Malware Analysis Report

2025-08-11 01:05

Sample ID 240302-t1gltsfc92
Target PowerISO8-x64.exe
SHA256 be2c1e8b419d8f8e85fb7a4a4e6a6c908244ee9520f9657da932c23cf7ed4ddb
Tags
discovery persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

be2c1e8b419d8f8e85fb7a4a4e6a6c908244ee9520f9657da932c23cf7ed4ddb

Threat Level: Likely malicious

The file PowerISO8-x64.exe was found to be: Likely malicious.

Malicious Activity Summary

discovery persistence

Drops file in Drivers directory

Loads dropped DLL

Registers COM server for autorun

Executes dropped EXE

Checks for any installed AV software in registry

Adds Run key to start application

Checks installed software on the system

Drops file in Program Files directory

Unsigned PE

Enumerates physical storage devices

Suspicious use of SendNotifyMessage

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Modifies registry class

Suspicious use of WriteProcessMemory

Suspicious behavior: GetForegroundWindowSpam

Checks SCSI registry key(s)

Enumerates system info in registry

Suspicious use of SetWindowsHookEx

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-03-02 16:31

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-03-02 16:31

Reported

2024-03-02 16:34

Platform

win11-20240221-en

Max time kernel

150s

Max time network

141s

Command Line

"C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe"

Signatures

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\system32\Drivers\scdemu.sys C:\Program Files\PowerISO\setup64.exe N/A
File opened for modification C:\Windows\system32\Drivers\scdemu.sys C:\Program Files\PowerISO\setup64.exe N/A

Registers COM server for autorun

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}\InProcServer32\ThreadingModel = "Apartment" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}\InProcServer32 C:\Windows\System32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}\InProcServer32\ = "C:\\Program Files\\PowerISO\\PWRISOSH.DLL" C:\Windows\System32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}\InProcServer32\ThreadingModel = "Apartment" C:\Windows\System32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}\InProcServer32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}\InProcServer32\ = "C:\\Program Files\\PowerISO\\PWRISOSH.DLL" C:\Windows\system32\regsvr32.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\PWRISOVM.EXE = "C:\\Program Files\\PowerISO\\PWRISOVM.EXE -startup" C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe N/A

Checks for any installed AV software in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SOFTWARE\AVG\AV C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVG\AV C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe N/A

Checks installed software on the system

discovery

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\PowerISO\Lang\czech.lng C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe N/A
File created C:\Program Files\PowerISO\Lang\Spanish.lng C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe N/A
File created C:\Program Files\PowerISO\Lang\Serbian(cyrl).lng C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe N/A
File opened for modification C:\Program Files\PowerISO\PowerISO.exe C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe N/A
File created C:\Program Files\PowerISO\MACDll.DLL C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe N/A
File created C:\Program Files\PowerISO\libvorbis.DLL C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe N/A
File created C:\Program Files\PowerISO\PowerISO.chm C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe N/A
File opened for modification C:\Program Files\PowerISO\devcon.exe C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe N/A
File created C:\Program Files\PowerISO\Lang\croatian.lng C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe N/A
File created C:\Program Files\PowerISO\lame_enc.dll C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe N/A
File created C:\Program Files\PowerISO\Lang\Turkish.lng C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe N/A
File created C:\Program Files\PowerISO\Lang\danish.lng C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe N/A
File created C:\Program Files\PowerISO\Lang\Vietnamese.lng C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe N/A
File opened for modification C:\Program Files\PowerISO\PWRISOVM.exe C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe N/A
File created C:\Program Files\PowerISO\Readme.txt C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe N/A
File created C:\Program Files\PowerISO\Lang\Polish.lng C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe N/A
File created C:\Program Files\PowerISO\Lang\Bulgarian.lng C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe N/A
File created C:\Program Files\PowerISO\Lang\Swedish.lng C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe N/A
File created C:\Program Files\PowerISO\setup64.exe C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe N/A
File created C:\Program Files\PowerISO\Lang\Dutch.lng C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe N/A
File created C:\Program Files\PowerISO\uninstall.exe C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe N/A
File created C:\Program Files\PowerISO\Lang\SimpChinese.lng C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe N/A
File created C:\Program Files\PowerISO\Lang\Italian.lng C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe N/A
File created C:\Program Files\PowerISO\Lang\slovenian.lng C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe N/A
File created C:\Program Files\PowerISO\Lang\Belarusian.lng C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe N/A
File created C:\Program Files\PowerISO\Lang\kazakh.lng C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe N/A
File created C:\Program Files\PowerISO\Lang\Indonesian.lng C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe N/A
File opened for modification C:\Program Files\PowerISO\PWRISOSH.DLL C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe N/A
File created C:\Program Files\PowerISO\Lang\German.lng C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe N/A
File created C:\Program Files\PowerISO\Lang\Russian.lng C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe N/A
File created C:\Program Files\PowerISO\Lang\Portuguese(Brazil).lng C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe N/A
File created C:\Program Files\PowerISO\unrar64.dll C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe N/A
File created C:\Program Files\PowerISO\Lang\Arabic.lng C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe N/A
File created C:\Program Files\PowerISO\Lang\Japanese.lng C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe N/A
File created C:\Program Files\PowerISO\Lang\Ukrainian.lng C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe N/A
File created C:\Program Files\PowerISO\Lang\Bosnian.lng C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe N/A
File created C:\Program Files\PowerISO\7z-x64.dll C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe N/A
File created C:\Program Files\PowerISO\Lang\Greek.lng C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe N/A
File created C:\Program Files\PowerISO\Lang\Thai.lng C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe N/A
File created C:\Program Files\PowerISO\Lang\Armenian.lng C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe N/A
File created C:\Program Files\PowerISO\Lang\Malay.lng C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe N/A
File created C:\Program Files\PowerISO\Lang\Norsk.lng C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe N/A
File created C:\Program Files\PowerISO\piso.exe C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe N/A
File created C:\Program Files\PowerISO\libFLAC.DLL C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe N/A
File created C:\Program Files\PowerISO\Lang\Korean.lng C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe N/A
File created C:\Program Files\PowerISO\Lang\Lithuanian.lng C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe N/A
File created C:\Program Files\PowerISO\Lang\Hungarian.lng C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe N/A
File created C:\Program Files\PowerISO\Lang\Slovak.lng C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe N/A
File created C:\Program Files\PowerISO\Lang\Farsi.lng C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe N/A
File created C:\Program Files\PowerISO\Lang\Azerbaijani.lng C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe N/A
File created C:\Program Files\PowerISO\Lang\Romanian.lng C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe N/A
File created C:\Program Files\PowerISO\Lang\french.lng C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe N/A
File created C:\Program Files\PowerISO\Lang\Finnish.lng C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe N/A
File created C:\Program Files\PowerISO\Lang\TradChinese.lng C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe N/A
File created C:\Program Files\PowerISO\Lang\Urdu(Pakistan).lng C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe N/A
File created C:\Program Files\PowerISO\Lang\Burmese.lng C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe N/A
File created C:\Program Files\PowerISO\License.txt C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe N/A
File opened for modification C:\Program Files\PowerISO\PWRISOVM.EXE C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID C:\Program Files\PowerISO\devcon.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs C:\Program Files\PowerISO\devcon.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000 C:\Program Files\PowerISO\devcon.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Program Files\PowerISO\devcon.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\CompatibleIDs C:\Program Files\PowerISO\devcon.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 C:\Program Files\PowerISO\devcon.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.nrg C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.cdi C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.isz\ = "PowerISO" C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.xdi\ = "PowerISO" C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.img C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PowerISO C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\PowerISO C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\PowerISO\ = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E8658416-7CCB-4c1d-A021-AFF0A2EB8004} C:\Program Files\PowerISO\PowerISO.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.b5i C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.pdi C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\PowerISO\ = "PowerISO File" C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}\InProcServer32\ = "C:\\Program Files\\PowerISO\\PWRISOSH.DLL" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\PowerISO\ = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}" C:\Windows\System32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}\InProcServer32\ThreadingModel = "Apartment" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\PowerISO\ = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.cue C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.mdf C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.ashdisc C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.iso C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\.iso C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.wim C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\PowerISO\ = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\PowerISO\ = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}" C:\Windows\System32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.p01 C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.vcd C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} C:\Windows\system32\regsvr32.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\.iso\OpenWithProgids C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\.isz C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} C:\Windows\System32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.pxi C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.dmg C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PowerISO\shell C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}\ = "PowerISO" C:\Windows\System32\regsvr32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\Local Settings C:\Program Files\PowerISO\PowerISO.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.cif C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.iso\ = "PowerISO" C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.uif C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.uif\ = "PowerISO" C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\PowerISO C:\Windows\System32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\PowerISO\ = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}" C:\Windows\System32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.ima C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PowerISO\shell\open C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\.xdi C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}\InProcServer32 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\PowerISO C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.mds C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\.uif C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.isz C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}\InProcServer32\ThreadingModel = "Apartment" C:\Windows\System32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\PowerISO C:\Windows\System32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.gi C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.ncd C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\PowerISO\shell\open\command\ = "\"C:\\Program Files\\PowerISO\\PowerISO.exe\" \"%1\"" C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.xdi C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}\InProcServer32 C:\Windows\System32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.c2d C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.flp C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PowerISO\DefaultIcon C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\PowerISO C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.bwi C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\.daa C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.daa\ = "PowerISO" C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}\ = "PowerISO" C:\Windows\system32\regsvr32.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\PowerISO\PowerISO.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1760 wrote to memory of 4360 N/A C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1760 wrote to memory of 4360 N/A C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1760 wrote to memory of 4360 N/A C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1760 wrote to memory of 3192 N/A C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe C:\Program Files\PowerISO\devcon.exe
PID 1760 wrote to memory of 3192 N/A C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe C:\Program Files\PowerISO\devcon.exe
PID 1760 wrote to memory of 4840 N/A C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe C:\Program Files\PowerISO\setup64.exe
PID 1760 wrote to memory of 4840 N/A C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe C:\Program Files\PowerISO\setup64.exe
PID 1760 wrote to memory of 3696 N/A C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1760 wrote to memory of 3696 N/A C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1760 wrote to memory of 3696 N/A C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1760 wrote to memory of 3552 N/A C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe C:\Program Files\PowerISO\PWRISOVM.EXE
PID 1760 wrote to memory of 3552 N/A C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe C:\Program Files\PowerISO\PWRISOVM.EXE
PID 3696 wrote to memory of 3880 N/A C:\Windows\SysWOW64\regsvr32.exe C:\Windows\system32\regsvr32.exe
PID 3696 wrote to memory of 3880 N/A C:\Windows\SysWOW64\regsvr32.exe C:\Windows\system32\regsvr32.exe
PID 1760 wrote to memory of 3008 N/A C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1760 wrote to memory of 3008 N/A C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3008 wrote to memory of 2776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3008 wrote to memory of 2776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3008 wrote to memory of 4120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3008 wrote to memory of 4120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3008 wrote to memory of 4120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3008 wrote to memory of 4120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3008 wrote to memory of 4120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3008 wrote to memory of 4120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3008 wrote to memory of 4120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3008 wrote to memory of 4120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3008 wrote to memory of 4120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3008 wrote to memory of 4120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3008 wrote to memory of 4120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3008 wrote to memory of 4120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3008 wrote to memory of 4120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3008 wrote to memory of 4120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3008 wrote to memory of 4120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3008 wrote to memory of 4120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3008 wrote to memory of 4120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3008 wrote to memory of 4120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3008 wrote to memory of 4120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3008 wrote to memory of 4120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3008 wrote to memory of 4120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3008 wrote to memory of 4120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3008 wrote to memory of 4120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3008 wrote to memory of 4120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3008 wrote to memory of 4120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3008 wrote to memory of 4120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3008 wrote to memory of 4120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3008 wrote to memory of 4120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3008 wrote to memory of 4120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3008 wrote to memory of 4120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3008 wrote to memory of 4120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3008 wrote to memory of 4120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3008 wrote to memory of 4120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3008 wrote to memory of 4120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3008 wrote to memory of 4120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3008 wrote to memory of 4120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3008 wrote to memory of 4120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3008 wrote to memory of 4120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3008 wrote to memory of 4120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3008 wrote to memory of 4120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3008 wrote to memory of 1904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3008 wrote to memory of 1904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3008 wrote to memory of 5104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3008 wrote to memory of 5104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3008 wrote to memory of 5104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3008 wrote to memory of 5104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe

"C:\Users\Admin\AppData\Local\Temp\PowerISO8-x64.exe"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32.exe /s /u "C:\Program Files\PowerISO\PWRISOSH.DLL"

C:\Program Files\PowerISO\devcon.exe

"C:\Program Files\PowerISO\devcon.exe" remove *scdbusDevice

C:\Program Files\PowerISO\setup64.exe

"C:\Program Files\PowerISO\setup64.exe" cp C:\Users\Admin\AppData\Local\Temp\nsgAFBC.tmp "C:\Windows\system32\Drivers\scdemu.sys"

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files\PowerISO\PWRISOSH.DLL"

C:\Program Files\PowerISO\PWRISOVM.EXE

"C:\Program Files\PowerISO\PWRISOVM.EXE" 999

C:\Windows\system32\regsvr32.exe

/s "C:\Program Files\PowerISO\PWRISOSH.DLL"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.poweriso.com/thankyou.htm

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9f36c3cb8,0x7ff9f36c3cc8,0x7ff9f36c3cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,18012474833246734308,8052988209488963616,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1924 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1912,18012474833246734308,8052988209488963616,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1912,18012474833246734308,8052988209488963616,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,18012474833246734308,8052988209488963616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3108 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,18012474833246734308,8052988209488963616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3124 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1912,18012474833246734308,8052988209488963616,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4964 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,18012474833246734308,8052988209488963616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,18012474833246734308,8052988209488963616,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,18012474833246734308,8052988209488963616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,18012474833246734308,8052988209488963616,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1912,18012474833246734308,8052988209488963616,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4672 /prefetch:8

C:\Program Files\PowerISO\PowerISO.exe

"C:\Program Files\PowerISO\PowerISO.exe"

C:\Windows\System32\regsvr32.exe

"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files\PowerISO\PWRISOSH.DLL"

C:\Windows\hh.exe

"C:\Windows\hh.exe" C:\Program Files\PowerISO\PowerISO.chm

Network

Country Destination Domain Proto
NL 18.65.40.28:443 d2cfmvh5x2q5u0.cloudfront.net tcp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 202.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
AT 3.161.127.40:443 d2szyrfwv98jnz.cloudfront.net tcp
AT 3.161.127.40:443 d2szyrfwv98jnz.cloudfront.net tcp
US 216.92.201.29:80 www.poweriso.com tcp
US 216.92.201.29:80 www.poweriso.com tcp
US 216.92.201.29:80 www.poweriso.com tcp
US 216.92.201.29:80 www.poweriso.com tcp
US 216.92.201.29:80 www.poweriso.com tcp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 216.239.34.36:443 region1.google-analytics.com udp
N/A 224.0.0.251:5353 udp
US 166.62.97.162:443 www.poweriso.net tcp
US 166.62.97.162:80 www.poweriso.net tcp

Files

C:\Users\Admin\AppData\Local\Temp\nsb63BD.tmp\System.dll

MD5 8cf2ac271d7679b1d68eefc1ae0c5618
SHA1 7cc1caaa747ee16dc894a600a4256f64fa65a9b8
SHA256 6950991102462d84fdc0e3b0ae30c95af8c192f77ce3d78e8d54e6b22f7c09ba
SHA512 ce828fb9ecd7655cc4c974f78f209d3326ba71ced60171a45a437fc3fff3bd0d69a0997adaca29265c7b5419bdea2b17f8cc8ceae1b8ce6b22b7ed9120bb5ad3

C:\Users\Admin\AppData\Local\Temp\nsb63BD.tmp\nsm6499.tmp

MD5 c3b224d15a9036805575b2ff0bcefeda
SHA1 74779ae82a97e97d770435d097821810f16c97c5
SHA256 23d8aeff49ffbac9f9490e9739e059cd7064516dbcd693fe2de77830b127ff8a
SHA512 5a5d98cc9a4aca076049340a4645879a8e4a1d2e24a672015627446d7e3729acf0b64bc8a0f702b8da735d22607fe13ba3ef6a497a57891804576899b06bb461

memory/1760-15-0x00000000032B0000-0x00000000032C0000-memory.dmp

memory/1760-19-0x0000000003320000-0x0000000003330000-memory.dmp

memory/1760-20-0x0000000074B00000-0x0000000074B10000-memory.dmp

memory/1760-22-0x00000000056D0000-0x0000000005C76000-memory.dmp

memory/1760-21-0x0000000074250000-0x0000000074A01000-memory.dmp

memory/1760-23-0x0000000005C80000-0x0000000005D12000-memory.dmp

memory/1760-24-0x0000000006600000-0x0000000006644000-memory.dmp

memory/1760-25-0x0000000006650000-0x00000000066EC000-memory.dmp

memory/1760-26-0x00000000066F0000-0x0000000006756000-memory.dmp

memory/1760-27-0x0000000006C00000-0x000000000712C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\nsb63BD.tmp\nsDialogs.dll

MD5 ec9640b70e07141febbe2cd4cc42510f
SHA1 64a5e4b90e5fe62aa40e7ac9e16342ed066f0306
SHA256 c5ba017732597a82f695b084d1aa7fe3b356168cc66105b9392a9c5b06be5188
SHA512 47605b217313c7fe6ce3e9a65da156a2fba8d91e4ed23731d3c5e432dd048ff5c8f9ae8bb85a6a39e1eac4e1b6a22862aa72d3b1b1c8255858997cdd4db5d1fe

memory/1760-34-0x0000000003590000-0x000000000359A000-memory.dmp

memory/1760-35-0x00000000032B0000-0x00000000032C0000-memory.dmp

memory/1760-36-0x00000000032B0000-0x00000000032C0000-memory.dmp

C:\Program Files\PowerISO\devcon.exe

MD5 9d199564b65a91a531b23844649459e9
SHA1 8d84359ced1c51d14e70cb5ed36a6083c8b914cf
SHA256 8dc2490d1d650e3ffbf70922b81ae9800ddd29a644e4d7d29e9616e22a7d0f42
SHA512 ae522945d3ddcd7c2d99da14ba62d556928b7e6dfcb07114f13481777878a8ffa448170cebbf76da80d9ae45d0e3a509b0f2a7bd702773c1efcaca26496010d1

C:\Program Files\PowerISO\setup64.exe

MD5 fdaf68ac10888345fc0dfedd070dbd07
SHA1 160e72adf208e42511274e7dd786975cfce4d4d2
SHA256 e69945c414a228f6299a30946401bbbb900d0b8a814e2ce8c5c44c12f130eb75
SHA512 943ae7c986ec48d24ebf9c83a3821ecfb36aa7bca0c010c7b53030c0ee30980c848177b5ec33fb2317f71dececa3bee5adf53393fb6f30f8f9b7d475965038a5

C:\Users\Admin\AppData\Local\Temp\nsgAFBC.tmp

MD5 92eae8dec1f992db12aa23d9d55f264a
SHA1 add6697b8c1c71980e391619e81e0bada05e38ee
SHA256 d01a58e0a222e4d301b75ae80150d8cbc17f56b3f6458352d2c7c449be302eee
SHA512 443a12a1a49e388725ee347e650297ba5268d655acd08e623ea988cde07ae08ae861620b600fb223358339eeab926fee1c8377386501310c68a3eb9515649441

C:\Program Files\PowerISO\PowerISO.exe

MD5 b35ca1fe32c0952f756dfec1cd894dd5
SHA1 8ecdfbb4333eeb0b7c0df4fd0c9dc58f17d63257
SHA256 b6cb074ad499926bf8aaee9d7caf993739fbbce5cf19bbbc912c95c5f1111aa0
SHA512 8d80a7dcc32bea19cad8cf775fb98f60f5befbf4e1300a9bf6ad1ca49347653cdbb9860a912d36ee05279aece88795336408ed4f4572515c54d4e18ab792d893

memory/1760-117-0x0000000074250000-0x0000000074A01000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\nsb63BD.tmp\InstOpt.dll

MD5 6a45ec125830c244261b28fe97fb9f9d
SHA1 f30e65fa3a84c9078bf29af4b4d08ec618a8e44f
SHA256 fa8b56b52dc7130d924d0060633b5763c032408385a47ec7438d5e1d481d2fe5
SHA512 5387439a2a1f235a2ffe934570db8ab200e2688496d2be39d8f6a47dc7fb55e6e30e957b5b2f6d79799581278bd57c03dc81908afa5e9707375a14ec8a34e4e2

memory/1760-122-0x00000000032B0000-0x00000000032C0000-memory.dmp

C:\Program Files\PowerISO\PWRISOVM.EXE

MD5 b9e3a3d2a59693b08cc500068aa57035
SHA1 2577a8b66c35fb36aa3e7b7a8e4cc487b80c1b7f
SHA256 606a015016eeb8f9c795b75b3ac7f081fd6c0979aa6b6568ba39e0de058fd94f
SHA512 2beb90e9d34d79ea1e3a00327d2354806da12b16f9506d14a441814d03ac398792bd375cf5894f9bfa0ab967c34fe2eb564f04fe4c187ebae596592d62815120

C:\Program Files\PowerISO\PWRISOSH.DLL

MD5 42466823a6244f9e55e9d61f0e2dc8e9
SHA1 f7193e1727d3b5a6b462d4480bc0409408bbbd7c
SHA256 98394e30ed316fb1aaaa0a0ed72aa884f76f33c1f35c05c39efb5dde747444a8
SHA512 291ed14d0561c5ba57b274a0a380c826e38a1a80894ed3c90074f73bfe671814329f265072102b442a6d7c62ba176b46848f83369d80e4380bc2e60f3a9000d5

memory/1760-149-0x0000000074250000-0x0000000074A01000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 5c3ea95e17becd26086dd59ba83b8e84
SHA1 7943b2a84dcf26240afc77459ffaaf269bfef29f
SHA256 a241c88bb86182b5998d9818e6e054d29b201b53f4f1a6b9b2ee8ba22dd238dc
SHA512 64c905e923298528783dc64450c96390dc5edbda51f553c04d88ee944b0c660b05392dc0c823d7fb47f604b04061390b285f982dfcc767c8168ccb00d7e94e21

\??\pipe\LOCAL\crashpad_3008_NTOEFPGZVSWXWZZT

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 c65e704fc47bc3d9d2c45a244bb74d76
SHA1 3e7917feebea866e0909e089e0b976b4a0947a6e
SHA256 2e5d6a5eeb72575f974d5fa3cdff7ad4d87a361399ffdd4b03f93cdbdec3a110
SHA512 36c3be0e5fbc23c5c0ad2e14cfb1cf7913bea9a5aeb83f9f6fcf5dbc52a94d8ccb370cef723b0cda82b5fba1941b6a9ff57f77ff0076a2c5cf4250711e3dd909

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8138f489e8fd51ca19946783bc1dda2c
SHA1 470cb26bb1cef1d26fbe7dd8295b2f934344ae81
SHA256 1f085fd409951e97f2619358ec3246a923dcd8500f296b5089c2a926f275dea6
SHA512 7a9742af38158da0665de730895bd0d221fbe093efb2afa0989599cf5f5796aba27bc03760160ca477b8fb1af498735a3afbbcd7648045aa01672468621e6f8f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 681e993093218ae75135874ef8aa01b0
SHA1 1678d8543da7ecd97196d4bd05a2d47eb166fff4
SHA256 1736f078e277204bac6812c5d03cc6f89b24609ac45b50dc22538c248c51971e
SHA512 42855b678fe84245c2ee355f3998a7212dbeb06132d4823090ab0ddc1bb812e67ec9920c751d10f897dcf1ee490c42f800e2d68632681cb84ff16d2f471c5323

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 dd095a550c2bc8cef11c36c865e25326
SHA1 d6409eefcb035e0cfb3636ed0457fd5f7f0c07ab
SHA256 d52d924c0b2b43ab4810704958e13f44c2108befdd3716894937a412a2d6a6fa
SHA512 52ed6f7dbdbc68475a42855aae88b64201655b9640f85046cbc5f7025aee9deed236a9ddb7c848261908314c87da64611a0651140faf8f0f630a5dfa3b5200b3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 0f752136744847e5cab7a5e17dc85e5c
SHA1 8c8a0e6c3189d4709b0ed91e550cc7bba5ec2b40
SHA256 17b9e156741b47c77dd2c582147288f52cc74d6e84414531b0748110e233408c
SHA512 dba9f4965040a3c9ccd850cf484df442511758c92049c6f0263fb2da545cb273fd59dc9166614d079026892fbb739a12c2b05593814240501b436f2d045ed74d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 70199826f17eacc28e29e491782a2ed6
SHA1 169d1a4b04b4d71ed4484fd44fc4722533595f8b
SHA256 69309f5664fca6b918a549770e7d8a9e40333808828ba8b05a6541c366c2ab1d
SHA512 d0701abfbf4ee72a1327a36dc49e6fa2544e06fae5fb22197aa6bac67b5b66effc437d02a2201e2b91166c3b2d213f2a66479f518aa61e4fbcdfd1a542a37260

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6eb98bd0df700c86bbf4a169d79315a1
SHA1 339d9a66f5304560308c36df5e6c948cf455f773
SHA256 e935f21052b2d5aa405473f89e15a3616f4cbbc99b54815bf24f3d871382f730
SHA512 248c8a815eaca5b1249488c1a93c85e16c46ea122af30f735e868fcf43a555e4c29e2f03ee0647f3e6eb9390477e15afaefb6398e0af857e774c763c432f613c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 686326432a5bbfe72896f4c8e792b1ad
SHA1 74e76b3e60e3ad56c1e9c8d7912439341d57e321
SHA256 86883c2a4eb20e4cbf3d7855db3d9e15584203fbbc5561d28636b5e8fd7a4df5
SHA512 4bbbaa4de339b1873f69436b1970e269be5c6349cf3d453828c01f9c49d9b8cf02821fe2a44678f65a75d1f9f5c13030da430fa9713c35396fdf7f14bafecba5

C:\Program Files\PowerISO\7z-x64.dll

MD5 e3d086ce6d5afb8452886e5449be5230
SHA1 5f5e3ecd6ab6dfe134d4ba0fb3106ef72a6c6fa5
SHA256 153720adca6a15890d574a8d5471e73221f129b4a20ca2fbbf6a50072b6e0a39
SHA512 4a80b83038f5a2c3d3301e718ab7b439d3c6360ab0abe8219eab837f2f13800c900d90bb6148db01d2bffe9da1aefcadaa1564032d6cf80219567b07d5e65e6c

C:\Program Files\PowerISO\Lang\Slovak.lng

MD5 958db42d0e508626ac43828765d3bf8c
SHA1 69a5e785890964ab976efe8e415ee2c1965d898a
SHA256 0fdf647f874bf9f25f7541f5abf8b4cb961070051e38fb774693daecce6b1c29
SHA512 9f7a2829f1357290d70055c8b34f8155d22b8738609adc4e7fda9874bff7afcbe1a9c0058a90a4ff8d0022f3f23b4eb349c6285adcfa21de59fee63c8e9ec274

C:\Program Files\PowerISO\Lang\slovenian.lng

MD5 f7d98fda492a0bb4ce6fa03316d8aadf
SHA1 f8bf911da7b5c983fee6b52649bdb177e984decc
SHA256 ca81ec1a47a2a3e241c8ae26f3844e840af3b5be15a95216dee82f3ff5e4f8b8
SHA512 6b039a16d9a2a8817aab0b51fb2f54e9e47bcabb68d9cd9ff934441b15b3137ddbf89db68d65b5eea927649d96e274e5612ea0ba57ca79e8f277dc58064c8846

C:\Program Files\PowerISO\Lang\SimpChinese.lng

MD5 0141ebfde7cf2b57d6e679be189dae36
SHA1 d49d0ec9aa37eca802e30716ce3b534bf00ab263
SHA256 9b17b55cabc0f7ae7485c62cda0b94868752d23ebc02df8b78cfbc2d2bd83f71
SHA512 fc972cb24f94b717cd0078d224ddd5ae6c54048eb0feb5dea42ebc1555aecea306f299c66d3d33292c39bb4f222502623080e06b08a3f1f3aa37a926f3df0633

C:\Program Files\PowerISO\Lang\Serbian(cyrl).lng

MD5 389bb2ac22ae877fa3f5ed445947b756
SHA1 fc7d50a469cbb6718ec4a0f6fb80559b7ca03498
SHA256 1cd7276031f5ed13f96b0d58a444be88a3aef11c5f2e32c41ef1248ef6555dc5
SHA512 a215825f9b8fdbaf0196d74ff1430c5e15c61aae2d816f29c4c7f396370e38b8dcf643eb8864d2f06a4aea8fae711146fb50c169b258c2c9bbd24f7e0ded9a0d

C:\Program Files\PowerISO\Lang\Russian.lng

MD5 963c126ddc71fb8c461045f526dea843
SHA1 e8c620a5a1ab65f8ced98b72ec2ab80e97429ff5
SHA256 49f96df6dfd30bb10e3ed15dc0ffe65eaf173f96ae5edefeb0d83e2b66155aae
SHA512 abe24eaeaaa3dc460d8dfa622f1173c2741cf9a2b84a094fb290eb120b3c46c4b91a149ccf95dc5502f7a27e3684eab808f74eeb1c8054825f9f61745ecb0a2c

C:\Program Files\PowerISO\Lang\Romanian.lng

MD5 3486c3c25d06011ee04b79ab0727d996
SHA1 4b6b8304a509a9926821584ab76a1557adec0b14
SHA256 d1e4cc47e9491cab3cb58e5a7f101e47d0ce3429aad7fd4df962aa85e76d072e
SHA512 8e3a33b34eb33ceb372fb76c3c8544b95b24a1af92377457214c38c422015a9e414f1f062ff943731d8e8c44ee46ebbc8448b6a41bdf20ea1be5c90a4d1e0981

C:\Program Files\PowerISO\Lang\Portuguese(Brazil).lng

MD5 8c8f7d9612d468caab77ebba6af6605a
SHA1 49948c06b5c900ca86bea3437bf2d9ae34a31f32
SHA256 953131a00d676369db93e31c39d26919bdea16aa397aecf625f05708a8c809c2
SHA512 1a3fb2e597c0ace83c15762bd3d43070971541ecf769268ad138e36fea41356895790f95a0695be98ae0cbc0a68c31f550ffa5e5192283246f77e5d54ac72f66

C:\Program Files\PowerISO\Lang\Polish.lng

MD5 a197d6aae21b87f4cca43d754ed77ba4
SHA1 fd11ba4462600872d5f2832da9ce1c07049eda82
SHA256 f927648298d7bf84a70b37261ecb9967903f8549cdae05adf625f664f78c2fac
SHA512 f713375a37a486a9c65ff8740a487157923351cb324ab4ca12569c02fc16075b542fa0a650becbca908109cc98841bf1ad40866360a8727f393970ce1b83cec2

C:\Program Files\PowerISO\Lang\Norsk.lng

MD5 0f4841f83c8597bd7e11a152c924572e
SHA1 3401ae67615f52fb90322a968c531d11c82659a4
SHA256 04fcd3084b3759ea6ae31551c9b344fa1cd26b555fd9e9fe36c9313de72c9052
SHA512 c94e8ee36f347b948fa551941016b0f99613267901d089aba3fb53ef7759ca4071ca3df307f3bff6d04c8ef16b69a6d9cc85942357b49d26cd936bcf22a75259

C:\Program Files\PowerISO\Lang\Malay.lng

MD5 d4a0d165b3b632b6a35ab917dc1cd986
SHA1 fbacee30b074eaa6691fa5b267be25d7bb5d7a4a
SHA256 a82324b2fd056567f8a8e00e0d3058f39d920f691f719b704da48b96cdce7575
SHA512 1f5c25361901d7de61d2af557a06cbc08582a91521552fe3fb73cbff80ba82363d14d1b1448c173978e1d19269eb7f9a23575044e07dd6e101d8bdc1dea0c7de

C:\Program Files\PowerISO\Lang\Lithuanian.lng

MD5 071ce70a4cd0fad14c843e8a02b159af
SHA1 64efcb326739650c9e6d480f33477ce1bc286537
SHA256 3c2103115e8d1f5251a5294605e2863387d9921a43530571cdb2bb43f63eba4d
SHA512 19004622d02add96b75bb920f4b772df014c307a9b2d4fb730cf68f4e4eb03d905138d44c2d92f957a081cdc3435016aef43ff3d2dd4c64f9b25cf5fa220eb8e

C:\Program Files\PowerISO\Lang\Korean.lng

MD5 cf3c23b6632a79b68c369a7151a0a8f2
SHA1 b921c9dcef4cd783eb27fd9e6d255fd7089ff893
SHA256 3b99082a2333c4e875122961dd25ce992c06f4add5eac103421fe61bf2788488
SHA512 f7fa214571468878788b5fe68467dfe0fc1edf70908ada8fc4c9035166a4aa4db04506e1b5038d545a058b64492eb8264b4729f6ac5e41e4e22fcee76f4e846e

C:\Program Files\PowerISO\Lang\kazakh.lng

MD5 6e690ee505ec2a4b8803e24ceba5ca43
SHA1 8d459424203ee2facbc8cb71208366a0b8a78157
SHA256 c651d03de96e44f2cd616ebbbfe67b9b0c4f5561318e1be87e424a61cd8a585a
SHA512 6c356e61cb916ed74f74578a2dcf615b96e7eaaf8b7ea9bedafea304d9111eaaa00b30e7fcbbc389f1508d5df6b8ab812badf46af94ee4976238049137e44983

C:\Program Files\PowerISO\Lang\Japanese.lng

MD5 23bc2f15ff712025997a0e018262cade
SHA1 d952f3a25635894fcf67a02134fdbb5d3505b70a
SHA256 502ad727c773c7fe4bea5c1644da44f03c311a7ec4d72d23fa4c619e18c53d5a
SHA512 860931180291caf139e500fb4ec58899fb3a7db57cffeb56db3d2dae0cf577848bcda6d26dd6e20a181ef6a678913b9883a62f5e07f787b59bce54e83d829bf9

C:\Program Files\PowerISO\Lang\Italian.lng

MD5 766381f22083ba756b40bd27def353cc
SHA1 ad347b7749839da75d2c38a7712fa38b585f1afd
SHA256 5112942389d0981c36797f1451fa336b5cef488ce49b9cc6b5d46cfa9357c1e3
SHA512 100308f58c2dc8e93783846400eb87aae40ef30fab79d99bd710cbae86ba7867cfe49ea263d021f0fdc33a74fc2d9d8db77151418a7289d294e80d7b2bd878a8

C:\Program Files\PowerISO\Lang\Indonesian.lng

MD5 590c45a771ec412f469d3fc512692bd4
SHA1 ca045c7d5995670f5d251542826739c43294cc62
SHA256 1832c7639f5ca292d617f7e61a502aad96ef40c38b5407ec84057aa63a250c86
SHA512 ac02f5306cb8dfdfc817dd73e172a203e446c198812452eed8f74116a85818fc67f8b8d7ff3beb98a0f5965e6e9f68194c8a539e602535b082788467404fa811

C:\Program Files\PowerISO\Lang\Hungarian.lng

MD5 acfad4e0377c532a87eaca9d3f560db2
SHA1 90aa58896c0bb7f8a860c80ba50c94855c8971f3
SHA256 aa25c68aa808f867b6ddbd782a86ec4f1c5e3871ddc32873e4ece57cf3915a08
SHA512 6328dc1b8e46eab9346af2d0b82f8ce36756d8ad8dcd3aa91dc009759d195ae94231a57272613bef5418c71560ee6396e28ac1526dd52dd677049855fb666ac6

C:\Program Files\PowerISO\Lang\Greek.lng

MD5 fc4dedb73e9e7ea23341f0e06bdbd60f
SHA1 3aa8df019d70a474ae8918f8ac8847763360de3d
SHA256 48ad97a8671a0359e0f16ae4d43a14188bb3af4ae2d0870f31fd389b9c63e516
SHA512 c122c8477680fb7ff93b7f75df038c0c5e5544af9c435ee9708e434d34141fa975707ebe700a952da39bebf86dbc1f3d7739831e8a61ed5f3c24c1fdc0958fd6

C:\Program Files\PowerISO\Lang\German.lng

MD5 05efc5b28e145190a0cb4b615ab1f5e8
SHA1 8b74c208910db181e871a61f6830651332e04591
SHA256 8fe3d31af7a105c136d99fba1b44a332abf15aa71a107b2d19d672df0a66a1d0
SHA512 f7c5fbeafdd460471565ea33d927fe94c6a6f7f3f42710cbab45157886a5153682a5797b8f07c0f954a772de17b01f4694cefbaadf3c5c96c1f90bebc2e302eb

C:\Program Files\PowerISO\Lang\french.lng

MD5 c9cbe1f3a432ef6ec3a43d708862f9c6
SHA1 2445716626359ed6c7fcb00595daece9f85702d8
SHA256 f91a051d80c19ea8194985a2f9ca6d4c4e191a7492f9b1ebef13f423ed519f6f
SHA512 c29f761f96b6db9e92002a0b0d02f60d60266b3fd3fa6891a82f79ce14e90a687ce78806f3a4e3298a0b4b9e7cf0b8430265d7fdd1070ad8e899c7ef1298f03e

C:\Program Files\PowerISO\Lang\Finnish.lng

MD5 2f9aa74f68d74f574c29bf7c0b964358
SHA1 5d3c6026ec57837f373b8f5f2cc05043721db73b
SHA256 a28569aaa735d3fcf9934460b283e47a8c510ea80439c57ded797d7d767c9a47
SHA512 7bc0f83ac43b8cb4294ad4bf169c583f6b5948b92ac30a2626736bec204811a4562d3274819a7828ac787e22644e9f2ed2463fe3903ceccd98aa73c11811cb8a

C:\Program Files\PowerISO\Lang\Farsi.lng

MD5 197bcf165a0302fd910a683d9bddc63c
SHA1 a26f754fd4011225b9c02f13564a4428f50b3d39
SHA256 d3441d10af3bb133441c1658a0622b5ca69198ad04c84e4b74a92f9f02902485
SHA512 eb0de4994b883169a114f16cbc5c1f04a5497dc69c07817802509e23fd8f99761eb6d634b35a4b77c7d70f4295f24e5e874e38c668a57d718df14254be4d4472

C:\Program Files\PowerISO\Lang\Dutch.lng

MD5 45bed06275ca8abb2c4423c6453b7ecf
SHA1 bf85cd68a047f27968c886abd10395333647153b
SHA256 9c943144847227a9aa7c2705ce36a67a35dc1d85c1b17d6466b62116e9cb0af2
SHA512 e2a648a813327c5bab9e6efefddf1373bc925c269a8216b82a91d625ae96736a14a9f9c948c2d78d89db7c3ed6bc6548fbf72ae0422b701bb771b80576df6d2f

C:\Program Files\PowerISO\Lang\danish.lng

MD5 16f6aa7bd28bede15f749c173ba26649
SHA1 a6a6773d1f97439890cbe73fb332e12e250d121f
SHA256 1b3ab2dd6dafb98f01855432efbe46da0b6043fa036b9de127b0f997281bd469
SHA512 e6046bd3191e75a41b46fac85e4e3decec76ce68d524ecbe879887b01dfc21c9ce7ec3d58579bf16ebc693d780bb8b075b3bd136a568f7662e984b91e0f473e2

C:\Program Files\PowerISO\Lang\czech.lng

MD5 83fe45cc46a2cc45c9c9debb953ff043
SHA1 163984eb6a15b941ada0e49d31b00468058d70bc
SHA256 f2590b0d7f258deeb05870521620eed0be29a1a4afa523b577f0af779b9cd399
SHA512 c0bd17c699facb8f7bef8d71f8f59632220b56ebd12daf371cf9e047710a4453408eb6f8b3413542c1ec006c0e98ae496911a9f3c24f5e58cb655d8751778bc2

C:\Program Files\PowerISO\Lang\croatian.lng

MD5 b94e0fe2974e41da7639cb9691fc8c96
SHA1 28f490c0582088bb4790fd3c1430fc37662c6ed1
SHA256 b20d52aeaf8a51049ac2e9bfcdf5047b37e17acefc1b98ab982e9cabf7d2b8e7
SHA512 54df0156aa833eb661b8083e6415d9cee7928521d13329174680de34af263d87e8fc7291533acb52f1f23372681c2f6adda6b56f4bff97ade20fec807434ae37

C:\Program Files\PowerISO\Lang\Burmese.lng

MD5 b0814ff5068c5806b71b5fb9c24b4a46
SHA1 804403aa5fcef63387205fe287e813ddda52185d
SHA256 d1f70357189e209f1fc73d59173086c164cd6386d7fa18c2ad118d6d3a1281e6
SHA512 c9c3b6b2d7d9e4d228cc3dd53f8f92bbf3d99b20710a4535430df18006dc1ad3547a3704f92a5c8ea35380cb3ca458960195ba08e077acdba87bbc5f4c88feb1

C:\Program Files\PowerISO\Lang\Bulgarian.lng

MD5 fa5b927ed89b89022006fe42de40e477
SHA1 2e5b11b632f2ffd6fff2ba4604ac9bb0a783ff27
SHA256 ec7a79df223d5a3851f962bf21855dbe09dc0768e6cc6e5803526e2e16089c6f
SHA512 ce33319f21e8b1a95a3302199ac92be84c73899b7f16ef5f3e50ef70f0b8c62cf15f83dbd1d1ec27a5feedbfdb74cae2e7f77a93ddbae9c6d0f773cc348e898b

C:\Program Files\PowerISO\Lang\Bosnian.lng

MD5 27e3f9caf5c2f6f56d05839db1f55dd1
SHA1 4d2b7f09246d97cf6d96cb0c1374093d197a7a8d
SHA256 7be27864827af5ffeb2b8582f52d47eee58ffe84719512cfe721720abc5383c7
SHA512 bfa56a4a410bd66f3e73555c932369a14508a390847c25b21e95e3ad4e22ba93d9251bf41e0c0454f883bed8bac57f6fe19bfb9234dafa3c6e0dc48268c2ddbe

C:\Program Files\PowerISO\Lang\Belarusian.lng

MD5 52374ebf32ba06f759a20a644dbbe838
SHA1 b7d5e06a7fe1ba3d7979e90689cc0f8312517921
SHA256 7e80b73e66232e8ca164aded1a08f63fabe65e4e38859963e6d5541f7f7ab300
SHA512 15802e6ef85bcc1f1816d5794f5d156f27f32443943c3feaff1f0d94e656396f54cfc5adf22d50e214349334126ad3135656b434c8712aeb60b1aee17e21098a

C:\Program Files\PowerISO\Lang\Azerbaijani.lng

MD5 78a717846a059de665e889e05313ea9a
SHA1 67737ad90520e588d7271bd42fc0c1333b442a8c
SHA256 696307e616727c3ef2b791916d4a340cac85c6ede86bed1b0322e5e37ca66043
SHA512 a08944180c73786f16dea1ca18e9819805077e8da778e989c7cd910bcca33a8a310a516d7361158f34e099594716218471a149a3c04a94a654d9b9056cfc7209

C:\Program Files\PowerISO\Lang\Armenian.lng

MD5 39a9944552e746501be30e128f511471
SHA1 007dfade843e60a58a32c8fed705e7a8b60abfe4
SHA256 75b9ed8ead6235aa0caedab794b353e3a74957f82d3c0c938a1dffcfe9f54bab
SHA512 3009dcdb35344c19ccced8ee1b523d0e17c54dabf7faa4eba988409893e7bdbb5ffdb4bc21065568c59de94e21ddd1b3e47791abdb73f8b5e3a9cbd72a262b79

C:\Program Files\PowerISO\Lang\Arabic.lng

MD5 df394959eb900bc4500324b7e1a674f1
SHA1 3e5863b8e7a70f5c963342cb07bf219c3033fb96
SHA256 566220bd0badc31c82ceedce53cb17b8c009e2ae5c1df4e32690274d3511b014
SHA512 4ab2832e0e6028b3911d9f758788a0f3aa710b8bec1cc215d381e4ea0017f4ce2240bb3f38778c1d62c33c364117c3ac70091383f2deff72d4d971f10125d47d

C:\Users\Admin\AppData\Local\Temp\$PowerISO$\6339.tmp.ico

MD5 4198afdeb9ace242c575ee572af22e1f
SHA1 32784594ec69ca459878010401c3931be8e5e15e
SHA256 b4d6704aabfcc8b7cb8f4ee58b162dd124e2d0e4dce20ecf13eebd262dd1e76e
SHA512 d4288466d9a669c7735dc788f81fd5581876048644c48a58df5e2f8c70d468464d9de2bcbd295cdfe8510fd77a9a3cc26e3de0a1cf985622fec00baefda7f4cc