Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

AMASS 2.0/...es.rtf

windows7-x64

4

AMASS 2.0/...es.rtf

windows10-2004-x64

1

AMASS 2.0/...es.rtf

windows7-x64

4

AMASS 2.0/...es.rtf

windows10-2004-x64

1

AMASS 2.0/...up.exe

windows7-x64

6

AMASS 2.0/...up.exe

windows10-2004-x64

6

AMASS 2.0/...up.exe

windows7-x64

8

AMASS 2.0/...up.exe

windows10-2004-x64

8

AMASS 2.0/...on.pdf

windows7-x64

1

AMASS 2.0/...on.pdf

windows10-2004-x64

1

AMASS 2.0/...60.dll

windows7-x64

1

AMASS 2.0/...60.dll

windows10-2004-x64

1

AMASS 2.0/setup.exe

windows7-x64

1

AMASS 2.0/setup.exe

windows10-2004-x64

1

Resubmissions

09/03/2024, 00:10

240309-agetcabb6y 8

09/03/2024, 00:06

240309-adr99sac64 8

Analysis

  • max time kernel
    118s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    09/03/2024, 00:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    AMASS 2.0/LicenseManager/LicenseManagerSetup.exe

  • Size

    40.8MB

  • MD5

    0b8af7b445e5eecf1674e198dcf422c6

  • SHA1

    d8c0025cf41f2e313b6382001a45594e65896cd4

  • SHA256

    c5e754131691a1362d9f28ba77e6ab2aec76b3834796c54a63b44d2a66916774

  • SHA512

    d47617f496a7864260e94aacc7ff0c1b95b3ecb22981e09409da2bc4433a61a3ecb097053589fe58abc66eeb3c07f6f7b8d22f68aed5b2c5a94ecdc4fd1283da

  • SSDEEP

    786432:ZIxZMrefY33o5l6QHaiWdWL22938+uNqMkyH1pK1oHEgBN:YiegHo5psdWx8+uNnH1p2opN

Score
8/10

Malware Config

Signatures

  • Drops file in Drivers directory 2 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 64 IoCs
  • Drops file in Program Files directory 24 IoCs
  • Drops file in Windows directory 30 IoCs
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 5 IoCs
  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 24 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 39 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Users\Admin\AppData\Local\Temp\AMASS 2.0\LicenseManager\LicenseManagerSetup.exe
    "C:\Users\Admin\AppData\Local\Temp\AMASS 2.0\LicenseManager\LicenseManagerSetup.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2004
    • C:\Users\Admin\AppData\Local\Temp\{B895E070-08F4-4BD0-8F67-28BA222FC013}\LicenseManagerSetup.exe
      C:\Users\Admin\AppData\Local\Temp\{B895E070-08F4-4BD0-8F67-28BA222FC013}\LicenseManagerSetup.exe /q"C:\Users\Admin\AppData\Local\Temp\AMASS 2.0\LicenseManager\LicenseManagerSetup.exe" /tempdisk1folder"C:\Users\Admin\AppData\Local\Temp\{B895E070-08F4-4BD0-8F67-28BA222FC013}" /IS_temp
      2⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:2316
      • C:\Windows\SysWOW64\MSIEXEC.EXE
        "C:\Windows\system32\MSIEXEC.EXE" /i "C:\Users\Admin\AppData\Local\Temp\{B895E070-08F4-4BD0-8F67-28BA222FC013}\License Manager.msi" /log C:\Users\Admin\AppData\Local\Temp\LicenseManagerSetup.log SETUPEXEDIR="C:\Users\Admin\AppData\Local\Temp\AMASS 2.0\LicenseManager" SETUPEXENAME="LicenseManagerSetup.exe"
        3⤵
        • Enumerates connected drives
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        PID:2508
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2088
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding DB3C81868D05DEF5DCDDFC17A51C5ED0 C
      2⤵
      • Loads dropped DLL
      PID:2624
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 9198C7A3DF43762453A7B649E9C0A013
      2⤵
        PID:1552
      • C:\Program Files (x86)\PANalytical\LicenseManager\haspdinst.exe
        "C:\Program Files (x86)\PANalytical\LicenseManager\haspdinst.exe" -i -cm
        2⤵
        • Drops file in Windows directory
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious use of WriteProcessMemory
        PID:1996
        • C:\Users\Admin\AppData\Local\Temp\haspdinst_x64.exe
          C:\Users\Admin\AppData\Local\Temp\haspdinst_x64.exe -i -nomsg -32to64
          3⤵
          • Drops file in Drivers directory
          • Drops file in System32 directory
          • Drops file in Program Files directory
          • Drops file in Windows directory
          • Executes dropped EXE
          • Loads dropped DLL
          PID:1684
    • C:\Windows\system32\vssvc.exe
      C:\Windows\system32\vssvc.exe
      1⤵
        PID:364
      • C:\Windows\system32\DrvInst.exe
        DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "0000000000000570" "000000000000057C"
        1⤵
        • Drops file in Windows directory
        • Modifies data under HKEY_USERS
        PID:1108
      • C:\Windows\system32\DrvInst.exe
        DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{184e38c0-aee3-61a0-e84a-7b4174d4da05}\akspccard.inf" "9" "62250386f" "00000000000004AC" "WinSta0\Default" "0000000000000574" "208" "C:\Windows\system32\setup\aladdin"
        1⤵
        • Drops file in System32 directory
        • Drops file in Windows directory
        • Modifies data under HKEY_USERS
        PID:2612
      • C:\Windows\system32\DrvInst.exe
        DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{0cdf35b9-bcb0-75af-0cea-39534bf27b74}\akshasp.inf" "9" "6d1770e3f" "0000000000000534" "WinSta0\Default" "00000000000005C4" "208" "C:\Windows\system32\setup\aladdin\hasphl"
        1⤵
        • Drops file in System32 directory
        • Drops file in Windows directory
        • Modifies data under HKEY_USERS
        PID:2040
      • C:\Windows\system32\DrvInst.exe
        DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{57054b9a-8eea-4d3d-5383-6f6be8d89f0a}\akshhl.inf" "9" "68e7fedb7" "00000000000005C4" "WinSta0\Default" "00000000000005CC" "208" "C:\Windows\system32\setup\aladdin\hasphl"
        1⤵
        • Drops file in System32 directory
        • Drops file in Windows directory
        • Modifies data under HKEY_USERS
        PID:2436
      • C:\Windows\system32\DrvInst.exe
        DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{22d727ab-80aa-556f-72bf-c240173a2279}\aksusb.inf" "9" "686f4dfd7" "00000000000005CC" "WinSta0\Default" "0000000000000570" "208" "C:\Windows\system32\setup\aladdin\hasphl"
        1⤵
        • Drops file in System32 directory
        • Drops file in Windows directory
        • Modifies data under HKEY_USERS
        PID:1820

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\PANalytical\LicenseManager\LicenseManagerApplication.exe
        Filesize

        20KB

        MD5

        68373dea49681bf1d7eb22b18f6e484e

        SHA1

        5fc48022539d444fb76ee91aef6c78fef134dbe9

        SHA256

        416e8afc3ed2e11972ce1cec17b9edee3106e38a7e4710b615facd2bfc6bb395

        SHA512

        4063f9de49b89a5537390bda15b91466cb10a5c74c2693c7a6827778e3fcfa18ebe4c3df9a4ce606870273290b57022506fe4343eae17b707d5fb47babe50be0

        Download Submit

      • C:\Program Files (x86)\PANalytical\LicenseManager\haspdinst.exe
        Filesize

        2.5MB

        MD5

        afcf12ce9913c0b6ed08bef743a09ba3

        SHA1

        016845893d70c61193f7a6152e97212b99e5f5eb

        SHA256

        770ce7f461643ef5b45f0906c041837f910f86742bbe9c5aad320be8ecc947d5

        SHA512

        f1085c2c30e0c4a1068b072c68dd421e635bcaca84f4f07f0ff81790b4aa52c71de97d8a60abbc4f007c5e67569ec5900894e117c932f20c134514306ce3da29

        Download Submit

      • C:\Program Files (x86)\PANalytical\LicenseManager\haspdinst.exe
        Filesize

        1.9MB

        MD5

        8d8252b33a3826894c5efada84bde781

        SHA1

        b64fcb04962d62ed08e914fb5d1a0f13db7a864a

        SHA256

        67af2bd33348410a77c5586b7558825e8d3541ef71b300e66d05494707aea641

        SHA512

        142e49b039a3f4b0db93d5de2630ac725aeb7bfae0619c57f44bfdd999b835a53c44ab1de69b6a313a601e75c78dba3c38af579f80ad0a9c46f9eb9737afe72c

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\0pdc.txt
        Filesize

        4KB

        MD5

        175c58d6c736ddd3cec0d3fe8e29b115

        SHA1

        2a0ddc74ab6d53931a66643c9d9d5de7865d5338

        SHA256

        aa9223ed8ab7ab3e555242dcc62cd25c63f129522150f56425da7740bb24e529

        SHA512

        32eb8af3bdba3251b70c03b2f402fc41e47178eb2c754fc9c408d7badd06af9d21e063f2673a022ca7c9bcc26eb6616ea205c601787ab0b75d1c59e70aef8e58

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\LicenseManagerSetup.log
        Filesize

        7KB

        MD5

        b802dab750d9993ca74b8834f2fd1214

        SHA1

        f1b100677c28c0e4511408da56332f9eaebd1ebc

        SHA256

        f0376ff3916cf912d120442b0ce2a8adcec42e01ba993549bf24734f8ba5f3b8

        SHA512

        f03e9c0d3d114353d9cafac592ecb232f8759b2cd31f3eb253139e11ac8c716c5552f52aef81549b3c081a9e3ada14d4dba9bbbe02fa779a17adb0b8d2e5b6f5

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\MSIDBED.tmp
        Filesize

        165KB

        MD5

        b5adf92090930e725510e2aafe97434f

        SHA1

        eb9aff632e16fcb0459554979d3562dcf5652e21

        SHA256

        1f6f0d9f136bc170cfbc48a1015113947087ac27aed1e3e91673ffc91b9f390b

        SHA512

        1076165011e20c2686fb6f84a47c31da939fa445d9334be44bdaa515c9269499bd70f83eb5fcfa6f34cf7a707a828ff1b192ec21245ee61817f06a66e74ff509

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\haspdinst_x64.exe
        Filesize

        232KB

        MD5

        063cc80dffcc966e678688abed0c170e

        SHA1

        70fb018244d6142572c7f791744ec963b92fd0db

        SHA256

        3ee76fb632db4cfe47985af0ca6cd97c89d2dd2bd78ee58582e0e32c76ef658c

        SHA512

        1cc777228e756e8739a95bc01f27109c10ae213976a61563db221771bbb2b16d0275527ea2b0f8776b5b8de28ea52d9a1ca536aaf1a3d12b32b8b78fc084b429

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\haspdinst_x64.exe
        Filesize

        99KB

        MD5

        956a0f78a57e486bee0e3c002dc7fff9

        SHA1

        a6f9faa7a4eeb4d42df6380c4aa6d809102e8c21

        SHA256

        2656d42089afa58ebaba43afa4e556e49f86b0484e1140398d3b70ba361f414c

        SHA512

        3734e8dd25866ac1145793f75b3a9e82629808512ccf0ad9c843e1f1cd7fbf8dfed7da8d49ab374f631c7d4046c6e04589967c94d336d12f226079dd0b94318e

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\haspds_windows.dll
        Filesize

        3.8MB

        MD5

        a6d9a030a2ab087745fe521e0988a4a6

        SHA1

        a6c6e1e9423769220e2409669d0ace96d0165b67

        SHA256

        28037eb983b014ead2877ec39f1785ba054af5226cbe51c2287576dbb532d0b8

        SHA512

        4b0bc37969f2946137aa6f4043bbc06c75415d1a1b13ab141645e088c06bedd20d187fc7a9eb2732686638617e26f7a20bce8065fa28f2e9877af6f31f396ea7

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\hhl01.cab
        Filesize

        1.6MB

        MD5

        3ee3970eef722f7df4ccb4160fd83f4f

        SHA1

        6a939f4b2ba17502b8c407a7ecc3b21f66afa956

        SHA256

        8cd678296a9ad8816e554e835f82443c3961ab34b8b7e7e911395f01afa680ce

        SHA512

        dfa14c4658d12fb78241e1cd5a43ea6bb6719fbc3c93e2c6ed0dbf7edb965a26a1a5a4d74ea499d4c82b01903b4aa5c3aec547a57f1955f27b4cb5ded2df9989

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\hhl01.cab
        Filesize

        1.2MB

        MD5

        8bd65f8c333a47c195f25e2bea69e391

        SHA1

        c6145596914288ddd9066a49931dba12182857d8

        SHA256

        a8c30015987f5ef405c4b67995bcf7eaf3b26d2271b94ac03b517ff5cb5221d2

        SHA512

        f007afeec54769cd5dc89ab83fbde3ed949736007777814b390ab75b0abf63ff07f3291f13118bde2e2d22674245d185b762dfabf35b242bf42ef85152cdbbe8

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\{0cdf35b9-bcb0-75af-0cea-39534bf27b74}\akshasp.cat
        Filesize

        9KB

        MD5

        db676cf7da13308a53380addcf2d273c

        SHA1

        b61190e5ca0569d092ff0470daebec584814931e

        SHA256

        f4739fca522e29627af4ae3eb8149fb89ddea18631cd1f9ba29deb2e845f353a

        SHA512

        7a41bbbfa7b1ae01792c043e7c677902cca398c98b77e781f49ccdc8a8cd86ada70809c49fe36b9adc925369251c78968289e9c04460d267debdf0675c5d9766

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\{0cdf35b9-bcb0-75af-0cea-39534bf27b74}\akshasp.inf
        Filesize

        2KB

        MD5

        34f5a5f56ddea6ef57022046d5c03e8f

        SHA1

        62de609029398186648359815e68ca9e3fdcc2cc

        SHA256

        2083bca634feb5c9faf3eb2a4488ac1faec2bd36f6c6de53277be528509a3e7c

        SHA512

        9ff5390f9ffd73df2f7963d252ea5d09590bdfe2be3c340535c9cc2d845abe15d2a3a37781a9466bb6cd34c5749625ab86a01624be4a7cf32ef861cc3b6f8dd9

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\{22D72~1\akshhl33.dll
        Filesize

        97KB

        MD5

        e386d261d205cc3347158a2735712205

        SHA1

        4a1d8b960625a6180c841a957976d1b69b6abf16

        SHA256

        de4fc9061f041da384beca71a635a3a8354a7712d6de9570b47701e4ccbf8152

        SHA512

        da3d144fc1bab90adbc96045ab54ab3d3a709856e7c5f347bc5c10f8eef21b69de55099367ff9f8693b4edddf76653831670c7fa061fdc43874ea8cee34d7892

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\{22D72~1\aksusb.sys
        Filesize

        126KB

        MD5

        4e43b78ceb34ad96cd6064d3669e7100

        SHA1

        b95424a00bfb035ee79f17bd0ba1190111701ffc

        SHA256

        8d5c450cad28370b16a5b6e6947f696d3ce8e52dcd5755f237c02693171c46ce

        SHA512

        8a15ae44d176d5a6ced38a16ad5e73b5edce8b6afa8a42a398b4f718864bcc4e7109ac6c2bab2cd908381a3f63c2e9b2eed77d076a5cd0ca782e3c70837a066f

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\{22D72~1\aksusb5.dll
        Filesize

        83KB

        MD5

        e50384bf37447f1ff7cf8119445db156

        SHA1

        75838665599fe70fa5a486ddd6d1a6a61622e47c

        SHA256

        4b08d0175a95be1f690f61f670beb4df09753687c11a63cf1cc2721914f28b98

        SHA512

        455cf5172b0e39e407f1b121be8b8c3cf8f191f33c2eaacab839f6caf21cf9e46b97b168a6385bdf5fadde2900443b8fadedc60f1b06194b27ada318695c57f6

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\{B895E070-08F4-4BD0-8F67-28BA222FC013}\0x0409.ini
        Filesize

        21KB

        MD5

        a108f0030a2cda00405281014f897241

        SHA1

        d112325fa45664272b08ef5e8ff8c85382ebb991

        SHA256

        8b76df0ffc9a226b532b60936765b852b89780c6e475c152f7c320e085e43948

        SHA512

        d83894b039316c38915a789920758664257680dcb549a9b740cf5361addbee4d4a96a3ff2999b5d8acfb1d9336da055ec20012d29a9f83ee5459f103fbeec298

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\{B895E070-08F4-4BD0-8F67-28BA222FC013}\License Manager.msi
        Filesize

        1.0MB

        MD5

        8ebedb0454dbb684de6d994e8bd96196

        SHA1

        43e249a827374bec3ed0d37fcd3d632c26b51e70

        SHA256

        d78f526b44c9fef94aaedc50ddc1080f94e988aa445d35208b3cd60530097c43

        SHA512

        2a56cddee9800154549e8748912ea7b9ef83719bb513195740151a6e2fab30e71cd0ce3c27caa546ff935b35c690d5f95e954e8d92f67af879fa94b9fed69427

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\{B895E070-08F4-4BD0-8F67-28BA222FC013}\LicenseManagerSetup.exe
        Filesize

        582KB

        MD5

        98b5c039e2a71650c8e14213f6ad0e99

        SHA1

        b34ce065c2028f65dac58c5fc069165ffbcdf6e2

        SHA256

        621231af077227ecfec82a549ea1ada09a082cbf470c132f543146332f93dfe7

        SHA512

        78a8b6fcca06c24bf580ab4fb9fd9e11b4cf1f6da1172318bef197e4e333ca73f098e988a25636078eb25d903206e640bee097c26fed21d01561487b02f3fda8

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\{B895E070-08F4-4BD0-8F67-28BA222FC013}\LicenseManagerSetup.exe
        Filesize

        542KB

        MD5

        eb0c60a079f2ac672f65377a22d22195

        SHA1

        14745fbdabc350efcd76433d778fc3876a03a900

        SHA256

        de7df224adfd6ae47d7f5c500e19473a476de54abfd50b54a329e582840c8ff5

        SHA512

        1124fabe62cd7b57aad5daf4fc5638c517735c0112d5d2947cb507c3bdb738b4938ee31ad5916a281e3ba3d6b582e5181d797a48b3ff5207eef7c25755ec584f

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\{B895E070-08F4-4BD0-8F67-28BA222FC013}\_ISMSIDEL.INI
        Filesize

        648B

        MD5

        7b1c65d183bce6ec90163f887bec552c

        SHA1

        7724ccd8adeefdb52182028126fbf0505767478d

        SHA256

        1ded0b798723858168e08d345a0ca40c0b6f51ab2148427c69e82ab50d933d4a

        SHA512

        86ccb9c390b2202148db7abfbea74edf9e2d286268d8f24c649af63803fe24c79a516ab4996f69e35df8688ce0374485312a702bb7836cd7d95e43f2c68af8f8

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\~C2E4.tmp
        Filesize

        5KB

        MD5

        1315aa99778e319357eaa30728fb3369

        SHA1

        0c3610795869eabba7bf113e6b64434caf049148

        SHA256

        f5d115bd6743167068e550f5b5a81d915762b3ca6b052e322defd64ac69ed070

        SHA512

        47d3ae5200941b4211e6cef2977f4b0ed3f2b12cd514134041c6cda9d9c6f89a31ee0c7907611977d2c1df7623681d2373fc21f4396cffe10be5c608b6171d71

        Download Submit

      • C:\Windows\Installer\f776883.msi
        Filesize

        3.1MB

        MD5

        b09894803074aa0a298b6ef2994092d9

        SHA1

        88d929dac425f470f4c78701fdc6086e43c2e65b

        SHA256

        fb47c92f7578e7cdbde1909f511a0ba83599e337d7363120e90d3bfa3b5051c6

        SHA512

        7638651013fb4d9b46fbb1a52f8f11abc8c7ccc86c82836a6b6a36546fa42571ee3e663ff03f0fb97aa48543ca2d72bac403a6249442c455a7670d600974d23e

        Download Submit

      • C:\Windows\System32\DriverStore\INFCACHE.1
        Filesize

        754KB

        MD5

        9c5ac229b41dcc10ab9f6e8ff140e1be

        SHA1

        e1f3008a9dbe60f8ac76cd672f58f8674971b977

        SHA256

        c061ae5c3bdc9467a22508640564507e63104b3f5cfb4a9a57d2737fc1252edb

        SHA512

        d1582f09f8588af683783d41211c44095ae4444e89bdc7df3c23d1468f31a9b3cac00351ea67a4e658e5019fa5b715516e0d51af41bbeef8dce4501b94ada0c3

        Download Submit

      • C:\Windows\System32\DriverStore\INFCACHE.1
        Filesize

        1.4MB

        MD5

        e61c827657f00bc92aabc242fb68812b

        SHA1

        20624e2af1a40153bb2db79b1224ea5c637407e5

        SHA256

        41d5e0fe1e8529c64ce9e42f98cc634faa881edb79c515d175453871c1cb82bb

        SHA512

        1b4dfb342f12e9b81265935b9c529908aea22cc97910bc368c2cc575c965049355e2fa2e94af8e3a7d4f944399625b39ae551db8df431a1f5cb434988018fc11

        Download Submit

      • C:\Windows\System32\DriverStore\INFCACHE.1
        Filesize

        174KB

        MD5

        472b56c0bf7e64b6be17ecc9a6c1784e

        SHA1

        6433a74749116ea3d58eee9ad39300fe975f3a06

        SHA256

        fc34a88f8cf3d02a65d2f346bd1e4a75732d422c89ca9d58a808d38969a1a8df

        SHA512

        d8d2657369d16405b3b75d1b854f348d28b623a5c1daac54555056804674066b41fe9bae89fa23af1b7fe1f7f9eaae1ffbd7c1415ad4e96a62056d2a3a5f4319

        Download Submit

      • C:\Windows\System32\Setup\aladdin\akspccard.cat
        Filesize

        8KB

        MD5

        c8556048ba9510f2059f9bb72a85d4ae

        SHA1

        5dc717acf2924248aaa08565579ecb2793352c87

        SHA256

        287479577e22d62d5ba7e683a856ba87c73826a98db19c6603de2403d1668c89

        SHA512

        06fa5f01adc9d0d86c87c80b682f8d049d83920491a59bc2a539f2a8b8b76de8be36cbe245ff384945e0b21a849dc31214357b4c05a3c524cf41b41f12f35ef7

        Download Submit

      • C:\Windows\System32\Setup\aladdin\akspccard.inf
        Filesize

        2KB

        MD5

        1c5e9dea337306dea633ac711ef94e6f

        SHA1

        ddd3e218df64b9279944a0fc027f568bca680217

        SHA256

        c3bf22bb08752a8c732049c64060669c80d6d6539db16f701f4ba9b09d828325

        SHA512

        b34d1d3e2976adf1c70490023511ce3d93dd0bae90053e6acd452c2e40045f9ac96eac1760776aa8d94b031b0e4d10fd61bd91f2fa4de878de5f1d03a406ea17

        Download Submit

      • C:\Windows\System32\Setup\aladdin\akspccard.sys
        Filesize

        20KB

        MD5

        30d81e838a6494a57be79467076b0d7a

        SHA1

        29d7e2bd588591e89cb33d7d4788f4fa64871423

        SHA256

        50eb9b01cbc8d1263ba39a8f9410abe76342516ce1cd01abaebe784abe1a39eb

        SHA512

        5cd7de34b5dbd87513e1a2fca6174fb5c103785e97d93bff7c5c04e81c0ada0c6632559ecb7191b177408976c173a865e39c03ebb60ef9bfa18e8feec113f0e7

        Download Submit

      • C:\Windows\System32\Setup\aladdin\hasphl\aksclass.sys
        Filesize

        30KB

        MD5

        c9fe36d2bb921a06a0e6b247273734ab

        SHA1

        4c552e3097d238455668b2e0173d19e942254431

        SHA256

        740bffacf2f383c9e5180203adc7fcb8476df876a1097791b97cea8d7689c11a

        SHA512

        703568c05193c1289469bc59d9596d42439f433e6e67e37f7135df232abf5766b51407016f691cb6dd5be1beb97324c73caa9df9ab5c3844dceb982a9d046bfb

        Download Submit

      • C:\Windows\System32\Setup\aladdin\hasphl\akshasp.sys
        Filesize

        67KB

        MD5

        f1adc7ded5184045a47e02a85bf2917c

        SHA1

        2f3711aeb6e50d1c35040acaecbdc6aa930719dd

        SHA256

        3c635791b9b514a152ff9b3a853458864acdf668ba72d4a8b2840619ad93055b

        SHA512

        40161eb931c3fe7a2af2060e5f7ed3cd608bd61377112e73a6a0d7c114ea9cfd60ab01a609628f4c1d70a68d097113efd78cd26a5ed127c517c74cc56ea9e17f

        Download Submit

      • C:\Windows\System32\Setup\aladdin\hasphl\akshhl.cat
        Filesize

        9KB

        MD5

        545a0bf637f55a48972780dbf58c8d55

        SHA1

        1f5369492f34aa3088b6e1433a81e1faff1d32ce

        SHA256

        e097b13d615ed6874e95954393017ca2b357f05ee164d5588d02545d842b5ae2

        SHA512

        7f2c122653f74e1e166488d0ca44827e5ec3cfb19b36c38550c36f956155e02e2f73364b814219492703943f2ab139c3758ee63eb3b9ad8a86ff3431028584c1

        Download Submit

      • C:\Windows\System32\Setup\aladdin\hasphl\akshhl.inf
        Filesize

        2KB

        MD5

        c46095c8fbad763043c03e7333cedbcc

        SHA1

        1e854d5a5ad0e4f8c77d60b08aa9f2732bbf0e02

        SHA256

        758192f976302955fa8130ff85a0b459ac7a5df2ff05cf258c7255a5d4697dd5

        SHA512

        a93442a716dd58eeb710270f4a0f4d3175f3cbd0b6121ea60b1233a792a59548e7ab0417d0409c49064e649aec423c4ac9583632284792ff31d5b68d67f3bb29

        Download Submit

      • C:\Windows\System32\Setup\aladdin\hasphl\akshhl.sys
        Filesize

        66KB

        MD5

        d885a9cd59ef699df92d163a365119ec

        SHA1

        0080abf2536cbf47f2c656483f41debaa99ab996

        SHA256

        4a80438e8c8aa89b9e356fb9320b57d7c01c9b1ff66e7b8fdf69d4022024750c

        SHA512

        4bbaba4f3b7aa570855e20352293523cfbfcbf8d615fd1593e032841ae5e41ad05c981efdbe2fe3cc34f813b27e6e6e523b34abb32bd3606472d5c441eb5ac23

        Download Submit

      • C:\Windows\System32\Setup\aladdin\hasphl\akshhl33.dll
        Filesize

        273KB

        MD5

        6b7146812b4d8d282a55bb58aebe1106

        SHA1

        4ea6cd560bdc5c2a0a9703267b5aa05997a7c32d

        SHA256

        046b84032596cf064c28cfb40ab839f484304a9e8e8c05c32c09cf875b5a922b

        SHA512

        17c4a91ba9d4addca449696579bed70074c4a9ec559bae5879aea71fb616450a33867d60154bb262fcd8dc29c829dbbd86361892295c2f75e0736af9f8283af2

        Download Submit

      • C:\Windows\System32\Setup\aladdin\hasphl\akshsp53.dll
        Filesize

        72KB

        MD5

        a462556de56256e4e27a92e84f16e0b6

        SHA1

        b333a7df15d813ca3a4ee7caa897be7657322946

        SHA256

        488a800297c3357e855937730a51ac61fce86ef42d34c467c1109789f1fab385

        SHA512

        b3876d96b36ff89e1e1b6ea5a340086b98f1ff2f0de8f86b221372198d3f4820ae3c168b1332b5292672390757ed13b6df47099023d7502a2de639c6b80a558c

        Download Submit

      • C:\Windows\System32\Setup\aladdin\hasphl\aksusb.cat
        Filesize

        11KB

        MD5

        0dc3fd5d19ebd6c1525c547fbf5a9d0d

        SHA1

        2f50b13a9380b85096bbe42b26a2cba8f6607daf

        SHA256

        a71d9d4ce4ed79325fb708502c8e3e3adf3dd6b36e0acd878150cbd32396a5cf

        SHA512

        894b578fb0195b1336c69a953fa3fc5db89b63b68cfdcda8a4498fe30518fe5df2ac9326f5b81324ce23b5c68892bfb1c49c3d32b1d1cab03e70e94d71b967c9

        Download Submit

      • C:\Windows\System32\Setup\aladdin\hasphl\aksusb.inf
        Filesize

        2KB

        MD5

        086aa6a5eac4bdebb28aef6e4a63ce41

        SHA1

        cd475bc06cd13d105f92ce92fbd2f69b39f6e15f

        SHA256

        10a13e9a15a18016a8bdbc2b235dffb819e4229a7f5a7c352d3fb0923a569b7f

        SHA512

        a06a2c1e32c95d16cc401c137c5cc63b8ae37ec92df0043ad10f6f348ebf2240d1108e0e3f3b42f139270d0dfe20d4242f765dee829b6e4e49f86c1d16b9b7e0

        Download Submit

      • C:\Windows\System32\Setup\aladdin\hasphl\aksusb.sys
        Filesize

        276KB

        MD5

        376a65120416835af230582a5a293a8d

        SHA1

        0047ca5e47460fb9764f6144595e0ad4cc65f05d

        SHA256

        36fcaeb117bf05f463792b14f286567965c69bf25b6b29c0fc2a0a095d0ce6e0

        SHA512

        909f432de72fe6282720059958a88ddcad593f012e590987a2eaad90cb836596b0c97c4f38579e2c9459f819a770a3f9c55a8e2d114a889652d6a31d3e21c2ac

        Download Submit

      • C:\Windows\System32\Setup\aladdin\hasphl\aksusb5.dll
        Filesize

        83KB

        MD5

        ad417d60cfbe9c46507852273a8cbdc1

        SHA1

        c5e590667cd0b4b6e1acfa378952f794afe533a6

        SHA256

        514972afcd1d1f3792cba8434e7b1ac0a2bb04752597d2372882726d725e9b1d

        SHA512

        261106b9c76f3387fc61a5a22ae4f5a99233e636ca56051d4d278e55736a36f5d3e2177637440d3c3798a476c011b0de357356d0411da95f1d5a3cea26b01424

        Download Submit

      • C:\Windows\System32\catroot2\dberr.txt
        Filesize

        192KB

        MD5

        88f27ed3e89febaf0c91d86eefedf3e0

        SHA1

        d94549df30c33e6de90bd2f2676f6645fc586f10

        SHA256

        fe3739ec436dd5b7c822ba6ead9e376b84e57ec635932a770e34089977965bf6

        SHA512

        aa8e16cc48ec637ee6c02ab3cf913b0fcd6046899d14928eb628b6f4f12153b7ed17ef6d21e663c9ef59c57b573a6508e7f1f2d4de2c991153132073017e24de

        Download Submit

      • C:\Windows\System32\drivers\hardlock.sys
        Filesize

        1.4MB

        MD5

        536a7c451122b2777aee28e468c91883

        SHA1

        47621472d3c2b0ac18cbe696ac065cf7d63b5de1

        SHA256

        7e3f5010c0d622fe15fa5843c9e7e42a15e9c46c896dc634be25893e9f155197

        SHA512

        50af1edb805b88be89524e6b38f97157c2df96b404068afbfa0aa4dd5c7f2bcac6589405dc7d221e2bed030a297ae39b01f69930d07a8db908df8631f71245f2

        Download Submit

      • C:\Windows\aksdrvsetup.log
        Filesize

        973B

        MD5

        40eafd0967fb4777af85b7f247e71b8c

        SHA1

        d861a27ca80be5998d4d953445248869b07dfa28

        SHA256

        e478d52b166e7c963eb8c2ae45b39659d6c1dcd0016663f02705c4eae78acc53

        SHA512

        d6e02c5af553b6f8b4fa84eb81a435bc402e011bfd739b971b9edaa4770c1aaebc2b1891a6fc444a985203f0da4aa2807e51531710671f578a63c22d0a9dda0f

        Download Submit

      • \Users\Admin\AppData\Local\Temp\haspdinst_x64.exe
        Filesize

        415KB

        MD5

        2b6db16df50302cb47e4a6179e0b9ac4

        SHA1

        9994c777f34aca747ca0de20d1ab5c004ef4fd15

        SHA256

        9157314c5f1de991cb6aae6c73085af8dbb3d69f93f13ae455cc42c9a03b9d41

        SHA512

        7fac6df97d7beb9d78e43d4c9521c1974389438be0bfaa9f5f6981533117cb9356ae7c24d49d7908f22b85dfc1cee2c64fe80a6dca95a7a57620fc85c14d3395

        Download Submit

      • \Users\Admin\AppData\Local\Temp\haspds_windows.dll
        Filesize

        35KB

        MD5

        1ccbf685e6dcb3a6f70a917f72f56049

        SHA1

        67716d7eed8573d03a824e74974f377ed7752054

        SHA256

        d9318fdc697c10beea1e57c1ca0b3f026069435904f5a7e901cf21454675a3b9

        SHA512

        902436365e252208929e582b32c9abdbd6c76392df652db55760671d2f82336d1f03d9eadd505bc162d9853d0dcb684181a57308ad9a06b28abff3f469b00f7f

        Download Submit

      • \Users\Admin\AppData\Local\Temp\haspds_windows_x64.dll
        Filesize

        2.3MB

        MD5

        7a7d7a02b801b894f8b8a6fbb899f51b

        SHA1

        058c32c008dc713dbf79dec1afa00389daafdef3

        SHA256

        d1dc83b55267c42e2f2d0693ab538fd327f55f2e3b79b23cd6a526bb53c58289

        SHA512

        6ebc9327e7e271fc4ee10fd8c191ce918996e528a63fa14fd4c1b210050023d3c476f5987e95611705d85c61ee3608fcc4d743b0c2fc1eaf75bb2f5fd9cda5eb

        Download Submit

      • \Users\Admin\AppData\Local\Temp\{B895E070-08F4-4BD0-8F67-28BA222FC013}\LicenseManagerSetup.exe
        Filesize

        989KB

        MD5

        2d1d9dd75c6dacfca8849adca48ad06a

        SHA1

        091bb0ba354bc25a84c232459cc4267288a6d2ed

        SHA256

        4db5c3db2a9360102c00e4ccf54e72ba1e1ac37d3a67bc52a6e139305124a22b

        SHA512

        7a648d35c657c3f68f9236f2f60053534e20defbcc0462b2ce5fd3340f1943284571ac1c1ad85793de8902565e2a6fc37dd2e4c07d00caf226ddefc713ad7620

        Download Submit

      • memory/1552-67-0x00000000001C0000-0x00000000001C2000-memory.dmp

        Filesize

        8KB

        Download