25aec3d6b872c0babd86953702263fd65c0c9f8e6f534b9ed17575cd11d37084

Analysis

max time kernel
210s
max time network
191s
platform
windows10-1703_x64
resource
win10-20230703-en
resource tags

arch:x64arch:x86image:win10-20230703-enlocale:en-usos:windows10-1703-x64system
submitted
13-07-2023 12:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ltanalyzer_32r3.msi
Size

79.6MB
MD5

554addce31e172e00e2fc6ad5b638b3b
SHA1

5590cd152bc605e0ff512ad68d169aed60cde75d
SHA256

25aec3d6b872c0babd86953702263fd65c0c9f8e6f534b9ed17575cd11d37084
SHA512

269cf0037f09cfdd5b71007f07aad92464ca01b59c8ce684c9c85a183ecd1ae6a1c1d7a09405069ab7c64c2e0a313cf30e56b4e5ed628d63c5432844ab405ff1
SSDEEP

1572864:fpttD7y0/TXXjM1EZ9bvMZpbW+8t1PwSXvZALiiEc3otgYavxLwFQxNJRYRAPQFa:BDe0/TXXFvxt1PwSfWpEc4tGZOQfJCRw

Score

9^/10

coreentity

Malware Config

Signatures

CoreEntity .NET Packer 1 IoCs

A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.

coreentity

Processes:

resource	yara_rule
behavioral1/memory/2604-1117-0x00000000170A0000-0x0000000017B34000-memory.dmp	coreentity

Blocklisted process makes network request 2 IoCs

Processes:

msiexec.exe

flow pid process

2 4992 msiexec.exe
4 4992 msiexec.exe

flow	pid	process
2	4992	msiexec.exe
4	4992	msiexec.exe

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

AnalyzerDesktop.exeAnalyzerDesktop.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000\Control Panel\International\Geo\Nation	AnalyzerDesktop.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000\Control Panel\International\Geo\Nation	AnalyzerDesktop.exe

Executes dropped EXE 2 IoCs

Processes:

AnalyzerDesktop.exeAnalyzerDesktop.exe

pid process

2604 AnalyzerDesktop.exe
652 AnalyzerDesktop.exe

pid	process
2604	AnalyzerDesktop.exe
652	AnalyzerDesktop.exe

Loads dropped DLL 64 IoCs

Processes:

MsiExec.exeMsiExec.exeAnalyzerDesktop.exeAnalyzerDesktop.exe

pid	process
2224	MsiExec.exe
2224	MsiExec.exe
2224	MsiExec.exe
2224	MsiExec.exe
2224	MsiExec.exe
2224	MsiExec.exe
2224	MsiExec.exe
2224	MsiExec.exe
2224	MsiExec.exe
2456	MsiExec.exe
2224	MsiExec.exe
2604	AnalyzerDesktop.exe
2604	AnalyzerDesktop.exe
2604	AnalyzerDesktop.exe
2604	AnalyzerDesktop.exe
2604	AnalyzerDesktop.exe
2604	AnalyzerDesktop.exe
2604	AnalyzerDesktop.exe
2604	AnalyzerDesktop.exe
2604	AnalyzerDesktop.exe
2604	AnalyzerDesktop.exe
652	AnalyzerDesktop.exe
652	AnalyzerDesktop.exe
652	AnalyzerDesktop.exe
652	AnalyzerDesktop.exe
652	AnalyzerDesktop.exe
652	AnalyzerDesktop.exe
652	AnalyzerDesktop.exe
652	AnalyzerDesktop.exe
652	AnalyzerDesktop.exe
652	AnalyzerDesktop.exe
2604	AnalyzerDesktop.exe
2604	AnalyzerDesktop.exe
2604	AnalyzerDesktop.exe
2604	AnalyzerDesktop.exe
652	AnalyzerDesktop.exe
652	AnalyzerDesktop.exe
2604	AnalyzerDesktop.exe
2604	AnalyzerDesktop.exe
2604	AnalyzerDesktop.exe
2604	AnalyzerDesktop.exe
2604	AnalyzerDesktop.exe
2604	AnalyzerDesktop.exe
2604	AnalyzerDesktop.exe
2604	AnalyzerDesktop.exe
2604	AnalyzerDesktop.exe
2604	AnalyzerDesktop.exe
2604	AnalyzerDesktop.exe
2604	AnalyzerDesktop.exe
2604	AnalyzerDesktop.exe
2604	AnalyzerDesktop.exe
2604	AnalyzerDesktop.exe
2604	AnalyzerDesktop.exe
2604	AnalyzerDesktop.exe
2604	AnalyzerDesktop.exe
2604	AnalyzerDesktop.exe
2604	AnalyzerDesktop.exe
2604	AnalyzerDesktop.exe
2604	AnalyzerDesktop.exe
2604	AnalyzerDesktop.exe
2604	AnalyzerDesktop.exe
2604	AnalyzerDesktop.exe
2604	AnalyzerDesktop.exe
2604	AnalyzerDesktop.exe

Drops desktop.ini file(s) 1 IoCs

Processes:

MsiExec.exe

description ioc process

File opened for modification C:\$RECYCLE.BIN\S-1-5-18\desktop.ini MsiExec.exe

description	ioc	process
File opened for modification	C:\$RECYCLE.BIN\S-1-5-18\desktop.ini	MsiExec.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

msiexec.exemsiexec.exe

description	ioc	process
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe

Drops file in Program Files directory 64 IoCs

Processes:

msiexec.exe

description	ioc	process
File created	C:\Program Files (x86)\LogTag Recorders\LogTag Analyzer3\Help5\Resources\Images\Anti_Aliasing_On.png	msiexec.exe
File created	C:\Program Files (x86)\LogTag Recorders\LogTag Analyzer3\Help5\Resources\Images\Configuring_HAXO.png	msiexec.exe
File created	C:\Program Files (x86)\LogTag Recorders\LogTag Analyzer3\Help5\Resources\Images\Hibernation_tick_17x17.png	msiexec.exe
File created	C:\Program Files (x86)\LogTag Recorders\LogTag Analyzer3\Help5\Resources\Images\Installer_prerequisites_C++.png	msiexec.exe
File created	C:\Program Files (x86)\LogTag Recorders\LogTag Analyzer3\Help5\Resources\Images\Options_Charts.png	msiexec.exe
File created	C:\Program Files (x86)\LogTag Recorders\LogTag Analyzer3\FileIcon.ico	msiexec.exe
File created	C:\Program Files (x86)\LogTag Recorders\LogTag Analyzer3\Help5\Data\Concepts.js	msiexec.exe
File created	C:\Program Files (x86)\LogTag Recorders\LogTag Analyzer3\Help5\Data\Search.js	msiexec.exe
File created	C:\Program Files (x86)\LogTag Recorders\LogTag Analyzer3\Help5\Topics\UserGuide\Chapter1-Introduction\Window_Menu.htm	msiexec.exe
File created	C:\Program Files (x86)\LogTag Recorders\LogTag Analyzer3\Help5\Topics\UserGuide\Chapter2-Using_Analyzer\Pre-start_data_collection.htm	msiexec.exe
File created	C:\Program Files (x86)\LogTag Recorders\LogTag Analyzer3\Help5\Resources\Images\Report_Tab_Multi.png	msiexec.exe
File created	C:\Program Files (x86)\LogTag Recorders\LogTag Analyzer3\Help5\Skins\Default\Stylesheets\Images\icon-user-light-gray.png	msiexec.exe
File created	C:\Program Files (x86)\LogTag Recorders\LogTag Analyzer3\Help5\Skins\Default\Stylesheets\Slideshow.css	msiexec.exe
File created	C:\Program Files (x86)\LogTag Recorders\LogTag Analyzer3\Help5\Resources\Images\Installer_Finished.png	msiexec.exe
File created	C:\Program Files (x86)\LogTag Recorders\LogTag Analyzer3\Help5\Resources\Images\Menu_Icon_Configure.png	msiexec.exe
File created	C:\Program Files (x86)\LogTag Recorders\LogTag Analyzer3\Help5\Resources\Images\Mouse_Pointer_HorizonticalResize.png	msiexec.exe
File created	C:\Program Files (x86)\LogTag Recorders\LogTag Analyzer3\Help5\Resources\Images\Toolbar_Icon_RealTime_text.png	msiexec.exe
File created	C:\Program Files (x86)\LogTag Recorders\LogTag Analyzer3\FTD2XX_NET.dll	msiexec.exe
File created	C:\Program Files (x86)\LogTag Recorders\LogTag Analyzer3\Help5\Data\HelpSystem.js	msiexec.exe
File created	C:\Program Files (x86)\LogTag Recorders\LogTag Analyzer3\Help5\Data\Tocs\LogTag_Analyzer_3.js	msiexec.exe
File created	C:\Program Files (x86)\LogTag Recorders\LogTag Analyzer3\Help5\Resources\Images\Toolbar_Icon_Options_text.png	msiexec.exe
File created	C:\Program Files (x86)\LogTag Recorders\LogTag Analyzer3\Help5\Resources\Images\Toolbar_Icon_Signatures_text.png	msiexec.exe
File created	C:\Program Files (x86)\LogTag Recorders\LogTag Analyzer3\Help5\Resources\Scripts\stemmer-english.amd.min.js	msiexec.exe
File created	C:\Program Files (x86)\LogTag Recorders\LogTag Analyzer3\Help5\Resources\Snippets\MiniToc topics only snippet.flsnp	msiexec.exe
File created	C:\Program Files (x86)\LogTag Recorders\LogTag Analyzer3\Help5\Resources\Stylesheets\Webelements.css	msiexec.exe
File created	C:\Program Files (x86)\LogTag Recorders\LogTag Analyzer3\System.Net.Http.Formatting.dll	msiexec.exe
File created	C:\Program Files (x86)\LogTag Recorders\LogTag Analyzer3\Help5\Resources\Images\Charts3.png	msiexec.exe
File created	C:\Program Files (x86)\LogTag Recorders\LogTag Analyzer3\Help5\Resources\Images\Dewpoint_Error.svg	msiexec.exe
File created	C:\Program Files (x86)\LogTag Recorders\LogTag Analyzer3\Help5\Topics\UserGuide\Chapter2-Using_Analyzer\Sharing.htm	msiexec.exe
File created	C:\Program Files (x86)\LogTag Recorders\LogTag Analyzer3\Help5\Topics\UserGuide\Chapter3-Customising_the_software\FTP_settings.htm	msiexec.exe
File created	C:\Program Files (x86)\LogTag Recorders\LogTag Analyzer3\Help5\Topics\UserGuide\Chapter3-Customising_the_software\SFTP_settings.htm	msiexec.exe
File created	C:\Program Files (x86)\LogTag Recorders\LogTag Analyzer3\Help5\Data\Alias.js	msiexec.exe
File created	C:\Program Files (x86)\LogTag Recorders\LogTag Analyzer3\Help5\Resources\Images\Mark-Download.svg	msiexec.exe
File created	C:\Program Files (x86)\LogTag Recorders\LogTag Analyzer3\Help5\Topics\UserGuide\Chapter2-Using_Analyzer\CPara_USB_Recorders.htm	msiexec.exe
File created	C:\Program Files (x86)\LogTag Recorders\LogTag Analyzer3\Help5\Resources\Images\Blue-06.svg	msiexec.exe
File created	C:\Program Files (x86)\LogTag Recorders\LogTag Analyzer3\Help5\Resources\Images\Options_Automation_SMTP_error.png	msiexec.exe
File created	C:\Program Files (x86)\LogTag Recorders\LogTag Analyzer3\Help5\Resources\Images\Toolbar_Icon_Refresh.png	msiexec.exe
File created	C:\Program Files (x86)\LogTag Recorders\LogTag Analyzer3\Help5\Resources\Images\Chart_Control_Panel_top.png	msiexec.exe
File created	C:\Program Files (x86)\LogTag Recorders\LogTag Analyzer3\Help5\Resources\Images\Options_User_Server.png	msiexec.exe
File created	C:\Program Files (x86)\LogTag Recorders\LogTag Analyzer3\Help5\Topics\UserGuide\Chapter3-Customising_the_software\Time_Zones.htm	msiexec.exe
File created	C:\Program Files (x86)\LogTag Recorders\LogTag Analyzer3\Help5\Topics\UserGuide\Chapter2-Using_Analyzer\Chart_control_panel.htm	msiexec.exe
File created	C:\Program Files (x86)\LogTag Recorders\LogTag Analyzer3\Help5\Topics\UserGuide\Chapter2-Using_Analyzer\CPara_Alarm_Related_Standard.htm	msiexec.exe
File created	C:\Program Files (x86)\LogTag Recorders\LogTag Analyzer3\Analyzer.ico	msiexec.exe
File created	C:\Program Files (x86)\LogTag Recorders\LogTag Analyzer3\Help5\Data\SearchPhrase_Chunk8.js	msiexec.exe
File created	C:\Program Files (x86)\LogTag Recorders\LogTag Analyzer3\Help5\Resources\Stylesheets\Plain.css	msiexec.exe
File created	C:\Program Files (x86)\LogTag Recorders\LogTag Analyzer3\Help5\Resources\Images\SWUpdateAvailable.png	msiexec.exe
File created	C:\Program Files (x86)\LogTag Recorders\LogTag Analyzer3\Help5\Resources\Images\TRED30_in_interface_300x344.png	msiexec.exe
File created	C:\Program Files (x86)\LogTag Recorders\LogTag Analyzer3\Help5\Resources\Images\USB_Plug.jpg	msiexec.exe
File created	C:\Program Files (x86)\LogTag Recorders\LogTag Analyzer3\Help5\Topics\UserGuide\Chapter2-Using_Analyzer\Sending_a_file_by_email_direct_from_Analyzer.htm	msiexec.exe
File created	C:\Program Files (x86)\LogTag Recorders\LogTag Analyzer3\Help5\Resources\Images\Button_Show_Panel_20x12.png	msiexec.exe
File created	C:\Program Files (x86)\LogTag Recorders\LogTag Analyzer3\Help5\Resources\Images\Multi-Alarm-Line.png	msiexec.exe
File created	C:\Program Files (x86)\LogTag Recorders\LogTag Analyzer3\Help5\Resources\Images\Multi-Chart_Data.png	msiexec.exe
File created	C:\Program Files (x86)\LogTag Recorders\LogTag Analyzer3\Help5\Resources\Images\Menu_Icon_Properties.png	msiexec.exe
File created	C:\Program Files (x86)\LogTag Recorders\LogTag Analyzer3\Help5\Topics\UserGuide\Chapter2-Using_Analyzer\How_secure_is_my_data.htm	msiexec.exe
File created	C:\Program Files (x86)\LogTag Recorders\LogTag Analyzer3\Help5\Resources\Images\Menu_LogTag_Configure.png	msiexec.exe
File created	C:\Program Files (x86)\LogTag Recorders\LogTag Analyzer3\Help5\Resources\Images\Toolbar_Icon_Open_text.png	msiexec.exe
File created	C:\Program Files (x86)\LogTag Recorders\LogTag Analyzer3\Help5\Topics\UserGuide\A-Front_Matter\Disclaimer.htm	msiexec.exe
File created	C:\Program Files (x86)\LogTag Recorders\LogTag Analyzer3\Help5\Topics\UserGuide\Chapter2-Using_Analyzer\Behind_the_scenes.htm	msiexec.exe
File created	C:\Program Files (x86)\LogTag Recorders\LogTag Analyzer3\Help5\Topics\UserGuide\Chapter2-Using_Analyzer\Degree_Minutes.htm	msiexec.exe
File created	C:\Program Files (x86)\LogTag Recorders\LogTag Analyzer3\Help5\Data\SearchPhrase_Chunk9.js	msiexec.exe
File created	C:\Program Files (x86)\LogTag Recorders\LogTag Analyzer3\Help5\Resources\Images\LTO_Pick_Team.png	msiexec.exe
File created	C:\Program Files (x86)\LogTag Recorders\LogTag Analyzer3\Help5\Resources\Images\Menu_Icon_Options.png	msiexec.exe
File created	C:\Program Files (x86)\LogTag Recorders\LogTag Analyzer3\Help5\Topics\UserGuide\Chapter2-Using_Analyzer\Standard_Deviation.htm	msiexec.exe
File created	C:\Program Files (x86)\LogTag Recorders\LogTag Analyzer3\Help5\Topics\UserGuide\Chapter2-Using_Analyzer\Verify_Access_Password.htm	msiexec.exe

Drops file in Windows directory 30 IoCs

Processes:

msiexec.exe

description	ioc	process
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File opened for modification	C:\Windows\Installer\{0CF72B31-1B18-4500-BBB4-7AD80BBEB685}\ext_3.exe	msiexec.exe
File opened for modification	C:\Windows\Installer\{0CF72B31-1B18-4500-BBB4-7AD80BBEB685}\ext.exe	msiexec.exe
File opened for modification	C:\Windows\Installer\e57fe55.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\{0CF72B31-1B18-4500-BBB4-7AD80BBEB685}\ext_1.exe	msiexec.exe
File created	C:\Windows\Installer\e57fe55.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI443.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI703.tmp	msiexec.exe
File created	C:\Windows\Installer\e57fe59.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIED7.tmp	msiexec.exe
File created	C:\Windows\Installer\{0CF72B31-1B18-4500-BBB4-7AD80BBEB685}\ext_1.exe	msiexec.exe
File opened for modification	C:\Windows\Installer\{0CF72B31-1B18-4500-BBB4-7AD80BBEB685}\WifiWizard_1.exe	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI7DF.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI8DA.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI3B5.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIAFE.tmp	msiexec.exe
File created	C:\Windows\Installer\{0CF72B31-1B18-4500-BBB4-7AD80BBEB685}\ext.exe	msiexec.exe
File created	C:\Windows\Installer\{0CF72B31-1B18-4500-BBB4-7AD80BBEB685}\WifiWizard_1.exe	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI328F.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI3581.tmp	msiexec.exe
File created	C:\Windows\Installer\SourceHash{0CF72B31-1B18-4500-BBB4-7AD80BBEB685}	msiexec.exe
File created	C:\Windows\Installer\{0CF72B31-1B18-4500-BBB4-7AD80BBEB685}\ext_3.exe	msiexec.exe
File created	C:\Windows\Installer\{0CF72B31-1B18-4500-BBB4-7AD80BBEB685}\Analyzer.exe	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI33DA.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI153.tmp	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI1485.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\{0CF72B31-1B18-4500-BBB4-7AD80BBEB685}\Analyzer.exe	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI32ED.tmp	msiexec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

svchost.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Mfg	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0064	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0038	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{4340a6c5-93fa-4706-972c-7b648008a5a7}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0002	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004E	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Mfg	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0034	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0058	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{4340a6c5-93fa-4706-972c-7b648008a5a7}\0008	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0002	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004\	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0005	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2006	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0016	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0018	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008\	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004E	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0005	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0003	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{3b2ce006-5e61-4fde-bab8-9b8aac9b26df}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0065	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0065	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Capabilities	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004D	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Mfg	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0004	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0018	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0038	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0058	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0034	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\300A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2002	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004C	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\DeviceDesc	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0038	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0006	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0018	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004E	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2003	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004C	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A\	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004C	svchost.exe

Modifies data under HKEY_USERS 14 IoCs

Processes:

msiexec.exeMsiExec.exesvchost.exe

description	ioc	process
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\1E\52C64B7E	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\Volume\{923dbd58-0000-0000-0000-d01200000000}	MsiExec.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\Volume\{923dbd58-0000-0000-0000-d01200000000}\NukeOnDelete = "0"	MsiExec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\1F	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\OnDemandInterfaceCache	svchost.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket	MsiExec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\Volume	MsiExec.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\Volume\{923dbd58-0000-0000-0000-d01200000000}\MaxCapacity = "12287"	MsiExec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer	MsiExec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\20	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1f	msiexec.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\TelemetrySalt = "4"	MsiExec.exe

Modifies registry class 64 IoCs

Processes:

AnalyzerDesktop.exemsiexec.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616193"	AnalyzerDesktop.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16"	AnalyzerDesktop.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\13B27FC081B10054BB4BA78DB0EB6B58\Assignment = "1"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LogTag.LogTag Analyzer.ltd	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.ltd	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LogTag.LogTag Analyzer.multi\shell\open	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0	AnalyzerDesktop.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	AnalyzerDesktop.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LogTag.LogTag Analyzer.ltd\shell\open	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.multi\LogTag.LogTag Analyzer.multi	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\13B27FC081B10054BB4BA78DB0EB6B58\AuthorizedLUAApp = "0"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LogTag.LogTag Analyzer.sltd\DefaultIcon	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\LogTag.LogTag Analyzer.multix\ = "Analyzer Multi Chart Document"	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	AnalyzerDesktop.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\13B27FC081B10054BB4BA78DB0EB6B58\MRU_List	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\LogTag.LogTag Analyzer.sltd\shell\open\command\command = 2e003f003500320027004b003f00240033003d00410078007b0058006e002900650076007b0052004d00610069006e0046006500610074007500720065003e006800250027004c002d0055004a005400690040004a004b004d005f0035006d00440071005f0027002000220025003100220000000000	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\LogTag.LogTag Analyzer.multi\shell\open\command\command = 2e003f003500320027004b003f00240033003d00410078007b0058006e002900650076007b0052004d00610069006e0046006500610074007500720065003e006800250027004c002d0055004a005400690040004a004b004d005f0035006d00440071005f0027002000220025003100220000000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.asxml\ = "LogTag.LogTag Analyzer.asxml"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\LogTag.LogTag Analyzer.asxml\shell\open\ = "&Open"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\LogTag.LogTag Analyzer.ltdx\ = "Analyzer Document"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LogTag.LogTag Analyzer.ltdx\DefaultIcon	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\13B27FC081B10054BB4BA78DB0EB6B58\AdvertiseFlags = "388"	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\LogTag.LogTag Analyzer.ltdx\shell\open\command\command = 2e003f003500320027004b003f00240033003d00410078007b0058006e002900650076007b0052004d00610069006e0046006500610074007500720065003e006800250027004c002d0055004a005400690040004a004b004d005f0035006d00440071005f0027002000220025003100220000000000	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LogTag.LogTag Analyzer.sltd\shell\open	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LogTag.LogTag Analyzer.multi	msiexec.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = 00000000ffffffff	AnalyzerDesktop.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0 = 5000310000000000e3568a58100041646d696e003c0009000400efbee3562850e3568a582e00000099520100000001000000000000000000000000000000ef6a4f00410064006d0069006e00000014000000	AnalyzerDesktop.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\LogTag.LogTag Analyzer.ltd\shell\ = "open"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.multi	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\13B27FC081B10054BB4BA78DB0EB6B58\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Local\\Temp\\"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0	AnalyzerDesktop.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.ltdx\LogTag.LogTag Analyzer.ltdx	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\LogTag.LogTag Analyzer.sltd\shell\open\ = "&Open"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LogTag.LogTag Analyzer.multi\shell	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\LogTag.LogTag Analyzer.asxml\shell\open\command\command = 2e003f003500320027004b003f00240033003d00410078007b0058006e002900650076007b0052004d00610069006e0046006500610074007500720065003e006800250027004c002d0055004a005400690040004a004b004d005f0035006d00440071005f0027002000220025003100220000000000	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LogTag.LogTag Analyzer.ltd\DefaultIcon	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\13B27FC081B10054BB4BA78DB0EB6B58\ProductIcon = "C:\\Windows\\Installer\\{0CF72B31-1B18-4500-BBB4-7AD80BBEB685}\\Analyzer.exe"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	AnalyzerDesktop.exe
Key created	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	AnalyzerDesktop.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.ltdx\ = "LogTag.LogTag Analyzer.ltdx"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\LogTag.LogTag Analyzer.multi\shell\open\ = "&Open"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\LogTag.LogTag Analyzer.multi\shell\ = "open"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance	AnalyzerDesktop.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0"	AnalyzerDesktop.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\13B27FC081B10054BB4BA78DB0EB6B58\SourceList\Media	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	AnalyzerDesktop.exe
Key created	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	AnalyzerDesktop.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LogTag.LogTag Analyzer.sltd\shell	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LogTag.LogTag Analyzer.multix\shell\open\command	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LogTag.LogTag Analyzer.multix\shell\open	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LogTag.LogTag Analyzer.multix\DefaultIcon	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents"	AnalyzerDesktop.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.ltdx\LogTag.LogTag Analyzer.ltdx\ShellNew	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\LogTag.LogTag Analyzer.ltd\shell\open\command\command = 2e003f003500320027004b003f00240033003d00410078007b0058006e002900650076007b0052004d00610069006e0046006500610074007500720065003e006800250027004c002d0055004a005400690040004a004b004d005f0035006d00440071005f0027002000220025003100220000000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\LogTag.LogTag Analyzer.multix\shell\open\ = "&Open"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0	AnalyzerDesktop.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\NodeSlot = "1"	AnalyzerDesktop.exe
Key created	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	AnalyzerDesktop.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\13B27FC081B10054BB4BA78DB0EB6B58	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\13B27FC081B10054BB4BA78DB0EB6B58\Feature_1 = "MainFeature"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\13B27FC081B10054BB4BA78DB0EB6B58	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\13B27FC081B10054BB4BA78DB0EB6B58\ProductName = "LogTag Analyzer"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\13B27FC081B10054BB4BA78DB0EB6B58\SourceList\Net	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.sltd\LogTag.LogTag Analyzer.sltd\ShellNew	msiexec.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

Processes:

msiexec.exeAnalyzerDesktop.exe

pid process

4348 msiexec.exe
4348 msiexec.exe
2604 AnalyzerDesktop.exe

pid	process
4348	msiexec.exe
4348	msiexec.exe
2604	AnalyzerDesktop.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

msiexec.exemsiexec.exevssvc.exesrtasks.exe

description	pid	process
Token: SeShutdownPrivilege	4992	msiexec.exe
Token: SeIncreaseQuotaPrivilege	4992	msiexec.exe
Token: SeSecurityPrivilege	4348	msiexec.exe
Token: SeCreateTokenPrivilege	4992	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	4992	msiexec.exe
Token: SeLockMemoryPrivilege	4992	msiexec.exe
Token: SeIncreaseQuotaPrivilege	4992	msiexec.exe
Token: SeMachineAccountPrivilege	4992	msiexec.exe
Token: SeTcbPrivilege	4992	msiexec.exe
Token: SeSecurityPrivilege	4992	msiexec.exe
Token: SeTakeOwnershipPrivilege	4992	msiexec.exe
Token: SeLoadDriverPrivilege	4992	msiexec.exe
Token: SeSystemProfilePrivilege	4992	msiexec.exe
Token: SeSystemtimePrivilege	4992	msiexec.exe
Token: SeProfSingleProcessPrivilege	4992	msiexec.exe
Token: SeIncBasePriorityPrivilege	4992	msiexec.exe
Token: SeCreatePagefilePrivilege	4992	msiexec.exe
Token: SeCreatePermanentPrivilege	4992	msiexec.exe
Token: SeBackupPrivilege	4992	msiexec.exe
Token: SeRestorePrivilege	4992	msiexec.exe
Token: SeShutdownPrivilege	4992	msiexec.exe
Token: SeDebugPrivilege	4992	msiexec.exe
Token: SeAuditPrivilege	4992	msiexec.exe
Token: SeSystemEnvironmentPrivilege	4992	msiexec.exe
Token: SeChangeNotifyPrivilege	4992	msiexec.exe
Token: SeRemoteShutdownPrivilege	4992	msiexec.exe
Token: SeUndockPrivilege	4992	msiexec.exe
Token: SeSyncAgentPrivilege	4992	msiexec.exe
Token: SeEnableDelegationPrivilege	4992	msiexec.exe
Token: SeManageVolumePrivilege	4992	msiexec.exe
Token: SeImpersonatePrivilege	4992	msiexec.exe
Token: SeCreateGlobalPrivilege	4992	msiexec.exe
Token: SeBackupPrivilege	3428	vssvc.exe
Token: SeRestorePrivilege	3428	vssvc.exe
Token: SeAuditPrivilege	3428	vssvc.exe
Token: SeBackupPrivilege	4348	msiexec.exe
Token: SeRestorePrivilege	4348	msiexec.exe
Token: SeRestorePrivilege	4348	msiexec.exe
Token: SeTakeOwnershipPrivilege	4348	msiexec.exe
Token: SeRestorePrivilege	4348	msiexec.exe
Token: SeTakeOwnershipPrivilege	4348	msiexec.exe
Token: SeBackupPrivilege	2220	srtasks.exe
Token: SeRestorePrivilege	2220	srtasks.exe
Token: SeSecurityPrivilege	2220	srtasks.exe
Token: SeTakeOwnershipPrivilege	2220	srtasks.exe
Token: SeRestorePrivilege	4348	msiexec.exe
Token: SeTakeOwnershipPrivilege	4348	msiexec.exe
Token: SeRestorePrivilege	4348	msiexec.exe
Token: SeTakeOwnershipPrivilege	4348	msiexec.exe
Token: SeRestorePrivilege	4348	msiexec.exe
Token: SeTakeOwnershipPrivilege	4348	msiexec.exe
Token: SeRestorePrivilege	4348	msiexec.exe
Token: SeTakeOwnershipPrivilege	4348	msiexec.exe
Token: SeBackupPrivilege	2220	srtasks.exe
Token: SeRestorePrivilege	2220	srtasks.exe
Token: SeSecurityPrivilege	2220	srtasks.exe
Token: SeTakeOwnershipPrivilege	2220	srtasks.exe
Token: SeRestorePrivilege	4348	msiexec.exe
Token: SeTakeOwnershipPrivilege	4348	msiexec.exe
Token: SeRestorePrivilege	4348	msiexec.exe
Token: SeTakeOwnershipPrivilege	4348	msiexec.exe
Token: SeRestorePrivilege	4348	msiexec.exe
Token: SeTakeOwnershipPrivilege	4348	msiexec.exe
Token: SeRestorePrivilege	4348	msiexec.exe

Suspicious use of FindShellTrayWindow 2 IoCs

Processes:

msiexec.exe

pid process

4992 msiexec.exe
4992 msiexec.exe
Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

AnalyzerDesktop.exe

pid process

2604 AnalyzerDesktop.exe
2604 AnalyzerDesktop.exe
2604 AnalyzerDesktop.exe

pid	process
4992	msiexec.exe
4992	msiexec.exe

pid	process
2604	AnalyzerDesktop.exe
2604	AnalyzerDesktop.exe
2604	AnalyzerDesktop.exe

Suspicious use of WriteProcessMemory 8 IoCs

Processes:

msiexec.exe

description	pid	process	target process
PID 4348 wrote to memory of 2220	4348	msiexec.exe	srtasks.exe
PID 4348 wrote to memory of 2220	4348	msiexec.exe	srtasks.exe
PID 4348 wrote to memory of 2224	4348	msiexec.exe	MsiExec.exe
PID 4348 wrote to memory of 2224	4348	msiexec.exe	MsiExec.exe
PID 4348 wrote to memory of 2224	4348	msiexec.exe	MsiExec.exe
PID 4348 wrote to memory of 2456	4348	msiexec.exe	MsiExec.exe
PID 4348 wrote to memory of 2456	4348	msiexec.exe	MsiExec.exe
PID 4348 wrote to memory of 2456	4348	msiexec.exe	MsiExec.exe

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\system32\msiexec.exe
msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\ltanalyzer_32r3.msi
1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4992

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4348

C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:2220

C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 82D1E014AEDDE8D3147667C46E24B07B
2⤵
- Loads dropped DLL
PID:2224

C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 7C4E4C30B548DF0FEE0C7FB6B5C4A2B9 E Global\MSI0000
2⤵
- Loads dropped DLL
- Drops desktop.ini file(s)
- Modifies data under HKEY_USERS
PID:2456

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3428

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -s DsmSvc
1⤵
- Checks SCSI registry key(s)
- Modifies data under HKEY_USERS
PID:4204

C:\Program Files (x86)\LogTag Recorders\LogTag Analyzer3\AnalyzerDesktop.exe
"C:\Program Files (x86)\LogTag Recorders\LogTag Analyzer3\AnalyzerDesktop.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2604

C:\Program Files (x86)\LogTag Recorders\LogTag Analyzer3\AnalyzerDesktop.exe
"C:\Program Files (x86)\LogTag Recorders\LogTag Analyzer3\AnalyzerDesktop.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:652

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Peripheral Device Discovery

T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e57fe58.rbs
Filesize
973KB

MD5
115d6cf12b076a8dfc2bffba1d7344ed

SHA1
fedd9be7b018228a677b3f1d03697c5d4a4d2208

SHA256
9644ffa757ed704ebeae21a955b8739d0b512d241079b2546f70be0670d942b9

SHA512
29214a55c936df57462819a243edafba7d623d7e9b4d1c614a494c98675605123014dbfbbf0b066bb67de552140bca2ebe3d6aec2c2db7f7d22beccb29353137

Download Submit
C:\Config.Msi\e57fe5a.rbs
Filesize
537B

MD5
7503067e096361edccf05cb0fdf1f2f4

SHA1
fce1d879c775c24bb7981f7d4d800b4c5d1b261e

SHA256
03c6d138c5ad8ab1521e794923f148b6fbf9bb4ede05855d43cbe1a4c064977a

SHA512
827657d244e2dd3236603f8747ceb59f0bf9fbfe8c6dbaaac8bac42fb38bdae2d9ff4d781c065e0f1711e3641c36a21c1f73ceb935098759a29a894f649aca94

Download Submit
C:\Program Files (x86)\LogTag Recorders\LogTag Analyzer3\AnalyzerDesktop.exe
Filesize
7.6MB

MD5
8dc1e417b203ce7dd7ce0d21f86055b0

SHA1
f387d673ad8965da3273bb944e7d9fc44ff8890b

SHA256
774670054a09396c4b55e4c2a543ef7f6b1f3148ed1f351639d7233655312f04

SHA512
6755d977004a2fe6b8a2349de09e0bbc3143dca10cf5040aa4d5ba83a3f84f3a21c6d9b47e6297ed67595596fb8ac5161a6c1f807a46108fc6ac603e3ee1b224

Download Submit
C:\Program Files (x86)\LogTag Recorders\LogTag Analyzer3\AnalyzerDesktop.exe
Filesize
7.6MB

MD5
8dc1e417b203ce7dd7ce0d21f86055b0

SHA1
f387d673ad8965da3273bb944e7d9fc44ff8890b

SHA256
774670054a09396c4b55e4c2a543ef7f6b1f3148ed1f351639d7233655312f04

SHA512
6755d977004a2fe6b8a2349de09e0bbc3143dca10cf5040aa4d5ba83a3f84f3a21c6d9b47e6297ed67595596fb8ac5161a6c1f807a46108fc6ac603e3ee1b224

Download Submit
C:\Program Files (x86)\LogTag Recorders\LogTag Analyzer3\AnalyzerDesktop.exe
Filesize
7.6MB

MD5
8dc1e417b203ce7dd7ce0d21f86055b0

SHA1
f387d673ad8965da3273bb944e7d9fc44ff8890b

SHA256
774670054a09396c4b55e4c2a543ef7f6b1f3148ed1f351639d7233655312f04

SHA512
6755d977004a2fe6b8a2349de09e0bbc3143dca10cf5040aa4d5ba83a3f84f3a21c6d9b47e6297ed67595596fb8ac5161a6c1f807a46108fc6ac603e3ee1b224

Download Submit
C:\Program Files (x86)\LogTag Recorders\LogTag Analyzer3\AnalyzerDesktop.exe
Filesize
7.6MB

MD5
8dc1e417b203ce7dd7ce0d21f86055b0

SHA1
f387d673ad8965da3273bb944e7d9fc44ff8890b

SHA256
774670054a09396c4b55e4c2a543ef7f6b1f3148ed1f351639d7233655312f04

SHA512
6755d977004a2fe6b8a2349de09e0bbc3143dca10cf5040aa4d5ba83a3f84f3a21c6d9b47e6297ed67595596fb8ac5161a6c1f807a46108fc6ac603e3ee1b224

Download Submit
C:\Program Files (x86)\LogTag Recorders\LogTag Analyzer3\AnalyzerDesktop.exe.config
Filesize
3KB

MD5
9767c67d2e1391f96314a7a3f19e9557

SHA1
c5b9b9d09dd61c432d91c5c79c001b8f4a7b6b3e

SHA256
05338d54dfc7a0d181d3296926adb80caef29a1668e203e261c9f7cba3e83599

SHA512
5aa21a1b8eee620ca81a043611b8b9296e64003cb2c48128bb07c2f187dc2e6adfa95f9762f3adea29f109d4a3904993964972e5e74467adb86093889600a8f0

Download Submit
C:\Program Files (x86)\LogTag Recorders\LogTag Analyzer3\FTD2XX_NET.dll
Filesize
63KB

MD5
7b51af2a705b6b53d462ccedf548a5e7

SHA1
259addaad6e7a0755f3cdf2aa86bc4c3caadfbaa

SHA256
c411ad7b423816fdec51b75b00534fc595e99b6182fa1fca0a0512e95e652cab

SHA512
c3df48dc3ced2708842087680ee841e7bfb80ecde33c1e04fa664441ca64efbd377a2332ca37806856950236ee4575e094054cb2be6d191f77965702923e460a

Download Submit
C:\Program Files (x86)\LogTag Recorders\LogTag Analyzer3\LogTagIO30.dll
Filesize
1.0MB

MD5
13c4222acb683e8e6abb9d610ca88d92

SHA1
b46ca706c2c1d5347e92ef56d76ac1bedd6990ee

SHA256
0b3ae08a3328e86d8272d88fdf2851744be5ace43343909249ba614acedaabcb

SHA512
e93ab54ec644cf93dd1cc7ccaa7f79c1d7bac84934e019d158c3444e6614c687b127d89e48d3c4a3b6c9dad45f261e266def09cfe9f785d04f4845cc1c0fe089

Download Submit
C:\Program Files (x86)\LogTag Recorders\LogTag Analyzer3\Telerik.Reporting.dll
Filesize
10.7MB

MD5
fd95856faebd0afca5037f7a72c950f7

SHA1
5f2eebbf15bad1c40497a08b48df410063510034

SHA256
7ca9737a154ed2fd72ede98a830686a0d6f6b484219ba5ed993c65333c039d04

SHA512
49670e9e40f1b339bdb560cf9e487d128617bae047818b825543da45f9c1f7dedde5481c324e1459014d87347c7a1cb61db68d636a629d325cf8f924c85cd827

Download Submit
C:\Program Files (x86)\LogTag Recorders\LogTag Analyzer3\Telerik.WinControls.RadDock.dll
Filesize
902KB

MD5
c30794d31567587b6a09e403ccbbe997

SHA1
3e5c183c071600cb7443c42b88f00c890796943c

SHA256
41b98185a2af53d3185195eac53ffa8f5d8d2425788f26448063770ed258efa6

SHA512
2005f62269ecc240e229337d0775d6b96817245e897bdf3610ed24d1d7202e60294b92939ddcde235fcef7e9d25e2d1dc5dc3b61ba9e3066e614679c259910dc

Download Submit
C:\Program Files (x86)\LogTag Recorders\LogTag Analyzer3\Telerik.WinControls.UI.dll
Filesize
6.2MB

MD5
984e0259cd0f78e3c640a92b38c047d4

SHA1
db556d889f5de218863d63b971fa81bd5f185534

SHA256
07faa395284d1f863efbaab5c9fe438fc334ff296edc508fec50cf63b33b283b

SHA512
3a827e30a893ef8f29c649704e701283d0b49f566aaf2ef0a452d285504107188372cf92fcb2b4c9e7148133b2800a0d4f335bda439519dac02e2d6d4dcb76ad

Download Submit
C:\Program Files (x86)\LogTag Recorders\LogTag Analyzer3\Telerik.WinControls.dll
Filesize
4.3MB

MD5
71c716b9aa3b38a96699c96ed2a3e6f7

SHA1
08659d3d39035b53a0f4d0c685eedacab2ee113f

SHA256
b08ae2ec92d3b60d4e66a596c5e1d5f4e7a233457edcc92c930e0df5c1db419f

SHA512
3be4e400a37fd7235d493f5b516380706a4a16b728dc37f70bcae8c97a8b9c99f2ea1a3f7d88f8beb238a08f7154c40edb419636e56e1cce33fabf8882010111

Download Submit
C:\Program Files (x86)\LogTag Recorders\LogTag Analyzer3\TelerikCommon.dll
Filesize
343KB

MD5
398226a1ce3ec944f7e3f85037e2665f

SHA1
7ae9a378da10012baa3b1c4b647dfd0d3c5c898e

SHA256
931b0edf1ccdfcc96c1d7c308d414714e8a2fa47f52c421a1a080ef7812144fd

SHA512
68de4f6b7ca6c479bd8d9c6ce8ba2e167acdc3a1f4111018486897f86abc6f54d4b90ad30d3b307a16563908bb575be615ad3ad3007436c276bea359017a63cc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\42B9A473B4DAF01285A36B4D3C7B1662_178C086B699FD6C56B804AF3EF759CB5
Filesize
471B

MD5
3e14ce066cf165dbcb3b05fcc56a9b94

SHA1
9258d88677c501413ce00b3fc4916bb80f5fa560

SHA256
4f52cdf1a630bd56686bd0dbdff9b665068956ed8718d3c05f2c2f7e2000ab55

SHA512
ede1088a52695d4fc0a06b6c1cba6236d1775972b1d24e097371e345b93a6af936fcf7820e0d8d3968490cc936cf34ef4d8bc3691640715fab07dd6f6d759aa3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\66AE3BFDF94A732B262342AD2154B86E_7A66F931C142C78340330A62B0AF0D1C
Filesize
471B

MD5
5e3a33663ce235b820a71f2c7898eb90

SHA1
83c9bad455b4a7ba2d2678950cd7a56b5d688f09

SHA256
255d176af45fbdb5cf0b61aeea2511dba5271a2aee04f0f6f6d564c87611755d

SHA512
9308b97ca3498fd843783bb520c9da5cb76b9a4b973104400c1c292f2b5a57c3352f721be6765c68b797a1fbf0b6a90afd52adabe0677ccaddf73ac2e46f3c2c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\42B9A473B4DAF01285A36B4D3C7B1662_178C086B699FD6C56B804AF3EF759CB5
Filesize
404B

MD5
b6967ff098a1333724ce61b6e008fcfe

SHA1
d7b7a90cf46abe1c28ffd56c8e76654e693a51d2

SHA256
711916a67bf07c9cdfc7bf7807003d41168fb5681617d5742ba817dc6d6460cd

SHA512
961b84093fceed37b199a5a1962184798fc1ab297f6912f5b857f5b34fb3c0f44730c21626cd32f622cab15afdd3e002bea94f8b023d27c78d739fbb6eb35c5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\66AE3BFDF94A732B262342AD2154B86E_7A66F931C142C78340330A62B0AF0D1C
Filesize
400B

MD5
50fab565e7c64dc17825bf8a6b915a15

SHA1
7794ee01bff5212329364e5c0d98ec7ce55d46c7

SHA256
b55cac403a7dc60fbfd0df7133ee340e6e875c086418a2dd104007c3dd910a35

SHA512
dfd1fa35f8822f902bd54e49c8ec9948f2caee14d229262b8f16ad061cf3ae2bca39a3a8416906b44d3fb6d7ea90ceadb42a75780ade59924cbce12282a5e8e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\2921279105874469951b293802865cf7\page1\value.dat
Filesize
89KB

MD5
5e75c9774f2f3f88161c0932a6a50b03

SHA1
c682509f27f95f2c888c6d02e4396a620b385530

SHA256
00ffaa2d3a869cfcf30995db4fd298e7e6ef5b38084bc633cb6c2b8b8552dd59

SHA512
88f4fa7b54b7a47456788dfcacaeac0507580cf4ba85dad18f76b93a8636d8cf9b5a4c4f5c7132739ffbe6d8f9ee631d639dc653c39c8bc32c2593d584fbee26

Download Submit
C:\Users\Admin\AppData\Local\Temp\AiRegBackNoImpers_0CF72B31_1B18_4500_BBB4_7AD80BBEB685.bak
Filesize
715B

MD5
26774681ec2fbe38e8dd8c66eec90335

SHA1
9a6284430be30169831ed741800673c888b90b10

SHA256
82ab7922be67071ac89afd283db93dd9927220f29ca60fa08574a9faadae86d2

SHA512
f3583a150f767c8b63e1df21a103d2b8f2054f182f45e2aad6ca173365810ff7c52f6caa68efc904dd1056178826addb6da605832ac44a3f78a2df01a8d3b69b

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI794fc.LOG
Filesize
48KB

MD5
a485118e068048a3360fff3cf0e748f4

SHA1
583587feae65956a69eaef7d8b54bc7527d73a01

SHA256
883add4835bd9af6f1d914f632899b549c7df09454db9df8b371e4ba2800cea8

SHA512
0317e5a611d235ccdba9b141f80a998c9261668de9da351fa58671539d0b3f8d5c043d942ca6601dd35f04b918b4bd2e20a7ac6e23b3b848dd66b53b9fe18dbc

Download Submit
C:\Users\Admin\AppData\Roaming\LogTag\UserProfile.profile
Filesize
13KB

MD5
a5e70064b8ef949465ddad3dc8adb93e

SHA1
0c0c0d4e6b03722b63559ba2dae98e48e17c186d

SHA256
526f74156c5be7cd3bbace1e83b00f8bf4c8af1bcf33649a0ab0adb3e2158628

SHA512
34aa3a83f449777ed879c0eaec4ff692a2152ede3ab810b900265def6abbc25168fbc430d7eb765f22cee03d7b112bf549af447224375e8a1642af99ef34bd59

Download Submit
C:\Users\Admin\AppData\Roaming\LogTag\chartreport.emf
Filesize
14KB

MD5
09cf7cf9bb2f68a21f4d1d8f012ab8fc

SHA1
7da8216f6fe2a5d21f13a74492ff518b5a705d2a

SHA256
ba5dee69548a896ae61d0226a150e06a1cba30c189d2dbea796e8c5ec8c41da8

SHA512
ca7b2a437e9dab23d5decb9158db7a9acdcf9983962d080947a28a6bdfc61f4b8b41f50e7d247aac29265611bf8d02050cdc31b7ced719078b355fe51be3adbe

Download Submit
C:\Windows\Installer\MSI153.tmp
Filesize
379KB

MD5
647145b1074e24a0c2bf8998917a8a90

SHA1
0c863b05a5599b2c1dd0645e086cda4a9f2fb954

SHA256
91933aae899e769f6aa29a3640bf8151e70192aa5d416195b9c69041301101e1

SHA512
f991cda750d4b57c847076f16bf267f1aee503cdacac3732fe0ea1ac685a6424722be61e184fe9c0006c0008387c723ea5ef5ca3a1e638dd47aa609549e8d3a3

Download Submit
C:\Windows\Installer\MSI32ED.tmp
Filesize
535KB

MD5
1b194025c161371d3bcb9b5919278620

SHA1
af9edebc182d96e361140670751dd2f7756d92ad

SHA256
7aec9b8db15c991f780cd3542b149fc1399118371ccd3bd14341a0c47bf63486

SHA512
22ae4a6c80b346d440911f51193c3d456b03db1a26df78d2e7a7f51f6aae52892867c4f03b5bc96a73d7372519f73a60f088c2100cf80a69540b865fe0bf924a

Download Submit
C:\Windows\Installer\MSI32ED.tmp
Filesize
535KB

MD5
1b194025c161371d3bcb9b5919278620

SHA1
af9edebc182d96e361140670751dd2f7756d92ad

SHA256
7aec9b8db15c991f780cd3542b149fc1399118371ccd3bd14341a0c47bf63486

SHA512
22ae4a6c80b346d440911f51193c3d456b03db1a26df78d2e7a7f51f6aae52892867c4f03b5bc96a73d7372519f73a60f088c2100cf80a69540b865fe0bf924a

Download Submit
C:\Windows\Installer\MSI33DA.tmp
Filesize
851KB

MD5
657ab7f03d3ac1364ce698ed26ceba55

SHA1
899301407cfbd135aa4791b7b0fc34abbd9e9315

SHA256
492ff4c637c80068a8cd5fa9ad04d98f326b8064316cf0a091d46c2c592b54e5

SHA512
f2bd3d1a4d5cd9c39d99e200db158e5aaa64af5d6937cbcf05b47ae476e0f7c23c9ef865b5b48ec666bbd08c63c7f5ce03f718ff2182a45a9a322913bdfca4b5

Download Submit
C:\Windows\Installer\MSI3581.tmp
Filesize
851KB

MD5
657ab7f03d3ac1364ce698ed26ceba55

SHA1
899301407cfbd135aa4791b7b0fc34abbd9e9315

SHA256
492ff4c637c80068a8cd5fa9ad04d98f326b8064316cf0a091d46c2c592b54e5

SHA512
f2bd3d1a4d5cd9c39d99e200db158e5aaa64af5d6937cbcf05b47ae476e0f7c23c9ef865b5b48ec666bbd08c63c7f5ce03f718ff2182a45a9a322913bdfca4b5

Download Submit
C:\Windows\Installer\MSI3581.tmp
Filesize
851KB

MD5
657ab7f03d3ac1364ce698ed26ceba55

SHA1
899301407cfbd135aa4791b7b0fc34abbd9e9315

SHA256
492ff4c637c80068a8cd5fa9ad04d98f326b8064316cf0a091d46c2c592b54e5

SHA512
f2bd3d1a4d5cd9c39d99e200db158e5aaa64af5d6937cbcf05b47ae476e0f7c23c9ef865b5b48ec666bbd08c63c7f5ce03f718ff2182a45a9a322913bdfca4b5

Download Submit
C:\Windows\Installer\MSI3B5.tmp
Filesize
379KB

MD5
647145b1074e24a0c2bf8998917a8a90

SHA1
0c863b05a5599b2c1dd0645e086cda4a9f2fb954

SHA256
91933aae899e769f6aa29a3640bf8151e70192aa5d416195b9c69041301101e1

SHA512
f991cda750d4b57c847076f16bf267f1aee503cdacac3732fe0ea1ac685a6424722be61e184fe9c0006c0008387c723ea5ef5ca3a1e638dd47aa609549e8d3a3

Download Submit
C:\Windows\Installer\MSI443.tmp
Filesize
379KB

MD5
647145b1074e24a0c2bf8998917a8a90

SHA1
0c863b05a5599b2c1dd0645e086cda4a9f2fb954

SHA256
91933aae899e769f6aa29a3640bf8151e70192aa5d416195b9c69041301101e1

SHA512
f991cda750d4b57c847076f16bf267f1aee503cdacac3732fe0ea1ac685a6424722be61e184fe9c0006c0008387c723ea5ef5ca3a1e638dd47aa609549e8d3a3

Download Submit
C:\Windows\Installer\MSI443.tmp
Filesize
379KB

MD5
647145b1074e24a0c2bf8998917a8a90

SHA1
0c863b05a5599b2c1dd0645e086cda4a9f2fb954

SHA256
91933aae899e769f6aa29a3640bf8151e70192aa5d416195b9c69041301101e1

SHA512
f991cda750d4b57c847076f16bf267f1aee503cdacac3732fe0ea1ac685a6424722be61e184fe9c0006c0008387c723ea5ef5ca3a1e638dd47aa609549e8d3a3

Download Submit
C:\Windows\Installer\MSI703.tmp
Filesize
535KB

MD5
1b194025c161371d3bcb9b5919278620

SHA1
af9edebc182d96e361140670751dd2f7756d92ad

SHA256
7aec9b8db15c991f780cd3542b149fc1399118371ccd3bd14341a0c47bf63486

SHA512
22ae4a6c80b346d440911f51193c3d456b03db1a26df78d2e7a7f51f6aae52892867c4f03b5bc96a73d7372519f73a60f088c2100cf80a69540b865fe0bf924a

Download Submit
C:\Windows\Installer\MSI7DF.tmp
Filesize
817KB

MD5
0b5e646a65d2861e0bce68bb0dc906e2

SHA1
f34461a7c9b3e0a9d7460757158c768e6e3e0c1f

SHA256
279415ca33496256bf8ce72ff656080586938ec4c298ab8a9ef5c707d6330d2c

SHA512
26c3dabcf67fbce97bcccbce4f75a775bbe481c21b908e6db1ae0adef0e16108bc773b56f52ab039f09ac52855b1b79f0844aa3caa4b94ebec530c73a023affb

Download Submit
C:\Windows\Installer\MSI8DA.tmp
Filesize
379KB

MD5
647145b1074e24a0c2bf8998917a8a90

SHA1
0c863b05a5599b2c1dd0645e086cda4a9f2fb954

SHA256
91933aae899e769f6aa29a3640bf8151e70192aa5d416195b9c69041301101e1

SHA512
f991cda750d4b57c847076f16bf267f1aee503cdacac3732fe0ea1ac685a6424722be61e184fe9c0006c0008387c723ea5ef5ca3a1e638dd47aa609549e8d3a3

Download Submit
C:\Windows\Installer\MSIAFE.tmp
Filesize
535KB

MD5
1b194025c161371d3bcb9b5919278620

SHA1
af9edebc182d96e361140670751dd2f7756d92ad

SHA256
7aec9b8db15c991f780cd3542b149fc1399118371ccd3bd14341a0c47bf63486

SHA512
22ae4a6c80b346d440911f51193c3d456b03db1a26df78d2e7a7f51f6aae52892867c4f03b5bc96a73d7372519f73a60f088c2100cf80a69540b865fe0bf924a

Download Submit
C:\Windows\Installer\MSIED7.tmp
Filesize
851KB

MD5
657ab7f03d3ac1364ce698ed26ceba55

SHA1
899301407cfbd135aa4791b7b0fc34abbd9e9315

SHA256
492ff4c637c80068a8cd5fa9ad04d98f326b8064316cf0a091d46c2c592b54e5

SHA512
f2bd3d1a4d5cd9c39d99e200db158e5aaa64af5d6937cbcf05b47ae476e0f7c23c9ef865b5b48ec666bbd08c63c7f5ce03f718ff2182a45a9a322913bdfca4b5

Download Submit
C:\Windows\Installer\e57fe55.msi
Filesize
79.6MB

MD5
554addce31e172e00e2fc6ad5b638b3b

SHA1
5590cd152bc605e0ff512ad68d169aed60cde75d

SHA256
25aec3d6b872c0babd86953702263fd65c0c9f8e6f534b9ed17575cd11d37084

SHA512
269cf0037f09cfdd5b71007f07aad92464ca01b59c8ce684c9c85a183ecd1ae6a1c1d7a09405069ab7c64c2e0a313cf30e56b4e5ed628d63c5432844ab405ff1

Download Submit
\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2
Filesize
25.0MB

MD5
9e31a5907c98c5afc7886d959dfe3f5d

SHA1
dafc6ae76d43e692207d1ec769554b1d18e27125

SHA256
8f12485dcc3ac4c6f9432b985df0c18a1d7a864b22ea8bd79e05ef2ba8e38091

SHA512
188d552f71cb38c9f4b8036d4a090924bcbfb13bb98df120569ec654bc8bba44683bf817fb8c2d665ac700c06beeeecb39729e9c084f59f06cd01db117723186

Download Submit
\??\Volume{923dbd58-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{6fd85c29-0f55-4e88-91af-5eb0802c0c20}_OnDiskSnapshotProp
Filesize
5KB

MD5
29bf909da7e34fda1012c2068569d40c

SHA1
cd13c945c4911cf18fbe0f800c847fb19240d4b2

SHA256
4025dc232155c8c44505143c345ba0c29878c3e4059d1045a34532f94d564867

SHA512
a73cc6a9253ee984275a5bcc983620d834f2f282f9510bf4ec5909b565c2702bcd7f4541a0c091b6abcf5968cab3557f3becb3e91a6f71c03a478da9ca728d55

Download Submit
\Program Files (x86)\LogTag Recorders\LogTag Analyzer3\LogTagIO30.dll
Filesize
1.0MB

MD5
13c4222acb683e8e6abb9d610ca88d92

SHA1
b46ca706c2c1d5347e92ef56d76ac1bedd6990ee

SHA256
0b3ae08a3328e86d8272d88fdf2851744be5ace43343909249ba614acedaabcb

SHA512
e93ab54ec644cf93dd1cc7ccaa7f79c1d7bac84934e019d158c3444e6614c687b127d89e48d3c4a3b6c9dad45f261e266def09cfe9f785d04f4845cc1c0fe089

Download Submit
\Program Files (x86)\LogTag Recorders\LogTag Analyzer3\LogTagIO30.dll
Filesize
1.0MB

MD5
13c4222acb683e8e6abb9d610ca88d92

SHA1
b46ca706c2c1d5347e92ef56d76ac1bedd6990ee

SHA256
0b3ae08a3328e86d8272d88fdf2851744be5ace43343909249ba614acedaabcb

SHA512
e93ab54ec644cf93dd1cc7ccaa7f79c1d7bac84934e019d158c3444e6614c687b127d89e48d3c4a3b6c9dad45f261e266def09cfe9f785d04f4845cc1c0fe089

Download Submit
\Program Files (x86)\LogTag Recorders\LogTag Analyzer3\LogTagIO30.dll
Filesize
1.0MB

MD5
13c4222acb683e8e6abb9d610ca88d92

SHA1
b46ca706c2c1d5347e92ef56d76ac1bedd6990ee

SHA256
0b3ae08a3328e86d8272d88fdf2851744be5ace43343909249ba614acedaabcb

SHA512
e93ab54ec644cf93dd1cc7ccaa7f79c1d7bac84934e019d158c3444e6614c687b127d89e48d3c4a3b6c9dad45f261e266def09cfe9f785d04f4845cc1c0fe089

Download Submit
\Program Files (x86)\LogTag Recorders\LogTag Analyzer3\LogTagIO30.dll
Filesize
1.0MB

MD5
13c4222acb683e8e6abb9d610ca88d92

SHA1
b46ca706c2c1d5347e92ef56d76ac1bedd6990ee

SHA256
0b3ae08a3328e86d8272d88fdf2851744be5ace43343909249ba614acedaabcb

SHA512
e93ab54ec644cf93dd1cc7ccaa7f79c1d7bac84934e019d158c3444e6614c687b127d89e48d3c4a3b6c9dad45f261e266def09cfe9f785d04f4845cc1c0fe089

Download Submit
\Program Files (x86)\LogTag Recorders\LogTag Analyzer3\Telerik.Reporting.dll
Filesize
10.7MB

MD5
fd95856faebd0afca5037f7a72c950f7

SHA1
5f2eebbf15bad1c40497a08b48df410063510034

SHA256
7ca9737a154ed2fd72ede98a830686a0d6f6b484219ba5ed993c65333c039d04

SHA512
49670e9e40f1b339bdb560cf9e487d128617bae047818b825543da45f9c1f7dedde5481c324e1459014d87347c7a1cb61db68d636a629d325cf8f924c85cd827

Download Submit
\Program Files (x86)\LogTag Recorders\LogTag Analyzer3\Telerik.Reporting.dll
Filesize
10.7MB

MD5
fd95856faebd0afca5037f7a72c950f7

SHA1
5f2eebbf15bad1c40497a08b48df410063510034

SHA256
7ca9737a154ed2fd72ede98a830686a0d6f6b484219ba5ed993c65333c039d04

SHA512
49670e9e40f1b339bdb560cf9e487d128617bae047818b825543da45f9c1f7dedde5481c324e1459014d87347c7a1cb61db68d636a629d325cf8f924c85cd827

Download Submit
\Program Files (x86)\LogTag Recorders\LogTag Analyzer3\Telerik.Reporting.dll
Filesize
10.7MB

MD5
fd95856faebd0afca5037f7a72c950f7

SHA1
5f2eebbf15bad1c40497a08b48df410063510034

SHA256
7ca9737a154ed2fd72ede98a830686a0d6f6b484219ba5ed993c65333c039d04

SHA512
49670e9e40f1b339bdb560cf9e487d128617bae047818b825543da45f9c1f7dedde5481c324e1459014d87347c7a1cb61db68d636a629d325cf8f924c85cd827

Download Submit
\Program Files (x86)\LogTag Recorders\LogTag Analyzer3\Telerik.Reporting.dll
Filesize
10.7MB

MD5
fd95856faebd0afca5037f7a72c950f7

SHA1
5f2eebbf15bad1c40497a08b48df410063510034

SHA256
7ca9737a154ed2fd72ede98a830686a0d6f6b484219ba5ed993c65333c039d04

SHA512
49670e9e40f1b339bdb560cf9e487d128617bae047818b825543da45f9c1f7dedde5481c324e1459014d87347c7a1cb61db68d636a629d325cf8f924c85cd827

Download Submit
\Program Files (x86)\LogTag Recorders\LogTag Analyzer3\Telerik.WinControls.RadDock.dll
Filesize
902KB

MD5
c30794d31567587b6a09e403ccbbe997

SHA1
3e5c183c071600cb7443c42b88f00c890796943c

SHA256
41b98185a2af53d3185195eac53ffa8f5d8d2425788f26448063770ed258efa6

SHA512
2005f62269ecc240e229337d0775d6b96817245e897bdf3610ed24d1d7202e60294b92939ddcde235fcef7e9d25e2d1dc5dc3b61ba9e3066e614679c259910dc

Download Submit
\Program Files (x86)\LogTag Recorders\LogTag Analyzer3\Telerik.WinControls.RadDock.dll
Filesize
902KB

MD5
c30794d31567587b6a09e403ccbbe997

SHA1
3e5c183c071600cb7443c42b88f00c890796943c

SHA256
41b98185a2af53d3185195eac53ffa8f5d8d2425788f26448063770ed258efa6

SHA512
2005f62269ecc240e229337d0775d6b96817245e897bdf3610ed24d1d7202e60294b92939ddcde235fcef7e9d25e2d1dc5dc3b61ba9e3066e614679c259910dc

Download Submit
\Program Files (x86)\LogTag Recorders\LogTag Analyzer3\Telerik.WinControls.UI.dll
Filesize
6.2MB

MD5
984e0259cd0f78e3c640a92b38c047d4

SHA1
db556d889f5de218863d63b971fa81bd5f185534

SHA256
07faa395284d1f863efbaab5c9fe438fc334ff296edc508fec50cf63b33b283b

SHA512
3a827e30a893ef8f29c649704e701283d0b49f566aaf2ef0a452d285504107188372cf92fcb2b4c9e7148133b2800a0d4f335bda439519dac02e2d6d4dcb76ad

Download Submit
\Program Files (x86)\LogTag Recorders\LogTag Analyzer3\Telerik.WinControls.UI.dll
Filesize
6.2MB

MD5
984e0259cd0f78e3c640a92b38c047d4

SHA1
db556d889f5de218863d63b971fa81bd5f185534

SHA256
07faa395284d1f863efbaab5c9fe438fc334ff296edc508fec50cf63b33b283b

SHA512
3a827e30a893ef8f29c649704e701283d0b49f566aaf2ef0a452d285504107188372cf92fcb2b4c9e7148133b2800a0d4f335bda439519dac02e2d6d4dcb76ad

Download Submit
\Program Files (x86)\LogTag Recorders\LogTag Analyzer3\Telerik.WinControls.UI.dll
Filesize
6.2MB

MD5
984e0259cd0f78e3c640a92b38c047d4

SHA1
db556d889f5de218863d63b971fa81bd5f185534

SHA256
07faa395284d1f863efbaab5c9fe438fc334ff296edc508fec50cf63b33b283b

SHA512
3a827e30a893ef8f29c649704e701283d0b49f566aaf2ef0a452d285504107188372cf92fcb2b4c9e7148133b2800a0d4f335bda439519dac02e2d6d4dcb76ad

Download Submit
\Program Files (x86)\LogTag Recorders\LogTag Analyzer3\Telerik.WinControls.UI.dll
Filesize
6.2MB

MD5
984e0259cd0f78e3c640a92b38c047d4

SHA1
db556d889f5de218863d63b971fa81bd5f185534

SHA256
07faa395284d1f863efbaab5c9fe438fc334ff296edc508fec50cf63b33b283b

SHA512
3a827e30a893ef8f29c649704e701283d0b49f566aaf2ef0a452d285504107188372cf92fcb2b4c9e7148133b2800a0d4f335bda439519dac02e2d6d4dcb76ad

Download Submit
\Program Files (x86)\LogTag Recorders\LogTag Analyzer3\Telerik.WinControls.dll
Filesize
4.3MB

MD5
71c716b9aa3b38a96699c96ed2a3e6f7

SHA1
08659d3d39035b53a0f4d0c685eedacab2ee113f

SHA256
b08ae2ec92d3b60d4e66a596c5e1d5f4e7a233457edcc92c930e0df5c1db419f

SHA512
3be4e400a37fd7235d493f5b516380706a4a16b728dc37f70bcae8c97a8b9c99f2ea1a3f7d88f8beb238a08f7154c40edb419636e56e1cce33fabf8882010111

Download Submit
\Program Files (x86)\LogTag Recorders\LogTag Analyzer3\Telerik.WinControls.dll
Filesize
4.3MB

MD5
71c716b9aa3b38a96699c96ed2a3e6f7

SHA1
08659d3d39035b53a0f4d0c685eedacab2ee113f

SHA256
b08ae2ec92d3b60d4e66a596c5e1d5f4e7a233457edcc92c930e0df5c1db419f

SHA512
3be4e400a37fd7235d493f5b516380706a4a16b728dc37f70bcae8c97a8b9c99f2ea1a3f7d88f8beb238a08f7154c40edb419636e56e1cce33fabf8882010111

Download Submit
\Program Files (x86)\LogTag Recorders\LogTag Analyzer3\Telerik.WinControls.dll
Filesize
4.3MB

MD5
71c716b9aa3b38a96699c96ed2a3e6f7

SHA1
08659d3d39035b53a0f4d0c685eedacab2ee113f

SHA256
b08ae2ec92d3b60d4e66a596c5e1d5f4e7a233457edcc92c930e0df5c1db419f

SHA512
3be4e400a37fd7235d493f5b516380706a4a16b728dc37f70bcae8c97a8b9c99f2ea1a3f7d88f8beb238a08f7154c40edb419636e56e1cce33fabf8882010111

Download Submit
\Program Files (x86)\LogTag Recorders\LogTag Analyzer3\Telerik.WinControls.dll
Filesize
4.3MB

MD5
71c716b9aa3b38a96699c96ed2a3e6f7

SHA1
08659d3d39035b53a0f4d0c685eedacab2ee113f

SHA256
b08ae2ec92d3b60d4e66a596c5e1d5f4e7a233457edcc92c930e0df5c1db419f

SHA512
3be4e400a37fd7235d493f5b516380706a4a16b728dc37f70bcae8c97a8b9c99f2ea1a3f7d88f8beb238a08f7154c40edb419636e56e1cce33fabf8882010111

Download Submit
\Program Files (x86)\LogTag Recorders\LogTag Analyzer3\TelerikCommon.dll
Filesize
343KB

MD5
398226a1ce3ec944f7e3f85037e2665f

SHA1
7ae9a378da10012baa3b1c4b647dfd0d3c5c898e

SHA256
931b0edf1ccdfcc96c1d7c308d414714e8a2fa47f52c421a1a080ef7812144fd

SHA512
68de4f6b7ca6c479bd8d9c6ce8ba2e167acdc3a1f4111018486897f86abc6f54d4b90ad30d3b307a16563908bb575be615ad3ad3007436c276bea359017a63cc

Download Submit
\Program Files (x86)\LogTag Recorders\LogTag Analyzer3\TelerikCommon.dll
Filesize
343KB

MD5
398226a1ce3ec944f7e3f85037e2665f

SHA1
7ae9a378da10012baa3b1c4b647dfd0d3c5c898e

SHA256
931b0edf1ccdfcc96c1d7c308d414714e8a2fa47f52c421a1a080ef7812144fd

SHA512
68de4f6b7ca6c479bd8d9c6ce8ba2e167acdc3a1f4111018486897f86abc6f54d4b90ad30d3b307a16563908bb575be615ad3ad3007436c276bea359017a63cc

Download Submit
\Program Files (x86)\LogTag Recorders\LogTag Analyzer3\TelerikCommon.dll
Filesize
343KB

MD5
398226a1ce3ec944f7e3f85037e2665f

SHA1
7ae9a378da10012baa3b1c4b647dfd0d3c5c898e

SHA256
931b0edf1ccdfcc96c1d7c308d414714e8a2fa47f52c421a1a080ef7812144fd

SHA512
68de4f6b7ca6c479bd8d9c6ce8ba2e167acdc3a1f4111018486897f86abc6f54d4b90ad30d3b307a16563908bb575be615ad3ad3007436c276bea359017a63cc

Download Submit
\Program Files (x86)\LogTag Recorders\LogTag Analyzer3\TelerikCommon.dll
Filesize
343KB

MD5
398226a1ce3ec944f7e3f85037e2665f

SHA1
7ae9a378da10012baa3b1c4b647dfd0d3c5c898e

SHA256
931b0edf1ccdfcc96c1d7c308d414714e8a2fa47f52c421a1a080ef7812144fd

SHA512
68de4f6b7ca6c479bd8d9c6ce8ba2e167acdc3a1f4111018486897f86abc6f54d4b90ad30d3b307a16563908bb575be615ad3ad3007436c276bea359017a63cc

Download Submit
\Windows\Installer\MSI153.tmp
Filesize
379KB

MD5
647145b1074e24a0c2bf8998917a8a90

SHA1
0c863b05a5599b2c1dd0645e086cda4a9f2fb954

SHA256
91933aae899e769f6aa29a3640bf8151e70192aa5d416195b9c69041301101e1

SHA512
f991cda750d4b57c847076f16bf267f1aee503cdacac3732fe0ea1ac685a6424722be61e184fe9c0006c0008387c723ea5ef5ca3a1e638dd47aa609549e8d3a3

Download Submit
\Windows\Installer\MSI32ED.tmp
Filesize
535KB

MD5
1b194025c161371d3bcb9b5919278620

SHA1
af9edebc182d96e361140670751dd2f7756d92ad

SHA256
7aec9b8db15c991f780cd3542b149fc1399118371ccd3bd14341a0c47bf63486

SHA512
22ae4a6c80b346d440911f51193c3d456b03db1a26df78d2e7a7f51f6aae52892867c4f03b5bc96a73d7372519f73a60f088c2100cf80a69540b865fe0bf924a

Download Submit
\Windows\Installer\MSI33DA.tmp
Filesize
851KB

MD5
657ab7f03d3ac1364ce698ed26ceba55

SHA1
899301407cfbd135aa4791b7b0fc34abbd9e9315

SHA256
492ff4c637c80068a8cd5fa9ad04d98f326b8064316cf0a091d46c2c592b54e5

SHA512
f2bd3d1a4d5cd9c39d99e200db158e5aaa64af5d6937cbcf05b47ae476e0f7c23c9ef865b5b48ec666bbd08c63c7f5ce03f718ff2182a45a9a322913bdfca4b5

Download Submit
\Windows\Installer\MSI3581.tmp
Filesize
851KB

MD5
657ab7f03d3ac1364ce698ed26ceba55

SHA1
899301407cfbd135aa4791b7b0fc34abbd9e9315

SHA256
492ff4c637c80068a8cd5fa9ad04d98f326b8064316cf0a091d46c2c592b54e5

SHA512
f2bd3d1a4d5cd9c39d99e200db158e5aaa64af5d6937cbcf05b47ae476e0f7c23c9ef865b5b48ec666bbd08c63c7f5ce03f718ff2182a45a9a322913bdfca4b5

Download Submit
\Windows\Installer\MSI3B5.tmp
Filesize
379KB

MD5
647145b1074e24a0c2bf8998917a8a90

SHA1
0c863b05a5599b2c1dd0645e086cda4a9f2fb954

SHA256
91933aae899e769f6aa29a3640bf8151e70192aa5d416195b9c69041301101e1

SHA512
f991cda750d4b57c847076f16bf267f1aee503cdacac3732fe0ea1ac685a6424722be61e184fe9c0006c0008387c723ea5ef5ca3a1e638dd47aa609549e8d3a3

Download Submit
\Windows\Installer\MSI443.tmp
Filesize
379KB

MD5
647145b1074e24a0c2bf8998917a8a90

SHA1
0c863b05a5599b2c1dd0645e086cda4a9f2fb954

SHA256
91933aae899e769f6aa29a3640bf8151e70192aa5d416195b9c69041301101e1

SHA512
f991cda750d4b57c847076f16bf267f1aee503cdacac3732fe0ea1ac685a6424722be61e184fe9c0006c0008387c723ea5ef5ca3a1e638dd47aa609549e8d3a3

Download Submit
\Windows\Installer\MSI703.tmp
Filesize
535KB

MD5
1b194025c161371d3bcb9b5919278620

SHA1
af9edebc182d96e361140670751dd2f7756d92ad

SHA256
7aec9b8db15c991f780cd3542b149fc1399118371ccd3bd14341a0c47bf63486

SHA512
22ae4a6c80b346d440911f51193c3d456b03db1a26df78d2e7a7f51f6aae52892867c4f03b5bc96a73d7372519f73a60f088c2100cf80a69540b865fe0bf924a

Download Submit
\Windows\Installer\MSI7DF.tmp
Filesize
817KB

MD5
0b5e646a65d2861e0bce68bb0dc906e2

SHA1
f34461a7c9b3e0a9d7460757158c768e6e3e0c1f

SHA256
279415ca33496256bf8ce72ff656080586938ec4c298ab8a9ef5c707d6330d2c

SHA512
26c3dabcf67fbce97bcccbce4f75a775bbe481c21b908e6db1ae0adef0e16108bc773b56f52ab039f09ac52855b1b79f0844aa3caa4b94ebec530c73a023affb

Download Submit
\Windows\Installer\MSI8DA.tmp
Filesize
379KB

MD5
647145b1074e24a0c2bf8998917a8a90

SHA1
0c863b05a5599b2c1dd0645e086cda4a9f2fb954

SHA256
91933aae899e769f6aa29a3640bf8151e70192aa5d416195b9c69041301101e1

SHA512
f991cda750d4b57c847076f16bf267f1aee503cdacac3732fe0ea1ac685a6424722be61e184fe9c0006c0008387c723ea5ef5ca3a1e638dd47aa609549e8d3a3

Download Submit
\Windows\Installer\MSIAFE.tmp
Filesize
535KB

MD5
1b194025c161371d3bcb9b5919278620

SHA1
af9edebc182d96e361140670751dd2f7756d92ad

SHA256
7aec9b8db15c991f780cd3542b149fc1399118371ccd3bd14341a0c47bf63486

SHA512
22ae4a6c80b346d440911f51193c3d456b03db1a26df78d2e7a7f51f6aae52892867c4f03b5bc96a73d7372519f73a60f088c2100cf80a69540b865fe0bf924a

Download Submit
\Windows\Installer\MSIED7.tmp
Filesize
851KB

MD5
657ab7f03d3ac1364ce698ed26ceba55

SHA1
899301407cfbd135aa4791b7b0fc34abbd9e9315

SHA256
492ff4c637c80068a8cd5fa9ad04d98f326b8064316cf0a091d46c2c592b54e5

SHA512
f2bd3d1a4d5cd9c39d99e200db158e5aaa64af5d6937cbcf05b47ae476e0f7c23c9ef865b5b48ec666bbd08c63c7f5ce03f718ff2182a45a9a322913bdfca4b5

Download Submit
memory/652-1085-0x0000000002C90000-0x0000000002CA0000-memory.dmp

Filesize
64KB

Download
memory/652-1058-0x0000000002C90000-0x0000000002CA0000-memory.dmp

Filesize
64KB

Download
memory/652-1087-0x0000000073D10000-0x00000000743FE000-memory.dmp

Filesize
6.9MB

Download
memory/652-1053-0x0000000073D10000-0x00000000743FE000-memory.dmp

Filesize
6.9MB

Download
memory/2604-1044-0x0000000005C80000-0x0000000005D8E000-memory.dmp

Filesize
1.1MB

Download
memory/2604-1051-0x0000000006DC0000-0x0000000006E1C000-memory.dmp

Filesize
368KB

Download
memory/2604-1065-0x000000000AC70000-0x000000000AE14000-memory.dmp

Filesize
1.6MB

Download
memory/2604-1066-0x0000000073D10000-0x00000000743FE000-memory.dmp

Filesize
6.9MB

Download
memory/2604-1047-0x0000000005C60000-0x0000000005C6A000-memory.dmp

Filesize
40KB

Download
memory/2604-1046-0x00000000069B0000-0x0000000006D00000-memory.dmp

Filesize
3.3MB

Download
memory/2604-1073-0x000000000B020000-0x000000000B108000-memory.dmp

Filesize
928KB

Download
memory/2604-1045-0x0000000005D90000-0x0000000005E2C000-memory.dmp

Filesize
624KB

Download
memory/2604-1040-0x0000000007B10000-0x0000000007F5E000-memory.dmp

Filesize
4.3MB

Download
memory/2604-1036-0x0000000007610000-0x0000000007B0E000-memory.dmp

Filesize
5.0MB

Download
memory/2604-1074-0x0000000005400000-0x0000000005410000-memory.dmp

Filesize
64KB

Download
memory/2604-1075-0x0000000005400000-0x0000000005410000-memory.dmp

Filesize
64KB

Download
memory/2604-1076-0x0000000008700000-0x0000000008722000-memory.dmp

Filesize
136KB

Download
memory/2604-1077-0x0000000008790000-0x00000000087E6000-memory.dmp

Filesize
344KB

Download
memory/2604-1078-0x0000000005400000-0x0000000005410000-memory.dmp

Filesize
64KB

Download
memory/2604-1032-0x0000000006FE0000-0x0000000007610000-memory.dmp

Filesize
6.2MB

Download
memory/2604-1082-0x0000000008900000-0x0000000008916000-memory.dmp

Filesize
88KB

Download
memory/2604-1028-0x0000000005400000-0x0000000005410000-memory.dmp

Filesize
64KB

Download
memory/2604-1026-0x0000000005EE0000-0x00000000069A2000-memory.dmp

Filesize
10.8MB

Download
memory/2604-1027-0x00000000057F0000-0x0000000005882000-memory.dmp

Filesize
584KB

Download
memory/2604-1088-0x0000000005400000-0x0000000005410000-memory.dmp

Filesize
64KB

Download
memory/2604-1089-0x0000000005400000-0x0000000005410000-memory.dmp

Filesize
64KB

Download
memory/2604-1091-0x000000000F710000-0x000000000F8B6000-memory.dmp

Filesize
1.6MB

Download
memory/2604-1092-0x000000000F040000-0x000000000F0DC000-memory.dmp

Filesize
624KB

Download
memory/2604-1093-0x000000000FE10000-0x000000000FE76000-memory.dmp

Filesize
408KB

Download
memory/2604-1094-0x0000000005400000-0x0000000005410000-memory.dmp

Filesize
64KB

Download
memory/2604-1095-0x0000000005400000-0x0000000005410000-memory.dmp

Filesize
64KB

Download
memory/2604-1096-0x000000000F0E0000-0x000000000F15A000-memory.dmp

Filesize
488KB

Download
memory/2604-1099-0x000000000E070000-0x000000000E086000-memory.dmp

Filesize
88KB

Download
memory/2604-1105-0x000000000F6F0000-0x000000000F702000-memory.dmp

Filesize
72KB

Download
memory/2604-1115-0x0000000015E30000-0x000000001635C000-memory.dmp

Filesize
5.2MB

Download
memory/2604-1116-0x0000000010A50000-0x0000000010A64000-memory.dmp

Filesize
80KB

Download
memory/2604-1117-0x00000000170A0000-0x0000000017B34000-memory.dmp

Filesize
10.6MB

Download
memory/2604-1118-0x0000000010B20000-0x0000000010B3E000-memory.dmp

Filesize
120KB

Download
memory/2604-1120-0x0000000014DE0000-0x0000000014DF8000-memory.dmp

Filesize
96KB

Download
memory/2604-1119-0x0000000014DC0000-0x0000000014DDE000-memory.dmp

Filesize
120KB

Download
memory/2604-1121-0x0000000014E20000-0x0000000014E40000-memory.dmp

Filesize
128KB

Download
memory/2604-1122-0x0000000015400000-0x0000000015CCE000-memory.dmp

Filesize
8.8MB

Download
memory/2604-1123-0x00000000165B0000-0x000000001668A000-memory.dmp

Filesize
872KB

Download
memory/2604-1124-0x0000000005400000-0x0000000005410000-memory.dmp

Filesize
64KB

Download
memory/2604-1129-0x0000000016B60000-0x0000000016C06000-memory.dmp

Filesize
664KB

Download
memory/2604-1130-0x0000000016C90000-0x0000000016CDA000-memory.dmp

Filesize
296KB

Download
memory/2604-1135-0x0000000061E00000-0x0000000061ECA000-memory.dmp

Filesize
808KB

Download
memory/2604-1136-0x0000000005400000-0x0000000005410000-memory.dmp

Filesize
64KB

Download
memory/2604-1022-0x00000000003A0000-0x0000000000B48000-memory.dmp

Filesize
7.7MB

Download
memory/2604-1021-0x0000000073D10000-0x00000000743FE000-memory.dmp

Filesize
6.9MB

Download