Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    127s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/03/2024, 14:10

General

  • Target

    LittleAlterBoy5_5.4.1.17134_64.exe

  • Size

    217.0MB

  • MD5

    a62c37dc3c08181bad7e1616ec0d919f

  • SHA1

    8a2e83146e4b10eb2c0ed8963c643f058877004d

  • SHA256

    b65612ace7fc0ae0b5a795abde581c3451388159f63364f4c48f4a2b86234c59

  • SHA512

    a8fb973ce513e19261e87848fa942043e9e8a0a009e37e781301918c62273255f7f5fa00ae5879d6c7e30dec5761b7565d331a0b02b5e64ded2a753170844009

  • SSDEEP

    6291456:A+EQz6xNZdyDarLdwoixcNiUtSUzNOr2NxeS7c+Vl+uz:A+EFxcDaVLi4jSUzUeT733+y

Malware Config

Signatures

  • Modifies firewall policy service 2 TTPs 1 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 64 IoCs
  • Loads dropped DLL 49 IoCs
  • Registers COM server for autorun 1 TTPs 16 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
  • Blocklisted process makes network request 2 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 27 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 47 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies data under HKEY_USERS 62 IoCs
  • Modifies registry class 64 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

Processes

  • C:\Users\Admin\AppData\Local\Temp\LittleAlterBoy5_5.4.1.17134_64.exe
    "C:\Users\Admin\AppData\Local\Temp\LittleAlterBoy5_5.4.1.17134_64.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:828
    • C:\Users\Admin\AppData\Local\Temp\is-PL0PH.tmp\LittleAlterBoy5_5.4.1.17134_64.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-PL0PH.tmp\LittleAlterBoy5_5.4.1.17134_64.tmp" /SL5="$4014C,226646490,848384,C:\Users\Admin\AppData\Local\Temp\LittleAlterBoy5_5.4.1.17134_64.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:2336
      • C:\Users\Admin\AppData\Local\Temp\is-3Q8HI.tmp\_isetup\_setup64.tmp
        helper 105 0x4A4
        3⤵
        • Executes dropped EXE
        PID:4732
      • C:\Program Files\Soundtoys\Utilities\License Support Win64.exe
        "C:\Program Files\Soundtoys\Utilities\License Support Win64.exe"
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • Loads dropped DLL
        • Adds Run key to start application
        • Enumerates connected drives
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of WriteProcessMemory
        PID:4212
        • C:\Users\Admin\AppData\Local\Temp\{EFCE9029-378B-4593-8360-1C17DABCC2AB}\{2315E48F-4829-48AA-82FB-7AE4975F75C2}\VC_redist.x86.exe
          "C:\Users\Admin\AppData\Local\Temp\{EFCE9029-378B-4593-8360-1C17DABCC2AB}\{2315E48F-4829-48AA-82FB-7AE4975F75C2}\VC_redist.x86.exe" /quiet /norestart
          4⤵
          • Executes dropped EXE
          • Suspicious use of WriteProcessMemory
          PID:3292
          • C:\Windows\Temp\{6D9F4CAE-CD8F-4B89-AD68-CAC6F670E647}\.cr\VC_redist.x86.exe
            "C:\Windows\Temp\{6D9F4CAE-CD8F-4B89-AD68-CAC6F670E647}\.cr\VC_redist.x86.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\{EFCE9029-378B-4593-8360-1C17DABCC2AB}\{2315E48F-4829-48AA-82FB-7AE4975F75C2}\VC_redist.x86.exe" -burn.filehandle.attached=656 -burn.filehandle.self=684 /quiet /norestart
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            PID:3776
        • C:\Users\Admin\AppData\Local\Temp\{EFCE9029-378B-4593-8360-1C17DABCC2AB}\{49781A96-DB12-46B4-86C7-F1682BAD6C12}\VC_redist.x64.exe
          "C:\Users\Admin\AppData\Local\Temp\{EFCE9029-378B-4593-8360-1C17DABCC2AB}\{49781A96-DB12-46B4-86C7-F1682BAD6C12}\VC_redist.x64.exe" /quiet /norestart
          4⤵
          • Executes dropped EXE
          • Suspicious use of WriteProcessMemory
          PID:3376
          • C:\Windows\Temp\{0B6FE875-46BB-478C-B771-F004B007A3FD}\.cr\VC_redist.x64.exe
            "C:\Windows\Temp\{0B6FE875-46BB-478C-B771-F004B007A3FD}\.cr\VC_redist.x64.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\{EFCE9029-378B-4593-8360-1C17DABCC2AB}\{49781A96-DB12-46B4-86C7-F1682BAD6C12}\VC_redist.x64.exe" -burn.filehandle.attached=552 -burn.filehandle.self=516 /quiet /norestart
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            PID:2172
        • C:\Windows\SysWOW64\msiexec.exe
          "C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\{EFCE9029-378B-4593-8360-1C17DABCC2AB}\{15D7BF62-B111-49C3-9E82-1E5859612E57}\Bonjour64.msi" /quiet /qn
          4⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:2372
        • C:\Windows\SysWOW64\wusa.exe
          "C:\Windows\system32\wusa.exe" "C:\Users\Admin\AppData\Local\Temp\{EFCE9029-378B-4593-8360-1C17DABCC2AB}\{4EF18522-4489-4423-9A67-6903B272672E}\Windows8.1-KB2999226-x64.msu" /quiet /norestart
          4⤵
          • Drops file in Windows directory
          PID:3744
        • C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe
          C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{F5272278-59D6-4F34-AE36-6605BD6534A5}
          4⤵
          • Executes dropped EXE
          PID:3476
        • C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe
          C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{51DB5997-FFEA-46B0-995E-8E5A55D3FBA6}
          4⤵
          • Executes dropped EXE
          PID:2868
        • C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe
          C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{4D471D45-9CFF-4B6A-8C93-53ECEF0B0AB4}
          4⤵
          • Executes dropped EXE
          PID:872
        • C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe
          C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{F244C47E-28AC-4878-8616-159B0066530B}
          4⤵
          • Executes dropped EXE
          PID:4216
        • C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe
          C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{10647409-929D-4363-AAD7-B7142A061C19}
          4⤵
          • Executes dropped EXE
          PID:864
        • C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe
          C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{DBB4AE5D-09C2-42C1-90E7-3B8ED3603413}
          4⤵
          • Executes dropped EXE
          PID:2500
        • C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe
          C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{30FFE9B2-D36A-4781-9F52-DAEC4037587A}
          4⤵
          • Executes dropped EXE
          PID:4492
        • C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe
          C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{3B34182A-FE3E-41E7-873D-441CE5A53AB4}
          4⤵
          • Executes dropped EXE
          PID:1812
        • C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe
          C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{10EEA2D3-0866-49EC-89D0-7E7EAA97C4C4}
          4⤵
          • Executes dropped EXE
          PID:1364
        • C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe
          C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{7F259611-A1F7-42A9-9EBB-15BAFB4B0894}
          4⤵
          • Executes dropped EXE
          PID:1176
        • C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe
          C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{AF244929-D762-45C6-AD2D-898ABC000751}
          4⤵
          • Executes dropped EXE
          PID:2864
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Registers COM server for autorun
    • Blocklisted process makes network request
    • Enumerates connected drives
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3656
    • C:\Windows\System32\MsiExec.exe
      C:\Windows\System32\MsiExec.exe -Embedding FE6DFDA8C9965D9C94A386B9FE4F25D6
      2⤵
      • Loads dropped DLL
      PID:4140
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding E94C03BAB03C172780FCC5DB496F525E
      2⤵
      • Loads dropped DLL
      PID:2712
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 94D514893A827BD844D860106583078E E Global\MSI0000
      2⤵
      • Loads dropped DLL
      PID:2800
    • C:\Windows\System32\MsiExec.exe
      "C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files\Bonjour\mdnsNSP.dll"
      2⤵
      • Loads dropped DLL
      PID:2088
    • C:\Windows\syswow64\MsiExec.exe
      "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files (x86)\Bonjour\mdnsNSP.dll"
      2⤵
      • Loads dropped DLL
      PID:3360
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding A6FD7FADAADF5C182796FAB979FABB91 C
      2⤵
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:2808
      • C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe
        C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{67041ADA-05AC-4173-846A-639449C3442D}
        3⤵
        • Executes dropped EXE
        PID:856
      • C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe
        C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{13623D78-6BCB-4D5B-832F-B71AF69C32C8}
        3⤵
        • Executes dropped EXE
        PID:2660
      • C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe
        C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{E7FD01E6-D7CB-491E-B5D5-8BF1802601E5}
        3⤵
        • Executes dropped EXE
        PID:2376
      • C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe
        C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{8DC4814D-3F9B-4C10-9444-4725C610BD3D}
        3⤵
        • Executes dropped EXE
        PID:2292
      • C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe
        C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{BE30E6E0-DE5C-495F-8F3C-9DDBF0821F15}
        3⤵
        • Executes dropped EXE
        PID:3784
      • C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe
        C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{B0CE265B-2A53-48C7-BD79-5E8C5A3CDD63}
        3⤵
        • Executes dropped EXE
        PID:2896
      • C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe
        C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{54A6F5E5-4905-47C3-A058-32328F089188}
        3⤵
        • Executes dropped EXE
        PID:4784
      • C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe
        C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{1C5259E0-CCA1-4192-8D2A-A570D18D6EA8}
        3⤵
        • Executes dropped EXE
        PID:2204
      • C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe
        C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{AACB97CA-6B4A-45C4-89BB-3645CB1B580E}
        3⤵
        • Executes dropped EXE
        PID:1212
      • C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe
        C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{F8904BC8-F5CA-4BE2-AF1F-31962160E663}
        3⤵
        • Executes dropped EXE
        PID:3628
      • C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe
        C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{D0029FAB-180C-4167-AECC-2E12C8C10623}
        3⤵
        • Executes dropped EXE
        PID:4068
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 428C36B5FED206A70A0F03312DEB27DD
      2⤵
      • Loads dropped DLL
      PID:5288
      • C:\Users\Admin\AppData\Local\Temp\{CF3B1BB9-B215-43C4-8BCC-29069F9D607F}\ISBEW64.exe
        C:\Users\Admin\AppData\Local\Temp\{CF3B1BB9-B215-43C4-8BCC-29069F9D607F}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{2D2FDCB5-580E-4ABB-B122-0F4C29C129A8}
        3⤵
        • Executes dropped EXE
        PID:5468
      • C:\Users\Admin\AppData\Local\Temp\{CF3B1BB9-B215-43C4-8BCC-29069F9D607F}\ISBEW64.exe
        C:\Users\Admin\AppData\Local\Temp\{CF3B1BB9-B215-43C4-8BCC-29069F9D607F}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{8C05ACBB-08CF-4485-913F-5AA536BB5773}
        3⤵
        • Executes dropped EXE
        PID:5508
      • C:\Users\Admin\AppData\Local\Temp\{CF3B1BB9-B215-43C4-8BCC-29069F9D607F}\ISBEW64.exe
        C:\Users\Admin\AppData\Local\Temp\{CF3B1BB9-B215-43C4-8BCC-29069F9D607F}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{7A362E7F-D714-4399-82A8-92AED14A4E40}
        3⤵
        • Executes dropped EXE
        PID:5540
      • C:\Users\Admin\AppData\Local\Temp\{CF3B1BB9-B215-43C4-8BCC-29069F9D607F}\ISBEW64.exe
        C:\Users\Admin\AppData\Local\Temp\{CF3B1BB9-B215-43C4-8BCC-29069F9D607F}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{FA0790A0-18A7-42C1-B98B-2756B0058284}
        3⤵
        • Executes dropped EXE
        PID:5532
      • C:\Users\Admin\AppData\Local\Temp\{CF3B1BB9-B215-43C4-8BCC-29069F9D607F}\ISBEW64.exe
        C:\Users\Admin\AppData\Local\Temp\{CF3B1BB9-B215-43C4-8BCC-29069F9D607F}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{786D61D9-CBC5-404F-9535-3951E59E7E61}
        3⤵
        • Executes dropped EXE
        PID:5620
      • C:\Users\Admin\AppData\Local\Temp\{CF3B1BB9-B215-43C4-8BCC-29069F9D607F}\ISBEW64.exe
        C:\Users\Admin\AppData\Local\Temp\{CF3B1BB9-B215-43C4-8BCC-29069F9D607F}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{13777CB9-BF67-4083-9D83-29A0F7C01B3B}
        3⤵
        • Executes dropped EXE
        PID:5664
      • C:\Users\Admin\AppData\Local\Temp\{CF3B1BB9-B215-43C4-8BCC-29069F9D607F}\ISBEW64.exe
        C:\Users\Admin\AppData\Local\Temp\{CF3B1BB9-B215-43C4-8BCC-29069F9D607F}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{1CBD1DFA-66F6-49D4-AD03-48BD6C8127FE}
        3⤵
        • Executes dropped EXE
        PID:5700
      • C:\Users\Admin\AppData\Local\Temp\{CF3B1BB9-B215-43C4-8BCC-29069F9D607F}\ISBEW64.exe
        C:\Users\Admin\AppData\Local\Temp\{CF3B1BB9-B215-43C4-8BCC-29069F9D607F}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{CD3A2866-EF02-48EA-B90B-4E910096826B}
        3⤵
        • Executes dropped EXE
        PID:5732
      • C:\Users\Admin\AppData\Local\Temp\{CF3B1BB9-B215-43C4-8BCC-29069F9D607F}\ISBEW64.exe
        C:\Users\Admin\AppData\Local\Temp\{CF3B1BB9-B215-43C4-8BCC-29069F9D607F}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{152C9D56-190B-4783-99AD-9E81FB46C1BB}
        3⤵
        • Executes dropped EXE
        PID:5760
      • C:\Users\Admin\AppData\Local\Temp\{CF3B1BB9-B215-43C4-8BCC-29069F9D607F}\ISBEW64.exe
        C:\Users\Admin\AppData\Local\Temp\{CF3B1BB9-B215-43C4-8BCC-29069F9D607F}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{391E12A1-E140-46E5-9952-4A3FFC7CB173}
        3⤵
        • Executes dropped EXE
        PID:5796
      • C:\Users\Admin\AppData\Local\Temp\{CF3B1BB9-B215-43C4-8BCC-29069F9D607F}\ISBEW64.exe
        C:\Users\Admin\AppData\Local\Temp\{CF3B1BB9-B215-43C4-8BCC-29069F9D607F}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{60908E5E-7E0D-4CCF-9F07-076B54207C33}
        3⤵
        • Executes dropped EXE
        PID:5828
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 11C342A4354C8D60036F5C0D44FBDD12 E Global\MSI0000
      2⤵
      • Loads dropped DLL
      • Modifies data under HKEY_USERS
      PID:9388
      • C:\Users\Admin\AppData\Local\Temp\{EAAD2DA1-5098-4EA2-8927-FE18BCB7C3EA}\ISBEW64.exe
        C:\Users\Admin\AppData\Local\Temp\{EAAD2DA1-5098-4EA2-8927-FE18BCB7C3EA}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{F420C333-CAF9-4E93-AD34-6BCDAFF42696}
        3⤵
        • Executes dropped EXE
        PID:9464
      • C:\Users\Admin\AppData\Local\Temp\{EAAD2DA1-5098-4EA2-8927-FE18BCB7C3EA}\ISBEW64.exe
        C:\Users\Admin\AppData\Local\Temp\{EAAD2DA1-5098-4EA2-8927-FE18BCB7C3EA}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{5D72C2E7-CA97-4B0C-A80F-3A053591A92C}
        3⤵
        • Executes dropped EXE
        PID:5900
      • C:\Users\Admin\AppData\Local\Temp\{EAAD2DA1-5098-4EA2-8927-FE18BCB7C3EA}\ISBEW64.exe
        C:\Users\Admin\AppData\Local\Temp\{EAAD2DA1-5098-4EA2-8927-FE18BCB7C3EA}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{259AB277-388E-4A09-9A25-DC5CADF8D498}
        3⤵
        • Executes dropped EXE
        PID:5924
      • C:\Users\Admin\AppData\Local\Temp\{EAAD2DA1-5098-4EA2-8927-FE18BCB7C3EA}\ISBEW64.exe
        C:\Users\Admin\AppData\Local\Temp\{EAAD2DA1-5098-4EA2-8927-FE18BCB7C3EA}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{FE3B7F10-E41B-42E3-8579-DC12980E8008}
        3⤵
        • Executes dropped EXE
        PID:5956
      • C:\Users\Admin\AppData\Local\Temp\{EAAD2DA1-5098-4EA2-8927-FE18BCB7C3EA}\ISBEW64.exe
        C:\Users\Admin\AppData\Local\Temp\{EAAD2DA1-5098-4EA2-8927-FE18BCB7C3EA}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{DFC6A228-5A93-44A3-B80A-BAD0741E88C1}
        3⤵
        • Executes dropped EXE
        PID:5992
      • C:\Users\Admin\AppData\Local\Temp\{EAAD2DA1-5098-4EA2-8927-FE18BCB7C3EA}\ISBEW64.exe
        C:\Users\Admin\AppData\Local\Temp\{EAAD2DA1-5098-4EA2-8927-FE18BCB7C3EA}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{E61E9C7A-CBFB-44DB-873A-C0437ACB04BD}
        3⤵
        • Executes dropped EXE
        PID:6040
      • C:\Users\Admin\AppData\Local\Temp\{EAAD2DA1-5098-4EA2-8927-FE18BCB7C3EA}\ISBEW64.exe
        C:\Users\Admin\AppData\Local\Temp\{EAAD2DA1-5098-4EA2-8927-FE18BCB7C3EA}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{EF4C7426-C96D-4FCF-9BAF-1A1F07B60307}
        3⤵
        • Executes dropped EXE
        PID:6072
      • C:\Users\Admin\AppData\Local\Temp\{EAAD2DA1-5098-4EA2-8927-FE18BCB7C3EA}\ISBEW64.exe
        C:\Users\Admin\AppData\Local\Temp\{EAAD2DA1-5098-4EA2-8927-FE18BCB7C3EA}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{B0698C78-2199-4F90-A133-DBA080E7930D}
        3⤵
        • Executes dropped EXE
        PID:6100
      • C:\Users\Admin\AppData\Local\Temp\{EAAD2DA1-5098-4EA2-8927-FE18BCB7C3EA}\ISBEW64.exe
        C:\Users\Admin\AppData\Local\Temp\{EAAD2DA1-5098-4EA2-8927-FE18BCB7C3EA}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{8C992071-8DBF-4554-91DE-7475269FA490}
        3⤵
        • Executes dropped EXE
        PID:6140
      • C:\Users\Admin\AppData\Local\Temp\{EAAD2DA1-5098-4EA2-8927-FE18BCB7C3EA}\ISBEW64.exe
        C:\Users\Admin\AppData\Local\Temp\{EAAD2DA1-5098-4EA2-8927-FE18BCB7C3EA}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{C2BFCC8D-A4FB-4463-8269-CC9013295258}
        3⤵
        • Executes dropped EXE
        PID:6176
      • C:\Users\Admin\AppData\Local\Temp\{EAAD2DA1-5098-4EA2-8927-FE18BCB7C3EA}\ISBEW64.exe
        C:\Users\Admin\AppData\Local\Temp\{EAAD2DA1-5098-4EA2-8927-FE18BCB7C3EA}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{F44C6C6D-2AF5-445F-B580-91624181E418}
        3⤵
        • Executes dropped EXE
        PID:6212
      • C:\Users\Admin\AppData\Local\Temp\{EAAD2DA1-5098-4EA2-8927-FE18BCB7C3EA}\ISBEW64.exe
        C:\Users\Admin\AppData\Local\Temp\{EAAD2DA1-5098-4EA2-8927-FE18BCB7C3EA}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{E7BEDCAC-A3D0-4849-B923-8FC25BD126CE}
        3⤵
        • Executes dropped EXE
        PID:7520
      • C:\Users\Admin\AppData\Local\Temp\{EAAD2DA1-5098-4EA2-8927-FE18BCB7C3EA}\ISBEW64.exe
        C:\Users\Admin\AppData\Local\Temp\{EAAD2DA1-5098-4EA2-8927-FE18BCB7C3EA}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{85EBCE29-4CCA-420D-B41A-3400E519D5CD}
        3⤵
        • Executes dropped EXE
        PID:9708
      • C:\Users\Admin\AppData\Local\Temp\{EAAD2DA1-5098-4EA2-8927-FE18BCB7C3EA}\ISBEW64.exe
        C:\Users\Admin\AppData\Local\Temp\{EAAD2DA1-5098-4EA2-8927-FE18BCB7C3EA}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{1B491657-EB64-47B8-8F54-0394136DAAF8}
        3⤵
        • Executes dropped EXE
        PID:7592
      • C:\Users\Admin\AppData\Local\Temp\{EAAD2DA1-5098-4EA2-8927-FE18BCB7C3EA}\ISBEW64.exe
        C:\Users\Admin\AppData\Local\Temp\{EAAD2DA1-5098-4EA2-8927-FE18BCB7C3EA}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{25FCE35D-C56D-4606-8BEA-BCEA02B3845A}
        3⤵
        • Executes dropped EXE
        PID:7620
      • C:\Users\Admin\AppData\Local\Temp\{EAAD2DA1-5098-4EA2-8927-FE18BCB7C3EA}\ISBEW64.exe
        C:\Users\Admin\AppData\Local\Temp\{EAAD2DA1-5098-4EA2-8927-FE18BCB7C3EA}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{978CA39C-B6BE-49FB-8328-FEA0358344FD}
        3⤵
        • Executes dropped EXE
        PID:7656
      • C:\Users\Admin\AppData\Local\Temp\{EAAD2DA1-5098-4EA2-8927-FE18BCB7C3EA}\ISBEW64.exe
        C:\Users\Admin\AppData\Local\Temp\{EAAD2DA1-5098-4EA2-8927-FE18BCB7C3EA}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{59F5D3EB-E423-49C0-A43F-D60EC50CB918}
        3⤵
        • Executes dropped EXE
        PID:7700
      • C:\Users\Admin\AppData\Local\Temp\{EAAD2DA1-5098-4EA2-8927-FE18BCB7C3EA}\ISBEW64.exe
        C:\Users\Admin\AppData\Local\Temp\{EAAD2DA1-5098-4EA2-8927-FE18BCB7C3EA}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{DB3AE918-7BB2-44B5-ACA6-8F003DBFABC0}
        3⤵
        • Executes dropped EXE
        PID:7740
      • C:\Users\Admin\AppData\Local\Temp\{EAAD2DA1-5098-4EA2-8927-FE18BCB7C3EA}\ISBEW64.exe
        C:\Users\Admin\AppData\Local\Temp\{EAAD2DA1-5098-4EA2-8927-FE18BCB7C3EA}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{079E20E7-E25C-458A-9390-6AB230C3821A}
        3⤵
        • Executes dropped EXE
        PID:7768
      • C:\Users\Admin\AppData\Local\Temp\{EAAD2DA1-5098-4EA2-8927-FE18BCB7C3EA}\ISBEW64.exe
        C:\Users\Admin\AppData\Local\Temp\{EAAD2DA1-5098-4EA2-8927-FE18BCB7C3EA}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{FFF3B989-1925-4C59-9685-1F7D115EF21F}
        3⤵
        • Executes dropped EXE
        PID:7800
      • C:\Users\Admin\AppData\Local\Temp\{EAAD2DA1-5098-4EA2-8927-FE18BCB7C3EA}\ISBEW64.exe
        C:\Users\Admin\AppData\Local\Temp\{EAAD2DA1-5098-4EA2-8927-FE18BCB7C3EA}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{40BCB509-6672-4AE9-920F-0394FE6B7DE1}
        3⤵
          PID:7832
        • C:\Users\Admin\AppData\Local\Temp\{EAAD2DA1-5098-4EA2-8927-FE18BCB7C3EA}\ISBEW64.exe
          C:\Users\Admin\AppData\Local\Temp\{EAAD2DA1-5098-4EA2-8927-FE18BCB7C3EA}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{4F227066-2785-4E7F-A39D-D3BB86170B01}
          3⤵
            PID:7864
          • C:\Windows\System32\cmd.exe
            "C:\Windows\System32\cmd.exe" /C "C:\Program Files (x86)\Common Files\PACE\iLokDriverPackages\Scripts\iLokPnputil.bat" --install EV
            3⤵
              PID:7904
              • C:\Windows\system32\net.exe
                C:\Windows\system32\net session
                4⤵
                  PID:7956
                  • C:\Windows\system32\net1.exe
                    C:\Windows\system32\net1 session
                    5⤵
                      PID:7976
                  • C:\Windows\System32\pnputil.exe
                    C:\Windows\System32\pnputil.exe -i -a "C:\Program Files (x86)\Common Files\PACE\iLokDriverPackages\EV\iLokDrvr64.inf"
                    4⤵
                    • Drops file in Windows directory
                    • Checks SCSI registry key(s)
                    PID:7992
                • C:\Users\Admin\AppData\Local\Temp\{CF3B1BB9-B215-43C4-8BCC-29069F9D607F}\ISBEW64.exe
                  C:\Users\Admin\AppData\Local\Temp\{CF3B1BB9-B215-43C4-8BCC-29069F9D607F}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{FA33C96B-821F-4036-99C9-9CAA9038D0F6}
                  3⤵
                    PID:8364
                  • C:\Users\Admin\AppData\Local\Temp\{CF3B1BB9-B215-43C4-8BCC-29069F9D607F}\ISBEW64.exe
                    C:\Users\Admin\AppData\Local\Temp\{CF3B1BB9-B215-43C4-8BCC-29069F9D607F}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{77D78092-B61B-4F60-9DC3-2D7733AFE910}
                    3⤵
                      PID:8428
                    • C:\Users\Admin\AppData\Local\Temp\{CF3B1BB9-B215-43C4-8BCC-29069F9D607F}\ISBEW64.exe
                      C:\Users\Admin\AppData\Local\Temp\{CF3B1BB9-B215-43C4-8BCC-29069F9D607F}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{76848E45-5EB2-449F-A895-BA5E65E9D090}
                      3⤵
                        PID:8460
                      • C:\Users\Admin\AppData\Local\Temp\{CF3B1BB9-B215-43C4-8BCC-29069F9D607F}\ISBEW64.exe
                        C:\Users\Admin\AppData\Local\Temp\{CF3B1BB9-B215-43C4-8BCC-29069F9D607F}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{7A625AED-A9AE-4FD1-BA65-69167CC1740F}
                        3⤵
                          PID:8492
                        • C:\Users\Admin\AppData\Local\Temp\{CF3B1BB9-B215-43C4-8BCC-29069F9D607F}\ISBEW64.exe
                          C:\Users\Admin\AppData\Local\Temp\{CF3B1BB9-B215-43C4-8BCC-29069F9D607F}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{6B52D254-89CB-4FC3-BADD-2FB3D438B888}
                          3⤵
                            PID:8520
                          • C:\Users\Admin\AppData\Local\Temp\{CF3B1BB9-B215-43C4-8BCC-29069F9D607F}\ISBEW64.exe
                            C:\Users\Admin\AppData\Local\Temp\{CF3B1BB9-B215-43C4-8BCC-29069F9D607F}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{83AC44DE-3309-4E37-AAFF-3DDFFBB14107}
                            3⤵
                              PID:8556
                            • C:\Users\Admin\AppData\Local\Temp\{CF3B1BB9-B215-43C4-8BCC-29069F9D607F}\ISBEW64.exe
                              C:\Users\Admin\AppData\Local\Temp\{CF3B1BB9-B215-43C4-8BCC-29069F9D607F}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{3E706F33-63C8-49A2-91A9-30582D48AA96}
                              3⤵
                                PID:8600
                              • C:\Users\Admin\AppData\Local\Temp\{CF3B1BB9-B215-43C4-8BCC-29069F9D607F}\ISBEW64.exe
                                C:\Users\Admin\AppData\Local\Temp\{CF3B1BB9-B215-43C4-8BCC-29069F9D607F}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{5DC54E6B-6395-47EE-BA61-A0F7263CBFEC}
                                3⤵
                                  PID:8704
                                • C:\Users\Admin\AppData\Local\Temp\{CF3B1BB9-B215-43C4-8BCC-29069F9D607F}\ISBEW64.exe
                                  C:\Users\Admin\AppData\Local\Temp\{CF3B1BB9-B215-43C4-8BCC-29069F9D607F}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{E3D12385-C9DA-428A-963E-10827E3A2B5C}
                                  3⤵
                                    PID:8672
                                  • C:\Users\Admin\AppData\Local\Temp\{CF3B1BB9-B215-43C4-8BCC-29069F9D607F}\ISBEW64.exe
                                    C:\Users\Admin\AppData\Local\Temp\{CF3B1BB9-B215-43C4-8BCC-29069F9D607F}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{A09DA4EB-37D1-436C-BBA2-E72CD8AD2791}
                                    3⤵
                                      PID:8632
                                    • C:\Users\Admin\AppData\Local\Temp\{CF3B1BB9-B215-43C4-8BCC-29069F9D607F}\ISBEW64.exe
                                      C:\Users\Admin\AppData\Local\Temp\{CF3B1BB9-B215-43C4-8BCC-29069F9D607F}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{F72E38CB-CF4D-457E-A7D0-B6A57371D201}
                                      3⤵
                                        PID:8732
                                  • C:\Program Files\Bonjour\mDNSResponder.exe
                                    "C:\Program Files\Bonjour\mDNSResponder.exe"
                                    1⤵
                                    • Modifies firewall policy service
                                    • Executes dropped EXE
                                    PID:2120
                                  • C:\Windows\system32\vssvc.exe
                                    C:\Windows\system32\vssvc.exe
                                    1⤵
                                    • Checks SCSI registry key(s)
                                    PID:2888
                                  • C:\Windows\system32\srtasks.exe
                                    C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
                                    1⤵
                                      PID:968
                                    • C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
                                      "C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe" -u https://activation.paceap.com/InitiateActivation
                                      1⤵
                                      • Executes dropped EXE
                                      • Loads dropped DLL
                                      • Suspicious behavior: EnumeratesProcesses
                                      PID:7276
                                    • C:\Windows\system32\svchost.exe
                                      C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
                                      1⤵
                                      • Checks SCSI registry key(s)
                                      PID:8064
                                      • C:\Windows\system32\DrvInst.exe
                                        DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{95143881-6bb2-c344-81cc-14a6891a0920}\iLokDrvr64.inf" "9" "4e4857d87" "000000000000014C" "WinSta0\Default" "000000000000015C" "208" "C:\Program Files (x86)\Common Files\PACE\iLokDriverPackages\EV"
                                        2⤵
                                        • Drops file in System32 directory
                                        • Drops file in Windows directory
                                        • Checks SCSI registry key(s)
                                        • Modifies data under HKEY_USERS
                                        PID:8104
                                    • C:\Windows\System32\rundll32.exe
                                      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                      1⤵
                                        PID:4228

                                      Network

                                      MITRE ATT&CK Enterprise v15

                                      Replay Monitor

                                      Loading Replay Monitor...

                                      Downloads

                                      • C:\Config.Msi\e580a8d.rbs

                                        Filesize

                                        126KB

                                        MD5

                                        255e6ec8c0aaa1d9e82ca824b43a4cdd

                                        SHA1

                                        c7ce076208ccd3f843de338515592e6c1b528161

                                        SHA256

                                        063f2deb1b9621a5b9d117422bde2c0a79bebfa8a02b1453b1b1abd4bb750124

                                        SHA512

                                        5a8869428a89f9c442f0a4e449dea94f7850bc46057ab078c932c2db337278faf17cf8fc0263945f785a87c72ced06f8041abd52563859aabaa6b71384287095

                                      • C:\Program Files (x86)\Bonjour\mDNSResponder.exe

                                        Filesize

                                        381KB

                                        MD5

                                        db5bea73edaf19ac68b2c0fad0f92b1a

                                        SHA1

                                        74bb0197763e386036751bf30c5bbf4c389fa24e

                                        SHA256

                                        10f21999ff6b1d410ebf280f7f27deaca5289739cf12f4293b614b8fc6c88dcc

                                        SHA512

                                        63b718288c266debf3f58ac1a62cdcca6f09350616d53a406271d8f4fe6144751eddf7b7ba2dbfe79cfda671ee5afbdbae5798204edaaf4f0391895b824ae7c5

                                      • C:\Program Files (x86)\Bonjour\mdnsNSP.dll

                                        Filesize

                                        118KB

                                        MD5

                                        40947436a70e0034e41123df5a0a7702

                                        SHA1

                                        6c27e1dd1c1533feb6435190a5074300ac2a9822

                                        SHA256

                                        5d40fd92da5ca59c1badb58ad509db6a6d613f18660a9a270a53eca85d34c3a9

                                        SHA512

                                        ba5634cc82f306245f9f0350bfa0b91e2f5ffc6c355b1452a95483f47e6acdb42c4e063f6c15115faf0f0630005df4fe8ef0e01539c270031cbd07a34a929704

                                      • C:\Program Files\Bonjour\mDNSResponder.exe

                                        Filesize

                                        451KB

                                        MD5

                                        ebbcd5dfbb1de70e8f4af8fa59e401fd

                                        SHA1

                                        5ca966b9a5ff4ecd0e139e21b3e30f3ea48e1a88

                                        SHA256

                                        17bffc5df609ce3b2f0cab4bd6c118608c66a3ad86116a47e90b2bb7d8954122

                                        SHA512

                                        2fbfcff6bc25461e7c98aabdae0efb33f2df64140aaf4b2b0c253e34294e1606077ae47b000ebababb3600bd4d9154a945036c58e4e930da445a0dda765ac8a4

                                      • C:\Program Files\Bonjour\mdnsNSP.dll

                                        Filesize

                                        129KB

                                        MD5

                                        f9d908de6b166dac9b89bf62fa291ce8

                                        SHA1

                                        938b53238291fc41ae852fdde51eed7a2bff0604

                                        SHA256

                                        d0a918ad60221623bb0278ea94cd6938744617fdbb2054968afafc2940648f02

                                        SHA512

                                        6643a7066974abfd5904df73ed225fd5eed4a84341b12199b6eb9a8a2ad234dba865d50f8ccff8a88002ce4c6ae2131745cf43aac88a3a0a66b596fb0d93e56e

                                      • C:\Program Files\Java\jre-1.8\lib\ext\dns_sd.jar

                                        Filesize

                                        16KB

                                        MD5

                                        ca086bb31b598febd7e8d44daf14714a

                                        SHA1

                                        4838808e80df811cfb2bf7faf361b3cbc16f9f81

                                        SHA256

                                        3818abdee5b1d3d77ae4a5ace25a638b2d7d624605f8e8ce14dd6d4c6639c00c

                                        SHA512

                                        54188bf433a0da1b6b8f6f881af6d681a6bb629693191c7ee46f852953529cb94dfa894aca574e1cd7355985ea8d6187e7694c8144ea1db880922676f0dfe0c5

                                      • C:\Program Files\Soundtoys\Utilities\License Support Win64.exe

                                        Filesize

                                        44.3MB

                                        MD5

                                        4a4b910f8dd56ca229aed91ea540e0b9

                                        SHA1

                                        9fdbb594aa7fcbdf77769b09af23a964d0725084

                                        SHA256

                                        aaf9072bf80c4ba03c9bc9db191e9927f9b9b47ce33c2d25fa9768ec2f70c4d5

                                        SHA512

                                        8972817f3399be3ff79c23b6d7f6406d4c2de61a3fe9665ee9dbc56d0fc2a474015b425f489d28890206ec5ba6241f30a1a1b3e5024498c0a0bcdbb071079bfc

                                      • C:\Program Files\Soundtoys\Utilities\License Support Win64.exe

                                        Filesize

                                        37.4MB

                                        MD5

                                        58e116772187550f7090e6753d1c1532

                                        SHA1

                                        c2c0f0258d54f03ce1d96e86cc6a745655a4da4a

                                        SHA256

                                        d053c115877caf04f6bd604e06d1a14f94323722e24abfe732f378399da26acc

                                        SHA512

                                        f24550e29b923093562c070b2ff4b14420c64e3f956fe7f1b089cd0893db8d22b83c63fe6d5233c3af38000481a8396bd98d4b8f7a2896a115cc06032c2a90fc

                                      • C:\Users\Admin\AppData\Local\Temp\MSI2D0C.tmp

                                        Filesize

                                        57KB

                                        MD5

                                        c23d4d5a87e08f8a822ad5a8dbd69592

                                        SHA1

                                        317df555bc309dace46ae5c5589bec53ea8f137e

                                        SHA256

                                        6d149866246e79919bde5a0b45569ea41327c32ee250f37ad8216275a641bb27

                                        SHA512

                                        fa584655ae241004af44774a1f43508e53e95028ce96b39f8b5c62742f38acdf2b1df8871b468ac70c6043ca0e7ae8241bad2db6bc4f700d78471f12bb809e6b

                                      • C:\Users\Admin\AppData\Local\Temp\MSI2D5B.tmp

                                        Filesize

                                        141KB

                                        MD5

                                        edb88affffd67bca3523b41d3e2e4810

                                        SHA1

                                        0055b93907665fed56d22a7614a581a87d060ead

                                        SHA256

                                        4c3d85e7c49928af0f43623dcbed474a157ef50af3cba40b7fd7ac3fe3df2f15

                                        SHA512

                                        2b9d99c57bfa9ab00d8582d55b18c5bf155a4ac83cf4c92247be23c35be818b082b3d6fe38fa905d304d2d8b957f3db73428da88e46acc3a7e3fee99d05e4daf

                                      • C:\Users\Admin\AppData\Local\Temp\is-3Q8HI.tmp\_isetup\_setup64.tmp

                                        Filesize

                                        6KB

                                        MD5

                                        e4211d6d009757c078a9fac7ff4f03d4

                                        SHA1

                                        019cd56ba687d39d12d4b13991c9a42ea6ba03da

                                        SHA256

                                        388a796580234efc95f3b1c70ad4cb44bfddc7ba0f9203bf4902b9929b136f95

                                        SHA512

                                        17257f15d843e88bb78adcfb48184b8ce22109cc2c99e709432728a392afae7b808ed32289ba397207172de990a354f15c2459b6797317da8ea18b040c85787e

                                      • C:\Users\Admin\AppData\Local\Temp\is-PL0PH.tmp\LittleAlterBoy5_5.4.1.17134_64.tmp

                                        Filesize

                                        2.9MB

                                        MD5

                                        3d9fe4c7359d7bb512a86ecb17c42a37

                                        SHA1

                                        79fb651f042d5b2c882c405cde1dc8383b8add60

                                        SHA256

                                        069211bd28e0db91fdc24ba58008c5787b1a09d1cd6ebeaefbeb24ef4522c8fa

                                        SHA512

                                        9f6e26445cec5f6d6518bfdb0d1b6030d2a5f6317e8719716de8dfa8de5a2f63ce780bda1986ebb2ce4caf5ed418135ee2e0859b5fb11cc243113287b40f2682

                                      • C:\Users\Admin\AppData\Local\Temp\iss2901.tmp

                                        Filesize

                                        1.3MB

                                        MD5

                                        806a54f833166c929f30031317bbd22e

                                        SHA1

                                        8e03076b34117d63d4da2287cc287d08e213e1cf

                                        SHA256

                                        d3e5f517681335aca1507d398bd52608688a0968c19825a539cb4f6ea05b70f7

                                        SHA512

                                        d382dd47c199f56839286a4b8ceea00b8a70a63924ba113c0d95b2671890925905b6c31b036c91cd4be25193e9b792a2ff2275f886f7e50e1dc0a7a966a637a3

                                      • C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe

                                        Filesize

                                        148KB

                                        MD5

                                        962b85d5bc8945d80b4839e47efe8fdd

                                        SHA1

                                        3291792ee90594baa9083ef544779d6b550d3fec

                                        SHA256

                                        1b220c5a2f74162d7162ba241ad6c594aaf009cc1329429dcf2112e10477e2b5

                                        SHA512

                                        6a2c104a45cb9f11e9a6e2ba2674c03a8b1102ad2be25f1df3bde6af4933db475a6537b54a8d4086867a655f4067980b99dc4844230f7d2727af45dcf5a794ff

                                      • C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISBEW64.exe

                                        Filesize

                                        128KB

                                        MD5

                                        22ecca7139fc78f7928e9540a45dd2c7

                                        SHA1

                                        aabfa0a1de048732597f3e69cebb694bee88a7d1

                                        SHA256

                                        b108f5bdc4ae76f326fd1c99022cedda62af11e2262809ad79b2c071e0615484

                                        SHA512

                                        258a3f62904f7022c4ad5d4bab1687f505b8cb282a2d995a4cea29210def83c5e9ec003e88e4659ff7f828182f812172280199c491fe610cc286cf9ddbce037b

                                      • C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\ISRT.dll

                                        Filesize

                                        262KB

                                        MD5

                                        5ecda0a54c4d9babcdb177d54f2e733d

                                        SHA1

                                        e98aa5abf7cc44b50fe6ca7c6b110bb04541fe5b

                                        SHA256

                                        e0926d6cbb4b4bbe673eec59325646ae8f2702e87584bf31dee28c385f45a32c

                                        SHA512

                                        45cb28462f6114765fcf831e2ae4ffc5fee1f59746e9e749106b7cf00b7967a788e5591da2a4e0a6e3ae52d60395d1d66be6112026709c33261c4ca839211616

                                      • C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\_isres_0x0409.dll

                                        Filesize

                                        385KB

                                        MD5

                                        2dd07d5455d3e762e6efb976d4898174

                                        SHA1

                                        2677189384275f0d95eee10d85f1fac78dc557fe

                                        SHA256

                                        7aefc03e9adf64345164971aad3dcd1264f389c3ade513ae420d64ef1f2c1087

                                        SHA512

                                        8d38171c01c919b072fc7bb7938747d4172825481eb715f576a7a8b7623d2df776d6d9307f496b3f17c244cfe5898ad7557ef432f74ef8682219170596efdda2

                                      • C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\setup.inx

                                        Filesize

                                        239KB

                                        MD5

                                        d8146c43b587f98bf1ea586c2b7a71ba

                                        SHA1

                                        5fb052b1fff7762bcbe1a923ccf5520b6f268834

                                        SHA256

                                        c7d4daf78b820c2a31dff646d4f199c1a05faf149178b6cccc776609aa3f06da

                                        SHA512

                                        028c3d77ca56d40627b9cc900492a5ea2eee31a1f69c14349c6c5c7791f3aab45a27e12556c1486f0d1cd3f028d35f35e7e8886c7892efed7d4660d0814e998f

                                      • C:\Users\Admin\AppData\Local\Temp\{8CEF2083-C378-4667-A1DA-5113FD486453}\skin362e.rra

                                        Filesize

                                        23KB

                                        MD5

                                        be8e1e66c14d73fd42b004eaea7c2e5f

                                        SHA1

                                        3f5091e47282f0f8e80027c1b7bcb91f10bf28b2

                                        SHA256

                                        6afb00abaaa7be31895d47a59efaab360e592f08daf1d45919fe21e90aa6132a

                                        SHA512

                                        833f7a0ea9efbfe3d2e0ec7ee1ea13a29b32fbf096cfae57e59af4f7ee4ab3adde19c851a8413eb079e74d25dcf01390ed0dfebeb3f5ab7ac234aa9a46a29daf

                                      • C:\Users\Admin\AppData\Local\Temp\{BA4B3654-0896-4BC3-8DB8-B95A72F8D54C}\ISBEWI64.exe

                                        Filesize

                                        325KB

                                        MD5

                                        ee55ce6c2ab607c146095178d734ed0c

                                        SHA1

                                        e73050e3dd159df0db798136cb07137bc279642f

                                        SHA256

                                        b06f0e78467a28d89070ce33a0bd4d11ace79f50be570be76360be9281097fc9

                                        SHA512

                                        0c092ea74e9de918b00c6662dcd2a027d7e5359217feccc7fec9a50c590e92993bd5881f0c188f7be68df10a21bfddf12972aca7d9d03b31a034ec19973694e5

                                      • C:\Users\Admin\AppData\Local\Temp\{BA4B3654-0896-4BC3-8DB8-B95A72F8D54C}\IsConfig.ini

                                        Filesize

                                        163B

                                        MD5

                                        aef3ceefc59a0d9cda30d7b3ef70dea5

                                        SHA1

                                        833f090f77edbc4b409886316deb21f484b782ff

                                        SHA256

                                        1bf85a5fa78894d1210063759abd2cf8c390556ca7022a03f41020c16a8abac6

                                        SHA512

                                        f009112c2810e011abd412a8e95f5dc90e24b49185daed0da32ac2fb7551e2c9020cf59fdaf0152baf37d208ffb5237e944048ab6d045205ede5e99c1bc8ad2b

                                      • C:\Users\Admin\AppData\Local\Temp\{BA4B3654-0896-4BC3-8DB8-B95A72F8D54C}\_isres_0x0409.dll

                                        Filesize

                                        546KB

                                        MD5

                                        ef9981e91f1e89f574c1fd5a9f33c104

                                        SHA1

                                        4a4d93250ea55f2fd8016019ffecbd346a9cf898

                                        SHA256

                                        baea8898b54c528eae355a970f9d78c95c26b3b2a8c500e3fb6766bc879037c3

                                        SHA512

                                        4c7a5e9a7082bcc893a6a3368be634c651a049448ac90884b710eb4fa1dc480d6c4e94db12fd9ada53e3a8cdefff0990d7dd0cab173009e45bba643f7d88fdd5

                                      • C:\Users\Admin\AppData\Local\Temp\{CD30008A-4057-4130-96E7-107D6265EBE5}\IsConfig.ini

                                        Filesize

                                        170B

                                        MD5

                                        5fc8d60855a5cec64e1abbbcc133c23b

                                        SHA1

                                        ca723ea715fc0e217a9133611a56da5dca78b547

                                        SHA256

                                        b0e962259029cec81ec5f5783192f552699aac99a14ddea89f74330e50e9340e

                                        SHA512

                                        847f0397aff3b428c9fda79f82b83b0dbec1410d979c7f80b109f6088fb0d04d843e43b1cff5fb99df2cc5ade9da862aaf907c809dbe16910a46b7d8edc47562

                                      • C:\Users\Admin\AppData\Local\Temp\{EDD9854C-79FD-494D-94A9-4FEAB7CBF8C3}\IsConfig.ini

                                        Filesize

                                        215B

                                        MD5

                                        c88556b5771542ba96767a5117ce6053

                                        SHA1

                                        160d86bfc85cb14e43fc40300a50fc0a06b87e71

                                        SHA256

                                        fd53cc5bcb77cebe93db2ce11e4c78ff2a3e1035818987a8ed0efd12168163d7

                                        SHA512

                                        de2991d6b1584b61c4f7e445224c4f8d888e129a5a226b92aec3cd99041c694f639b6ca93ef2d97f70d299817e3fecf4ffb40298478366cb58d6f2ef73917eed

                                      • C:\Users\Admin\AppData\Local\Temp\{EFCE9029-378B-4593-8360-1C17DABCC2AB}\0x0409.ini

                                        Filesize

                                        21KB

                                        MD5

                                        be345d0260ae12c5f2f337b17e07c217

                                        SHA1

                                        0976ba0982fe34f1c35a0974f6178e15c238ed7b

                                        SHA256

                                        e994689a13b9448c074f9b471edeec9b524890a0d82925e98ab90b658016d8f3

                                        SHA512

                                        77040dbee29be6b136a83b9e444d8b4f71ff739f7157e451778fb4fccb939a67ff881a70483de16bcb6ae1fea64a89e00711a33ec26f4d3eea8e16c9e9553eff

                                      • C:\Users\Admin\AppData\Local\Temp\{EFCE9029-378B-4593-8360-1C17DABCC2AB}\BonjourWin64LS.prq

                                        Filesize

                                        923B

                                        MD5

                                        15555cbf31a9886efd19b25d03fd9999

                                        SHA1

                                        1747bdee10c7030015fde30dde8b2d0f1d44c1f0

                                        SHA256

                                        a088878368797f6e079a1d3f4fd07a8c41e8584f9e75caf293a175afd962bfb3

                                        SHA512

                                        c163322cadabd96b5a0be8ef55b1e9c20cb8b9b6b5a87efcdff9a1ef41c7ce01537fcacf91b1642886e46ea8453f6744800694374b9cfe4bee884eda4c77a00f

                                      • C:\Users\Admin\AppData\Local\Temp\{EFCE9029-378B-4593-8360-1C17DABCC2AB}\ISSetup.dll

                                        Filesize

                                        1.8MB

                                        MD5

                                        41e098a7c75c0f2fcdcc4c1b605f8cf5

                                        SHA1

                                        b794e06eaba21f0c765841695424d88421f1255b

                                        SHA256

                                        8069bfd2667f5a62519ee604c1062574a0db69c4cfd1b55a0f3895ce7670ee9c

                                        SHA512

                                        777ed995ccc93d768955310841d98ccae155d0a5a2cfa314fb7cfed54c82f65e865ca697210c35d0824076ae9b2459ac85d8ba7dfcc4ae4e6d2af4feb1574c6a

                                      • C:\Users\Admin\AppData\Local\Temp\{EFCE9029-378B-4593-8360-1C17DABCC2AB}\PACE License Support Win64.msi

                                        Filesize

                                        48.3MB

                                        MD5

                                        c5cbd59e9901c3c1c6a112fa726cceb0

                                        SHA1

                                        5f7f18a1edd6221b890ee5b63147b74fc6c8d10e

                                        SHA256

                                        bf9e00b22e6eb0a9d598e25c28a74ac565b176a8a164607a0a94a5a230216038

                                        SHA512

                                        b5044f29636ad2d60efcc8344b26baa89b6ea9ee42a566ecff00972e29c2dfae15b9ba3f58bb9a5846d1596d7a420a8054982357d7f37558086c4b1bd60a7586

                                      • C:\Users\Admin\AppData\Local\Temp\{EFCE9029-378B-4593-8360-1C17DABCC2AB}\UCRT63x64.prq

                                        Filesize

                                        1KB

                                        MD5

                                        0e10ca2d56f862cc2f4d618faba99aaf

                                        SHA1

                                        93706ff049c6ff76fa2537efd5f5ccbfc620c0c3

                                        SHA256

                                        e6ea2b931860b8362fb8f5830f3d05741de3a8b7f541af3b456629e3ab90349f

                                        SHA512

                                        3c650881db06b603637f848552c580f48eae93202526ed4b8c526e9f94f18410d197b72d591637f941c643ecdde3e8dd00b7fe7e7a0f52faec8f831446c302f5

                                      • C:\Users\Admin\AppData\Local\Temp\{EFCE9029-378B-4593-8360-1C17DABCC2AB}\VS2019EtAlRedistsWin32.prq

                                        Filesize

                                        579B

                                        MD5

                                        c1ebbdb4fde707ae1a19c3f8a3c037d7

                                        SHA1

                                        5b89fedd99f21a1be0e71c344593ef7e8a02bf18

                                        SHA256

                                        886ae7127390cf701be20d762de8008908d29874b3db5f7bcdec3ab3ffceb0f2

                                        SHA512

                                        b1a505f0eee54f8f80c00e51fd03967ec080db6c9fce671db429d83a4d1003105b35c80aa1953d195304e594e89e09f2b93ba4cf0b698be6ee070b1969a77e85

                                      • C:\Users\Admin\AppData\Local\Temp\{EFCE9029-378B-4593-8360-1C17DABCC2AB}\VS2019EtAlRedistsx64.prq

                                        Filesize

                                        579B

                                        MD5

                                        3319f71dd8e53d12c70ae6019eb49b38

                                        SHA1

                                        1f2ce2ea4d8c9c4b0fb76a09e84dc55d44b8f1ae

                                        SHA256

                                        89cf87f10bd3386eca6b30c80610ef41791046f62d76a9a021318d5197914d75

                                        SHA512

                                        a80ecf432bc89954287860a686cc48f2d1b6d4123505556a5a1f9d6474319bbf4b88bb1886f83bbd62e699b3b1615882aa2fa97156ba5f8785840a8e4bea1f6c

                                      • C:\Users\Admin\AppData\Local\Temp\{EFCE9029-378B-4593-8360-1C17DABCC2AB}\_ISMSIDEL.INI

                                        Filesize

                                        9KB

                                        MD5

                                        68b5cee7a2fb4c8e21f240737265e14a

                                        SHA1

                                        f23c438b4d011073279c9bc85865c874fbfcf0de

                                        SHA256

                                        e9dd221ed24d09d958b426e109668620a89796aac100b8ecf2678f980656227e

                                        SHA512

                                        aecbaac3962d1c7678bbba43f8c43451efb6b7859cbb88bc3cf2620d777025066fc028c2e16f6b84045b91a97d20c9530aa1d66406bbb92ccb07a9bf12258c87

                                      • C:\Users\Admin\AppData\Local\Temp\{EFCE9029-378B-4593-8360-1C17DABCC2AB}\_ISMSIDEL.INI

                                        Filesize

                                        7KB

                                        MD5

                                        31bbe50b2d94ea9e914355956d7bea49

                                        SHA1

                                        df0e6b3aa9632aca544207ebe17bffc41f2b68a8

                                        SHA256

                                        5307dfcbdcf6d6cc119ef8557a8e06e13775f9c6faf7257f61a2abe862a4a4e5

                                        SHA512

                                        3fdc87a826fb7b808c96ab4e32bf32b9d902595cc1920a146cb1d9245f718e93a9bd1ff81558a0dacc0a15917f6ee6c83c03f1858736923bc08c235c9de97aae

                                      • C:\Users\Admin\AppData\Local\Temp\{EFCE9029-378B-4593-8360-1C17DABCC2AB}\_ISMSIDEL.INI

                                        Filesize

                                        6KB

                                        MD5

                                        f87382fc7604a837bdb1be851000b15b

                                        SHA1

                                        cb1a0de7b734e1bd05faa32e9ee22c7111b4484e

                                        SHA256

                                        27d1d2688dd0fcc2feaf7e2dc40078f676f61cac09233ad18beeccfb646f1c7a

                                        SHA512

                                        449d2f1bb679e2b0ff84905fb506d4121ce1147bc58ca1e136be9f082b91b34a36b1d90cfdac19ac68bab7991274fb148216e2ff0a03d094348aea93e14d2bfb

                                      • C:\Users\Admin\AppData\Local\Temp\{EFCE9029-378B-4593-8360-1C17DABCC2AB}\_ISMSIDEL.INI

                                        Filesize

                                        2KB

                                        MD5

                                        e0dac65635c79399e951589b98c3ec4d

                                        SHA1

                                        7322fa504dd65edfb17480213ce11a8c56b6e152

                                        SHA256

                                        572be4547e8ca666aed87e4f5c3c633abc7e09d28ee21f5af2ff28843b15b651

                                        SHA512

                                        2b26d6610e379dd50b493706e6b7ff1bcf6b447570d7ccd800b603b00e2b35103430721f89091f941db03e299d0663c241e1296b9e7213d416633d67bdf1dfc6

                                      • C:\Users\Admin\AppData\Local\Temp\{EFCE9029-378B-4593-8360-1C17DABCC2AB}\_ISMSIDEL.INI

                                        Filesize

                                        46B

                                        MD5

                                        c10f0c1c213324eb2d479d8617a58197

                                        SHA1

                                        5d830ffc7950e47de2a7f9efafca8425c37a382c

                                        SHA256

                                        06d38311dc59cf5a078491d01fe65e579b3c5d72764bf93e35ae24cd74a805be

                                        SHA512

                                        6b73dd20de1f288999bf2590f8cf095f5804ae2648ab85d136a919ffe0e0430180c91a46b2ad6192104ee8802d982f70bc0fcca87cd8189a5be3e04312d1a702

                                      • C:\Users\Admin\AppData\Local\Temp\{EFCE9029-378B-4593-8360-1C17DABCC2AB}\_ISMSIDEL.INI

                                        Filesize

                                        10KB

                                        MD5

                                        780ecbfe29b525adec69589bb0925cb1

                                        SHA1

                                        1954ee7e7ed03a9dc877d2c3b05e86459a6292b8

                                        SHA256

                                        a56b6431264c75fe9120b11476147aa215dd78ddd8e606023f16960891e69c2c

                                        SHA512

                                        2252a44d9da77391e3ff83c0007e4ec281fef79e2df20adadb584d6f377d023cf73bf9c76c0d0771a58b062024ec1118602fa77f9dcb56083cedec9e55c4759f

                                      • C:\Users\Admin\AppData\Local\Temp\{EFCE9029-378B-4593-8360-1C17DABCC2AB}\setup.isn

                                        Filesize

                                        54KB

                                        MD5

                                        a6403b5ee5f9f09eaf60a41b4705b0ec

                                        SHA1

                                        4ce6a4a0991cd52d37facb7494eeed398f7ddb38

                                        SHA256

                                        9dca1adf06c8247a11fc09517c4e8a0206075dd663f921d9945053994fdeffc7

                                        SHA512

                                        7a2c6c580811d498a627fcd4645238d3f5225b22da07f7fbefa87bf344497aa8469e74cb7d84349d701636d12e6a61f406eeea90f7e1fb18a3d05ae5aed01d6f

                                      • C:\Users\Admin\AppData\Local\Temp\{EFCE9029-378B-4593-8360-1C17DABCC2AB}\{15D7BF62-B111-49C3-9E82-1E5859612E57}\Bonjour64.msi

                                        Filesize

                                        2.6MB

                                        MD5

                                        8dcf5c9eaacdaf4568220d103f393dea

                                        SHA1

                                        27f68596398b68ba048f95752b4eeb4aa013c23f

                                        SHA256

                                        53be81cc6e2dc95a1041e8f3d8f500fad4259ab20a1aac151b5fc7a64d354a93

                                        SHA512

                                        10f8ffb6fa5e7163f0a83190ddf211479f12e16635389b49ac041eceafd7f04c040d830065adc89b1003f38d8381851c09150a5bc8edced6ecae8ee5ae801088

                                      • C:\Users\Admin\AppData\Local\Temp\{EFCE9029-378B-4593-8360-1C17DABCC2AB}\{2315E48F-4829-48AA-82FB-7AE4975F75C2}\VC_redist.x86.exe

                                        Filesize

                                        8.3MB

                                        MD5

                                        38319018aa84855b18cffd4e75153334

                                        SHA1

                                        a712c1bda8cdc965271c6bed5d0e91e5e101039d

                                        SHA256

                                        885160691f5b2fa0a744dfacfb73826ef17066e2b392c44735d40297e27a11d1

                                        SHA512

                                        c59cc82433cd41c2cda52940007383642e57fa0388ba1a4eb28dc4665a3fcb7d9e3e299a8ca5df0dad1ba54c293c453a91b3ae6466494b41193d17454a39e23e

                                      • C:\Users\Admin\AppData\Local\Temp\{EFCE9029-378B-4593-8360-1C17DABCC2AB}\{2315E48F-4829-48AA-82FB-7AE4975F75C2}\VC_redist.x86.exe

                                        Filesize

                                        6.1MB

                                        MD5

                                        90beae9e0c97762b3c73171ca9c03405

                                        SHA1

                                        adb82f77c66073f8e9d70011599b01a527b0e589

                                        SHA256

                                        5751bd031a2b66594b479c52a09e002732446009249990bc6dc93a5d67e24016

                                        SHA512

                                        5deba79367884c1c4e95d420b5a5a14269107910db7a133cc90efa957d6cdbd932efca3a2b0ca9d7cf600a7132e89e6d00da60334f7ed9f8ef3c01298fdd42a1

                                      • C:\Users\Admin\AppData\Local\Temp\{EFCE9029-378B-4593-8360-1C17DABCC2AB}\{2315E48F-4829-48AA-82FB-7AE4975F75C2}\VC_redist.x86.exe

                                        Filesize

                                        7.1MB

                                        MD5

                                        da2d4f901a4b553e427ce2a724de0988

                                        SHA1

                                        bd03a67bd84bc0f0527562f2cd8db4f6d27b8cf7

                                        SHA256

                                        48d7aae7c9976252d427a6a0e0b77a2e35737c9d07dc98ec02163e9500704c4f

                                        SHA512

                                        c7b69065bd25027f7fca0226cd5cdf070df60e82f960eb30235e7e5375a4152b36f9dfa0f7ec15a597720cfc7600a6609d6f764cd31431fad7a3007d30358e8b

                                      • C:\Users\Admin\AppData\Local\Temp\{EFCE9029-378B-4593-8360-1C17DABCC2AB}\{49781A96-DB12-46B4-86C7-F1682BAD6C12}\VC_redist.x64.exe

                                        Filesize

                                        1.2MB

                                        MD5

                                        ce7de2ab528950957701c38dec29ff28

                                        SHA1

                                        360809e59e98a2065f5c338d3e1dcc7a11e70e26

                                        SHA256

                                        5a03723d5ada9f94fa67184364704fc3e8b85b9b35477276879b74828815d97b

                                        SHA512

                                        66ba6197099a3ea529916c688e364dfb147762058083a78ef8bb42177e12c586ab0c343a665277a0e933bda0b25318cdf5294bb4c5495d077f74de3294c21f5c

                                      • C:\Users\Admin\AppData\Local\Temp\{EFCE9029-378B-4593-8360-1C17DABCC2AB}\{49781A96-DB12-46B4-86C7-F1682BAD6C12}\VC_redist.x64.exe

                                        Filesize

                                        462KB

                                        MD5

                                        e21c092c03d04b7af5771cc664b48007

                                        SHA1

                                        5a7f38c97b77fe906a7cf464b2bf4c1743b66b6d

                                        SHA256

                                        71e03df965f45f2c594bd0b4754556924a813489f4201864bd1d4388353215fa

                                        SHA512

                                        6552fb9cd109247cbf5866ce928c604dfb58b29fddbb00b0f7fc5325b9b65a19dd5f6371effd775eb7c5e7c0a98abe2aa1383ca8c8e05f9853dc833e87969273

                                      • C:\Users\Admin\AppData\Local\Temp\{EFCE9029-378B-4593-8360-1C17DABCC2AB}\{49781A96-DB12-46B4-86C7-F1682BAD6C12}\VC_redist.x64.exe

                                        Filesize

                                        656KB

                                        MD5

                                        201329dbd79492234c05453cc06cd00a

                                        SHA1

                                        6037a2f859da61b9fea2c09d07276afaee3df19c

                                        SHA256

                                        258e66655e58e103be1642c479e77b70feee7e739aa513bcd810242a2a7769ee

                                        SHA512

                                        a0dfe5137a838cde23c30328a2c611b2fc2c8858482fa8ebf625ddbcee4904b09ce1ba2876d8d612f9b5c81778f6e4a270fede5e7f0bb062e54b055bb619ed40

                                      • C:\Users\Admin\AppData\Local\Temp\{EFCE9029-378B-4593-8360-1C17DABCC2AB}\{4EF18522-4489-4423-9A67-6903B272672E}\Windows8.1-KB2999226-x64.msu

                                        Filesize

                                        981KB

                                        MD5

                                        d0728878f9c6799046b43aeece4f3aca

                                        SHA1

                                        3acbf3890fc9c8a6f3d2155ecf106028e5f55164

                                        SHA256

                                        9f707096c7d279ed4bc2a40ba695efac69c20406e0ca97e2b3e08443c6381d15

                                        SHA512

                                        e5cecaca86779a281bf5c396d7fa3a5f322bc6423e2250d617a6fab229e86d2c9d3b784c1fa3fa2be5513fcd3ba87695b3934d13802ee15cabae62f84c2c3668

                                      • C:\Users\Admin\AppData\Local\Temp\{F9085E6F-BC23-43EA-9B4A-CF2312D7A9D0}\IsConfig.ini

                                        Filesize

                                        193B

                                        MD5

                                        f85fb84dc27b75e5cebe32d89be93ea6

                                        SHA1

                                        3d7de6e572ce0eafdccef331e39e6f94b75b414b

                                        SHA256

                                        6f6532353669cea1baffbb12e9d0304ff3a882f232cf5f25c030a04b16dd20c5

                                        SHA512

                                        7f947f2d650813f9e212d149bdf6efff9685b406c12ddfe08bbf4879b081c72f27a41a41f66485e792a58d148db0ed0274f1fb7527e4b813cf37e7fe3488cb48

                                      • C:\Users\Admin\AppData\Local\Temp\~F973.tmp

                                        Filesize

                                        5KB

                                        MD5

                                        6098f128cf6fe5ddbe128d5cb301c854

                                        SHA1

                                        be8df9ee61475ff6d5913c368e65a1609134fe5a

                                        SHA256

                                        a59e8507bc4beb36b347b43340def8614028f1cf246f7406b63bee70ecea3e03

                                        SHA512

                                        ea0de1f365eae76db99798fe2a8a58614dc1cc35e1a96a4eed558adc011ff1ff8fab74713e687f54775770757b27049541597429b52780f3e5172510aea35430

                                      • C:\Windows\Installer\MSID3A.tmp

                                        Filesize

                                        75KB

                                        MD5

                                        08c031fa82a09aae1079378669678fe6

                                        SHA1

                                        b109251d2fef08bd446be0c92369e6f11eb67093

                                        SHA256

                                        8764d060558a9d4ef24adb43201d5178033171a649ad497f79ce3b6cc8eda98a

                                        SHA512

                                        d133a7c02ee8e6e4a971ed4a6537c11cb58516a5ac0501672169805f7b97591d7cffd3a72133bd1df4b8d8a4f4965ddf324a83cd9be0d8af15e646a121e2ea4c

                                      • C:\Windows\Installer\MSIE57.tmp

                                        Filesize

                                        75KB

                                        MD5

                                        6f8e3e4f72620bddc633f0175f47161e

                                        SHA1

                                        53ed75a208cc84f1a065e9e4ece356371cac0341

                                        SHA256

                                        2adf199f6baf245f0b07d31a3a1401d4262c3e6c98b8f10df923ceb2c937291e

                                        SHA512

                                        80187277e78f59b7ea71ed3caa55452e730d93b8c296d5820d470776a428cbb7e7fead87240e811436f85e4d89df2b9f31d6d16658d21abf59395cab7074a869

                                      • C:\Windows\System32\DriverStore\Temp\{d58b3b8f-ef30-024d-9877-bb5877496722}\SETB9F4.tmp

                                        Filesize

                                        11KB

                                        MD5

                                        af30155cd33639edfcd31eb9c80edd3d

                                        SHA1

                                        0d0dc51143fc1f9b0a41a1ac0554a3ddfcb9af65

                                        SHA256

                                        3e42dc05577ec55ceb296de329178687a5c29e787855c58c40b758344a00a56e

                                        SHA512

                                        21f2b2c48753698b09c3631b16a555cbd18638ecdac74117beed76f2690feab1781841b74cd59b88561912b341a78d45d4da2b0f64e325f19b1d7ecbe964e5a4

                                      • C:\Windows\System32\DriverStore\Temp\{d58b3b8f-ef30-024d-9877-bb5877496722}\SETB9F5.tmp

                                        Filesize

                                        1.4MB

                                        MD5

                                        a9a5d554ee54caa78a9fbff76bc74d1b

                                        SHA1

                                        3534ebaeebd8861807e28f212dd4ef59ae2c4596

                                        SHA256

                                        590288df2cf650c88b418c2446108036746dca30ec3c0ec819a8f06f06a705ed

                                        SHA512

                                        e2f48cc4c926175c7913510c2c111ef06b69702c9801892f75a84ff04eae002dc8d28b0525a0f0d6ca67a2c538a84c0cf34b440e21fa964119a08e0acbcc6c89

                                      • C:\Windows\System32\DriverStore\Temp\{d58b3b8f-ef30-024d-9877-bb5877496722}\SETB9F6.tmp

                                        Filesize

                                        36KB

                                        MD5

                                        8d94d7271425756de312e2f1b894f78b

                                        SHA1

                                        4463ca042cfa66a776e01d3915543cbcdd21f34e

                                        SHA256

                                        f39bb45a191a4e07c6ade3ff1fc19ee5b1e60a6d5c99a4e8ee66100c322d9823

                                        SHA512

                                        231daeb977fb463b05e10ecad110ef80e6a550524f50d4cd5e43e4085f15dcaa8faeb60523dcd98cadfad324b5da46ab41bbcf842472904b65b0849970633d24

                                      • C:\Windows\System32\DriverStore\Temp\{d58b3b8f-ef30-024d-9877-bb5877496722}\SETBA07.tmp

                                        Filesize

                                        3KB

                                        MD5

                                        7bd98a95ec9019010e8aaa9f7fe5bea4

                                        SHA1

                                        4b60bddc26a6c1e505fd8f4060260f4642765d5a

                                        SHA256

                                        fff0ccbddab48c9467b384876d80d9af1d36a0dfd49ecac352d1fd03b698655c

                                        SHA512

                                        e57a24a7da0044851154137b09e3ee59c25e88e141846d5a692d07cd32d0a12508e8a29144b3f016425260a58a616e390f3daa0892e615c9485c26cf57112fb7

                                      • C:\Windows\Temp\{0B6FE875-46BB-478C-B771-F004B007A3FD}\.cr\VC_redist.x64.exe

                                        Filesize

                                        114KB

                                        MD5

                                        c75656c2253f1058f83cd3c3c743eece

                                        SHA1

                                        6665da5a6c0c678afe19e87f0e1d8ef931e91052

                                        SHA256

                                        5f5f89a2534771b70419bbe414e9d04409786f6f98dc9eda85e081adf995cd83

                                        SHA512

                                        cb18b81c91ae1f3ba91c200d3ba95c9ec6cf2e731a87426392b9516883b90e4e2ead26526fba09944a7a75f11a196671d1dadafcc255bab7d9ddd9dbd17aaf42

                                      • C:\Windows\Temp\{0B6FE875-46BB-478C-B771-F004B007A3FD}\.cr\VC_redist.x64.exe

                                        Filesize

                                        632KB

                                        MD5

                                        94970fc3a8ed7b9de44f4117419ce829

                                        SHA1

                                        aa1292f049c4173e2ab60b59b62f267fd884d21a

                                        SHA256

                                        de1acbb1df68a39a5b966303ac1b609dde2688b28ebf3eba8d2adeeb3d90bf5e

                                        SHA512

                                        b17bd215b83bfa46512b73c3d9f430806ca3bea13bebde971e8edd972614e54a7ba3d6fc3439078cdfdaa7eeb1f3f9054bf03ed5c45b622b691b968d4ec0566f

                                      • C:\Windows\Temp\{6B65C794-5734-443D-A0C3-6AA0AA94CCA1}\.ba\logo.png

                                        Filesize

                                        1KB

                                        MD5

                                        d6bd210f227442b3362493d046cea233

                                        SHA1

                                        ff286ac8370fc655aea0ef35e9cf0bfcb6d698de

                                        SHA256

                                        335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef

                                        SHA512

                                        464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b

                                      • C:\Windows\Temp\{6B65C794-5734-443D-A0C3-6AA0AA94CCA1}\.ba\wixstdba.dll

                                        Filesize

                                        191KB

                                        MD5

                                        eab9caf4277829abdf6223ec1efa0edd

                                        SHA1

                                        74862ecf349a9bedd32699f2a7a4e00b4727543d

                                        SHA256

                                        a4efbdb2ce55788ffe92a244cb775efd475526ef5b61ad78de2bcdfaddac7041

                                        SHA512

                                        45b15ade68e0a90ea7300aeb6dca9bc9e347a63dba5ce72a635957564d1bdf0b1584a5e34191916498850fc7b3b7ecfbcbfcb246b39dbf59d47f66bc825c6fd2

                                      • C:\Windows\Temp\{6D9F4CAE-CD8F-4B89-AD68-CAC6F670E647}\.cr\VC_redist.x86.exe

                                        Filesize

                                        632KB

                                        MD5

                                        c9d95472a5627c6c455e74c8b8fef5be

                                        SHA1

                                        34cb7f8f8b8dede7be6fd99e2b4bddaa37e5db82

                                        SHA256

                                        4b1bf90a0e4e3a628613c2fe42ddba589ee6303e37ccc70cf99ddc92dde03b0b

                                        SHA512

                                        989caff542f310972c15364925af542984ca73c1c1eec82fcbd1ea4bf9186487fd8349989afc95db4e761ebcbb8b14ce49482bc61d51b3259d134c571f4fab31

                                      • memory/828-6386-0x0000000000400000-0x00000000004DC000-memory.dmp

                                        Filesize

                                        880KB

                                      • memory/828-0-0x0000000000400000-0x00000000004DC000-memory.dmp

                                        Filesize

                                        880KB

                                      • memory/828-8-0x0000000000400000-0x00000000004DC000-memory.dmp

                                        Filesize

                                        880KB

                                      • memory/828-2-0x0000000000400000-0x00000000004DC000-memory.dmp

                                        Filesize

                                        880KB

                                      • memory/2336-14-0x0000000000400000-0x00000000006FF000-memory.dmp

                                        Filesize

                                        3.0MB

                                      • memory/2336-6385-0x0000000000400000-0x00000000006FF000-memory.dmp

                                        Filesize

                                        3.0MB

                                      • memory/2336-6376-0x0000000000400000-0x00000000006FF000-memory.dmp

                                        Filesize

                                        3.0MB

                                      • memory/2336-449-0x0000000000400000-0x00000000006FF000-memory.dmp

                                        Filesize

                                        3.0MB

                                      • memory/2336-9-0x0000000000400000-0x00000000006FF000-memory.dmp

                                        Filesize

                                        3.0MB

                                      • memory/2336-71-0x0000000000400000-0x00000000006FF000-memory.dmp

                                        Filesize

                                        3.0MB

                                      • memory/2336-12-0x00000000009C0000-0x00000000009C1000-memory.dmp

                                        Filesize

                                        4KB

                                      • memory/2336-11-0x0000000000400000-0x00000000006FF000-memory.dmp

                                        Filesize

                                        3.0MB

                                      • memory/2336-6-0x00000000009C0000-0x00000000009C1000-memory.dmp

                                        Filesize

                                        4KB

                                      • memory/2808-5474-0x0000000010000000-0x00000000101F2000-memory.dmp

                                        Filesize

                                        1.9MB

                                      • memory/2808-709-0x0000000000860000-0x0000000000862000-memory.dmp

                                        Filesize

                                        8KB

                                      • memory/2808-708-0x0000000010000000-0x00000000101F2000-memory.dmp

                                        Filesize

                                        1.9MB

                                      • memory/2808-732-0x0000000002BF0000-0x0000000002BF2000-memory.dmp

                                        Filesize

                                        8KB

                                      • memory/2808-730-0x0000000002B40000-0x0000000002BE7000-memory.dmp

                                        Filesize

                                        668KB

                                      • memory/4212-1969-0x00000000063F0000-0x0000000006497000-memory.dmp

                                        Filesize

                                        668KB

                                      • memory/4212-675-0x0000000010000000-0x00000000101F2000-memory.dmp

                                        Filesize

                                        1.9MB

                                      • memory/4212-6188-0x0000000010000000-0x00000000101F2000-memory.dmp

                                        Filesize

                                        1.9MB

                                      • memory/4212-5485-0x00000000063F0000-0x0000000006497000-memory.dmp

                                        Filesize

                                        668KB

                                      • memory/4212-5471-0x00000000063F0000-0x0000000006497000-memory.dmp

                                        Filesize

                                        668KB

                                      • memory/4212-687-0x0000000002980000-0x0000000002982000-memory.dmp

                                        Filesize

                                        8KB

                                      • memory/4212-5467-0x00000000063F0000-0x0000000006497000-memory.dmp

                                        Filesize

                                        668KB

                                      • memory/4212-1318-0x00000000063F0000-0x0000000006497000-memory.dmp

                                        Filesize

                                        668KB

                                      • memory/4212-5484-0x0000000010000000-0x00000000101F2000-memory.dmp

                                        Filesize

                                        1.9MB

                                      • memory/4212-5466-0x0000000010000000-0x00000000101F2000-memory.dmp

                                        Filesize

                                        1.9MB

                                      • memory/4212-2360-0x0000000003F60000-0x0000000003F62000-memory.dmp

                                        Filesize

                                        8KB

                                      • memory/5288-5495-0x00000000039C0000-0x0000000003A49000-memory.dmp

                                        Filesize

                                        548KB

                                      • memory/5288-5494-0x0000000003890000-0x0000000003937000-memory.dmp

                                        Filesize

                                        668KB

                                      • memory/5288-5496-0x0000000003500000-0x0000000003502000-memory.dmp

                                        Filesize

                                        8KB

                                      • memory/5288-5897-0x0000000010000000-0x00000000101F2000-memory.dmp

                                        Filesize

                                        1.9MB

                                      • memory/5288-5487-0x00000000033F0000-0x00000000033F2000-memory.dmp

                                        Filesize

                                        8KB

                                      • memory/5288-5486-0x0000000010000000-0x00000000101F2000-memory.dmp

                                        Filesize

                                        1.9MB

                                      • memory/7276-5988-0x00007FF9D6870000-0x00007FF9D692E000-memory.dmp

                                        Filesize

                                        760KB

                                      • memory/7276-5794-0x0000000000550000-0x0000000000650000-memory.dmp

                                        Filesize

                                        1024KB

                                      • memory/7276-5793-0x00007FF9D6870000-0x00007FF9D692E000-memory.dmp

                                        Filesize

                                        760KB

                                      • memory/9388-5802-0x00000000026D0000-0x00000000026D2000-memory.dmp

                                        Filesize

                                        8KB

                                      • memory/9388-6161-0x0000000002BE0000-0x0000000002C87000-memory.dmp

                                        Filesize

                                        668KB

                                      • memory/9388-5983-0x0000000010000000-0x00000000101F2000-memory.dmp

                                        Filesize

                                        1.9MB

                                      • memory/9388-5900-0x00000000026F0000-0x00000000026F2000-memory.dmp

                                        Filesize

                                        8KB

                                      • memory/9388-5898-0x0000000002FC0000-0x0000000003049000-memory.dmp

                                        Filesize

                                        548KB

                                      • memory/9388-5899-0x0000000002F10000-0x0000000002FB7000-memory.dmp

                                        Filesize

                                        668KB

                                      • memory/9388-5896-0x00000000026E0000-0x00000000026E2000-memory.dmp

                                        Filesize

                                        8KB

                                      • memory/9388-5895-0x0000000010000000-0x00000000101F2000-memory.dmp

                                        Filesize

                                        1.9MB

                                      • memory/9388-5815-0x0000000002700000-0x0000000002702000-memory.dmp

                                        Filesize

                                        8KB

                                      • memory/9388-5813-0x0000000002F10000-0x0000000002F99000-memory.dmp

                                        Filesize

                                        548KB

                                      • memory/9388-5814-0x00000000029E0000-0x0000000002A87000-memory.dmp

                                        Filesize

                                        668KB

                                      • memory/9388-5801-0x0000000010000000-0x00000000101F2000-memory.dmp

                                        Filesize

                                        1.9MB

                                      • memory/9388-5514-0x00000000028B0000-0x00000000028B2000-memory.dmp

                                        Filesize

                                        8KB

                                      • memory/9388-5513-0x0000000002BE0000-0x0000000002C87000-memory.dmp

                                        Filesize

                                        668KB

                                      • memory/9388-5512-0x0000000002D30000-0x0000000002DB9000-memory.dmp

                                        Filesize

                                        548KB

                                      • memory/9388-5505-0x0000000000DF0000-0x0000000000DF2000-memory.dmp

                                        Filesize

                                        8KB

                                      • memory/9388-5504-0x0000000010000000-0x00000000101F2000-memory.dmp

                                        Filesize

                                        1.9MB

                                      • memory/9388-5503-0x0000000010000000-0x00000000101F2000-memory.dmp

                                        Filesize

                                        1.9MB