Loads dropped DLL
PID:1056

C:\Windows\system32\MsiExec.exe
C:\Windows\system32\MsiExec.exe -Embedding DD96F4A63C2433C3C93D11EE17CD4979
2⤵
- Loads dropped DLL
PID:912

C:\Program Files\Softland\novaPDF 8\Driver\sqlite3.exe
"C:\Program Files\Softland\novaPDF 8\Driver\sqlite3.exe" "C:\ProgramData\Softland\novaPDF 8\nPdfOem8_120576\nPdfOem8_120576.db" "ALTER TABLE Preset ADD FileTimeLastSave INTEGER DEFAULT 130758123204020800;"
2⤵
- Executes dropped EXE
PID:2868

C:\Program Files\Softland\novaPDF 8\Driver\sqlite3.exe
"C:\Program Files\Softland\novaPDF 8\Driver\sqlite3.exe" "C:\ProgramData\Softland\novaPDF 8\nPdfOem8_120576\nPdfOem8_120576.db" "UPDATE DatabaseInfo SET DBVersion=3 WHERE NOT DBVersion>2"
2⤵
- Executes dropped EXE
PID:2876

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
PID:1960

C:\Windows\system32\DrvInst.exe
DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "0000000000000070" "00000000000002F8"
1⤵
- Drops file in Windows directory
- Modifies data under HKEY_USERS
PID:968

C:\Program Files (x86)\GoToMyPC\g2svc.exe
"C:\Program Files (x86)\GoToMyPC\g2svc.exe" "Start=service"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:304

C:\Program Files (x86)\GoToMyPC\g2comm.exe
"C:\Program Files (x86)\GoToMyPC\g2comm.exe" "Plugin=G2PreLaunch&Dir=C:\Program Files (x86)\GoToMyPC&Path=g2pre.exe&ServiceName=GoToMyPC&ServiceFile=C:\Program Files (x86)\GoToMyPC\g2svc.exe&IsService=true&StartID={CC79D7F8-2A04-4B81-AE23-8AB2993EC440}&Start=service"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1556

C:\Program Files (x86)\GoToMyPC\g2pre.exe
"C:\Program Files (x86)\GoToMyPC\g2pre.exe" "StartID={D09719E3-7AAF-4CA6-9735-51872775C9F7}&Debug=Off&Stat=On&StatDb=On&Index=0"
3⤵
- Executes dropped EXE
PID:820

C:\Program Files (x86)\GoToMyPC\g2tray.exe
"C:\Program Files (x86)\GoToMyPC\g2tray.exe" "StartID={CC79D7F8-2A04-4B81-AE23-8AB2993EC440}&Debug=Off&Stat=On&StatDb=On&Index=0"
3⤵
- Checks system information in the registry
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1520

C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{13ba3d60-f013-5b27-4899-be1d6720116f}\nova8.inf" "9" "655111ddf" "00000000000005C8" "WinSta0\Default" "00000000000005D4" "208" "c:\program files\softland\novapdf 8\driver\kit"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
PID:3024

C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{24a822cc-a633-1718-7f1a-134567b7f02d}\nova8.inf" "0" "655111ddf" "00000000000005D4" "WinSta0\Default" "0000000000000060" "208" "c:\program files\softland\novapdf 8\driver\kit"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
PID:2644

C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe
"C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2240

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding
1⤵
PID:3032

C:\Windows\System32\spoolsv.exe
C:\Windows\System32\spoolsv.exe
1⤵
- Registers new Print Monitor
- Loads dropped DLL
- Modifies data under HKEY_USERS
PID:2524

C:\Windows\System32\spoolsv.exe
C:\Windows\System32\spoolsv.exe
1⤵
- Registers new Print Monitor
- Drops file in System32 directory
- Loads dropped DLL
- Modifies data under HKEY_USERS
PID:2940

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\6e4b94.rbs
Filesize
1.6MB

MD5
41984de1c4cc22b4540a70fb189f0c7c

SHA1
2aea47ec2d579661e16f001b060cd0d37dd420dd

SHA256
48e35e32e6bb49ee9ad6f8de7bdd3442e53f7c8f4ab54b21fbec6029e1e1f504

SHA512
a1d48599a59641312b91b9beb29bf93b02b79c6b7a7e3a50d0472c0187ab00d5ea733ae370a93a8067692d092a30d5a529f1e0c6bfcfe8029cd054fff04686a0

Download Submit
C:\Config.Msi\6e4b99.rbs
Filesize
1.2MB

MD5
6f47b5923758c02a21a4c58e2e2cd009

SHA1
466767244bbadb5c4f51476f0adc64eb6216654f

SHA256
9994422ad97f701954c1dec28e2c22ec88f057b135a18754501f78652966bcdc

SHA512
c97d638ceed02c54d1ecab0bce4748c803be63dc406e60dcbb74079a05aa0c18aead9a52cd1aa7bbf498926bfa53ffb52b020359e8ea4407ae032ac5f9d52f11

Download Submit
C:\Config.Msi\6e4b9e.rbs
Filesize
287KB

MD5
eb79ff6d44f26ad42a2d21c9f7a6e7a9

SHA1
a78be8f583590676facfb4462a0f09400091b354

SHA256
6311564bf53d0d44b0efab35bd5049e7501c06e4498b3c039180e2fe671de1a7

SHA512
4a60e4b78e7800d90c7129b31031efac582b3ddd1dc15b15eca9c3264651400d16c5b74d5ce4ac750b0437444cfb1aae5d731e97c9dadbbf9db0b0b4c1953102

Download Submit
C:\Program Files (x86)\GoToMyPC\G2PrintUPDDriver_x64.dll
Filesize
154KB

MD5
882250c2ce8399560788c9c09614c0ba

SHA1
ef7f330f1466994385b5be99665474f4c4ab8a93

SHA256
7c50640bdd76204b5470f5c64a4066d5be86d03c4e8a895ed1e4af455c570ebe

SHA512
830e93b1d646b5b21daeaf4b4893d0861f8e257582db5ecba2f4c37a351781658af8cce824a0575d53173afc3960d53a6c75075876d58a2c9be6dd0fe73c301c

Download Submit
C:\Program Files (x86)\GoToMyPC\G2PrintUPDUI_x64.dll
Filesize
208KB

MD5
210c13831fa52a359b431c1dead20f2b

SHA1
34325b24fb5cdc46e5fd5d1ca1b53df56885576d

SHA256
2948080f05e64fbc42487f0e796f6c78cb52b2a3c788d2843a2b6a0e6cd1bd6e

SHA512
0c9666ffb331520e53cff69ebbd83c6654ddda867a7185503e5290eec0d3f131b62aaffaefc02fb9f0287603e0e582ec5a35980a94c880f515c3d9d0cdc79833

Download Submit
C:\Program Files (x86)\GoToMyPC\GoToPrintProcessor_x64.dll
Filesize
116KB

MD5
b0e4925100965c5b5353bf57706da5fb

SHA1
db21d47dd2888faa2352967eae39e5e51a20a129

SHA256
f3487b14c65ddc977f01e4de5803d68a78b6026b316a41e8cd79a3488a0a03fc

SHA512
88e843ac54fd69f12e90039814626c619b4d6e53e46ebfd2051b7f945f564cc88caaf9997060a26fe5355206fce683c51fc18b8e6f06742c7348a495357730b8

Download Submit
C:\Program Files (x86)\GoToMyPC\PDFPrinterSetup\novaPDF8PrinterDriver(x64).msi
Filesize
20.1MB

MD5
386d15284beeaf11690ba062b3af49cd

SHA1
872bb3387ce3608676443547f69bbc9e8c11f1cd

SHA256
66d098e8fc776c6015fc21bee14182d716dbb7a29dd747bddb51b11409b777e5

SHA512
2fbf0cca13221cd4da521388e0e689058901d8e2feb8674893624fd7812a6fa69472b0790b76dd25907be26139dcefe708c1aae1edc1ff429befa9ab829ba6ff

Download Submit
C:\Program Files (x86)\GoToMyPC\ResourceHost_en_us.dll
Filesize
4.4MB

MD5
37a398879e3fcbde12b0cad6ba5b33ca

SHA1
77b089d60afcc5824f867abc79fede0f962448a2

SHA256
b22ba26012fc865b86a530ec1d6b49cf4e1ff89d4ced17dea764e4445fffbfae

SHA512
3b1878715c24d03abd38707e4b31d1aaa488de266239121729d2ae4f429c93a8bb5c604be68f6867f80b4fa79bf8f35f0e228f6bd37333c06bfa04b2da89efce

Download Submit
C:\Program Files (x86)\GoToMyPC\g2comm.exe
Filesize
5.6MB

MD5
096dc42bf4a1395e0671bc6a45b279f6

SHA1
49c148f874cb008d46a105fbe07f13c8a91c8aeb

SHA256
085f0c0b2ba680dae63b340ff8980b8a6023674b97672052ab2d04af34b10006

SHA512
dfa1bcc056c854c53f356bd3b5d989da6d4b1213cea99ab0ad3c8713e35fedaad0f084b184074b23f683db1e2bad629f02720e88836c565fa47b7ad4e523da6c

Download Submit
C:\Program Files (x86)\GoToMyPC\g2comm.exe
Filesize
5.6MB

MD5
096dc42bf4a1395e0671bc6a45b279f6

SHA1
49c148f874cb008d46a105fbe07f13c8a91c8aeb

SHA256
085f0c0b2ba680dae63b340ff8980b8a6023674b97672052ab2d04af34b10006

SHA512
dfa1bcc056c854c53f356bd3b5d989da6d4b1213cea99ab0ad3c8713e35fedaad0f084b184074b23f683db1e2bad629f02720e88836c565fa47b7ad4e523da6c

Download Submit
C:\Program Files (x86)\GoToMyPC\g2pre.exe
Filesize
3.6MB

MD5
2a448ad5ededfcc7ff36b3b61770f38f

SHA1
91de8245c33ff153043bdc7218dd72df4c21653f

SHA256
1a75c6fd03015f6422934033572afbf39cd48c1ba69fb9925de9e4bb965880b7

SHA512
5f330698db352bd44233e8998b127651b1507630d57934c79f7f9cf2950c8d4d09eb87412695d557bdd430e4532ef8b38d346a0735970eca3be1269d27369d31

Download Submit
C:\Program Files (x86)\GoToMyPC\g2pre.exe
Filesize
3.6MB

MD5
2a448ad5ededfcc7ff36b3b61770f38f

SHA1
91de8245c33ff153043bdc7218dd72df4c21653f

SHA256
1a75c6fd03015f6422934033572afbf39cd48c1ba69fb9925de9e4bb965880b7

SHA512
5f330698db352bd44233e8998b127651b1507630d57934c79f7f9cf2950c8d4d09eb87412695d557bdd430e4532ef8b38d346a0735970eca3be1269d27369d31

Download Submit
C:\Program Files (x86)\GoToMyPC\g2svc.exe
Filesize
2.8MB

MD5
2b2556dbea3c66bffab41d8e0b3a9ce4

SHA1
aa0869c88319c42a05839554f32699d672643136

SHA256
62c05f999b69d5bd0d1b3fd9eafbd50398c4884de33733aac96444ef4ffcffea

SHA512
b5efff4657d1e2f9edf1c4d27215cee2bc4b247f976d7097ffaa1f3724067d0c0b3c725851c093b863cda64b2f92c18fb5caa5359ccb6576a0042c2e956fb10e

Download Submit
C:\Program Files (x86)\GoToMyPC\g2svc.exe
Filesize
2.8MB

MD5
2b2556dbea3c66bffab41d8e0b3a9ce4

SHA1
aa0869c88319c42a05839554f32699d672643136

SHA256
62c05f999b69d5bd0d1b3fd9eafbd50398c4884de33733aac96444ef4ffcffea

SHA512
b5efff4657d1e2f9edf1c4d27215cee2bc4b247f976d7097ffaa1f3724067d0c0b3c725851c093b863cda64b2f92c18fb5caa5359ccb6576a0042c2e956fb10e

Download Submit
C:\Program Files (x86)\GoToMyPC\g2svc.exe
Filesize
2.8MB

MD5
2b2556dbea3c66bffab41d8e0b3a9ce4

SHA1
aa0869c88319c42a05839554f32699d672643136

SHA256
62c05f999b69d5bd0d1b3fd9eafbd50398c4884de33733aac96444ef4ffcffea

SHA512
b5efff4657d1e2f9edf1c4d27215cee2bc4b247f976d7097ffaa1f3724067d0c0b3c725851c093b863cda64b2f92c18fb5caa5359ccb6576a0042c2e956fb10e

Download Submit
C:\Program Files (x86)\GoToMyPC\g2svc.exe
Filesize
2.8MB

MD5
2b2556dbea3c66bffab41d8e0b3a9ce4

SHA1
aa0869c88319c42a05839554f32699d672643136

SHA256
62c05f999b69d5bd0d1b3fd9eafbd50398c4884de33733aac96444ef4ffcffea

SHA512
b5efff4657d1e2f9edf1c4d27215cee2bc4b247f976d7097ffaa1f3724067d0c0b3c725851c093b863cda64b2f92c18fb5caa5359ccb6576a0042c2e956fb10e

Download Submit
C:\Program Files (x86)\GoToMyPC\g2tray.exe
Filesize
6.4MB

MD5
0f7dd1b6ac0fa71487526bede288d694

SHA1
87ae0a695b2c90f2c39a21293ceb9c4da443915e

SHA256
32ae01338dc96aaa761fba8eb22957c1a909c57e3c72a04218905ff6200c205b

SHA512
bdd7e84ec027f40cf6a9a48c51cc286d58144b9874b75b55d8bb661fdf72f4a715bfbb3ce61f146d5865cd0d2deffc9b92abed699b355a60ae967cd2fd9e8f0a

Download Submit
C:\Program Files (x86)\GoToMyPC\g2tray.exe
Filesize
6.4MB

MD5
0f7dd1b6ac0fa71487526bede288d694

SHA1
87ae0a695b2c90f2c39a21293ceb9c4da443915e

SHA256
32ae01338dc96aaa761fba8eb22957c1a909c57e3c72a04218905ff6200c205b

SHA512
bdd7e84ec027f40cf6a9a48c51cc286d58144b9874b75b55d8bb661fdf72f4a715bfbb3ce61f146d5865cd0d2deffc9b92abed699b355a60ae967cd2fd9e8f0a

Download Submit
C:\Program Files (x86)\GoToMyPC\gotomon_x64.dll
Filesize
195KB

MD5
8dbabe92e70643b21c730671b73f4e56

SHA1
5f0ad1fb4dbd35823797402e95bafceac7bf9754

SHA256
0ced1376d4839482ae9c00bee981ba55224cb29e65998a73edc52a967ea434d2

SHA512
7781c90f9510383149897ae91d3f868b404347145d12c1c0f2607d8f4c5fb7f8ce4afcc77980d3c9bb6dad0fec7d711cbad0e44e36a24b03deb4ff85498ee258

Download Submit
C:\Program Files (x86)\GoToMyPC\x64\g2pcredprovider.dll
Filesize
2.9MB

MD5
a2b21d8c0c9ef182594df3c80624c31f

SHA1
0518750a570d93b1afeb67ad0efe9ff80e15ab83

SHA256
d72cf02b5a651bcfee5b8e014f108129dbda7127caf3982e8396f5de367425a2

SHA512
fdbb770f4ad17998bb308193cc62e6c6c4936112b8577e841a7b7fccc078cb1e309d2211798f014d7d34185aaf8bb669a5f3a067dbb880ab424f25351da4205a

Download Submit
C:\Program Files (x86)\GoToMyPC\x64\monblanking.cat
Filesize
10KB

MD5
eef44920de40c5adc31a708c80ac8705

SHA1
36bcab857e8a8cbc57146d819c5bb68cc4472e13

SHA256
06b9c0a8e17a4938750c092eb8ab7a2b27de23635bb74750e9e3ffefc88b0d3b

SHA512
f4b235cc3d6e250bcf0b011d72a5abdcac513fe81ee71f7865885b9e8539339a4ec0eaef33debe9a96f6523acfecdf94d46a01f66cc2c00d744c0d624a93052d

Download Submit
C:\Program Files (x86)\GoToMyPC\x64\monblanking.inf
Filesize
1KB

MD5
a3837f76ef084b53388026652890188f

SHA1
048994294ec61fadda84b54c7a6abefe7085222a

SHA256
0eaab2e137a1440af550f1212dca8d1139c8f3c4414d397519d36903de8f2bf2

SHA512
42a92494578b098efe46c00af595ae379f079095f7d55e24c6b7ad274115c5bc3ce1ada6a7f7bafe784209cd320a251110b7fe3e0ca68a9730ddb37a034fb0af

Download Submit
C:\Program Files (x86)\GoToMyPC\x64\monblanking.sys
Filesize
46KB

MD5
804049e5f38c8eba058c8db055a3ce50

SHA1
e2fa106976c37934d795c49ee87b91477543fb50

SHA256
460282cf142563abd6b34ff3493164a6e27dd00eb004114ef4306822d7fce302

SHA512
2c75081cf764c7ebf2dead90d42c8cc27f8b3098a17146998f85233236d70f4b71c542c721ad387e1c76f33ffe2dc245deae5eeff2f416eaf3eb31505c9529ba

Download Submit
C:\Program Files\Softland\novaPDF 8\Driver\sqlite3.exe
Filesize
477KB

MD5
5b93d3b726a9cdce21d7926ca506eb05

SHA1
47f6fdc6dbf0b9c7a6219213130337884c2d7b42

SHA256
2196de9fa73c3ea0f97c34a766a53977371f0c1224c17642c1511f5ff0104c0c

SHA512
e56fa4d0fa2ba6b5d1fac663c16cdd119a6059e85163a8a0a4dd2bc79737c5a81aa5d5f40b6650df3c99bbdafc6d8f7833a76296724213771e7bef0b839b6994

Download Submit
C:\ProgramData\GoToMyPC\G2P_3694\GoToMyPC.cab
Filesize
77.4MB

MD5
6417c150d53432a74e090cb1a9b4f604

SHA1
a338139f62f081321ae5ffc0cc1db71d82825d23

SHA256
e8832e4e9a75efc74a713b279b3ecf27b46d5176b6e81171d1eb0853f83691c0

SHA512
7b9be69722b0e3953ededd1bb47f190a9010a277506f8283f4d99fb8511fd824fc71c46e7f11cececcf031da9cfbd3dd61dd5a7733614d6ce647cfbec4572ff3

Download Submit
C:\ProgramData\GoToMyPC\G2P_3694\GoToMyPCSetup_x64.msi
Filesize
1.7MB

MD5
a7fc3ded2c4fbed4fc1032c7cd3981b3

SHA1
a98c3b5ca22787def3555aeea69e0f07f5a2ab8d

SHA256
f21dd1c4325d0a87618d1de201875ae2d7cbf92324d9d55e5735f8a670de9bf9

SHA512
63a7e969e83bc90be81753b3399b345acf4104f8a8d98f8074fea29b81af38a3c68ae81b647c4fc5f5c568177f64aa9a2e498c2a6abaff6e245b0c0a48d3287f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
Filesize
471B

MD5
148e3562638f2c96b8874aa41d14ae26

SHA1
207ade70538f30dd8a5dc9ad0a4085e2a12abaab

SHA256
b6d18b670477b1d51bc07e691f71646c9cebc08a419bd368ddf905725e139221

SHA512
f5250892e3e2c3854048f64b5ed13c8829cc11aba72605355afa69c00ca5d166cfe6602ea74f88a3c499827bbfce9c769a5a69de051c6982f690a301702f44c8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_325DC716E4289E0AE281439314ED4BFA
Filesize
727B

MD5
059b0319f8375f5afea0651c85c2ee8d

SHA1
16d64125d2af4b7e81c70e6e2c6599a89bdb237d

SHA256
5e243e3bf8c8914f1a93afc130060e28f7c8b845a45d6fb0ea5e97e90ef707eb

SHA512
0d5b7a37a7af3a7ce35ca0d8cf571f8a3b9fe00a70d8204f608fb162650a5f06a6369eda79b2ab7f7e26508de946670fa2d14dbf3b35d493f1b260d35ef2f045

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Filesize
62KB

MD5
3ac860860707baaf32469fa7cc7c0192

SHA1
c33c2acdaba0e6fa41fd2f00f186804722477639

SHA256
d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

SHA512
d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
Filesize
727B

MD5
d4910663f25959581d039aef029beb03

SHA1
339a25b2823058b927acd5e077575109c1e0ee9e

SHA256
a8f561f3bd934c679de1e5357cee9dded36a58bf684c743cbf671c4f7244c537

SHA512
28ee8c0753ee611cc071af901453d08f2d8204a23e8c993d35b21900ab3837462a4fea8a8128903f4f7fef604dbe10ee0c6987d2756d93aacf8be8c709829778

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
Filesize
400B

MD5
2d9b084129b90493a747bf46b92f26ed

SHA1
0a258ff6a11c9ac947cd1a3d7bb7cc3558653adc

SHA256
363226a47b13d50b6e027a42f21a813df840a30050361d4b57228b008b205913

SHA512
1d5c6bf86801a29b2063be1df5ff7bd08b23209820a107adc77e3da589062d12c5042cfe155754b9d91b163994f1a6da637b04721cbc544668932293d0d3c3be

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_325DC716E4289E0AE281439314ED4BFA
Filesize
408B

MD5
b455163fedd9ba5670bfa059cd4ea1f0

SHA1
13e9ca6f8ffd7e6f50cac22195c54ae61e0b25bd

SHA256
f7acac935899d19588f52044844677dacf4a8e9691402a30b300883902a9fc5d

SHA512
aea681b56ebfc3fc5ce96dcb1da18693340c9e557c6caf05ef56651b65dfc035a08e2b1261619d216c807d7d74676346296e3b92b8f3fa7a74cd337b66cce88c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
65a65fd5df2340fa72fdaa88261e56f5

SHA1
f935971ce87f2cb68be3b8f11f767bd900a049f8

SHA256
0b31dd1dcfa5dea0602a37bf9175be203506a34edb299dc99d1f759b55f5d254

SHA512
57306e9ea1007a791989ef0103e6879366a4f1cebddf38f7653a270d8fe81b752ea7db3fe9b00e175b878389dade587af00fa364f6697f68feef6a1117629ee9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
Filesize
412B

MD5
ee886828ec9067a3f026488a85c39c85

SHA1
03f70e0fa76bfd4da2de502a99aee73b2cf472a1

SHA256
544638075b091ff0556c4a2efc5adadd52dd6c7898db37d1113a8a6740c5cdab

SHA512
82fdf15bd6415d67156e8cf063dc58e683d70dcbfece048b1443205c0c38d2f1f20211ca4215105e08fbb4bdf6c6d893d154528f33357ade37715ba3394632f2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
Filesize
242B

MD5
f2df4d06bf21c36da7c1776aef30c947

SHA1
8045d8f70605350a26ce822532538b103f499123

SHA256
669f85aa130fbbbe1afd17fa6a1e94edd27a80bbbcfe174319124c5a1d899ed6

SHA512
199a7edcf83c4fe5750f2b6b623e51258771aa98c9b924d47090c7daa03ff06a0253260d18a2c7f0e9551e2c6875604b202b884a419733c6d9cd467462d02eb2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab4425.tmp
Filesize
61KB

MD5
fc4666cbca561e864e7fdf883a9e6661

SHA1
2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

SHA256
10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

SHA512
c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

Download Submit
C:\Users\Admin\AppData\Local\Temp\G2_3694\GoToMyPC_Installation.log
Filesize
44KB

MD5
b31d4fe4e8a81d0f1cd85bb01a10c755

SHA1
3abf9347e0a739f9af025cb1a0744a165fe92850

SHA256
992056f439821715fb1befb5ab8e004accceafc0e8fd806652051ab0fcbdb463

SHA512
06c95d15734e7e89897495f5b1d220db97dac92ec64b76327349bf2324a42813e1e241897fb0db82b2cb4d7416c442e7803c4dc4a9e674a19791533e073b8110

Download Submit
C:\Users\Admin\AppData\Local\Temp\G2_3694\log33DD.tmp\GoToMyPC_Setup.log
Filesize
4KB

MD5
631bcb5cad93e5418157dfb1695184bf

SHA1
c10d3bc71911eaf1c8d5a9f0fb1d1bff6e9178d8

SHA256
423b674cf988d7d6be9f5c55808f699de3415274bf76fc5e888f753d7693d81c

SHA512
8f0b2bc946283ed2bad83f53923e1ac7ac34bb7d07e64342687bc70895cfd7bd40ab4a90e87d54426354c01051527c7c81461e568a92df9907549729922f531b

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI4CD0.tmp
Filesize
220KB

MD5
d3c7010bc04b37671e22541470695269

SHA1
278fd2f7bfd6aba607f31caaf3058173cc9289e4

SHA256
c1f2a02004c56cae7da82bda35c0e8862160e969ea8ba64498ef2fcfca3132c6

SHA512
dea5af39c112f60fba68f1917ff83cb339662f524b9628139f5fced22bc0e1c983be5d2abb430a22f737ef7385b269967ffd964eb3b66fb2a4ec699c7a088ce1

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI8399.tmp
Filesize
220KB

MD5
d3c7010bc04b37671e22541470695269

SHA1
278fd2f7bfd6aba607f31caaf3058173cc9289e4

SHA256
c1f2a02004c56cae7da82bda35c0e8862160e969ea8ba64498ef2fcfca3132c6

SHA512
dea5af39c112f60fba68f1917ff83cb339662f524b9628139f5fced22bc0e1c983be5d2abb430a22f737ef7385b269967ffd964eb3b66fb2a4ec699c7a088ce1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar34F0.tmp
Filesize
164KB

MD5
4ff65ad929cd9a367680e0e5b1c08166

SHA1
c0af0d4396bd1f15c45f39d3b849ba444233b3a2

SHA256
c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

SHA512
f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar4A20.tmp
Filesize
161KB

MD5
73b4b714b42fc9a6aaefd0ae59adb009

SHA1
efdaffd5b0ad21913d22001d91bf6c19ecb4ac41

SHA256
c0cf8cc04c34b5b80a2d86ad0eafb2dd71436f070c86b0321fba0201879625fd

SHA512
73af3c51b15f89237552b1718bef21fd80788fa416bab2cb2e7fb3a60d56249a716eda0d2dd68ab643752272640e7eaaaf57ce64bcb38373ddc3d035fb8d57cd

Download Submit
C:\Windows\Installer\6e4b92.msi
Filesize
1.7MB

MD5
a7fc3ded2c4fbed4fc1032c7cd3981b3

SHA1
a98c3b5ca22787def3555aeea69e0f07f5a2ab8d

SHA256
f21dd1c4325d0a87618d1de201875ae2d7cbf92324d9d55e5735f8a670de9bf9

SHA512
63a7e969e83bc90be81753b3399b345acf4104f8a8d98f8074fea29b81af38a3c68ae81b647c4fc5f5c568177f64aa9a2e498c2a6abaff6e245b0c0a48d3287f

Download Submit
C:\Windows\Installer\6e4b9a.msi
Filesize
20.1MB

MD5
386d15284beeaf11690ba062b3af49cd

SHA1
872bb3387ce3608676443547f69bbc9e8c11f1cd

SHA256
66d098e8fc776c6015fc21bee14182d716dbb7a29dd747bddb51b11409b777e5

SHA512
2fbf0cca13221cd4da521388e0e689058901d8e2feb8674893624fd7812a6fa69472b0790b76dd25907be26139dcefe708c1aae1edc1ff429befa9ab829ba6ff

Download Submit
C:\Windows\Installer\6e4b9f.msi
Filesize
6.5MB

MD5
523a7932c9471832d71a306206d5991d

SHA1
49da1bee87d4f7d592fc8d3e596e7e93c8e8a580

SHA256
e90f9e45e9410f44170687daa846db5fdbd07188f20a1a6cd02208aa2c1e170e

SHA512
85c8317df366d30f4bdffa6cfd4577e0c6e82a869dae08f4c11ca5d3f02ebc101a7004e53273f229a90fa787c48ffeff470907e7c122aa3646c65f5c0d8165dd

Download Submit
C:\Windows\Installer\MSI302C.tmp
Filesize
207KB

MD5
73abefc90c6f6b47a09a1b9b2295d94b

SHA1
ae9e338cc6ce623c18d8b6a45aa6876084b663cd

SHA256
1825336697ef5db92a118c07f0075d96d19308f4836d68d48ba32f0336813b3c

SHA512
5ef2b57481b1be2ec3e7034c38a49f74d4b02ae66e557f611ee43f775f286387615fcb6dc072975d749c1754e4804059d07734ca80d4604fb5769db0bf6f268b

Download Submit
C:\Windows\Installer\MSI4E52.tmp
Filesize
397KB

MD5
b372bfb795923c7704481585166b8678

SHA1
8b65a74688513a916c842e27d76070e39b682211

SHA256
b1e5ea886e2a6be03ba308c003b886de6bee84f9944b3ba11ec8ce1be7df79a5

SHA512
de03a664c7db087c67f5de0da519b2f4550d752d8b42e8f3fbfbf897e0d0169ce37d305bb48bd2937a4b826a4cea0caaa59e38e688d5626de4bdce844baf367a

Download Submit
C:\Windows\Installer\MSI4F7B.tmp
Filesize
220KB

MD5
d3c7010bc04b37671e22541470695269

SHA1
278fd2f7bfd6aba607f31caaf3058173cc9289e4

SHA256
c1f2a02004c56cae7da82bda35c0e8862160e969ea8ba64498ef2fcfca3132c6

SHA512
dea5af39c112f60fba68f1917ff83cb339662f524b9628139f5fced22bc0e1c983be5d2abb430a22f737ef7385b269967ffd964eb3b66fb2a4ec699c7a088ce1

Download Submit
C:\Windows\Installer\MSI7382.tmp
Filesize
220KB

MD5
d3c7010bc04b37671e22541470695269

SHA1
278fd2f7bfd6aba607f31caaf3058173cc9289e4

SHA256
c1f2a02004c56cae7da82bda35c0e8862160e969ea8ba64498ef2fcfca3132c6

SHA512
dea5af39c112f60fba68f1917ff83cb339662f524b9628139f5fced22bc0e1c983be5d2abb430a22f737ef7385b269967ffd964eb3b66fb2a4ec699c7a088ce1

Download Submit
C:\Windows\Installer\MSI7382.tmp
Filesize
220KB

MD5
d3c7010bc04b37671e22541470695269

SHA1
278fd2f7bfd6aba607f31caaf3058173cc9289e4

SHA256
c1f2a02004c56cae7da82bda35c0e8862160e969ea8ba64498ef2fcfca3132c6

SHA512
dea5af39c112f60fba68f1917ff83cb339662f524b9628139f5fced22bc0e1c983be5d2abb430a22f737ef7385b269967ffd964eb3b66fb2a4ec699c7a088ce1

Download Submit
C:\Windows\Installer\MSI73D1.tmp
Filesize
220KB

MD5
d3c7010bc04b37671e22541470695269

SHA1
278fd2f7bfd6aba607f31caaf3058173cc9289e4

SHA256
c1f2a02004c56cae7da82bda35c0e8862160e969ea8ba64498ef2fcfca3132c6

SHA512
dea5af39c112f60fba68f1917ff83cb339662f524b9628139f5fced22bc0e1c983be5d2abb430a22f737ef7385b269967ffd964eb3b66fb2a4ec699c7a088ce1

Download Submit
C:\Windows\Installer\MSI74CB.tmp
Filesize
397KB

MD5
b372bfb795923c7704481585166b8678

SHA1
8b65a74688513a916c842e27d76070e39b682211

SHA256
b1e5ea886e2a6be03ba308c003b886de6bee84f9944b3ba11ec8ce1be7df79a5

SHA512
de03a664c7db087c67f5de0da519b2f4550d752d8b42e8f3fbfbf897e0d0169ce37d305bb48bd2937a4b826a4cea0caaa59e38e688d5626de4bdce844baf367a

Download Submit
C:\Windows\Installer\MSI7652.tmp
Filesize
397KB

MD5
b372bfb795923c7704481585166b8678

SHA1
8b65a74688513a916c842e27d76070e39b682211

SHA256
b1e5ea886e2a6be03ba308c003b886de6bee84f9944b3ba11ec8ce1be7df79a5

SHA512
de03a664c7db087c67f5de0da519b2f4550d752d8b42e8f3fbfbf897e0d0169ce37d305bb48bd2937a4b826a4cea0caaa59e38e688d5626de4bdce844baf367a

Download Submit
C:\Windows\Installer\MSI7652.tmp
Filesize
397KB

MD5
b372bfb795923c7704481585166b8678

SHA1
8b65a74688513a916c842e27d76070e39b682211

SHA256
b1e5ea886e2a6be03ba308c003b886de6bee84f9944b3ba11ec8ce1be7df79a5

SHA512
de03a664c7db087c67f5de0da519b2f4550d752d8b42e8f3fbfbf897e0d0169ce37d305bb48bd2937a4b826a4cea0caaa59e38e688d5626de4bdce844baf367a

Download Submit
C:\Windows\Installer\MSI777C.tmp
Filesize
220KB

MD5
d3c7010bc04b37671e22541470695269

SHA1
278fd2f7bfd6aba607f31caaf3058173cc9289e4

SHA256
c1f2a02004c56cae7da82bda35c0e8862160e969ea8ba64498ef2fcfca3132c6

SHA512
dea5af39c112f60fba68f1917ff83cb339662f524b9628139f5fced22bc0e1c983be5d2abb430a22f737ef7385b269967ffd964eb3b66fb2a4ec699c7a088ce1

Download Submit
C:\Windows\Installer\MSI7961.tmp
Filesize
220KB

MD5
d3c7010bc04b37671e22541470695269

SHA1
278fd2f7bfd6aba607f31caaf3058173cc9289e4

SHA256
c1f2a02004c56cae7da82bda35c0e8862160e969ea8ba64498ef2fcfca3132c6

SHA512
dea5af39c112f60fba68f1917ff83cb339662f524b9628139f5fced22bc0e1c983be5d2abb430a22f737ef7385b269967ffd964eb3b66fb2a4ec699c7a088ce1

Download Submit
C:\Windows\Installer\MSI79BF.tmp
Filesize
397KB

MD5
b372bfb795923c7704481585166b8678

SHA1
8b65a74688513a916c842e27d76070e39b682211

SHA256
b1e5ea886e2a6be03ba308c003b886de6bee84f9944b3ba11ec8ce1be7df79a5

SHA512
de03a664c7db087c67f5de0da519b2f4550d752d8b42e8f3fbfbf897e0d0169ce37d305bb48bd2937a4b826a4cea0caaa59e38e688d5626de4bdce844baf367a

Download Submit
C:\Windows\Installer\MSI9352.tmp
Filesize
92KB

MD5
46beb968ae17509086ee0748bc56bc34

SHA1
b8b76f8ee7c85dc0be9763f2fde7634b72643b47

SHA256
fe8774ac7a1e2c58d56700db634427bb459dc125b39432143556e077b147355a

SHA512
5462b37037c7f65c9649b1945eafe4a388e44b9430fae827ae697f6f88b519ef9311c39bda50938879638097bd38337a349bf764a6094040a4a004e1e2823e21

Download Submit
C:\Windows\Installer\MSIB846.tmp
Filesize
127KB

MD5
4028017cc6109a517fbe0ed0f3688375

SHA1
9e15ced2d087e92b2132344aaee858e0539b2518

SHA256
0f1ade434d25c305cdd2d63a8391be1fa2cd9bd64e0e407ec61c08e6003f6b25

SHA512
d74381bccd75da794fb4b6732810b0be9361eecdc56250c11f28b69268e25153ba8fd4cb916215e48db450bdeb311512868df1f42bc1ba3902b2ea915d282fa7

Download Submit
C:\Windows\Installer\MSID378.tmp
Filesize
177KB

MD5
6e987021151bf80c9bc04fda8b836fb3

SHA1
a18bc58d54dd486431a5412fb14e386355928da9

SHA256
d1f714e5a680e857c4bcae8d67cbb775328d7f795d4585311b5c1b71e65fcf2c

SHA512
dd8154d6a6cfa8bbdde96bb72268bd83450a8cf808ee03b490e3b68530b1a5b5580d4164bc38abf6dd9e0eecfc44a7b40d4a06b9fdafe08ba2b51eef19670a4b

Download Submit
C:\Windows\Installer\{57414DD3-55A7-4D2E-916F-2F1407AABE91}\PrinterIcon.ACC28440_DBF2_4762_B900_A720EA521CA2.ico
Filesize
304KB

MD5
c030699f155c9ac9f67fd9a4e0d4845b

SHA1
fbe6aedd77273f73bc4e4acfa824ac85cbdbb21a

SHA256
5423a8b77d51abc5ca464d9241fc767eb6d261ef58f333d103808b4e62f1df27

SHA512
0ccdf1e1f517d04b10d17c53a879bc651344601a8699f57b5d209bfe4c1b4ef36f5e351f867e9b89797ee04677b896435b2c12ccd4c729f3dca7461d32ec23db

Download Submit
C:\Windows\System32\DRVSTORE\monblankin_36BCAB857E8A8CBC57146D819C5BB68CC4472E13\monblanking.sys
Filesize
46KB

MD5
804049e5f38c8eba058c8db055a3ce50

SHA1
e2fa106976c37934d795c49ee87b91477543fb50

SHA256
460282cf142563abd6b34ff3493164a6e27dd00eb004114ef4306822d7fce302

SHA512
2c75081cf764c7ebf2dead90d42c8cc27f8b3098a17146998f85233236d70f4b71c542c721ad387e1c76f33ffe2dc245deae5eeff2f416eaf3eb31505c9529ba

Download Submit
C:\Windows\System32\DriverStore\Temp\{42026830-a4ea-0386-12e1-bf378ed84a32}\SETB1EB.tmp
Filesize
11KB

MD5
2f00396c36805926e5ae1e5fbe142abe

SHA1
0a5557d188992d429adb733ffffb2d7261dfacd8

SHA256
1f5913975e0a8fa9beb7909cb4d8b60d2a34f47263a59b3ab95658a3354524b7

SHA512
084492b1aee8892746acc72331a0dae5fc8ab8d88a3b0b45f6ad5637adbee61c0e5a642a9ea1d5c9aa8a32079bf770d6297b8763d33884f8707f44ee800a5ba1

Download Submit
C:\Windows\System32\DriverStore\Temp\{42026830-a4ea-0386-12e1-bf378ed84a32}\i386\SETB194.tmp
Filesize
867KB

MD5
9d95efc23a577817bc81d3faddad976e

SHA1
108546f6161fc4ffa160527a9f6d4848e88eec30

SHA256
4e0831da88b64d8a5943779a59838f70ac0bd084cbd19ffba6db379957b42d2a

SHA512
66ae6c9dce38d36af6751601c7b3f6d6e1b7968f80f01bb2c36e658922a15340ddf054f091059b08ea8a4633ac2a8cfc350c1893cd1614577f75763f45a80390

Download Submit
C:\Windows\System32\DriverStore\Temp\{42026830-a4ea-0386-12e1-bf378ed84a32}\i386\SETB195.tmp
Filesize
602KB

MD5
f518f8ad06e4647b7520d03503d7b264

SHA1
ea0afdfbb4179048f4d25adb27c513750edd2a4d

SHA256
122f64967cef3b41dfac52c592b26d3cf58dc29923078a56458a092710ba7d7d

SHA512
68ae98d8875a1a93a44eac0d0f16062a3e4ff494c811b0c1ca9ec70fd48dc855ab224d05ad96d9ca4229e8fe77b8c4996b927031b0ea02c4573e32af6b5916a9

Download Submit
C:\Windows\System32\DriverStore\Temp\{42026830-a4ea-0386-12e1-bf378ed84a32}\i386\SETB196.tmp
Filesize
2.1MB

MD5
748d1ffd3834929239134acc9d6e6c88

SHA1
a1fac723d4be4345aede690eb09eba9865f8b734

SHA256
d89f50444a2c6155d3950cced2a63c9d2e1585af527389b65a2bc2a86dc52b6a

SHA512
2f0aaf403b510c36a23e70b5dcd2fa4713deab2440d526f3cdc8a9b1d1ec4d403e30a8b55f13bc94db2a591ec84103ca8cfc3651706c08af002697c5ffd4c49b

Download Submit
C:\Windows\System32\DriverStore\Temp\{42026830-a4ea-0386-12e1-bf378ed84a32}\i386\SETB1A7.tmp
Filesize
89KB

MD5
95fde5207c5454e6a6a023f608c37c2f

SHA1
77b4a42104ebfa74eaff88baf632a7dd02da442d

SHA256
5a3a09b78ae6c3f80809d60aeaa2a9268353d4d619a214c623104f03315eb872

SHA512
56b9de51cb7af70265fce27489c6f473e41b96b8ed63714e9f279e0d87f871c42b2796f47bb6a90a625eb76005a1a0fa88edd832fc32382036f742bb37c1af2e

Download Submit
C:\Windows\System32\DriverStore\Temp\{42026830-a4ea-0386-12e1-bf378ed84a32}\i386\SETB1B8.tmp
Filesize
1.8MB

MD5
af1cc19d60a1bb94b48d72c4d08a050c

SHA1
e3cb69ed210c8785bbee6b8079285ce4dcd9ec46

SHA256
ea910fa0411258f87019777375353f590258e4d50b9ecdb065fed2ff62c010ab

SHA512
84bbb7e9cb90560c229b292f138785f2c058c1ce89ade1331e5b5eed32872c93c3c48ac6641a633389bec2d28d8f4582a8d12295e80935782d0cc066bdcdd11b

Download Submit
C:\Windows\System32\DriverStore\Temp\{42026830-a4ea-0386-12e1-bf378ed84a32}\i386\SETB1D8.tmp
Filesize
663KB

MD5
20d0a7e6d416cdbb1ed12119d4790695

SHA1
3954b15c1d34a584c0ed5d2f0793b5e7c34e47ec

SHA256
78356e998374bdd61783f741bb4046a78ada7715a653414a6c2e615a4256369c

SHA512
33b53e39703d359c0ea9f50d83ebc0396dee744abe7d9e01247050521dd95e77c780f80405c2380061a618a96776893bdd8067d6719aa6cce81ccad98f1259d4

Download Submit
C:\Windows\System32\DriverStore\Temp\{42026830-a4ea-0386-12e1-bf378ed84a32}\i386\SETB1D9.tmp
Filesize
1.1MB

MD5
a74a7d5d52fb370524b36ac029b63115

SHA1
f5a1b1693c2d62f0c631f60da8f2f968d8bea803

SHA256
ce79d8abd11e8734791fc84475ae87864257843d76919522368619f4a02b7b84

SHA512
d8a6b491deb988e39d4994cb900e1a62430a683e8b106b8e8b596c6405005f1c2134093e3e6ffad2dd34d6107997f97c30cff4bfd2b4fc349e59c77e681a08ea

Download Submit
C:\Windows\System32\DriverStore\Temp\{42026830-a4ea-0386-12e1-bf378ed84a32}\i386\SETB1E9.tmp
Filesize
103KB

MD5
e6c4f143f7222a85ce387e62d0761cba

SHA1
93ef43e4ab9292f55cb7f2d19ddf27f593cd58b2

SHA256
0ea2d55daa72b06f10f8d79b4e2e5bc8d96bd23f13c41745efbac580f92f16f4

SHA512
07820cfb9bcb4ae8b13788c4beb9082dc00c82d62d9e7ca8ca8b0b51cd10253b693c35b5f89640080fb0b0527339708c0d5268cbcab37a4ba73285971ac9c3aa

Download Submit
C:\Windows\System32\DriverStore\Temp\{42026830-a4ea-0386-12e1-bf378ed84a32}\i386\SETB1EA.tmp
Filesize
430KB

MD5
79f3a7bd572dd033d61ab00112bc24ef

SHA1
0eac70e5b4f268c39b30ab23c177ef409fd75bdc

SHA256
dd5e4cb83d334819bf628948877d1ed9f284c49f7c634b19b9e27dab82e08b06

SHA512
21873fa863febc7fb42ada26f7ffe0e36158567f380283e2131ba971fbd0b923d23b7a1254e2ab1cc4ec5e32ac091210816bad8a05bfd0e7f70249a397691ee2

Download Submit
C:\Windows\System32\DriverStore\Temp\{517a1269-22c9-719a-2b43-e875f86ba310}\SETA7E4.tmp
Filesize
11KB

MD5
5665a6a11df159e4c5221ebb4f357fd0

SHA1
814aecf394f329d8f54bda2dd57b2040516931ad

SHA256
4bda94abcbaab23cda1db1d5cd25092fc448107a86a7f427b95f7f69fc5568c3

SHA512
d480ae3e935d070553758bf71784fc98bf68ce8224167ffd649e4724ed52584fc73415c17f5d2ad73f4309b1789a18da5f81560bf7a50dae3735b72fc2e3256e

Download Submit
C:\Windows\System32\DriverStore\Temp\{517a1269-22c9-719a-2b43-e875f86ba310}\SETA7E5.tmp
Filesize
1KB

MD5
aca184b6c71aed60d90a309e75074351

SHA1
8c7e25e79ee3e007c11c5c8543df937f07a6759b

SHA256
759093ef6aea54f05f8ac242281b462f16807c603e0431a009d3683920ba7b96

SHA512
428d1b7da4ab73a215aba0a8116cf7195dee40f250effc72b7715ecf0bc738af0048eeba50833626f31998c6becb10e9906e340e35dfec0c404e26c510fc57bd

Download Submit
C:\Windows\System32\DriverStore\Temp\{517a1269-22c9-719a-2b43-e875f86ba310}\amd64\SETA7E6.tmp
Filesize
1.8MB

MD5
580c078410750969a02b1a14c609c2b3

SHA1
508ca23e9b569265fd818806958a8887900b7f6a

SHA256
07107efbc8cb16b4aec4838a538ea9b55c887b4e70d4eeac6f378b595f54dcfe

SHA512
c6898f8c767b9254fb11136ee49e379d1a246d6aa7ca8ffded39655215e0003d6cdadd5924591b136906977879505e196e78d885cf0c83150957df2677277936

Download Submit
C:\Windows\System32\DriverStore\Temp\{517a1269-22c9-719a-2b43-e875f86ba310}\amd64\SETA7F7.tmp
Filesize
687KB

MD5
dcd2d32cbe8467a34f66fa55aa529615

SHA1
3c48cb710cf84039ea70b42f5e34695ff383c748

SHA256
cafe6cb7344e48f4e44f2c0020ca969db42463d2ab972872464977ca945c3748

SHA512
ce68eb25fdd6e2029d6a2e57de0d2d27787fe44447d8cff5e716fa118d0633c48601cbfe128ee6804d02c992485eb078a152b8d1da421deb549e143403e3804c

Download Submit
C:\Windows\System32\DriverStore\Temp\{517a1269-22c9-719a-2b43-e875f86ba310}\amd64\SETA807.tmp
Filesize
5.3MB

MD5
e1f771245a39bba516ff3bf3c66ee64d

SHA1
7d5dd3e6f04bfb733cb5f0e8d68ed4c8f5e0bb91

SHA256
1e49382cf5b87a3b008a468d8fed55ad09afec6b370ee14c535e4bf9cc4c44fd

SHA512
acc802b5b41a740befee63707a39a20b44c4b3b4877a67e1560fa113005b1ca5f1ec6172da00803752c8b3f75b2b98b863ed2f90fdadef389facb1ba4fcf616e

Download Submit
C:\Windows\System32\DriverStore\Temp\{517a1269-22c9-719a-2b43-e875f86ba310}\amd64\SETA818.tmp
Filesize
103KB

MD5
8886b6731c511235c19e0721a6667e36

SHA1
77d472eb9a54e9ec1f474e6e94865301f04d5909

SHA256
73c29efed41375853f251b4588a8bc89fcc8f1acd0615950ced965dd0f74d0e1

SHA512
749da343aac81382c99d18a9233039c1550ddc8e986d153e344f5b53cbe1eb9809a93cc2d41f5e62ccddde9d302e1233fffeaa7526af7ca8136871bc71df3c7d

Download Submit
C:\Windows\System32\DriverStore\Temp\{517a1269-22c9-719a-2b43-e875f86ba310}\amd64\SETA828.tmp
Filesize
489KB

MD5
45852f60cf4626f24407195aefb74410

SHA1
442d5d66c776fac758056e358507d6d999d77ad4

SHA256
b70249517ab4b82d5c22c80fd6cfcf40c85cb0f905371c0936078eb614d721aa

SHA512
6ee20610b66493c46059827d7b08782a20c9ed1c9a0f8e28dd2831a5c6090dd5d519e66fbf876d7ca0f325c77149568956912937e8718ab84dfbde81f069e250

Download Submit
C:\Windows\System32\DriverStore\Temp\{517a1269-22c9-719a-2b43-e875f86ba310}\amd64\SETA839.tmp
Filesize
1.1MB

MD5
169bdfa679ed0a12d68a44f592b67981

SHA1
8de3731c4d3b22faf2acf4abf1cb5c2c919ec361

SHA256
85a847406b1ddeb5b21bbcde32c38547c62fcd546a2f9fb818a1470432c6bb2d

SHA512
64735de43ebb9b64a86c6e38082a67ec2058dfe0adecfad1aafac421605d4dd87f81f70cf35a9a6ee49c338d0a283140df5e062d6159cc6fa45b1b4096721d00

Download Submit
C:\Windows\System32\DriverStore\Temp\{517a1269-22c9-719a-2b43-e875f86ba310}\amd64\SETA83A.tmp
Filesize
701KB

MD5
93d1094cf00b999f4a1cba707401f99a

SHA1
cd0dbec095d5222bdd98fdb7674c1935d3f2d7d5

SHA256
922cf785a564276ee9f5e076fdc9b981cf334ed2f2ea8dcda2276daf5a0d4742

SHA512
cdb7ccd3787e52b3ad0e7ebeb149caaee4314391c9d9e342d1ff57be5e37d034b7a8a34762df274e5162d3d4795b88bcde58b2fa7f39b5ca3deb0af257b2121f

Download Submit
C:\Windows\System32\DriverStore\Temp\{517a1269-22c9-719a-2b43-e875f86ba310}\amd64\SETA86A.tmp
Filesize
2.1MB

MD5
4c5d7c52428a4d94a2b490a4d2abedff

SHA1
0918161c4b35e9a35b2fd5318be52b3845cfb8e0

SHA256
5b337137fef3363c138933d7963c3f25776c6b31c62d661112a89aa5c83dff84

SHA512
974a9fb0d005bf39d72d71b144ee90f07842788785d7a9f07381a803d58232c1de6fdabd67289b7d0104ea3f0cf0f7fd769f38bf3c465b1286ab3e5da506ed14

Download Submit
C:\Windows\System32\DriverStore\Temp\{517a1269-22c9-719a-2b43-e875f86ba310}\amd64\SETA87A.tmp
Filesize
89KB

MD5
eea16b0ee1d3da4e1185f260c192a3f1

SHA1
8090b22ab85c8b7ea5bf17838c4fdc5c04b5b94d

SHA256
d8dc1cf8eafa26b71ec86dd931af5a6fbcb00b7c6fde04ad536fc3d42c67d421

SHA512
16c405a19e02ae295a2520a5965ffbca154a0b17a48c32edd756364a1cf68771a414714839aaeede33858082e0db08833d62f439a658d85a6aa28381f3555707

Download Submit
\Program Files (x86)\GoToMyPC\g2comm.exe
Filesize
5.6MB

MD5
096dc42bf4a1395e0671bc6a45b279f6

SHA1
49c148f874cb008d46a105fbe07f13c8a91c8aeb

SHA256
085f0c0b2ba680dae63b340ff8980b8a6023674b97672052ab2d04af34b10006

SHA512
dfa1bcc056c854c53f356bd3b5d989da6d4b1213cea99ab0ad3c8713e35fedaad0f084b184074b23f683db1e2bad629f02720e88836c565fa47b7ad4e523da6c

Download Submit
\Program Files (x86)\GoToMyPC\g2pre.exe
Filesize
3.6MB

MD5
2a448ad5ededfcc7ff36b3b61770f38f

SHA1
91de8245c33ff153043bdc7218dd72df4c21653f

SHA256
1a75c6fd03015f6422934033572afbf39cd48c1ba69fb9925de9e4bb965880b7

SHA512
5f330698db352bd44233e8998b127651b1507630d57934c79f7f9cf2950c8d4d09eb87412695d557bdd430e4532ef8b38d346a0735970eca3be1269d27369d31

Download Submit
\Program Files (x86)\GoToMyPC\g2tray.exe
Filesize
6.4MB

MD5
0f7dd1b6ac0fa71487526bede288d694

SHA1
87ae0a695b2c90f2c39a21293ceb9c4da443915e

SHA256
32ae01338dc96aaa761fba8eb22957c1a909c57e3c72a04218905ff6200c205b

SHA512
bdd7e84ec027f40cf6a9a48c51cc286d58144b9874b75b55d8bb661fdf72f4a715bfbb3ce61f146d5865cd0d2deffc9b92abed699b355a60ae967cd2fd9e8f0a

Download Submit
\Users\Admin\AppData\Local\Temp\MSI4CD0.tmp
Filesize
220KB

MD5
d3c7010bc04b37671e22541470695269

SHA1
278fd2f7bfd6aba607f31caaf3058173cc9289e4

SHA256
c1f2a02004c56cae7da82bda35c0e8862160e969ea8ba64498ef2fcfca3132c6

SHA512
dea5af39c112f60fba68f1917ff83cb339662f524b9628139f5fced22bc0e1c983be5d2abb430a22f737ef7385b269967ffd964eb3b66fb2a4ec699c7a088ce1

Download Submit
\Users\Admin\AppData\Local\Temp\MSI8399.tmp
Filesize
220KB

MD5
d3c7010bc04b37671e22541470695269

SHA1
278fd2f7bfd6aba607f31caaf3058173cc9289e4

SHA256
c1f2a02004c56cae7da82bda35c0e8862160e969ea8ba64498ef2fcfca3132c6

SHA512
dea5af39c112f60fba68f1917ff83cb339662f524b9628139f5fced22bc0e1c983be5d2abb430a22f737ef7385b269967ffd964eb3b66fb2a4ec699c7a088ce1

Download Submit
\Windows\Installer\MSI4E52.tmp
Filesize
397KB

MD5
b372bfb795923c7704481585166b8678

SHA1
8b65a74688513a916c842e27d76070e39b682211

SHA256
b1e5ea886e2a6be03ba308c003b886de6bee84f9944b3ba11ec8ce1be7df79a5

SHA512
de03a664c7db087c67f5de0da519b2f4550d752d8b42e8f3fbfbf897e0d0169ce37d305bb48bd2937a4b826a4cea0caaa59e38e688d5626de4bdce844baf367a

Download Submit
\Windows\Installer\MSI4F7B.tmp
Filesize
220KB

MD5
d3c7010bc04b37671e22541470695269

SHA1
278fd2f7bfd6aba607f31caaf3058173cc9289e4

SHA256
c1f2a02004c56cae7da82bda35c0e8862160e969ea8ba64498ef2fcfca3132c6

SHA512
dea5af39c112f60fba68f1917ff83cb339662f524b9628139f5fced22bc0e1c983be5d2abb430a22f737ef7385b269967ffd964eb3b66fb2a4ec699c7a088ce1

Download Submit
\Windows\Installer\MSI7382.tmp
Filesize
220KB

MD5
d3c7010bc04b37671e22541470695269

SHA1
278fd2f7bfd6aba607f31caaf3058173cc9289e4

SHA256
c1f2a02004c56cae7da82bda35c0e8862160e969ea8ba64498ef2fcfca3132c6

SHA512
dea5af39c112f60fba68f1917ff83cb339662f524b9628139f5fced22bc0e1c983be5d2abb430a22f737ef7385b269967ffd964eb3b66fb2a4ec699c7a088ce1

Download Submit
\Windows\Installer\MSI73D1.tmp
Filesize
220KB

MD5
d3c7010bc04b37671e22541470695269

SHA1
278fd2f7bfd6aba607f31caaf3058173cc9289e4

SHA256
c1f2a02004c56cae7da82bda35c0e8862160e969ea8ba64498ef2fcfca3132c6

SHA512
dea5af39c112f60fba68f1917ff83cb339662f524b9628139f5fced22bc0e1c983be5d2abb430a22f737ef7385b269967ffd964eb3b66fb2a4ec699c7a088ce1

Download Submit
\Windows\Installer\MSI74CB.tmp
Filesize
397KB

MD5
b372bfb795923c7704481585166b8678

SHA1
8b65a74688513a916c842e27d76070e39b682211

SHA256
b1e5ea886e2a6be03ba308c003b886de6bee84f9944b3ba11ec8ce1be7df79a5

SHA512
de03a664c7db087c67f5de0da519b2f4550d752d8b42e8f3fbfbf897e0d0169ce37d305bb48bd2937a4b826a4cea0caaa59e38e688d5626de4bdce844baf367a

Download Submit
\Windows\Installer\MSI7652.tmp
Filesize
397KB

MD5
b372bfb795923c7704481585166b8678

SHA1
8b65a74688513a916c842e27d76070e39b682211

SHA256
b1e5ea886e2a6be03ba308c003b886de6bee84f9944b3ba11ec8ce1be7df79a5

SHA512
de03a664c7db087c67f5de0da519b2f4550d752d8b42e8f3fbfbf897e0d0169ce37d305bb48bd2937a4b826a4cea0caaa59e38e688d5626de4bdce844baf367a

Download Submit
\Windows\Installer\MSI777C.tmp
Filesize
220KB

MD5
d3c7010bc04b37671e22541470695269

SHA1
278fd2f7bfd6aba607f31caaf3058173cc9289e4

SHA256
c1f2a02004c56cae7da82bda35c0e8862160e969ea8ba64498ef2fcfca3132c6

SHA512
dea5af39c112f60fba68f1917ff83cb339662f524b9628139f5fced22bc0e1c983be5d2abb430a22f737ef7385b269967ffd964eb3b66fb2a4ec699c7a088ce1

Download Submit
\Windows\Installer\MSI7961.tmp
Filesize
220KB

MD5
d3c7010bc04b37671e22541470695269

SHA1
278fd2f7bfd6aba607f31caaf3058173cc9289e4

SHA256
c1f2a02004c56cae7da82bda35c0e8862160e969ea8ba64498ef2fcfca3132c6

SHA512
dea5af39c112f60fba68f1917ff83cb339662f524b9628139f5fced22bc0e1c983be5d2abb430a22f737ef7385b269967ffd964eb3b66fb2a4ec699c7a088ce1

Download Submit
\Windows\Installer\MSI79BF.tmp
Filesize
397KB

MD5
b372bfb795923c7704481585166b8678

SHA1
8b65a74688513a916c842e27d76070e39b682211

SHA256
b1e5ea886e2a6be03ba308c003b886de6bee84f9944b3ba11ec8ce1be7df79a5

SHA512
de03a664c7db087c67f5de0da519b2f4550d752d8b42e8f3fbfbf897e0d0169ce37d305bb48bd2937a4b826a4cea0caaa59e38e688d5626de4bdce844baf367a

Download Submit
\Windows\System32\gotomon_x64.dll
Filesize
195KB

MD5
8dbabe92e70643b21c730671b73f4e56

SHA1
5f0ad1fb4dbd35823797402e95bafceac7bf9754

SHA256
0ced1376d4839482ae9c00bee981ba55224cb29e65998a73edc52a967ea434d2

SHA512
7781c90f9510383149897ae91d3f868b404347145d12c1c0f2607d8f4c5fb7f8ce4afcc77980d3c9bb6dad0fec7d711cbad0e44e36a24b03deb4ff85498ee258

Download Submit
\Windows\System32\spool\drivers\x64\G2PrintUPDDriver_x64.dll
Filesize
154KB

MD5
882250c2ce8399560788c9c09614c0ba

SHA1
ef7f330f1466994385b5be99665474f4c4ab8a93

SHA256
7c50640bdd76204b5470f5c64a4066d5be86d03c4e8a895ed1e4af455c570ebe

SHA512
830e93b1d646b5b21daeaf4b4893d0861f8e257582db5ecba2f4c37a351781658af8cce824a0575d53173afc3960d53a6c75075876d58a2c9be6dd0fe73c301c

Download Submit
\Windows\System32\spool\drivers\x64\G2PrintUPDDriver_x64.dll
Filesize
154KB

MD5
882250c2ce8399560788c9c09614c0ba

SHA1
ef7f330f1466994385b5be99665474f4c4ab8a93

SHA256
7c50640bdd76204b5470f5c64a4066d5be86d03c4e8a895ed1e4af455c570ebe

SHA512
830e93b1d646b5b21daeaf4b4893d0861f8e257582db5ecba2f4c37a351781658af8cce824a0575d53173afc3960d53a6c75075876d58a2c9be6dd0fe73c301c

Download Submit
\Windows\System32\spool\drivers\x64\G2PrintUPDDriver_x64.dll
Filesize
154KB

MD5
882250c2ce8399560788c9c09614c0ba

SHA1
ef7f330f1466994385b5be99665474f4c4ab8a93

SHA256
7c50640bdd76204b5470f5c64a4066d5be86d03c4e8a895ed1e4af455c570ebe

SHA512
830e93b1d646b5b21daeaf4b4893d0861f8e257582db5ecba2f4c37a351781658af8cce824a0575d53173afc3960d53a6c75075876d58a2c9be6dd0fe73c301c

Download Submit
\Windows\System32\spool\drivers\x64\G2PrintUPDDriver_x64.dll
Filesize
154KB

MD5
882250c2ce8399560788c9c09614c0ba

SHA1
ef7f330f1466994385b5be99665474f4c4ab8a93

SHA256
7c50640bdd76204b5470f5c64a4066d5be86d03c4e8a895ed1e4af455c570ebe

SHA512
830e93b1d646b5b21daeaf4b4893d0861f8e257582db5ecba2f4c37a351781658af8cce824a0575d53173afc3960d53a6c75075876d58a2c9be6dd0fe73c301c

Download Submit
\Windows\System32\spool\drivers\x64\G2PrintUPDUI_x64.dll
Filesize
208KB

MD5
210c13831fa52a359b431c1dead20f2b

SHA1
34325b24fb5cdc46e5fd5d1ca1b53df56885576d

SHA256
2948080f05e64fbc42487f0e796f6c78cb52b2a3c788d2843a2b6a0e6cd1bd6e

SHA512
0c9666ffb331520e53cff69ebbd83c6654ddda867a7185503e5290eec0d3f131b62aaffaefc02fb9f0287603e0e582ec5a35980a94c880f515c3d9d0cdc79833

Download Submit
\Windows\System32\spool\drivers\x64\G2PrintUPDUI_x64.dll
Filesize
208KB

MD5
210c13831fa52a359b431c1dead20f2b

SHA1
34325b24fb5cdc46e5fd5d1ca1b53df56885576d

SHA256
2948080f05e64fbc42487f0e796f6c78cb52b2a3c788d2843a2b6a0e6cd1bd6e

SHA512
0c9666ffb331520e53cff69ebbd83c6654ddda867a7185503e5290eec0d3f131b62aaffaefc02fb9f0287603e0e582ec5a35980a94c880f515c3d9d0cdc79833

Download Submit
\Windows\System32\spool\prtprocs\x64\GoToPrintProcessor_x64.dll
Filesize
116KB

MD5
b0e4925100965c5b5353bf57706da5fb

SHA1
db21d47dd2888faa2352967eae39e5e51a20a129

SHA256
f3487b14c65ddc977f01e4de5803d68a78b6026b316a41e8cd79a3488a0a03fc

SHA512
88e843ac54fd69f12e90039814626c619b4d6e53e46ebfd2051b7f945f564cc88caaf9997060a26fe5355206fce683c51fc18b8e6f06742c7348a495357730b8

Download Submit
\Windows\System32\spool\prtprocs\x64\GoToPrintProcessor_x64.dll
Filesize
116KB

MD5
b0e4925100965c5b5353bf57706da5fb

SHA1
db21d47dd2888faa2352967eae39e5e51a20a129

SHA256
f3487b14c65ddc977f01e4de5803d68a78b6026b316a41e8cd79a3488a0a03fc

SHA512
88e843ac54fd69f12e90039814626c619b4d6e53e46ebfd2051b7f945f564cc88caaf9997060a26fe5355206fce683c51fc18b8e6f06742c7348a495357730b8

Download Submit
memory/2240-1069-0x0000000000530000-0x00000000005B0000-memory.dmp

Filesize
512KB

Download
memory/2240-1020-0x00000000001D0000-0x00000000001E2000-memory.dmp

Filesize
72KB

Download
memory/2240-1018-0x000007FEF6480000-0x000007FEF64A4000-memory.dmp

Filesize
144KB

Download
memory/2240-1017-0x0000000000530000-0x00000000005B0000-memory.dmp

Filesize
512KB

Download
memory/2240-1016-0x000007FEF3FE0000-0x000007FEF410C000-memory.dmp

Filesize
1.2MB

Download
memory/2240-1015-0x00000000012F0000-0x0000000001300000-memory.dmp

Filesize
64KB

Download
memory/2240-1070-0x000007FEF6480000-0x000007FEF64A4000-memory.dmp

Filesize
144KB

Download
memory/2240-1021-0x00000000005B0000-0x00000000005F0000-memory.dmp

Filesize
256KB

Download
memory/2240-1022-0x0000000000200000-0x000000000020C000-memory.dmp

Filesize
48KB

Download
memory/2524-1055-0x0000000001C90000-0x0000000001CB0000-memory.dmp

Filesize
128KB

Download
memory/2868-1207-0x0000000000400000-0x000000000047D000-memory.dmp

Filesize
500KB

Download
memory/2876-1211-0x0000000000400000-0x000000000047D000-memory.dmp

Filesize
500KB

Download
memory/2940-1185-0x0000000001C40000-0x0000000001C60000-memory.dmp

Filesize
128KB

Download