Analysis Overview
SHA256
072424c82f942f2b43b68b9154e1f3e0c61b7ee39a08372048ed34e09bd2554a
Threat Level: Known bad
The file wlsetup-all.exe was found to be: Known bad.
Malicious Activity Summary
PrivateLoader
Sets file execution options in registry
Executes dropped EXE
Registers COM server for autorun
Loads dropped DLL
Drops desktop.ini file(s)
Installs/modifies Browser Helper Object
Adds Run key to start application
Enumerates connected drives
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
Suspicious use of FindShellTrayWindow
Creates scheduled task(s)
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Modifies registry class
Uses Volume Shadow Copy service COM API
Checks SCSI registry key(s)
Modifies system certificate store
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Modifies Internet Explorer settings
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-01 21:18
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-01 21:17
Reported
2024-05-01 21:21
Platform
win7-20240221-en
Max time kernel
150s
Max time network
149s
Command Line
Signatures
Executes dropped EXE
Loads dropped DLL
Registers COM server for autorun
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D7F9888F-E3FC-49b0-9EA6-A85B5F392A4F}\InprocServer32\ThreadingModel = "Both" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\system32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}\InprocServer32\ = "C:\\Program Files\\Common Files\\Microsoft Shared\\Windows Live\\WLIDCREDPROV.DLL" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{79FD7442-008F-42D9-ADFA-377C441D2DB1}\InProcServer32\ThreadingModel = "Both" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D7F9888F-E3FC-49b0-9EA6-A85B5F392A4F}\InprocServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\InprocServer32 | C:\Windows\system32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\InprocServer32\ = "C:\\Program Files\\Common Files\\Microsoft Shared\\Windows Live\\WindowsLiveLogin.dll" | C:\Windows\system32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D7F9888F-E3FC-49b0-9EA6-A85B5F392A4F}\InprocServer32\ = "C:\\Program Files\\Common Files\\Microsoft Shared\\Windows Live\\WLIDPROV.DLL" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{79FD7442-008F-42D9-ADFA-377C441D2DB1}\InProcServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{58FC39EB-9DBD-4EA7-B7B4-9404CC6ACFAB}\LocalServer32\ = "C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\DWTRIG20.EXE -s" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D2517915-48CE-4286-970F-921E881B8C5C}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\system32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{72BFEB11-2681-490D-874B-652FC1D75ED8}\InprocServer32\ = "C:\\Program Files\\Common Files\\Microsoft Shared\\Windows Live\\wlidcli.dll" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{72BFEB11-2681-490D-874B-652FC1D75ED8}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{79FD7442-008F-42D9-ADFA-377C441D2DB1}\InProcServer32\ = "C:\\Program Files\\Common Files\\Microsoft Shared\\Windows Live\\wlidcli.dll" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{58FC39EB-9DBD-4EA7-B7B4-9404CC6ACFAB}\LocalServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{58FC39EB-9DBD-4EA7-B7B4-9404CC6ACFAB}\LocalServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D2517915-48CE-4286-970F-921E881B8C5C}\InprocServer32 | C:\Windows\system32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D2517915-48CE-4286-970F-921E881B8C5C}\InprocServer32\ = "C:\\Program Files\\Common Files\\Microsoft Shared\\Windows Live\\WindowsLiveLogin.dll" | C:\Windows\system32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{72BFEB11-2681-490D-874B-652FC1D75ED8}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\DXTempFolder = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\DXB4CE.tmp\\\"" | C:\Program Files (x86)\Common Files\Windows Live\.cache\2b9415a01da9c0d01\DXSETUP.exe | N/A |
Enumerates connected drives
Installs/modifies Browser Helper Object
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6} | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}\NoExplorer = "1" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6} | C:\Windows\system32\MsiExec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}\NoExplorer = "1" | C:\Windows\system32\MsiExec.exe | N/A |
Drops file in System32 directory
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\msidcrl40.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Windows Live\Installer\startuplang.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Windows Live\Installer\wlsres.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Windows Live\Shared\uxcore.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Windows Live\Installer\en\wlsres.dll.mui | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Windows Live\.cache\2c2a0c401da9c0d03\Jun2010_XAudio_x86.cab | C:\Users\Admin\AppData\Local\Temp\wlsetup-all.exe | N/A |
| File created | C:\Program Files (x86)\Windows Live\Shared\sqmapi.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Windows Live\.cache\2b9415a01da9c0d01\DXSETUP.exe | C:\Users\Admin\AppData\Local\Temp\wlsetup-all.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Windows Live\.cache\2c2a0c401da9c0d03\Jun2010_XAudio_x64.cab | C:\Users\Admin\AppData\Local\Temp\wlsetup-all.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDRES.DLL | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Live\Installer\langselectorhc.thm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Windows Live\.cache\2c2a0c401da9c0d03\Jun2010_d3dx11_43_x64.cab | C:\Users\Admin\AppData\Local\Temp\wlsetup-all.exe | N/A |
| File created | C:\Program Files (x86)\Windows Live\Installer\LangSelectorLang.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Windows Live\Shared\wldcore.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Windows Live\.cache\2e902f001da9c0d0b\soxe.core.msi | C:\Users\Admin\AppData\Local\Temp\wlsetup-all.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\Windows Live\SQMAPI.DLL | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Windows Live\.cache\2cda32001da9c0d05\crt110.msi | C:\Users\Admin\AppData\Local\Temp\wlsetup-all.exe | N/A |
| File created | C:\Program Files (x86)\Windows Live\Installer\wlarp.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Windows Live\Contacts\conproxy.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Windows Live\.cache\2c03f6401da9c0d02\DSETUP.dll | C:\Users\Admin\AppData\Local\Temp\wlsetup-all.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Windows Live\.cache\2f2162e01da9c0d0e\d3dx10-x86.msi | C:\Users\Admin\AppData\Local\Temp\wlsetup-all.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLive48x48.png | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Windows Live\.cache\2c2a0c401da9c0d03\dsetup32.dll | C:\Users\Admin\AppData\Local\Temp\wlsetup-all.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\Windows Live\wlidcli.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Windows Live\Installer\defmgr.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Windows Live\.cache\2b9415a01da9c0d01\dxupdate.cab | C:\Users\Admin\AppData\Local\Temp\wlsetup-all.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Windows Live\.cache\2c2a0c401da9c0d03\DXSETUP.exe | C:\Users\Admin\AppData\Local\Temp\wlsetup-all.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Windows Live\.cache\2b9415a01da9c0d01\DEC2006_d3dx9_32_x64.cab | C:\Users\Admin\AppData\Local\Temp\wlsetup-all.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Windows Live\.cache\2b9415a01da9c0d01\DSETUP.dll | C:\Users\Admin\AppData\Local\Temp\wlsetup-all.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Windows Live\.cache\3112e2401da9c0d11\SQLServerCE31-EN.msi | C:\Users\Admin\AppData\Local\Temp\wlsetup-all.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\Windows Live\msidcrl40.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Windows Live\Installer\wlsettingslang.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Windows Live\.cache\2eaa5e201da9c0d0c\Contacts.msi | C:\Users\Admin\AppData\Local\Temp\wlsetup-all.exe | N/A |
| File created | C:\Program Files (x86)\Windows Live\Installer\LangSelectorRes.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Windows Live\SOXE\wlsoxe.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Live\Shared\sqmapi.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Windows Live\.cache\32ec93e01da9c0d14\MovieMaker.msi | C:\Users\Admin\AppData\Local\Temp\wlsetup-all.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Windows Live\.cache\2d02a9601da9c0d06\crt110_amd64.msi | C:\Users\Admin\AppData\Local\Temp\wlsetup-all.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Windows Live\.cache\wlc365F.tmp | C:\Users\Admin\AppData\Local\Temp\wlsetup-all.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Windows Live\.cache\30ac87201da9c0d10\PhotoCommon.msi | C:\Users\Admin\AppData\Local\Temp\wlsetup-all.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Windows Live\.cache\34e9fa201da9c0d18\MovieMakerLang.msi | C:\Users\Admin\AppData\Local\Temp\wlsetup-all.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDPROV.DLL | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Windows Live\Contacts\abssm.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Windows Live\Contacts\lmcdata.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Windows Live\Shared\wlidux.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Windows Live\Shared\uxctlloc.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Live\Installer\wlsettingsres.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Windows Live\.cache\2b9415a01da9c0d01\DEC2006_d3dx9_32_x86.cab | C:\Users\Admin\AppData\Local\Temp\wlsetup-all.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Windows Live\.cache\2b9415a01da9c0d01\dsetup32.dll | C:\Users\Admin\AppData\Local\Temp\wlsetup-all.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\wlidcli.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Windows Live\Installer\wlupdate.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Live\Installer\wlarp.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Windows Live\.cache\2d23fca01da9c0d07\wllogin_wlx-x64.msi | C:\Users\Admin\AppData\Local\Temp\wlsetup-all.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Windows Live\.cache\2dabab001da9c0d08\WLXSuite.msi | C:\Users\Admin\AppData\Local\Temp\wlsetup-all.exe | N/A |
| File created | C:\Program Files (x86)\Windows Live\Contacts\condb.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Windows Live\Installer\en\startuplang.dll.mui | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Live\Installer\settingshc.thm | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Live\Shared\wlbici.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Windows Live\.cache\33c531001da9c0d15\WLXSuiteLang.msi | C:\Users\Admin\AppData\Local\Temp\wlsetup-all.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Installer\$PatchCache$\Managed\8CDD41E806AE81E43B3E917301D4B5AD\16.4.1108\F_CENTRAL_atl110_x86.F9D0B380_EB85_31D4_96AC_C6CB40086A55 | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\f76df96.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI341E.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20240501212055588.0\vcomp90.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI78F6.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.ev1 | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20240501211933500.0\8.0.50727.42.policy | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\f76dfb3.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.ev1 | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\Installer\f76dfb1.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\InstallTemp\20240501212101406.0 | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\f76df86.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\InstallTemp\20240501211921863.0 | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\F187AF9E08E3993428A5DAE3112CC877\16.4.1109\F_CENTRAL_msvcp110_x64.4006A2C6_1BD5_3759_9C0C_17A8FFBF6E3C | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20240501212055588.0\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa.cat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20240501212055634.0\9.0.30729.4148.cat | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI5937.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\f76e002.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\f76e006.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20240501211921863.0\vcomp90.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\F187AF9E08E3993428A5DAE3112CC877\16.4.1109\F_CENTRAL_vcomp110_x64.4006A2C6_1BD5_3759_9C0C_17A8FFBF6E3C | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\f76df9e.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\f76df9f.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20240501211933329.0\msvcr80.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20240501211933329.0\msvcp80.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI5E9A.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20240501212101406.0\msvcp80.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.ev3 | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20240501211921052.1\9.0.30729.4148.policy | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\f76df8f.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\f76dfaa.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.ev1 | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\InstallTemp\20240501212055634.0 | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\WindowsUpdate.log | C:\Users\Admin\AppData\Local\Temp\wlsetup-all.exe | N/A |
| File opened for modification | C:\Windows\Installer\f76df8f.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\8CDD41E806AE81E43B3E917301D4B5AD\16.4.1108 | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\InstallTemp\20240501212101484.0 | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20240501212102732.0\amd64_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3fea50ad.manifest | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\f76e020.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\f76dfaf.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\f76dfbb.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\f76dfc4.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.ev1 | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20240501212100158.0\msvcm80.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20240501212101406.0\amd64_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3fea50ad.cat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20240501212101406.0\msvcm80.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20240501212102748.0\8.0.50727.42.policy | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\InstallTemp\20240501211921052.1 | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\f76dfa7.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI28EF.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\f76e01e.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\f76e021.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\f76e000.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\f76df8e.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIF2CF.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI1084.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI76A2.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\f76dfaf.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\f76dff1.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\f76dff4.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.ev1 | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI55EA.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\f76e016.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Logs\DXError.log | C:\Program Files (x86)\Common Files\Windows Live\.cache\2b9415a01da9c0d01\DXSETUP.exe | N/A |
Enumerates physical storage devices
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{380689D0-AFAA-47E6-B80E-A33436FE314B}\ = "Windows Live Contact Database" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{380689D0-AFAA-47E6-B80E-A33436FE314B}\AppName = "wlcomm.exe" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{380689D0-AFAA-47E6-B80E-A33436FE314B}\Policy = "3" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9019d14b-638d-4383-bb95-441b7f57eafb}\AppName = "wlstartup.exe" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{380689D0-AFAA-47E6-B80E-A33436FE314B} | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9019d14b-638d-4383-bb95-441b7f57eafb}\Policy = "3" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{380689D0-AFAA-47E6-B80E-A33436FE314B}\AppPath = "C:\\Program Files (x86)\\Windows Live\\Contacts\\" | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{380689D0-AFAA-47E6-B80E-A33436FE314B} | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9019d14b-638d-4383-bb95-441b7f57eafb} | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9019d14b-638d-4383-bb95-441b7f57eafb} | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9019d14b-638d-4383-bb95-441b7f57eafb}\AppPath = "C:\\Program Files (x86)\\Windows Live\\Installer\\" | C:\Windows\system32\msiexec.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\3E | C:\Windows\system32\msiexec.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2E | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\3F\52C64B7E\@%SystemRoot%\system32\p2pcollab.dll,-8042 = "Peer to Peer Trust" | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\30 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\34\52C64B7E\@%SystemRoot%\system32\dnsapi.dll,-103 = "Domain Name System (DNS) Server Trust" | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\40 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\4A | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Windows\system32\DrvInst.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2F | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\35 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\3E | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2F | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\42 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\C8BD9F007D5674D4BAF56F89EE8385D0\UXPlatformEngine | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{CE9495E7-76C2-487A-85C0-2F7127CF359E}\TypeLib | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8CDD41E806AE81E43B3E917301D4B5AD\AdvertiseFlags = "388" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{38604C20-4F74-42EE-B3D3-F1E71F6AC7A3}\NumMethods\ = "4" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B5DD65CE-E26E-4AA0-B42F-87F023C4AD8F}\ProxyStubClsid32\ = "{35C08979-C203-494E-A780-A5ADC524204D}" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Wow6432Node\Interface\{FACA22DC-24BB-4510-A331-D00BF666E93A}\NumMethods | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\80316C14DFC645D4BAA61763DE801AE8\Version = "268701128" | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C18BC956E45B1FD46B813F757793A345\SourceList\Media | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A5FA3C16-EA68-4A02-AC07-7C64D64B6E7F}\ = "ILiveIdentityCollection" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{833C2961-83F0-4C4D-B823-8A1C6A124E06}\TypeLib\Version = "10.4" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Wow6432Node\Interface\{CE9495E7-76C2-487A-85C0-2F7127CF359E}\TypeLib | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{54C41A85-7052-45F0-98DF-85026B42DBEB}\ = "ILiveSocialNewsLayoutStyle" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1FB58AE3-5A90-4A37-A042-A96326CBF9F5}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A5FA3C01-EA68-4A02-AC07-7C64D64B6E7F}\ = "ILiveObjectCapabilities" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Installer\Products\00BA1CDCFF107CF418A6616CF790320C\SourceList | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6E098B5-BA1D-4889-AFD6-81B2240718B6}\ProxyStubClsid32\ = "{79FD7442-008F-42D9-ADFA-377C441D2DB1}" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\80316C14DFC645D4BAA61763DE801AE8\SourceList\Media | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{67AE970E-C42D-49B8-AB99-95AC0E15CAB9}\TypeLib | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A70EA5C4-E28B-428A-B1BD-B0D62885791D}\InprocServer32\ = "C:\\Program Files (x86)\\Windows Live\\Contacts\\condb.dll" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Wow6432Node\Interface\{600FA301-4E2D-4C85-989D-5CA19A41D121} | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{5EF4EFFC-F4FE-4713-A1A3-DBE27FBA933C}\TypeLib\Version = "10.4" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{5EF4EFFC-F4FE-4713-A1A3-DBE27FBA933C}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\IDBHO.IDBrowserExtension\CLSID\ = "{9030D464-4C02-4ABF-8ECC-5164760863C6}" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2963CA54-9E17-4CBC-9740-0B1FB98BDE0A}\TypeLib\ = "{79AA1567-79A4-43C5-BED0-F330F8325673}" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Wow6432Node\Interface\{600FA322-4E2D-4C85-989D-5CA19A41D121} | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A5FA3C05-EA68-4A02-AC07-7C64D64B6E7F} | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\IDBHO.IDBrowserExtension.1\CLSID\ = "{9030D464-4C02-4ABF-8ECC-5164760863C6}" | C:\Windows\system32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A98858BE-062E-41FD-B46A-E1BA5F61794B}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Wow6432Node\Interface\{03D3195D-E2BA-4E45-968D-77D1331F32E6}\NumMethods | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AA53D40C-1BFF-4851-9A72-C9415FA608BE}\TypeLib\ = "{79AA1567-79A4-43C5-BED0-F330F8325673}" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{CB2B9D05-3D33-4560-905A-A75CBBBC923C}\ = "ILiveUniversityEntry" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{CB2B9D05-3D33-4560-905A-A75CBBBC923C}\NumMethods\ = "15" | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{223B3D1D-5A22-49C7-BE2F-D951BF48E563}\NumMethods | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D8851A32-AE00-43E6-ACA1-A146384C18B0}\NumMethods | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Wow6432Node\Interface\{03D3195D-E2BA-4E45-968D-77D1331F32E6} | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Wow6432Node\Interface\{CE9495E2-76C2-487A-85C0-2F7127CF359E}\NumMethods | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\7BD4C90EC03660F46A13E87A329932FA\SourceList\Media | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Installer\Products\D9185B6607EDEB244BF079F8AB2154E2\SourceList | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3519154C-227E-47F3-9CC9-12C3F05817F1}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{041AA786-8E0C-44A0-A705-8E150930EE0C}\ProxyStubClsid\ = "{00020424-0000-0000-C000-000000000046}" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Wow6432Node\Interface\{A5FA3C05-EA68-4A02-AC07-7C64D64B6E7F}\TypeLib | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{121932AD-6881-46E4-BCA8-9155A87E77F9}\1.0\0\win32\ = "C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\Windows Live\\wlidcli.dll" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{34CD8C45-56A0-4200-933F-38035ED7F7FC}\InprocServer32\ = "C:\\Program Files (x86)\\Windows Live\\Contacts\\conmigrate.dll" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Wow6432Node\Interface\{600FA308-4E2D-4C85-989D-5CA19A41D121} | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A5FA3C12-EA68-4A02-AC07-7C64D64B6E7F}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{600FA307-4E2D-4C85-989D-5CA19A41D121}\ = "ILiveWebsiteEntry" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Wow6432Node\Interface\{60EC79B1-4742-4665-93CB-32F8FD795185}\NumMethods | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A5FA3D17-EA68-4A02-AC07-7C64D64B6E7F}\NumMethods | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A5FA3C17-EA68-4A02-AC07-7C64D64B6E7F} | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4FC85C9A-E172-4383-93AD-193BE997B279}\NumMethods | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\000021599B0090400100000000F01FEC\SourceList\Net\1 = "C:\\Program Files (x86)\\Common Files\\Windows Live\\.cache\\2e35bac01da9c0d09\\" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\000021599B0090400100000000F01FEC\SourceList\LastUsedSource = "n;1;C:\\Program Files (x86)\\Common Files\\Windows Live\\.cache\\2e35bac01da9c0d09\\" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Wow6432Node\Interface\{041AA786-8E0C-44A0-A705-8E150930EE0C}\ProxyStubClsid32 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Wow6432Node\Interface\{9C0117DA-D42A-4E43-92A9-C3D0ADD63BFE} | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{600FA302-4E2D-4C85-989D-5CA19A41D121}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A0F97DCA-FFA8-48DE-AB20-7782040C67A9}\TypeLib\Version = "10.4" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Wow6432Node\Interface\{6126F664-B01E-4E86-AD3A-98990F902B63}\ProxyStubClsid32 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{FD609BF1-0E01-403F-8F20-EA238F5CDCC3}\1.0\FLAGS\ = "0" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9A931F6C-2846-46D9-B7E0-9235D57C87B8}\InprocServer32\ThreadingModel = "Both" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Wow6432Node\Interface\{A5FA3C18-EA68-4A02-AC07-7C64D64B6E7F}\NumMethods | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{49B4E48B-4FE9-4C0A-AF58-946EB29A1E13}\TypeLib\ = "{A5FA3C00-EA68-4A02-AC07-7C64D64B6E7F}" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D2517915-48CE-4286-970F-921E881B8C5C}\InprocServer32 | C:\Windows\system32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{A98858BE-062E-41FD-B46A-E1BA5F61794B}\TypeLib | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{1FB58AE3-5A90-4A37-A042-A96326CBF9F5}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Windows Live ID Token Issuer\Certificates\7F8E8604ABE7983D5FCD32E1F388CAD3A699585D\Blob = 0300000001000000140000007f8e8604abe7983d5fcd32e1f388cad3a699585d2000000001000000200300003082031c308202dca003020102020900ab3e152c24c9e721300906072a8648ce38040330233121301f06035504031318546f6b656e205369676e696e67205075626c6963204b6579301e170d3131303531373231303534315a170d3136303531353231303534315a30233121301f06035504031318546f6b656e205369676e696e67205075626c6963204b6579308201b83082012c06072a8648ce3804013082011f02818100fabeebcbad8d8a07e339cbec6804e7cfcd7b7bc8c6590a4182ad7801510a1b8bc676d72eb0c83dd38e53378ff1eba7caec1a6334bc6aa7b71c6d024c81ac7eec5f7dec2d9ab0b3449fad6756f376d670dd880e97795305084b207fda38eaf7a126f3463a18aa7c9a6c2954a31471d3303a9ad01eeebe4424abceb8203b64a24b021500d431c3ef6780b96e0f2947eadcecb1d613635e7502818100df0d23c50ff45163d2320f6943b2c479c030c68b73455c6c63f42ba020c45e758148e639dbcfb57aab0f5a902f924b7c5de649c479300021fb2bee4fc3d773c06935a99a27f681f5f1750c46160312c13b5225ff30f9f69efe84cbbfffb929d24111a41ceaa62d46dd32309a72a0209e82b06de38c3bc32993d141cd2d1790f00381850002818100f9b0f1cf36bddfca9847b4f6af93caa66a0c03d6f1f7b48d431a31c9655b7a7eb6553b16bb3d40e83ff0526b24bc24b9adc10b9d805ca920fed465127922f0e0cf946a32e4d7141ca3ae56c8bce58df0fb848c8db9904390da74ec92bea5ac61c77c179d07a380501d9d5acc0d416b06c5fdd861b78e648ba03f4145ed39778fa38198308195301d0603551d0e041604146884a8968565915fcfe091a48141a38338eb552030530603551d23044c304a80146884a8968565915fcfe091a48141a38338eb5520a127a42530233121301f06035504031318546f6b656e205369676e696e67205075626c6963204b6579820900ab3e152c24c9e72130120603551d130101ff040830060101ff020100300b0603551d0f0404030201c6300906072a8648ce380403032f00302c02142b3e13b30a01482a3ac4cd33b53882477cab460a02140cbacb849f1a2844cb5e5a0fe8b4e556f4ecf821 | C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Windows Live ID Token Issuer\Certificates | C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Windows Live ID Token Issuer\CTLs | C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Windows Live ID Token Issuer\Certificates\EFF588CF6F8EA3434E8EC3ECD31D11D9A3805421\Blob = 030000000100000014000000eff588cf6f8ea3434e8ec3ecd31d11d9a38054212000000001000000200300003082031c308202dba003020102020900d8e9f71464f4b781300906072a8648ce38040330233121301f06035504031318546f6b656e205369676e696e67205075626c6963204b6579301e170d3038303730393032303931345a170d3133303730383032303931345a30233121301f06035504031318546f6b656e205369676e696e67205075626c6963204b6579308201b73082012b06072a8648ce3804013082011e02818100b4b4ca5c74226505250710a306600f517f531b63c227d8981fa1134febef3bb2fa65977410c3f8ab9cb0f116982fd836a688e1a7cf9850e27b719f3ac84b9327317fe89b19d4d321d989a9f3310d7ccdc3671ecbf86f121c3ff132a52ba824f32b990d35f3ad6ef042fad7d9e0ae50bbe5808e367bc89bc070e366c565c533d9021500f998b616779da552b83162782400451be24e74ff0281802092e5ef0cedb0d4a8bb8a200ce6e530f4f167ecff6c4c5597927e7cd6f0a74018e37766478ce455c5c9fd738a1b96624fc3fa8999a03aac37b849a68dafc388f708a0ef07a69317951c4c6edd285d16fc0fae19c54551b63d1d40546f80b426a68481c09c4e7682087d55d5290de5400f94061ad0c27b97ad894f231b4f3e0c0381850002818100aa0bb040d7968a48941dc0a39b6c223df1a9879adffff1af6452409ef9e933d0bcf8b29db66ecc7d8f168d1249177f3d436999aeb91c7d951613a259eea227ce11ca177931d670d04e67e0f53b28451671fb4d74780ab34c7d07c54d7565fe1b5ad4ef63229922c79791ce285eab021645f0e1a524ddc475de33b5d89165f553a38198308195301d0603551d0e041604149046b506bf3542f9f0c64e4b842f7ca629522fc830530603551d23044c304a80149046b506bf3542f9f0c64e4b842f7ca629522fc8a127a42530233121301f06035504031318546f6b656e205369676e696e67205075626c6963204b6579820900d8e9f71464f4b78130120603551d130101ff040830060101ff020100300b0603551d0f0404030201c6300906072a8648ce380403033000302d021500ae1432cdbf8f7a98f358c3995165ebdc8e241d7a02141f102cd6a29ff5b907bd0d9e4bf3bbd74e062271 | C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Windows Live ID Token Issuer\Certificates\7F8E8604ABE7983D5FCD32E1F388CAD3A699585D | C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436 | C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde | C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\SystemCertificates\Windows Live ID Token Issuer | C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Windows Live ID Token Issuer\CRLs | C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Windows Live ID Token Issuer\Certificates\EFF588CF6F8EA3434E8EC3ECD31D11D9A3805421 | C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\wlsetup-all.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\wlsetup-all.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\wlsetup-all.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\wlsetup-all.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\wlsetup-all.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\wlsetup-all.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\wlsetup-all.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\wlsetup-all.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\wlsetup-all.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\wlsetup-all.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\wlsetup-all.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\wlsetup-all.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\wlsetup-all.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\wlsetup-all.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Processes
C:\Users\Admin\AppData\Local\Temp\wlsetup-all.exe
"C:\Users\Admin\AppData\Local\Temp\wlsetup-all.exe"
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\fitwt5p9\wo0fjwif.exe
wo0fjwif.exe 9ebbqp46.tmp
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\sjs6u1ka\rbqe3gfm.exe
rbqe3gfm.exe p6sq8e49.tmp
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\ee9haizg\di7e0ahy.exe
di7e0ahy.exe df0b55sb.tmp
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\upcq8e52\184zj9ia.exe
184zj9ia.exe 0izv4oqs.tmp
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\k08fh1uh\mu6qmonn.exe
mu6qmonn.exe 4g9meetl.tmp
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\fz93q79p\jxv65irx.exe
jxv65irx.exe 98jfsklz.tmp
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\ufv5c77y\tu5u6c20.exe
tu5u6c20.exe 9b1i0452.tmp
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\kfsgzlok\mjw0cvj2.exe
mjw0cvj2.exe dm7263hs.tmp
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\2rzhuhws\2icsjonv.exe
2icsjonv.exe qksplpbg.tmp
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\g384t7qt\5dzjneqf.exe
5dzjneqf.exe hqjhuf46.tmp
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\k5nk10c0\qfpvjqjx.exe
qfpvjqjx.exe sepefsmr.tmp
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\ik2mrzyh\l10ovy3z.exe
l10ovy3z.exe 5dm2tpwf.tmp
C:\Windows\system32\DrvInst.exe
DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "0000000000000398" "00000000000002FC"
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\uvkxe7br\nvj6sl4x.exe
nvj6sl4x.exe ei0ypx8y.tmp
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\hb8ochof\2sr3323w.exe
2sr3323w.exe zfdmeo1b.tmp
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\ibob14bn\jpus6ap5.exe
jpus6ap5.exe asaox2s0.tmp
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\hdwgc46e\s6a67sxc.exe
s6a67sxc.exe iz1s8syw.tmp
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\m75ycokg\sy2191tc.exe
sy2191tc.exe 6jeinh8s.tmp
C:\Program Files (x86)\Common Files\Windows Live\.cache\2b9415a01da9c0d01\DXSETUP.exe
"C:\Program Files (x86)\Common Files\Windows Live\.cache\2b9415a01da9c0d01\DXSETUP.exe" /silent
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\6c71nvb4\alow1p1y.exe
alow1p1y.exe idbci02g.tmp
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\cdezu1l5\pfpy743u.exe
pfpy743u.exe jogj9l3y.tmp
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\cr14axp4\dqx5vas5.exe
dqx5vas5.exe vub3v8bo.tmp
C:\Windows\system32\DrvInst.exe
DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot20" "" "" "65dbac317" "0000000000000000" "00000000000004D4" "0000000000000060"
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\whqje3rs\rl6x4n1l.exe
rl6x4n1l.exe qx7p78ir.tmp
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\emsdakm7\i7dxptx7.exe
i7dxptx7.exe yydjnl1p.tmp
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\7sxh4hao\c1xpt3eu.exe
c1xpt3eu.exe b0ubw4u5.tmp
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\nundsn1a\tbkkujb9.exe
tbkkujb9.exe ys6l735q.tmp
C:\Program Files (x86)\Common Files\Windows Live\.cache\2c03f6401da9c0d02\DXSETUP.exe
"C:\Program Files (x86)\Common Files\Windows Live\.cache\2c03f6401da9c0d02\DXSETUP.exe" /silent
C:\Windows\system32\DrvInst.exe
DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot21" "" "" "6f9bf5bcb" "0000000000000000" "0000000000000398" "0000000000000060"
C:\Program Files (x86)\Common Files\Windows Live\.cache\2c2a0c401da9c0d03\DXSETUP.exe
"C:\Program Files (x86)\Common Files\Windows Live\.cache\2c2a0c401da9c0d03\DXSETUP.exe" /silent
C:\Windows\system32\DrvInst.exe
DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot22" "" "" "695c3f483" "0000000000000000" "00000000000002FC" "00000000000005AC"
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\syswow64\MsiExec.exe
"C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll"
C:\Windows\system32\MsiExec.exe
"C:\Windows\system32\MsiExec.exe" /Y "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll"
C:\Windows\Installer\MSIF21F.tmp
"C:\Windows\Installer\MSIF21F.tmp" reg.exe add "HKLM\SOFTWARE\Microsoft\Function Discovery\Categories\Layered\Microsoft.OnlineProvider.Devices\WindowsLive" /v 00000000 /d "<categoryMetadata name=\"WindowsLive Devices\"><queryDefinition><category identity=\"Provider\Microsoft.WindowsLive.Devices\"/></queryDefinition></categoryMetadata>" /t REG_SZ /f
C:\Windows\system32\reg.exe
reg.exe add "HKLM\SOFTWARE\Microsoft\Function Discovery\Categories\Layered\Microsoft.OnlineProvider.Devices\WindowsLive" /v 00000000 /d "<categoryMetadata name=\"WindowsLive Devices\"><queryDefinition><category identity=\"Provider\Microsoft.WindowsLive.Devices\"/></queryDefinition></categoryMetadata>" /t REG_SZ /f
C:\Windows\system32\MsiExec.exe
C:\Windows\system32\MsiExec.exe -Embedding 57B2CEE94271DD91C17185B663318659 M Global\MSI0000
C:\Windows\Installer\MSIF260.tmp
"C:\Windows\Installer\MSIF260.tmp" reg.exe add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Function Discovery\Categories\Layered\Microsoft.OnlineProvider.Devices\WindowsLive" /v 00000000 /d "<categoryMetadata name=\"WindowsLive Devices\"><queryDefinition><category identity=\"Provider\Microsoft.WindowsLive.Devices\"/></queryDefinition></categoryMetadata>" /t REG_SZ /f
C:\Windows\system32\reg.exe
reg.exe add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Function Discovery\Categories\Layered\Microsoft.OnlineProvider.Devices\WindowsLive" /v 00000000 /d "<categoryMetadata name=\"WindowsLive Devices\"><queryDefinition><category identity=\"Provider\Microsoft.WindowsLive.Devices\"/></queryDefinition></categoryMetadata>" /t REG_SZ /f
C:\Windows\system32\regsvr32.exe
regsvr32.exe /s "C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDPROV.DLL"
C:\Windows\SysWOW64\regsvr32.exe
/s "C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDPROV.DLL"
C:\Windows\system32\regsvr32.exe
regsvr32.exe /s "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDPROV.DLL"
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
WLIDSvcM.exe 3056
C:\Windows\system32\regsvr32.exe
regsvr32.exe /s "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL"
C:\Windows\system32\regsvr32.exe
regsvr32.exe /s "C:\Windows\system32\LIVESSP.DLL"
C:\Windows\system32\regsvr32.exe
regsvr32.exe /s "C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL"
C:\Windows\SysWOW64\regsvr32.exe
/s "C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL"
C:\Windows\system32\regsvr32.exe
regsvr32.exe /s "C:\Windows\SysWOW64\LIVESSP.DLL"
C:\Windows\SysWOW64\regsvr32.exe
/s "C:\Windows\SysWOW64\LIVESSP.DLL"
C:\Windows\system32\DrvInst.exe
DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot23" "" "" "631c88d3b" "0000000000000000" "000000000000059C" "00000000000005EC"
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding AE2DA83CD0DCD4C45E81B62297517417
C:\Windows\system32\MsiExec.exe
C:\Windows\system32\MsiExec.exe -Embedding 18C7461CD3BA385E53DF037B25551734
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 7D27A476D9A605C9DB2732209033E1F8 M Global\MSI0000
C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\SysWOW64\schtasks.exe" /Create /tn "Microsoft\Windows Live\SOXE\Extractor Definitions Update Task" /xml "C:\ProgramData\Microsoft\Windows Live\SOXE\updaterTask.xml" /F
C:\Windows\system32\DrvInst.exe
DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot24" "" "" "6cdcd25f3" "0000000000000000" "00000000000004C8" "00000000000005B0"
C:\Program Files (x86)\Common Files\Windows Live\.cache\2b9415a01da9c0d01\DXSETUP.exe
"C:\Program Files (x86)\Common Files\Windows Live\.cache\2b9415a01da9c0d01\DXSETUP.exe" /silent
C:\Windows\system32\DrvInst.exe
DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot25" "" "" "669d1bea7" "0000000000000000" "00000000000005CC" "00000000000003F8"
C:\Users\Admin\AppData\Local\Temp\DX233A.tmp\infinst.exe
C:\Users\Admin\AppData\Local\Temp\DX233A.tmp\infinst.exe d3dx9_32_x64.inf
C:\Program Files (x86)\Common Files\Windows Live\.cache\2c03f6401da9c0d02\DXSETUP.exe
"C:\Program Files (x86)\Common Files\Windows Live\.cache\2c03f6401da9c0d02\DXSETUP.exe" /silent
C:\Windows\system32\DrvInst.exe
DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot26" "" "" "605d6575f" "0000000000000000" "00000000000004C8" "000000000000054C"
C:\Users\Admin\AppData\Local\Temp\DX360E.tmp\infinst.exe
C:\Users\Admin\AppData\Local\Temp\DX360E.tmp\infinst.exe d3dx10_42_x64.inf
C:\Program Files (x86)\Common Files\Windows Live\.cache\2c2a0c401da9c0d03\DXSETUP.exe
"C:\Program Files (x86)\Common Files\Windows Live\.cache\2c2a0c401da9c0d03\DXSETUP.exe" /silent
C:\Windows\system32\DrvInst.exe
DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot27" "" "" "6a1daf017" "0000000000000000" "00000000000005B0" "000000000000054C"
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding EDF3A7FC0EC724E1DCDEC212A78129DB
C:\Windows\system32\MsiExec.exe
C:\Windows\system32\MsiExec.exe -Embedding 891047FD0FC295568177BDE41B183FE7
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding F796735C152BA458F1A1A398D3CC8502 M Global\MSI0000
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 5C24A50E00747180B783A7A8A85100B7
C:\Windows\system32\MsiExec.exe
C:\Windows\system32\MsiExec.exe -Embedding AD12D0B37060EC2799972D1E5459C0D0
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding E184D060635EEEF5EE298E17CF41B4DC M Global\MSI0000
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 42246E9404D2C286FCCC4D4E1CBB2EF9
C:\Windows\system32\MsiExec.exe
C:\Windows\system32\MsiExec.exe -Embedding C18E2BE400811EC5E95FAD310D2F1719
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 122E887EF4C53E053ACBBDD9B963CDA4 M Global\MSI0000
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding C5A0F98D1E3CC0C0B2A06A5145D7BBF4 M Global\MSI0000
C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\SysWOW64\schtasks.exe" /Create /tn "Microsoft\Windows Live\SOXE\Extractor Definitions Update Task" /xml "C:\ProgramData\Microsoft\Windows Live\SOXE\updaterTask.xml" /F
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | udp | |
| IE | 68.219.88.225:80 | g.live.com | tcp |
| US | 8.8.8.8:53 | www.msn.com | udp |
| US | 204.79.197.203:80 | www.msn.com | tcp |
| US | 204.79.197.203:443 | www.msn.com | tcp |
| US | 204.79.197.203:443 | www.msn.com | tcp |
| US | 204.79.197.203:443 | www.msn.com | tcp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| US | 2.18.190.71:80 | crl.microsoft.com | tcp |
| US | 204.79.197.203:443 | www.msn.com | tcp |
| US | 204.79.197.203:443 | www.msn.com | tcp |
| US | 204.79.197.203:443 | www.msn.com | tcp |
| US | 204.79.197.203:443 | www.msn.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.203:443 | www.msn.com | tcp |
| US | 204.79.197.203:443 | www.msn.com | tcp |
| US | 204.79.197.203:443 | www.msn.com | tcp |
| US | 204.79.197.203:443 | www.msn.com | tcp |
| US | 204.79.197.203:443 | www.msn.com | tcp |
| US | 204.79.197.203:443 | www.msn.com | tcp |
| US | 204.79.197.203:443 | www.msn.com | tcp |
| US | 204.79.197.203:443 | www.msn.com | tcp |
| US | 204.79.197.203:443 | www.msn.com | tcp |
| US | 204.79.197.203:443 | www.msn.com | tcp |
| US | 204.79.197.203:443 | www.msn.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\050121~1\tmp3478.tmp
| MD5 | 8274c233094ab59f40135619f32848cc |
| SHA1 | cb588154fc7e951e0199d2a56dc494010e7a994f |
| SHA256 | ac1a5b92fc478ed69aec3d94c6c0ba328789bb4e44a9c56598a4f961edfcb09c |
| SHA512 | 08434975e41233ac9efe507d87743fa3962321b2b556b1066514745d9a885f62ceab2d0bb6eb8d045186e5b9d1efee561851a7fdd5726495658ebf4d7693d105 |
C:\PROGRA~3\MICROS~1\WLSetup\wlt35E1.tmp
| MD5 | cbf9a63a3faccbb98f8056b9ee1118e3 |
| SHA1 | 2a1404023097cdfc07a578e0a8b5b5abe4db7b90 |
| SHA256 | 21679dca7b22f90fb864b4a30d7ef032710804b04bfd9c369305f50d8ad6e81c |
| SHA512 | b20458b6c80503e62a282c872dfa4fb40b53bbc079ab43ce721f47910b72cc7e5cb77123b5da8e4b72fb0a2b87b4151bd5467ef7fa2f7424ed49762b25184d47 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Tar38A8.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Program Files (x86)\Common Files\Windows Live\.cache\cache.ini
| MD5 | 6bba5a7ea205b00474d9073b1a75f67e |
| SHA1 | 6f501f39be35fd6e29753a7e648d1f040e733bcf |
| SHA256 | e63258d9621253183e15b4ae01438f85cd94f2391493d127134e3b4d4e00f0b7 |
| SHA512 | 95d23a109c61bac6ca1ca7d6c77ba26d6221f078548353d0c62bf4e9897b3ab7bc3ea3eafe5e2458852f37ab733dc92a9bb4101eee01a67bf6c8f67c761158e7 |
C:\PROGRA~3\MICROS~1\WLSetup\wlt77DC.tmp
| MD5 | 6df4dd5ef40cdb035d1851ecb495d498 |
| SHA1 | 5c8752da038c7218d6d3bb2d0217f1a40a2a2da3 |
| SHA256 | cd4a58a31dd7dbabffbff3a16f1771e500480b6054581ab9f5c6c029807931df |
| SHA512 | 8f6ed579df5822869c9f16f579ffb32be3c2218b7b898b97976d1f9099fc47d6703740fc9e6894328eda42c8f141b579c8ea3f074214a5b73a3284d67279a75e |
\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\fitwt5p9\wo0fjwif.exe
| MD5 | b3695953f17eb4ef1c67422007304546 |
| SHA1 | a4915419b346f11d304f337f4e9bb627be5171ea |
| SHA256 | 650b8d8737e5565709c740508b41b187720eaa32edd12f8b66bacc27f2270953 |
| SHA512 | 73b5aab985ca473b88d2efb3386a0c22eec12c035bf6f89e23905d58e6e5cd83d71ecf2909e06d661011da4987badc1b5a071613980260c5bc75a9e48ee93db2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\fitwt5p9\9ebbqp46.tmp
| MD5 | a6bcdb8f4c2995fdd878db23f9d800f1 |
| SHA1 | 3d58e01f26811095e7ab09ef7ca117ffbb831276 |
| SHA256 | ef36704ed00de8491b983b191968fbb8a06d17af675de19dcf0506edee8f26be |
| SHA512 | 5f6fcf82275b567b56b59f1e9485102a6c7fa94b63d3b1f72501f498d82802b5d9d1f8650cd82e489d0616573a58ce808e1c9021ac01b2e9b8f9ec5d3e567812 |
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\fitwt5p9\D3DX9.cab
| MD5 | 692b02ad89ed82727a47247556320ea8 |
| SHA1 | cfb54a9792ca16d8fb8c35513015abd5ae996ea0 |
| SHA256 | ada3f11e2be0f1e9faf4634de6cf5f95eebb65d24ec6b9220b479b70fe584be2 |
| SHA512 | 1a9165fe1001671ab3d3f8bc9eb7532b95848c7b0582e3aad8bad53ed90dbbca0a6df1fa154afac9f4d18184a51422ca72131e92cb977ec3e25d2d860814229a |
C:\PROGRA~3\MICROS~1\WLSetup\wlt7ADB.tmp
| MD5 | 02136a305a5fcbc5b31373cb489a1a34 |
| SHA1 | c6d9d7390c781ddce4d972bc92f57a00952f32b4 |
| SHA256 | 0de72fad2d446e5a49da3e8f2193dd20eedc5efc15de5f628b6f84cb58d7b00f |
| SHA512 | 1bc2e54b11e6eeca047804d77eb7f7ec9f0f3dd539e5a8ae2b7dced5653c985dcc25eec9f0f65153935f06b8d4b36f21d00c53cdaf32773e93a4bb3e244e36f5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\sjs6u1ka\p6sq8e49.tmp
| MD5 | 0edc6461b2b7af6dcec4a152c6d12797 |
| SHA1 | 0c0f0df6223a061e7661d772761020ac2e2e06a2 |
| SHA256 | 5a754fc90bfa2f60b3a0fbf45e9ff7658f77daa08debb2bdb6ca6c26304bd627 |
| SHA512 | 54a540e6e410fc7740317e494f60c8b12b2b824fe5ede4d5339e79c0cde4ff8db09f1c9c4350cf175cd6898a77e74e8efe5973dc526e3d990380940c01e0a99f |
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\sjs6u1ka\D3DX10_42.cab
| MD5 | 0a1d01413e017982e2d9d819e94b6a11 |
| SHA1 | 9fa93226a928772754a0e30e8872d961a013a7d9 |
| SHA256 | b77ba929b68ba8fdd40209ddf39ad6443b0513b7be639c87f69d8afba90173c7 |
| SHA512 | 881b22755fb56f38cef0d668ef23df14e3ee0e85218cfd485add3d102da25eec5aa00931dea3ff6934077e03d8eb4f93e688518a37ecc7b308c23d443e47253f |
C:\Program Files (x86)\Common Files\Windows Live\.cache\cache.ini
| MD5 | 1da8316d695f9006d0784cec421964b9 |
| SHA1 | d798224e820cb18a31ec8a7d43950148cdf1be9c |
| SHA256 | 67ea91a08497fa0db4f5587c9a13d367a255d5e4d060c1114595a4780208c7bb |
| SHA512 | edb8d537e3c0cf1ffd109c78390d7c13129492e9c4473650ba21ce7ac038f4162eb26d02248a081be485849a128977862e5e8e7da66ce2269caa926cec0375b4 |
C:\PROGRA~3\MICROS~1\WLSetup\wlt7BD6.tmp
| MD5 | 5fb8878a81b4814ccbaa4c9c1a8b5702 |
| SHA1 | f53bcf0dba7960a7e085a4283d8aac8488459e15 |
| SHA256 | 4cbac23a4d6e893d1038bdbe33775924ed9c48ebb6c1e43e70074c8d8b571c21 |
| SHA512 | 9fa503ca6682db982e0138f81972dcf700c7264a6c3f280c68860b10aba68132a9d5a6b60f195e40b971572dbdb0e52b391cd70120c326f2ab7a6ab1c671d43b |
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\ee9haizg\df0b55sb.tmp
| MD5 | 46869c11974313746173fa325517d5d5 |
| SHA1 | ee07cc2700fd628cd55a9083b440efd394803172 |
| SHA256 | 967c62f26e6556453e5a38ec192f02fd25bbb983fdd2c9ccab012528b9001dd7 |
| SHA512 | f273ac7affd55675711335e3d948d94aeb86ef8a06db0b972017f2d08ee6d3efe9ffa5ae0c10d4c3acd32a13895a4b4753a457c11f2a0ac59c1bd49eab528b29 |
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\ee9haizg\D3DX11_43.cab
| MD5 | 169d9f118ff7ddc6fd8388e673c0b72d |
| SHA1 | 23c5bcfdc3e8ea04951805bcf8736f4dfd9b11ae |
| SHA256 | 82670e1c9092db7e00b9c91cf73c7b12251e4714ec66926f3bf616b2ce8df98c |
| SHA512 | 31b02fb847c0c9ac1fd01ff8e802f61d83a9e3197813f181395c7fe53d2e7096be6617ca169af1c827be97fc44c080f2b23d4a4f78e026a6d785ec4552af2ef0 |
C:\Program Files (x86)\Common Files\Windows Live\.cache\2c2a0c401da9c0d03\DSETUP.dll
| MD5 | 9e0711bed229b60a853bcc5d10deaafc |
| SHA1 | 2bea53988bd35c5df5c9edcef0bc234c37289477 |
| SHA256 | def6f245762be36cf18b435ba8b7ebc224b9c21d1a1db606a8e8fafdaa97bba0 |
| SHA512 | c0b31872e52c8f4270d991c70d1a1c9ef9a4bbee4807c54c05a449cd1607506ab16ff1e74b378651b36e3276322c86cd843565c8a1aa33a49c47322ef4df0185 |
C:\Program Files (x86)\Common Files\Windows Live\.cache\2c2a0c401da9c0d03\dsetup32.dll
| MD5 | 0f58ccd58a29827b5d406874360e4c08 |
| SHA1 | ba804292580be6186774e7f92e6dfb104e46bf25 |
| SHA256 | 642d9e7db6d4fc15129f011dce2ea087bf7f7fb015aececf82bf84ff6634a6fb |
| SHA512 | 3e3d4f2de5dc5addc86765a2f888487ea0c9ee0208fac60187ddaa9a2bfd73cfd7734836d32805fa43222470c8f6cb9a10e2a099aef72c67ad7c789096e57ce4 |
C:\Program Files (x86)\Common Files\Windows Live\.cache\2c2a0c401da9c0d03\DXSETUP.exe
| MD5 | ddce338bb173b32024679d61fb4f2ba6 |
| SHA1 | 50e51f7c8802559dd9787b0aebc85f192b7e2563 |
| SHA256 | 046041aba6ba77534c36bb0c2496408d23c6a09f930c46b392f1edc70dfd66de |
| SHA512 | 7a63925278332c8e7949555383b410d8848a7834b85f34d659e351ba78cbe4d2ec09caccb2178d801b9b68725c9cbae48a6a1f07f0804a0c41eb51df79b7eca4 |
C:\Program Files (x86)\Common Files\Windows Live\.cache\2c2a0c401da9c0d03\dxupdate.cab
| MD5 | 8adf5a3c4bd187052bfa92b34220f4e7 |
| SHA1 | b52be74c4489159bd343d3c647f28da1fd13d9b9 |
| SHA256 | 13393a91201e69e70a9f68d21428453fff3951535dec88f879270269cfe54d6f |
| SHA512 | 3e2f2fe4b5742a4cf6ee2f6b8c0ca734fd0b3c5431dff112c907231846dd3eebee7b9b8117f0256119614282cc7a4896474a199563078481d48a1204ca96f92d |
C:\PROGRA~3\MICROS~1\WLSetup\wlt7EF4.tmp
| MD5 | c70d9646c09c2f27ee53b5788419d7f3 |
| SHA1 | f143de048873e4dba0eecb2a34a98ed5998d12c1 |
| SHA256 | 21f718f04df5a024b8db72f5995fd53a7aec14198977d7b418925040af233a0d |
| SHA512 | 6ef9e829118880a9c1c77a36302b8f5305635fe738edd36134fb136c242580fe7a7a3532880364342caf8ce36d0cd17ee97f2de387faac197ce0cd37d5de4ecf |
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\upcq8e52\0izv4oqs.tmp
| MD5 | 4ed866061580d42f96f09c16987462c7 |
| SHA1 | ee69d20909acec25024fdb8680a9dda03ad51d2c |
| SHA256 | 225a26cf9670ab0344b052474fe5ff576c808b53eed275d66efc51d16a149804 |
| SHA512 | 4f9c871a138729e8af4970f7259ee44375de6a949452d0a768938d263b095fd76ebcb4354ce437d96c6c84d0562ff08cb2dd4fa5ace3fa497fb039113dd76e90 |
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\upcq8e52\crt90.cab
| MD5 | 575a2172466e1a8b0f17bb3d64f0fc94 |
| SHA1 | 86778234f14757b95f475dd6cb7fec32ff179cd8 |
| SHA256 | a2ae8965a8502654e7e8458c301dc0225d893a55d3c71b1cbbf6e9c0f3204a8a |
| SHA512 | a79a9e7e2f101487d80de9ab6e4990502fffc932abd41549894bda32ac5707574e9b5ffe9f40f9f075915bb6a4c7d2215c28d461c1cdf45246f202c1121b6cee |
C:\Program Files (x86)\Common Files\Windows Live\.cache\2ca372601da9c0d04\crt90.msi
| MD5 | 1c26a77f50bfca590760bdac24e84e03 |
| SHA1 | 856b931bb34ef8aabdc924c0e017a18c78430aa7 |
| SHA256 | 184f0e66df21a08c25afc6b7243d1f38feb19b5a45d2b2bd5963037c4fb908b7 |
| SHA512 | 638573cbb2c260e9ee8a79e39bb095fb43be9d31641fc7f4ce906378811e6c2d77175c6b39c3ff9a877236bddf5a42b1000adf8acfe95d0248e8b2a2cd263bf2 |
C:\Program Files (x86)\Common Files\Windows Live\.cache\cache.ini
| MD5 | 39b234d016c1c090c6c039af0532effd |
| SHA1 | c9e2eb0d02053f354818bcd4703178a039c97870 |
| SHA256 | 9fd7f5fa77575add42a5a9a768bf467d867015ad9340fc11ac153f95fedf90fc |
| SHA512 | 0b8907461355b3f2dd1029331bd8b0725193ae12f6a0dae4f17de6801f6e3ce59c1bbe63680942346889411e770331e9f859ee98e5a54a6595d41338639e4cb5 |
C:\PROGRA~3\MICROS~1\WLSetup\wlt805D.tmp
| MD5 | 447ecd02b6dd7367994fdaf6ad40f1a2 |
| SHA1 | 41e5ad502ac8f903ffd143fa6626ad332b9e38d1 |
| SHA256 | c840030ca34878f7205ef9ff19ac1a3bc904f46ca31db8606fb04f81d986e8bd |
| SHA512 | 10971224c4b9263ba22c4bf62dee73fc51e9c7d787ff02d0cd02ad3adb598acf79f6130e48131ecc1032d01deae35e889db45c1b39ad2e6b6875bbf86a5f325f |
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\k08fh1uh\4g9meetl.tmp
| MD5 | 6971afaa9cc2552c74fdb965c2fb76d0 |
| SHA1 | 2a384297c92a41f12d467642adc72b9b585374e5 |
| SHA256 | 0dd513040077b5c7e1a869f1e1e1f709cc669d21105650e6515ceab34627d468 |
| SHA512 | af3a47a32f0c5f01623c1d280159995ae6102f986ff4c7b475b7235cddbf32296e726f2be4203de293095fdd18a5065c9d6855f1e4d072142ac793152f318055 |
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\k08fh1uh\crt110.cab
| MD5 | d119aaf4bf4085612e9af0518bef08e2 |
| SHA1 | 06a029c35d3161aeaeb7189f3cb27fa855c6fbf6 |
| SHA256 | d7161a6d9176ed76ecb13b0931bdef32cb3239e9559c875ebd9cd485a2e31d39 |
| SHA512 | 015b19f5894c09df2a553f56ae3151a2ea0671020379dd818d1a7c1b9fe69772d67daed4e6c6afef5faf1aa9994a061345f816ad191ca0e20988c67b9c02ef58 |
C:\Program Files (x86)\Common Files\Windows Live\.cache\2cda32001da9c0d05\crt110.msi
| MD5 | b6874af023443ad4bff84ddd4a219aa7 |
| SHA1 | 358e1c9245cd0e916712586e459d038e3e6807fa |
| SHA256 | e66c187e6633b82bcb64201600bbe6eade67e40bc23aaecab71c0c130d3a4c30 |
| SHA512 | b1588d6f69b2537090eaaa198ca46ba697c0c704ad2a2c81d56040095840e21860a0f714abe37ace67b08d4251b27240bc183a62a11e3ae7a6c091377cce7689 |
C:\PROGRA~3\MICROS~1\WLSetup\wlt8168.tmp
| MD5 | 222a19d7053676738a56fd3705303200 |
| SHA1 | 10756e87ed956adbc8b3a73e3b4b1a0f62c06545 |
| SHA256 | 430dd49b0fead20b222985ededc24686e254f171c4d7abd3a009d725f3666681 |
| SHA512 | 3f125562f99a200aae441414d5d248550715cf1421fb0dbfe0f9052f0ba70482004596aa0532037d5d605472be722dde1181b7ba5e0b3e416bb1437d7a74f58f |
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\fz93q79p\98jfsklz.tmp
| MD5 | 3ffdc68017839bba5212426593646e16 |
| SHA1 | d159eab8ad10eb07cf15f55c52220748fe1d30ed |
| SHA256 | cc40009fe1e528af8bb5f24687324999d36e948d69197b88761b0e93d704eb0b |
| SHA512 | 7cebe2dfe1384bee8dbbe0afef02b11b0c70fb612eed85ce3d53228a629338b250922fb93f503195734106fc83aa7a35961c1caf0a12d41e92e068c79afa10b6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\fz93q79p\crt110_amd64.cab
| MD5 | 52eeeca22f1c4f393702ab75ca4a0c7f |
| SHA1 | 188c56555be4bfddabc1bdfbee827e47ec6b64b9 |
| SHA256 | bc1671181fb9179dbf6e326b23030e0ffc19c9a2b084c7c28ad80152b40569a3 |
| SHA512 | cd6feb5535807253b64923029d6d4ea4c2a7464eee1ec2ce07af5c224ee3a714f537ba7327f105b223fddec08b1297b0a61150537222b19b061ed06fa2abb624 |
C:\PROGRA~3\MICROS~1\WLSetup\wlt8225.tmp
| MD5 | c80ee4f5af72ae6b9a8cf8877cf3ee21 |
| SHA1 | 74794a20b914729567d4408df29376ada4316856 |
| SHA256 | ad417868f6a0be672ab9b11b8990966e6352d6d1e101da4876593f0be8bd84cc |
| SHA512 | fad28903b69db8919ec69e04896f8aaf710df0685c6b24d7a33f4e917bcdec726b122bdae49ab3567e974ce0db46c0a65ff9296c90d552f9fb8dd88f87ca1efd |
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\ufv5c77y\9b1i0452.tmp
| MD5 | 4e2166010c0793733922ab8dd0f8f1c1 |
| SHA1 | d35948d1869ef3b73be4184799d1a908e4956514 |
| SHA256 | 3e4c40aad7b54cf59eba3eae173265486ee4db7f3a292ddb87989e015be3b11d |
| SHA512 | 936f6989ccc62690ed0def395a07d737dd148d2d1cf42c8774c765bf07a73fdfd6da9e68e1ccf1521ce3ede299255c6a81bb66f3bee29f0503f83defcfd1d809 |
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\ufv5c77y\wllogin_wlx-x64.cab
| MD5 | 6735bd2af3d4b0ef75ed45d1cb4c31ba |
| SHA1 | 267ffe13f5757adf59ebad967c5bab6dd8f44341 |
| SHA256 | 720979be43764f2064931977636c6400a7afa8e59ca497acd9a71310fc55c574 |
| SHA512 | 4dcb2b1834c1c443da79f017b8b584436658fa1bb13d04c00f56b4bba671a76995c482689b00e89f430df2476bb095d2dfaa826ab880e70aba8a86890009e64e |
C:\Program Files (x86)\Common Files\Windows Live\.cache\2d23fca01da9c0d07\wllogin_wlx-x64.msi
| MD5 | de8505467f1a7f2e6179a9c12cd5bfca |
| SHA1 | 013e8ebac87d67bfcb885535f8e3ab196ced7c91 |
| SHA256 | 1d6109c4468d8780cf739f3c7b14953c1286e35350ef59519398684a6240ac43 |
| SHA512 | a84ca8781b320812e0827da6dc0acc4c5dcc48fa406092ecee4e6814780cc8b96c4f2124f771462de1675ea00647f8a58a5747d0adb1705555a7cd4d89725815 |
C:\PROGRA~3\MICROS~1\WLSetup\wlt8591.tmp
| MD5 | fd61bf6ae58ec3aa09157fed71f14492 |
| SHA1 | eed13224b402129767d24ed82d09d8473eb5e806 |
| SHA256 | 08d2e9ee6fe16a67242176d218b6423a1be21fd81c1ee60d45cbf0651647fb70 |
| SHA512 | 20a2c4f5c19b931c1367a095ab65e50deb16fbd4bd4e98f9ba1ebf6d7c776d975dc6bd4a57ff9f9952569c43c01bf2f8f100202e4aae0ae7d61d2ae22a4aafea |
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\kfsgzlok\dm7263hs.tmp
| MD5 | 6b0e1c4a026558ebd9b7adf2478256b4 |
| SHA1 | 09d4806b572891dec18f8ea36fc783ae3fa2f333 |
| SHA256 | f4d56250a6ad6ebe6d16444e7bb65daf8cadc94e12be7d7f4a156acbb52f1059 |
| SHA512 | a8e8f71b202a4ae1bdecdd7ac1b96e791d6663aa731def39bb561c89d350a1029c41a7aaee133bb8c8d68502a45ca4fef16d2192df6592db711011a9523150e0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\kfsgzlok\WLXSuite.cab
| MD5 | dd4976b6bbde52aceed41ea0e619c7cd |
| SHA1 | eb0d5db7445bfcd5254c0b1e95cd60aa0f16105e |
| SHA256 | 2e14e58be3fa84b292bd49be75a053340c878956c5f7eb76bf1d68464e0b9648 |
| SHA512 | a7502c2e40a99aa508731c0cfb0fe6317c64381816ad6fc0a3524f7540559d762261e0a957235bbf128ab75adabcd8dbbc425e71d577376e859712084593af2e |
C:\Program Files (x86)\Common Files\Windows Live\.cache\2dabab001da9c0d08\WLXSuite.msi
| MD5 | 9f91bd1204abad23916cea89e0a6502b |
| SHA1 | 9b23bcadaee6fc61d02ae5b0aad060cdeec61023 |
| SHA256 | f213e44352caa38ae3b443b76377d62a686a6697dd55fd3120e0b86cdd571c87 |
| SHA512 | 95b313aa1e7bc71d13f82f3219f7e03f076d08cb8f5cdc31b1858af1791b745fa7cae6bd2513ef8614abd186fa9f3f8401d882e5d1d9331259910fb2f3c679fc |
C:\PROGRA~3\MICROS~1\WLSetup\wlt891B.tmp
| MD5 | f9f7f6c1ee64179ac24c2797097d5706 |
| SHA1 | 8c17d7f8efbf19b76d3d843a2a2e8a7828cf314f |
| SHA256 | 696f86945af7fcc7ed0fef9c95c7343e44db8c61c14ffeb5f35381664f1f5191 |
| SHA512 | 2c3fd69f1db6ef20c115febb912dadfa9e7048743837f1dc5fffadff42efdb9a751fdd99390ce0e2cb54c1519f9183c8ded6fba4cea5433933cd73a023304e50 |
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\2rzhuhws\qksplpbg.tmp
| MD5 | a6b1bf5479520ded28fa779a66c14dad |
| SHA1 | 1e14710a9e9c58ce227b9d4b2c960997a5577815 |
| SHA256 | b0cd17b8c87e89a17743c8f1c75e401984b4ba2a8127f38aaef62c83cfdd4df3 |
| SHA512 | 28063d56c23123c38d0bbbf8a9ba5b5dd2630c379ad8592973bf84139a91b392a8b32f8a9ec4fa82adc6426192c85b9c15860b87880a4bcb459cb3cdcb063758 |
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\2rzhuhws\Watson-x64.cab
| MD5 | abc26cf06709db3146c92e0c8377a8b1 |
| SHA1 | 2125a3554005ece8524b919815fdd9cc1037a66b |
| SHA256 | cebe84014bfea44543c3c956d665b2d3d30c0308b80ca90a831b9c7d846356cf |
| SHA512 | 48906552f9a7b90ac76a242601739e3533859117125b912f02c40a38a756a9099bcc291cdbe98e1a9bc832bd734dbad610d9994223624127c8a28cfe0829c9d9 |
C:\Program Files (x86)\Common Files\Windows Live\.cache\2e35bac01da9c0d09\dw20sharedamd64.msi
| MD5 | 2459308b46fde807b05e541ed484af4f |
| SHA1 | 6d6732af93fce1f5f4bb8f9e41cab2c70c1b7bf8 |
| SHA256 | 46a2b00e630d478780bc0db5c312811ed0e194f0680ecb1df769cd3103bcd422 |
| SHA512 | ceffece9a3d10f88194846d463c95880b2af203d65d1077415f433c3e657b501cefad07410ce650ce534485a6bd756e8937151b67714045b528bc88979864a87 |
C:\PROGRA~3\MICROS~1\WLSetup\wlt8AD2.tmp
| MD5 | 10b8dd1e4ee0a05ec2e1e31510b37d61 |
| SHA1 | 672c7950d93f23e7b100a2fc5bc8797adcec95ee |
| SHA256 | a94259c2dfd6f0422a31494bc0474189605883ca10bfd2a8b9317b6381c170d7 |
| SHA512 | d08d34098d321847c330ba132181d2ede1c8a5d8aa845c7bebdabab1596beaf1a92889c5824f48b370e2c3471dace1b6ba92c85b6715d284d0c4ae27bfecb4a4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\g384t7qt\hqjhuf46.tmp
| MD5 | 7b68481c3758c89baf84408ca6a516a9 |
| SHA1 | 50bfcb68317aa5c41bf163b1e1d6b9a3e1b50d45 |
| SHA256 | 7a6ad74823dacf11e46e4b9d720bb610ddf0b0653963d616671e926748133e0e |
| SHA512 | ad4b42ec85c977f31ee552bb51287e46333ce163e2652f3d640d87431e059cd8e5426241e34c37ac3d23806ecac05b042311db5ebb1b0553016c4353b7baca1e |
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\g384t7qt\soxe.definitions.cab
| MD5 | 3bd00551de772995f7671a6ba45d65ab |
| SHA1 | 8249b2c28c73cd3a0bae4067e5cbd8c0e65d6923 |
| SHA256 | 23c26ddeb0a3576c50d7ebae995a807163c63fdd5e8319aa071d13fa9a0a6496 |
| SHA512 | 4e40ad0e7a414911b578ec515666475f9ab981723760fb6aa0b697e417a004cbae725f1ab295ac3026d22323dddab9db7f298d2cfebba854a1f2bf5ff5a6b6eb |
C:\PROGRA~3\MICROS~1\WLSetup\wlt8B70.tmp
| MD5 | 5ac50acb23e095fc4a3b3754b7e67e29 |
| SHA1 | c5f5157c33924313787f007a1f54406d2cba16b8 |
| SHA256 | 83a4fc7db344ce7e7225e92ee0a3b8df86549a0ae43d3d536acb90ffdebd9ba3 |
| SHA512 | e5daea306d18b2b6ffc0f2554ff3bd2fcb1119b693125965fc780c7d89d47355f041b0747d133eb2e7ee82b1a60a7f0549005fb972161222c8821a01ba862d00 |
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\k5nk10c0\sepefsmr.tmp
| MD5 | 6fee869fb755bace369d1ab411e7b378 |
| SHA1 | c7f5a525cab44441e30de2fcd2b17d60c099d40f |
| SHA256 | ea894ba961f35cbd34f63a5569a8fc9642bf82ed5d6cf2df2618d84e7328feff |
| SHA512 | c6175007077dab80a11e2bf4606735fc382d602f60c2ab26e90e221ae1aaeca9e782c8698e589e0e4299b43e02b1c68b59297737ce820f870742dbf141560107 |
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\k5nk10c0\soxe.core.cab
| MD5 | 22ca63e33ab582842692359e8178ef1f |
| SHA1 | da6d9d58e849cafed8a58a331ef1ffd17ee085a4 |
| SHA256 | 48f7e9437dc980c37c284e3157f5651663725cbae5e4341f70e6672972cb87fe |
| SHA512 | caebfa50b3c1f8b64bcd08b08d6f3b41ed6e4683767b5764ae2b636bcd67bbe845aa38747c0bd6bc9f552d24dc89a00e43cdc2668d1645ea7b4540768be702a8 |
C:\PROGRA~3\MICROS~1\WLSetup\wlt8C4D.tmp
| MD5 | 7fa4c347edd4745f69e50e04d6c759fd |
| SHA1 | 4d65e4997b62bacbfb881437fe69bcc11c868ad3 |
| SHA256 | 474ac624b9291612f7d3870ae1b972dd2cff6b4e58d36e68fe57e4c9dbf1d4fd |
| SHA512 | fdc6bd74509d8f7264bc2afda8da88fcbc899cce1d27772121dfc43d3166f105adcde311fbf279235e2e0bdf0debf8eff1be593226673acfbfb522bee4423d0a |
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\ik2mrzyh\5dm2tpwf.tmp
| MD5 | 34983f6eb1552b4805a6766c9461cef3 |
| SHA1 | 7f52a185a5c10c1291be7907731d1e990f8a4a90 |
| SHA256 | c4d4ce3d9a3a8c881281858045075997747a4ce8ea953a1f5f301e60a09093b1 |
| SHA512 | 9f8e41f3b79cbf9b56b737abb779a6c4ab95aec07e9961240fb08efd1ed78fa677be9a9e841bc2bdd185631ecb986ad8820fb6ff098fe7866f7ce74f3d5ef6a6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\ik2mrzyh\Contacts.cab
| MD5 | 5f26b195ce2d0e31cee1efc7005eec86 |
| SHA1 | d7b8aa59ee38748d843033c066c6b61da57ccf64 |
| SHA256 | 35debf728fc1abcbc96048e4d386b81c12bbe7ad1558e4ccee0002edd6b7da09 |
| SHA512 | 55b037584949ba68993646c3fc49938890cc08c4a98766ee3d9e53d651db3dd2cb5a6399709690dc042ae1c9236aa26113ea416c333eb50b1218cb194615ef38 |
C:\PROGRA~3\MICROS~1\WLSetup\wlt8E42.tmp
| MD5 | 35cac173c2b8032543c5977e34277238 |
| SHA1 | 28930a5c72f00723d1f471004f4b2a4bcdd63573 |
| SHA256 | b2ad5d9c9d9df2d9aaec5e00bd8adceb36de0d3fe66c23fe6567c084a7107ad4 |
| SHA512 | aeb83d0d8e293c90ffcdb2157431c6566c8c69487067e96755d17de4383d0d752760f66b8a1c666175317b3c7260f1291503504c08fed910f5b0969e50b1716a |
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\uvkxe7br\ei0ypx8y.tmp
| MD5 | ee3ac9d9b218516b43d3a2b8f2a24508 |
| SHA1 | 8f0e3f8edc39a816f2c8edd171a7738c45bfb6bb |
| SHA256 | 98f6006ffb554539cf1cf6be46795e7e6b9b1592ae42a97f780a467badb07ada |
| SHA512 | 0048ffd26aad92b1545414c99c5825315f8538a34d46017629be49e9ebe817cb5a5bfa3aa699afe4316f886bb2791d84609cc7e10b589a2e2584be51788e28c4 |
C:\PROGRA~3\MICROS~1\WLSetup\wlt8F47.tmp
| MD5 | 6733a81b51871a2a23b55a3701647aed |
| SHA1 | 1d954976870df0085660db7333a70e5c7badf54e |
| SHA256 | 071ab4216d435c8e1b65e7c7193067a3ab02b70b2b5eff1c2a0eb505b86f1129 |
| SHA512 | 541131798086fa172be0810adde06c5a4a94449e0c222fd40070c570f409c8a11b342c6e243bf295221e868a53fa77c09e25c45d5ba69d59ae88e4806e154ef7 |
C:\Program Files (x86)\Common Files\Windows Live\.cache\2f2162e01da9c0d0e\d3dx10-x86.msi
| MD5 | 141021890289016535d5d12741a0cbec |
| SHA1 | 67cd42ff9e9cf6433b16eb638fb08d6d77c9fb3b |
| SHA256 | 66dfe4c288e800d098e8ee5c02c7fb8d8279ace5e105a946f2517877ef550fe0 |
| SHA512 | 393af5d625ef751a986ed2b90a4edcd5ae7b842d228dbc5e41ecbc5d7ecb4d176264f80ac951ad1b698c1b49b435befa5117e77778aec5696f031db85349992e |
C:\PROGRA~3\MICROS~1\WLSetup\wlt9089.tmp
| MD5 | 81a7886ba27f04ce9d4905c57df4963f |
| SHA1 | 7cbc155539038abcdab731aa7afb8843ff504fa6 |
| SHA256 | 2973ea30120ad3475971e4f96cc73f32176ce29204deb1f1e62eadbfb5f7576f |
| SHA512 | 861a73c358a74d985cff144cee7370dce97bfc1de182431d7d0acea6f7161acc1b7a32abccc881511819d6b06acf59fe12a427a56f057506565010e5a8c64289 |
C:\PROGRA~3\MICROS~1\WLSetup\wlt99A2.tmp
| MD5 | 68aefb6ed3bf7aa1d1993ecda73b05aa |
| SHA1 | 34daa72e1a210d7366560deed0ff06ab4d01bab7 |
| SHA256 | 23c33b9cca2501a9dade1827fea716ccfc2ceff590b7aaa5d58e4a44d4e79d12 |
| SHA512 | 23a21ad23edfe3fd1f52893bb427180d6e97b43821391519b522c7b6c75cb10b505bf5dc033e8694102094ebb972c16dfa19788d3e02f714d74fe04cd2e86b8a |
C:\Program Files (x86)\Common Files\Windows Live\.cache\30ac87201da9c0d10\PhotoCommon.msi
| MD5 | ff2a751d2b5e41a1451d2fb6bdfd13e9 |
| SHA1 | 8c625401a9b1ef7a5143c704dce8c24b7c888bbb |
| SHA256 | 02a76e8a58daf828e774c1c78206db50bbcc24a735b0fd26de4a9c99cce5486d |
| SHA512 | beba30d47a25b573751df37431a4397e3506671709a571bf62cf6bc20fdfa0bb410f463d9f87affade4a9e98964e6a67221341aae79c496ec8474938bc67c880 |
C:\PROGRA~3\MICROS~1\WLSetup\wlt9C14.tmp
| MD5 | a1ca671aaacab805e8f2abcb395ff9e6 |
| SHA1 | c76bf6223557be1b66a315dca5689f1b52c35fcd |
| SHA256 | 6a4f1cedad70d61082136d23ec223e0dd8d8ce0ced4fce5865411e73ff6be43e |
| SHA512 | e765f1c9638239fbed86ba40b16c0b58639a58ca4133fe78600ccbfc7e7e2946a7c156fee455285b7c0e0f0cd170c54b790645b023a010801557cfa84d7d8f3b |
C:\Program Files (x86)\Common Files\Windows Live\.cache\3112e2401da9c0d11\SQLServerCE31-EN.msi
| MD5 | 54854bac91e616bf8f71184c05ad0355 |
| SHA1 | 73b893c66a58b3b581bbdb50cf069f9e44c7e657 |
| SHA256 | f14f64c25cbdc7e06f2ea7f08170305a5990fa0449d9371056ec59441e24476d |
| SHA512 | 7cf8114350b2d6e6e4c7940601f6b3da28f8f5397895033f2d82c97d2fc8c6ba71bc46b12abe254be521906fae0422b1084567cb70332103b29d851803b46c99 |
C:\Program Files (x86)\Common Files\Windows Live\.cache\2b9415a01da9c0d01\DXSETUP.exe
| MD5 | f5443547caac20aa334a88817579270f |
| SHA1 | 3bf8b321c2e43af72307508df417a154c3f1afd5 |
| SHA256 | cdfdc371a373cd0f0daa00db46bae7e19258dd8ef7e521e57be96cbacdbb242f |
| SHA512 | 106c9181bd98bfd82a3247267043b71d269d1ea7503ad12ef0fa2f395378205c274d11393752d21450a56a70f8c16b740901d433cf334bea4f1f7691c08ce38e |
C:\Windows\Logs\DirectX.log
| MD5 | a5ac423ef4bf7a9f8beec4a53798d1a7 |
| SHA1 | 0001a98862d0fdcc78fa06a0cda8bf3c9c3722e1 |
| SHA256 | b7386633bfa874caecbde417c8bc04e1ff385bf74e89b22abc3f8d74fbad2b0f |
| SHA512 | 80b839e3ace852e8f8727b7a3a54e550d5f7d53104ca42ad4d7a5334d81415c1ba95476489d3a11949e5187f1caba2a33ca451804c555455ec10f35734f81f96 |
C:\PROGRA~3\MICROS~1\WLSetup\wlt9D8D.tmp
| MD5 | d1f5aaf5952b8ab8bc00c2050b0f7b17 |
| SHA1 | 6ddf870ac98ef74628b843fd1d55826469ecb15a |
| SHA256 | f134e280ad2376d8ab260663f4411d2c5795aa1d46d61bb70b241223c1ffa07b |
| SHA512 | 5ce822e3040204f41a546979134155d4f3f51365b83c412d320e9e022d7db4282f3d29875a70a8f05f4e9f25ef8ae4e5f3cabb3f4a83e09832ebee4dcaf98d1b |
C:\Program Files (x86)\Common Files\Windows Live\.cache\3157ea201da9c0d12\PhotoLibrary.msi
| MD5 | 3e04cec983eaed85e81bf35de71f8bf7 |
| SHA1 | 3f38e49179b4a5fd9e7704fbb29ead21e139cbfc |
| SHA256 | 22a0a57db76c1a2409760d4c9ee59b7ce1ee1a9d0208267cbdfa67579b31b63e |
| SHA512 | 789f361e89f292962aad8b2e54146ce252be2434adcae6f093fad66a403e5292916d923610266b76ecadd47f59d878226603c68b03d682b867994ac70af6b31c |
C:\PROGRA~3\MICROS~1\WLSetup\wltA74F.tmp
| MD5 | 44623495b671a344259bb39829452204 |
| SHA1 | 333a5196dca06c815d930e225637db95a8d3197a |
| SHA256 | 28af1144633453ec668884b1513d0f5bdfde61333e183b5187634c59d60bbbfd |
| SHA512 | 7d4362c833fd4dd3180a7b5f0772f68ddc93659564350e63bf659cccec9507d6ace15d230d0a2965c260325dd1f7bfecec9963ed4b08d7cddb37df2d1e9959a9 |
C:\PROGRA~3\MICROS~1\WLSetup\wltA85A.tmp
| MD5 | 89cd9901db2cad003e71b38f4d8e1091 |
| SHA1 | 1ab795681f702456c0c9e1681dd796e4455208f7 |
| SHA256 | 18f354f3bde3411c90d948e02e60de5e11faa131ce04da242925dd0f004cd4d9 |
| SHA512 | 14f0152eab4ec8fdd57dfbe9fb690ae9d0770feb7826224adc2b44bf826d7498a329757ba4a338c92c226cbe8ad3e14dc671d9767a3e13f87606e43af13c5bb1 |
C:\Program Files (x86)\Common Files\Windows Live\.cache\32ec93e01da9c0d14\MovieMaker.msi
| MD5 | 33cfb91ec616a06b8af75e772e966433 |
| SHA1 | 69ccfa871359a84467d243f280dfc813b428d5c2 |
| SHA256 | 00c89e20a23be3aa005bc2eb75cc4a6c6fb89b6623cfec017282a6e547ad9790 |
| SHA512 | 61dcf628e1595169a2d9abd8113cb77ecc0606d083f90f57f964f46abab7949c0083b7d268a3c662510ca4cf3c4a561c89d41f07ca46e0ce8c7080097f6d2fd1 |
C:\PROGRA~3\MICROS~1\WLSetup\wltADF7.tmp
| MD5 | 96aec171dd6a4eb4e4ef59b1dc287fbf |
| SHA1 | 7675f8808b74f66714ea778774f9b37f5a8fb8fc |
| SHA256 | d4fada7f0157e181127d56799ad85152a500d484f16a2d31058285801ee0fc9c |
| SHA512 | bb9d7769b0a202133a5e635fb185b53593eeffbe1f84e58755bbe14adea77c8a90fd114846aa574c3c78efc119420e573d2fbd2006928b749000f4619678389a |
C:\PROGRA~3\MICROS~1\WLSetup\wltAED3.tmp
| MD5 | e03b80e674707a949f63897fd4cd2a97 |
| SHA1 | a593fb96e478076ee3e8aa32677a58255fc5a944 |
| SHA256 | 9048360b66c7acd4d4cfb84a7498421ab6e3fee8db8b41c2b913695ec70dbf78 |
| SHA512 | d1921db4517a7ceb210874871b7b2e26dde5102dd9002c46de6be05f98842a5e147741a78ad22c6930efac5ac0e344e6d45629e035567462df946895d9f48408 |
C:\PROGRA~3\MICROS~1\WLSetup\wltB02D.tmp
| MD5 | 65394a7bdab03c429522cdd490a134a0 |
| SHA1 | afe2564e539027cb1e2cf2154e5aedf609cf0bcb |
| SHA256 | 7daa30526128109b67310a3581f37c2b112d6e66e74ee2b6b74512378fda30ec |
| SHA512 | 579016091d455f75ee0f25dae7eb1a69e1c4fa6773dc739b3954ce7575dff82ca328276e648c0042f16e959502ff5aa24630bdfaf37168ebb15303bc8dbb7032 |
C:\PROGRA~3\MICROS~1\WLSetup\wltB57C.tmp
| MD5 | 9971f5592ec6f9f159cd1210da51921d |
| SHA1 | 90035e88438350a128773ad22c8a4140a1e4036e |
| SHA256 | 5790818fcead57808d9d43ae94ad8c0ef44c7d2e3e89aca2152ffcf3a1cf4c25 |
| SHA512 | b0724fb4375e2cf9ca5433f78317cf6a055760165b2caf29b2213427baf5918fedc7e2dc327cee91ccecc1b95c4448a4ecca6f38094e44a49c0b19088decf4ac |
C:\Users\Admin\AppData\Local\Temp\DXB4CE.tmp\dxupdate.inf
| MD5 | 8c281fcb5546d1ed3cdaf6e3f7303139 |
| SHA1 | de342a17f2df0386f6584e2f55ae43c558ceb6c4 |
| SHA256 | 7530c6e18dbb522c5f4fbf6714962c185ea318f9eab7aeb833b0cc07cd2fe656 |
| SHA512 | 344ea0a375c8851fcf413f441a1cac3013b3748d1630a4d677da72e98f41823bf9427d896de7e1fe35bf868279538cf3b8322aa6ef20025bff48a6bb7f8c42d3 |
C:\Windows\Logs\DirectX.log
| MD5 | 71464f0238699a1838213bcab53b141e |
| SHA1 | 5d70c81908a6d7274dcd1d4ec2d3f35d4caf2ea1 |
| SHA256 | 2742a06f4fcf883b8766d97815f27ef5565adcda0fd2571979f001a9517cf216 |
| SHA512 | 9ed053207cd8e1d5c6f529a46ff9b84d6b2bf05aa24fa55a9fa92af182d0c0d5901775e582c6f612b557a85a5d38e60c6dcc2f3f44d9a3cad9968cc1150db673 |
C:\Users\Admin\AppData\Local\Temp\DXB4CE.tmp\dec2006_d3dx9_32_x86.inf
| MD5 | c28f4fd1644e2a20b1c897438e197e1a |
| SHA1 | 5178534444ed7dec8c63f02defe7bdb864c47123 |
| SHA256 | ef09d783bf5cff2cfba99946e5e71fda577b196a49c88bed1c51b5fd29cecf94 |
| SHA512 | 7cf93260efb1d794a17ba25b1fa02ba03b0ceeed8131d274b805155072a9a2b92a899471a8b23add8bf46c6a5a3cda63499043eaa754001bb43cafd882c8e708 |
C:\Users\Admin\AppData\Local\Temp\DXB4CE.tmp\dec2006_d3dx9_32_x64.inf
| MD5 | 39929631df326b944470256c4f9cbbf3 |
| SHA1 | 932de27abf59c889c02ed747f0ac04f5e494492a |
| SHA256 | ff00313af4a90f426492d72969f5efc6c56a17f2dd91f20cb5c0a38d9f1f2b6b |
| SHA512 | 8dd2755a2b2fb90c6880cbbde65d127f55d12df2bab4560ddf86d6793b2cd4733929d97efef5fd8eeb417731a571888c893188df0361ee57eb4437fab331cb13 |
C:\Users\Admin\AppData\Local\Temp\DXB4CE.tmp\d3dx9_32.dll
| MD5 | 26af232140c88b42d92a88f2198edf6a |
| SHA1 | b62aed3f71d8963227e5021c2222192873ce753b |
| SHA256 | e96693794daa05a75a83c11df2e7b42f2de61567c6ad0b69e353b50f6c88119f |
| SHA512 | 54a6a235af4dc3f3c693fba5ac2d487d96c9d7a2bb7deeab35d5a252e723e597226ec84e953625c8808546f91fbcfc42add85076846a63925fd9eabc09dbf935 |
C:\Windows\Logs\DXError.log
| MD5 | 14965ad5897f119e777e73ce59046c74 |
| SHA1 | 64a3fc1ee15783bdc1cc8e0edddb35017010cd6f |
| SHA256 | 51544a46c570a4c2c709cd35a0212df5f0197d12089ac356d53f465412b565d9 |
| SHA512 | 4ecd1210ee45e8d3853dc0c41d3da6be996a4a5f2406d88960dc3727d801a14086fd9d26bd0132af20ac06f56969d855dd9533200a9faa5830d37f74406fe50f |
C:\Windows\Logs\DXError.log
| MD5 | dd0f1c189d58ce2fbd2d595d0a75e3f6 |
| SHA1 | 42265ee714eb601fde6132046652291319aa8c3a |
| SHA256 | 1b9017da4b61c45568037d15eb7f2eb7c9c0dda552e5aaedea7671000a16ebb3 |
| SHA512 | a5bc332f1b7f38e48a0c5c3f59d450c06fb3404109aad519298445b7acbc4a2705472c0260d32a0c028407464551d52c60308e68f0844fd18874b7b24139e11f |
C:\Users\Admin\AppData\Local\Temp\DXC967.tmp\AUG2009_d3dx10_42_x86.inf
| MD5 | b3a2e761e5da007cc6036c5703e12eed |
| SHA1 | 447e852f9bdc357b00864d4dccc7486f1313918b |
| SHA256 | a80a00464775da82c02f628c5bc13cab0d0643ec2a44b28d2acf7c77d467becf |
| SHA512 | 28a106886578fb38f144602d2b29c72a906bb24a50b16ea7d3f71f8bd7f194fc0d7c8451dd1c3e9ecc59be3a866c07a23dd394a17d39eb7b55cde7b347bed3a1 |
C:\Users\Admin\AppData\Local\Temp\DXC967.tmp\AUG2009_d3dx10_42_x64.inf
| MD5 | 8d272f58bf5ce42962d7d9835e9b489e |
| SHA1 | 7e0969289f839b5dfe606f6ce6ed106460f97682 |
| SHA256 | 2bfdd3d3bf485439013045b3a08942f457385bb89ab76d9479fbdd85f09e9d96 |
| SHA512 | 0554257a41df07860233f26330020a45e2dab2613a6028f79914aec7552d5c54525b137e450202db1283b602c3d95908acbf9f1eed20dd79c21fda5963fc2b5e |
C:\Windows\Logs\DXError.log
| MD5 | 21ec20b0682fd64489fecc35b5eb4c6e |
| SHA1 | 195ffe0006083a17eb393f92c398ec7eb332a249 |
| SHA256 | 8f59bbedb036633f531d37af4b49fd98a132516e2054f5f16ae3b99214ca5780 |
| SHA512 | 35907827b58beadc9373a9c49ed81f40a7778363204d865e7e09beddc71981adc620685bc6b2506dae1098d7abe4290c060f7e10a6a6e5ae20ac0fa04d8a39c7 |
C:\Users\Admin\AppData\Local\Temp\DXC967.tmp\d3dx10_42.dll
| MD5 | 501ac862517c5445742bee8a2b88414e |
| SHA1 | 49f3f2df66d357aa84a5e7a0eb368ea595b7d95a |
| SHA256 | 46429c4affe041b08a7acfda0e9162ba42de966acb2cbcaf09ef976232073b51 |
| SHA512 | 08dc13d5ad0a0d2aaca9d3dbfb53304216111da73bf48810df2982650d580757c10c8b9bf80ae5191e06ebaa44b2bf9c244ae141308748c3e7fb9ef6088900ad |
C:\Users\Admin\AppData\Local\Temp\DXDC4B.tmp\dxupdate.dll
| MD5 | 94202f25810812f72953938552255fb8 |
| SHA1 | c1e88f196935d8affc1783ccf8b8954d7f2bfb62 |
| SHA256 | 6dcad858cc3ff78d58c1dae5e93caf7d8bacb4f2fcf9e71bccb250bf32c7f564 |
| SHA512 | 65b66d07ef68e0d1e79f236a4800c857e991ee3ff80ece4cfdd0b5f6083ea16f8a52d351c3af721cb05c06394ec91b4b5e3cfa4b0f0879f7549f3e3ed035e79e |
C:\Users\Admin\AppData\Local\Temp\DXDC4B.tmp\JUN2010_d3dx11_43_x86.inf
| MD5 | fb5d27c88b52dcbdbc226f66f0537573 |
| SHA1 | 2cbf1012fbdcbbd17643f7466f986ecd3ce2688a |
| SHA256 | 3925c924eb4ec4f5a643b2d14d2eda603341fbbd22118cdd8ae04aaa96f443c0 |
| SHA512 | 8aa2200f91eca91d7ee3221bc7c8f2a9c8d913a5d633aa00835d5fb243d9cb8afa60fe34a4c3daa0731a21914bc52266d05d6b80bfc30b2a255d7acdf0d18eb5 |
C:\Users\Admin\AppData\Local\Temp\DXDC4B.tmp\JUN2010_D3DCompiler_43_x86.inf
| MD5 | 1a86443fc4e07e0945904da7efe2149d |
| SHA1 | 37a6627dbf3b43aca104eb55f9f37e14947838ce |
| SHA256 | 5dd568919e1b3cbcb23ab21d0f2d6c1a065070848aba5d2a896da39e55c6cbbf |
| SHA512 | c9faa6bb9485b1a0f8356df42c1efe1711a77efa566eee3eb0c8031ece10ffa045d35adb63e5e8b2f79f26bf3596c54c0bd23fea1642faae11baf2e97b73cf5e |
C:\Users\Admin\AppData\Local\Temp\DXDC4B.tmp\JUN2010_d3dx11_43_x64.inf
| MD5 | 590fe1ea1837b4bfb80dc8cb09e7815f |
| SHA1 | 792b5b0521c34c6b723a379dd6b3acf82f8afb1f |
| SHA256 | 2c4cf75b76203cba6378693668c8c00b564871c8bfd7fbda01e1e841477b2a3b |
| SHA512 | 80bee8f1ad5bfaba6b3ac5a39302a1427dbaa5919d76c89b279dc753170ec443924eadf454746ce331a6682ee729ab79bd390a5d3b55db8d08fd6f4869101f53 |
C:\Users\Admin\AppData\Local\Temp\DXDC4B.tmp\JUN2010_D3DCompiler_43_x64.inf
| MD5 | 6494a3b568760c8248b42d2b6e4df657 |
| SHA1 | 700f27ee4c74e9b9914f80b067079e09ec7c6a7f |
| SHA256 | 3e779533a273e3395109c7efac13ba1c804c01b3ddb16938406fbdf90d851216 |
| SHA512 | 2bf68b123d7823ad7182e132d9e55f8de7580229e8e1b3b40030da50bb9bdeaf67bb9727ce2171fa83b7f804c24d9728ffabb44cb5017b16b771bb19e62b1b42 |
C:\Users\Admin\AppData\Local\Temp\DXDC4B.tmp\JUN2010_XAudio_x86.inf
| MD5 | 31d8732ac2f0a5c053b279adc025619f |
| SHA1 | c8d6d2e88b13581b6638002e6f7f0c3a165fff3c |
| SHA256 | d786d06a709d5dc26067132b9735fc317763fcf8064442d6f77f65012ba179da |
| SHA512 | abc37922307f081a1ffdc956ce59598c19ad1939ecfb6ea3280aa6aa7a99c3eba5462731586ca262f7d7257d7d2a74ff57a45abf6b93521eb6f1c9f22f8eb244 |
C:\Users\Admin\AppData\Local\Temp\DXDC4B.tmp\JUN2010_XAudio_x64.inf
| MD5 | dd987135dcbe7f21c973077787b1f4f8 |
| SHA1 | ed8c2426c46c4516e37b5f9aac30549916360f7e |
| SHA256 | 1a0f1b929724f8b71d5ce922f19b9d539d2d804c89af947d5927b049ef0fd3d8 |
| SHA512 | f0469c94219b4df99d7b9b693161a736fa8eec88a3f6c7f2cf92fab2ade048dfe61fcde3a4cf4f7a2aaf841d079a46b17259dea22cfb02831983f55bd7f61899 |
C:\Windows\Logs\DXError.log
| MD5 | 8b3ceefb22fa20f17f906717205f1d65 |
| SHA1 | 3530266c78a70f8b0a3d3e9c0d78fe8387cb2aa8 |
| SHA256 | 6754ada11cd9d6247cab5035539fd5d5485c3199fb8a57f59bfacbecd02bcf9b |
| SHA512 | 253e66a5d1e13e742d86f8f2e8f686d3bd902b4b4de830984cacea4f46a81f7098c5502c00e44a851a98034b5c254bf864a826969bab1f9549a0ea4cbfc1c8f7 |
C:\Users\Admin\AppData\Local\Temp\DXDC4B.tmp\d3dx11_43.dll
| MD5 | 8e0bb968ff41d80e5f2c747c04db79ae |
| SHA1 | 69b332d78020177a9b3f60cb672ec47578003c0d |
| SHA256 | 492e960cb3ccfc8c25fc83f7c464ba77c86a20411347a1a9b3e5d3e8c9180a8d |
| SHA512 | 7d71cb5411f239696e77fe57a272c675fe15d32456ce7befb0c2cf3fc567dce5d38a45f4b004577e3dec283904f42ae17a290105d8ab8ef6b70bad4e15c9d506 |
C:\Config.Msi\f76df94.rbs
| MD5 | 3ae39ea8d487c12e5937d3aa18bc76f4 |
| SHA1 | ab3bcb46d934dde547fd3126708cdf3ded5ebdcb |
| SHA256 | 60e88302baa47f8a241d8ee4b718a46e96e0aef68b9f2e21015d49e7fbbbd565 |
| SHA512 | f734f94d2e61ae78e51170ed98d7d768900001e348a4d5f1b0f580e5c0d32893560e939ca18b2d70b4acad16b8a629277574ccadee58da5cad6bf0dca6c2de80 |
C:\Config.Msi\f76df98.rbs
| MD5 | 7036b0531ea129e317dda84188b37b22 |
| SHA1 | 39bdd679f9b02faf9c218ccf6c78fcb9c8f540ad |
| SHA256 | 6ad6d27d6c7f1c2e5dfa41c534c1d7492d8b5f367732b0bbc6fd719e31ca45b9 |
| SHA512 | 834a61326c18af2e399ce5f43cd10b5c04c8c0e1f5fb51e94ec2afc4e44b75b0bdc2e15127758d519b0e185801f01b04f04602253ec22c9c8d0e8a3880888e43 |
C:\Windows\Installer\MSIF260.tmp
| MD5 | 154426e66361ce1b0f9a52eee18f1576 |
| SHA1 | 15ada007dbf6e47710c05a8006020ca5f1c53ba2 |
| SHA256 | 827af890fcc70f86db1bd0394b2fe6c76bb9df201fb7df05067358a6f349cf6f |
| SHA512 | 7ee4002fbc226df072247544dffa582df9eae25cde6e2d9841fc7d565b25e71c6b4d1626e87e5c6a406c3dfddbb401be1d0996ac4ba3fbc705ea211df9fc7bfb |
C:\Windows\Installer\MSIF2CF.tmp
| MD5 | c7375273a093747bf28851cb7359d9b9 |
| SHA1 | 3691bbea99ea1b50cc7690fb111f1fdf9de15e53 |
| SHA256 | 74f518d88b03d77897eea20b2f701ac146b88795ceffdca6cf632186ccf33f53 |
| SHA512 | 2beed7eb43abf259d663bc0c2b9518bc65274d6ff8a05d566ea91ec23d5ced068cc9e658435ff7fd134aa08d685c21a7f63f91a89d54ff077ecd187f0fe2f56a |
C:\Config.Msi\f76df9c.rbs
| MD5 | db2fea0f981d335c08f8734a7e96cbed |
| SHA1 | 4fd41a12fa611fce571ab0e0186ced29fe610212 |
| SHA256 | afd7af3fe49113400655956c308f279b00267de841123a582d030dacd03d9c8e |
| SHA512 | 8518781192ad89c3e41a96c651247cd4e9e76a42644fd1402d0b0111e85735b94d75c96499fc2dc469b536ad2b625b2011118f5c9c5ab962d332a7cb7fde9bdb |
C:\Config.Msi\f76dfa0.rbs
| MD5 | c3f41b449e0cce1846f21c0da0e0974d |
| SHA1 | b9ed1056b34e0c2d2cc127dd98f2c0e69f238c9d |
| SHA256 | 8c25f7f6b574b3861976e585cd7821fe5f88ffb5e1821ebd00a5cafef91e95cf |
| SHA512 | b306e1c94f7660ea1d821b07c15d23eec1991bfd6de7b26c3a073b9be8a3cb96bd388f2965ad7ead7b2c7eef1d2090a6620905c2f1b33e4fa73792db4f771974 |
C:\Windows\Installer\MSI1B1F.tmp
| MD5 | afa2262aaada580a74e1dddaeb03bc58 |
| SHA1 | 5738eb9ba190361390d97725f90a71c6bb5bf5b0 |
| SHA256 | 1deffb4fd70c9c346e1c5121b5069f758198ce12cdec5c2151127658bf12e460 |
| SHA512 | 86099269378b31483480c36107f357f06d27e4c9e4892ee184438f7a3730f67853b5d44bf0bb7049242ad9ae262d08b07052bcd9f9f72175e754185725787f99 |
C:\Windows\Installer\MSI28EF.tmp
| MD5 | 331caf579a41951fb7462bc8523de15b |
| SHA1 | 74a0cd632915e55028a398223dccb91050368258 |
| SHA256 | bedbfb71cba5a06ae38b38eb84da2e1a8ae99000d2cfeb49ee80e114a5e5f34c |
| SHA512 | fec47b6087d38bedbb7000cb733cf9fbcb4adceadb088da5f6d4b8a325a458264c45e00580f3d15259874f79d395cad31fa6590117b738838804cbee3972415f |
C:\Config.Msi\f76dfcb.rbf
| MD5 | 21438ef4b9ad4fc266b6129a2f60de29 |
| SHA1 | 5eb8e2242eeb4f5432beeec8b873f1ab0a6b71fd |
| SHA256 | 13bf7b3039c63bf5a50491fa3cfd8eb4e699d1ba1436315aef9cbe5711530354 |
| SHA512 | 37436ced85e5cd638973e716d6713257d692f9dd2e1975d5511ae3856a7b3b9f0d9e497315a058b516ab31d652ea9950938c77c1ad435ea8d4b49d73427d1237 |
C:\Windows\Installer\$PatchCache$\Managed\8CDD41E806AE81E43B3E917301D4B5AD\16.4.1108\F_CENTRAL_vcomp110_x86.F9D0B380_EB85_31D4_96AC_C6CB40086A55
| MD5 | f9cae234ef87430c809addeda386b609 |
| SHA1 | 80976f9bc0fdaa9d405f8d3a4d857db8e3e3b93a |
| SHA256 | d65c6324e62585e92d2098d2abc9bb23597c3a86ff52fcf509ffa58b1650ef10 |
| SHA512 | 93b7b5f7d299b0565aa4294d67399a39b8387faa2e888dc0e857cc16b187e90b624063d36590e0d3d6c2a58a94fcc920404f0fa84f4e618a6ec27cfdb3e8a32a |
C:\Windows\Installer\$PatchCache$\Managed\8CDD41E806AE81E43B3E917301D4B5AD\16.4.1108\F_CENTRAL_vccorlib110_x86.F9D0B380_EB85_31D4_96AC_C6CB40086A55
| MD5 | f660cf07ec1d5704aba37ece8e17f0e6 |
| SHA1 | 2b99e853911e7e32d920d035d89a044ee367e67c |
| SHA256 | 64e47a6aba8b14975236cd0219dd3b853fbccb5a2c044c8b94ee5ac586800385 |
| SHA512 | eb8b8e9fb5b53baee4b71ef851393e32cfe0d875efefe0309bd237f489e262d5ead5840244bafe0f6391251b1758b73d8f067b3dd0008f9ee5f4aedf2d2ae4a9 |
C:\Windows\Installer\$PatchCache$\Managed\8CDD41E806AE81E43B3E917301D4B5AD\16.4.1108\F_CENTRAL_msvcr110_x86.F9D0B380_EB85_31D4_96AC_C6CB40086A55
| MD5 | 80e987dbe08677e2ec09615cd4358607 |
| SHA1 | d2109b7a238ae75545c7a43f863ead710b00b323 |
| SHA256 | 8a06500612ce1bb0aecf052dcccce619c85be7732cbaeac4d6b26b6ae2cc7f7b |
| SHA512 | cb876bcddb2abd97d247efca8fa602d9edf0b63fad12ebb1f4f3426e227b0a35f35db19cba2a51f4f8124df435fdcf8844728dc883ebf3662b20393958345a45 |
C:\Windows\Installer\$PatchCache$\Managed\8CDD41E806AE81E43B3E917301D4B5AD\16.4.1108\F_CENTRAL_msvcp110_x86.F9D0B380_EB85_31D4_96AC_C6CB40086A55
| MD5 | ab09ce954c647f3c2b4328b57d519996 |
| SHA1 | 63f3de90362bba6f106367bac56566f952666d39 |
| SHA256 | 0de1e28796f709d24758ddc6bc2c779f6ff4b20c51b163e2ba77fa7e52942070 |
| SHA512 | 7c55060f782552d239500b9300c79c95726498fa7cf73250d22ae95ec0db1086b3012e19e066e3b0e9b22ae86bb5a8bb4ec2ed5cf2c03f2734bf2e58bef67fb4 |
C:\Windows\Installer\$PatchCache$\Managed\8CDD41E806AE81E43B3E917301D4B5AD\16.4.1108\F_CENTRAL_atl110_x86.F9D0B380_EB85_31D4_96AC_C6CB40086A55
| MD5 | b80876dc9ed199aae1ecca79fe268aef |
| SHA1 | 0247f430077691b06635396605635cf768992e26 |
| SHA256 | 4d7a75b644b307abe1667b7e5def00cd61690ed2b780d1a263a9323f4cd34041 |
| SHA512 | 0efdfa08f9daca1e197456b5a834edc7b5dc69eea454cb2eb197eb6844742d316fdfc992a9f4b6a6d573a67a466379745d7936ec0c56f9ef15cf6bfc80ec43a3 |
C:\Config.Msi\f76dfc5.rbs
| MD5 | 3114aef8ca237ebda161005f22fe2a29 |
| SHA1 | b3daf110900b19c9b4ca063fc9b7673ad96d7393 |
| SHA256 | 18ea5cf5f5c2673111dd852bc3bbb10ee616d6ba7e935ff0de56bfecda360edd |
| SHA512 | 6e091f105b1fd20faf242a9a84036852bba514a96ca0fcd4ccf1aa5e0787cb6c43bc45583affad1b673fe4e5712f8943a6b2dff927d9731d543698a14cf9e3bf |
C:\Windows\Installer\$PatchCache$\Managed\F187AF9E08E3993428A5DAE3112CC877\16.4.1109\F_CENTRAL_vcomp110_x64.4006A2C6_1BD5_3759_9C0C_17A8FFBF6E3C
| MD5 | a24611da798edd02242ae618050c4ef4 |
| SHA1 | 28b29814033d3921939cbc96f8aec6234401f8d2 |
| SHA256 | f48c9f347c0fba69247f1c85569a21e0d6282ac02469366c79588f896d57b277 |
| SHA512 | ce86a35f2e29b130cf4ad4312c3f920758a2a4837d8e725f7d95ededcc8156387576b3a782c4603b6f229b403d0d1929b43e384fe95a3eb6c799d350b2a5a223 |
C:\Windows\Installer\$PatchCache$\Managed\F187AF9E08E3993428A5DAE3112CC877\16.4.1109\F_CENTRAL_vccorlib110_x64.4006A2C6_1BD5_3759_9C0C_17A8FFBF6E3C
| MD5 | ca969d6fa6c19758d48c664b2d1ce08d |
| SHA1 | 3eaf3564b5957329c7c84e217fbc26ce5f8e938a |
| SHA256 | 9e76c5a9e8358589cbdd06efa426ed0f0fa95b65377b976ff7d056d21a0f1f89 |
| SHA512 | edeffe548003147c37464fa687680a8f1751835aba070d118c2152fc616e06e8b1733e7f0f7d7947889a6cb46938e254a71d915dba4eadf142ff4788523147fa |
C:\Windows\Installer\$PatchCache$\Managed\F187AF9E08E3993428A5DAE3112CC877\16.4.1109\F_CENTRAL_msvcr110_x64.4006A2C6_1BD5_3759_9C0C_17A8FFBF6E3C
| MD5 | c72abc6b7b90a61364b6dd889b5435f3 |
| SHA1 | dfe74e40da0bb442aeec448b2b3e447067d610bb |
| SHA256 | 0cbbd9691f08434da3617874f99c6dd87538cbd65b5d8bc39fce378d4ed29eed |
| SHA512 | f91b1eb81af15812311542c663a4af976003a522f0ceed056e7e3732988efba8e03d4502c3d59e1cd71e01ff5014fe95fbe3eb4996fb3811a68413626feccb8f |
C:\Windows\Installer\$PatchCache$\Managed\F187AF9E08E3993428A5DAE3112CC877\16.4.1109\F_CENTRAL_msvcp110_x64.4006A2C6_1BD5_3759_9C0C_17A8FFBF6E3C
| MD5 | 349b1d5d8d1b5a7b10bcd01470bd5f64 |
| SHA1 | cd6f2f507f9481803d6d808cef09546a44f96e21 |
| SHA256 | f0502e3d58713044f62f539b8738694e4ce9c619c665515f5ed2500c843c0c46 |
| SHA512 | f7d1bd3f661bf09e2ba84488b617a8dab61983854a2689e0fa7e5abc121eef784c13c8e1bac8ee6d3067486220730bf3bccb619de0ee93fc158f0f59b71553c3 |
C:\Windows\Installer\$PatchCache$\Managed\F187AF9E08E3993428A5DAE3112CC877\16.4.1109\F_CENTRAL_atl110_x64.4006A2C6_1BD5_3759_9C0C_17A8FFBF6E3C
| MD5 | 3a72fa7ad0289cd0bcd1f4e3613766e9 |
| SHA1 | ea6c5cd5a2a17514b9f066e48e19b07df524508a |
| SHA256 | 0773677d1a9ad31e3f1bec74030ab1c867c627ab2f67e519e0243c02dcc12d45 |
| SHA512 | b65540e99969cd2a0d22ac7788615dfb13b0826f5afe87836a01d5df544c473c57d95003ca688b45f361629dc0507e5551106473813f6c9b1825321a3539e80c |
C:\Config.Msi\f76dfcf.rbs
| MD5 | 31fd8673b51928e535d13cc87a8202e0 |
| SHA1 | 0997b0a095f84b8057858282c129b5b8b4b8093c |
| SHA256 | 9944b580a0092d9fb06359bddacd0c062c771521641e68af9dcbab7afd544588 |
| SHA512 | 11bbf1f51cafa88591296c6186492d68ca783078ae0e48aa4df0fe9855f94cef6c7358a59d4a5a13968b14f1982e8b61c2c4952aa3533c34a831c867a832cc97 |
C:\Config.Msi\f76dfda.rbf
| MD5 | 19c334982160e2e9b65f65fee9fb2f1b |
| SHA1 | 8d28c230fd4c29569a721ecee64f87795b9891b3 |
| SHA256 | 716f505e8dbdc2ef87ee40df85cee2e4df1321404960d4502f4c59095c0b25f4 |
| SHA512 | 657a0e828bda7c457e81ab7d5c1effd867f5047e323fc197aa1de4587e8b51dbf9a99e9064f086d00dbc9c777fdb1b668612b5c0704220a38c6e8c7c009f511a |
C:\Config.Msi\f76dfdb.rbf
| MD5 | f8fabde2101eb374d55299062a1956f3 |
| SHA1 | b064168929d67805cc7346b8f3a0fbca23e69b5c |
| SHA256 | 06d44d51aecb6d43911d1b8d23ce08a796dc85407ae46f68f00d8e433054d37f |
| SHA512 | 463efa2ec2f7d30ca285ce468b2910a98e39ee67ea0eaaa6f4d772f390207178377c8f42b455fea563e5ec51ac1c0e91e15e8f0ce6d5d2a56037519c3b1df5ef |
C:\Config.Msi\f76dfdc.rbf
| MD5 | 8a1e15b5d2f3c15b1a2371c280328bc8 |
| SHA1 | b6200087c87a1c784a6a6d02a16998a1934cff6d |
| SHA256 | f231ff5322bd34defbebf4548c2ce7148576481f52c9829f51e75ebba653c491 |
| SHA512 | 3006e39dae75fdea6719fb2ac28f4eee4bf2588582bbf50ec921ac8eb0f59a06eaf024a5d65dbafbb9e792fef86c0e4ee0d78cee736a20a0eee61944bd43cb92 |
C:\Config.Msi\f76dfdd.rbf
| MD5 | 4631116763b745f833b7b038109ce117 |
| SHA1 | 3405589b8f9bc7c60f562108a35908743529a6af |
| SHA256 | 31c6b41f131b83cd811f5cd7ec51c4da9aabffdcdb544f32f880b4eba352db6b |
| SHA512 | d3be284773802270f316a7ffe5796958cf3531f336007dae6d6a749f0fb3d8c0b31ef444451b2150d6d444a60a92a4fb3df4e031ca8a70d7fdf8aa16ded916fc |
C:\Config.Msi\f76dfde.rbf
| MD5 | 59412225e43ffa632061bc4af6c23a29 |
| SHA1 | 2d3c2b0c00d402c174dd862250e2f0bb26b3e085 |
| SHA256 | 06305cd4ce3608d7a72a7d3ac824d815324e8bc8fad52f58fa2095aaac39eb17 |
| SHA512 | 11704d4d62bf028671d5483b075f70075125f462b10f089bfd70ff109a3ba2c133e112b4af71b3f805d1c31481adef065e731222285d92ee5eb22d31f541cbce |
C:\Config.Msi\f76dfdf.rbf
| MD5 | d56f4d98f6078295ab1ab0670bf2b9a4 |
| SHA1 | 0e323bf6db23597c13091db97c2b9978e119595f |
| SHA256 | 38a8a8442b967038e301164e27561dd79ed8cdc7efadb89e440fa2da929345ea |
| SHA512 | 072fac60f5c2b3bece23dff6b3d7a69330f349ccd7b04fa1db0e811145a468a9fd5aeac052e52ac13e24fa1b3ca3bae17e59442e381c8636e1e9505eb7cf8342 |
C:\Config.Msi\f76dfe0.rbf
| MD5 | 750d64660645311559524a8c57c02dcf |
| SHA1 | eed3e34d144556640d3cc843a31594219ab1ecd5 |
| SHA256 | 3976b799208f9053afc453e95f0fef5c3b010845b571ecc674885f2121d2bcaf |
| SHA512 | 65c06035fdb9b3322690260ee347a4097576ac90d82593c6aa263003101c15c3dbac4d14e44cd948596aea9c4ceff9e9ef5f2e5ba3f8a14bebaa206cc42e840d |
C:\Config.Msi\f76dfe1.rbf
| MD5 | 833011ab151a76f4063f0155b4c2c156 |
| SHA1 | 49fa4318a8aecfecb0e167515aad84c9fe8b5c14 |
| SHA256 | 409449bb4460982f38a717d0ad4f94ab4d3662968c398282a78095a554a592cd |
| SHA512 | 4b9b3f81f93a4fa495b26e27bb3b9666de3070ef6a0ba62b3e4095264e1abc13ce8ce85e91e5390e8b7a3a0b08e064ae4311312e7e0c67e02ad9c01545676c57 |
C:\Config.Msi\f76dfe2.rbf
| MD5 | d475bbd6fef8db2dde0da7ccfd2c9042 |
| SHA1 | 80887bdb64335762a3b1d78f7365c4ee9cfaeab5 |
| SHA256 | 8e9d77a216d8dd2be2b304e60edf85ce825309e67262fcff1891aede63909599 |
| SHA512 | f760e02d4d336ac384a0125291b9deac88c24f457271be686b6d817f01ea046d286c73deddbf0476dcc2ade3b3f5329563abd8f2f1e40aee817fee1e3766d008 |
C:\Config.Msi\f76dfe3.rbf
| MD5 | ddb7181b125abdc6d2b2831b8be6b3a2 |
| SHA1 | 20b12d3f59fd427429ffbf6ba3edd82de0365921 |
| SHA256 | 8aead63e2d39a64c429d5b79a13d73d6c133b19607c3d3e32a60262c8574caba |
| SHA512 | 30af739cc615542fd1ae8a073ace0e1690d4a5d102595416d506dffa158f9610c32d63b7c5ad335715c76f2262d2df6e8f850812e915adb4a9043a0ab90ff6b0 |
C:\Config.Msi\f76dfe4.rbf
| MD5 | 36c3ff7ed2592e97d9a01bae095a037d |
| SHA1 | b6a2c49c8481969283c2e3eaca78026adbd1f524 |
| SHA256 | b226b3f204026c41878073f62b5210d9a81aea255e4ad8d24b611ec37bc39b77 |
| SHA512 | 0b8797dc15dbbda12f3aa75ebae88d336fcca7f76a62461dfde4a371c8a8281a93dcd25dcd32710eab805988dcb71f9a35af284294d5021c26b29407eada684b |
C:\Config.Msi\f76dfe5.rbf
| MD5 | d718132c57d5f9433bd4dbc76dafcb3e |
| SHA1 | 910ff15d0209427a0beed450cdb60e9851fb083c |
| SHA256 | b7107789317b87463abd8dc2d4c10d22d8bbdb5e59f3f3332e7627eb0919759b |
| SHA512 | e2a17881a2e1f7418073f5649db52c9889798c143044c0d3b100089fc245ed3201051fe5d34463b43e23beae057340d4f49244e338f9c68c059851aee1d05548 |
C:\Config.Msi\f76dfe6.rbf
| MD5 | 144e67dd00d5f958d34c7341a4748512 |
| SHA1 | fe75888d1abb99d49d368e50d954f1fa3307122d |
| SHA256 | 2203532ba8e256d6c6037da6e73a79238fb3a84cf37e26a8d209fde1a43dbdea |
| SHA512 | 82044a755d7a4c9ddaa676b92d3acb15b055d9b553031157b1ff07865dff87827c20766de9ba5b1dae1240b796e393f944d14e95d0d3131ee7f6697104be6a9f |
C:\Config.Msi\f76dfe7.rbf
| MD5 | 189254e2323732285405ef21024f77bf |
| SHA1 | ce3a7b03c7385c4025f4b310d2674c7b5485c28a |
| SHA256 | 5505cbb3db5c57e63492c78df45cff9ad4da97d9ef0c624b0fd062b8de9c2482 |
| SHA512 | ed799ab56b31553d8823cfbc284898708e9d6a38659d9ca5096049447e8a2c78c30c9a35faf4869c20b0c1b4208c17756da6df0e24440c0295dc6cd5cc60c4c4 |
C:\Config.Msi\f76dfe8.rbf
| MD5 | 68f9dc456607f5e4ef2cc69fd52da031 |
| SHA1 | 8da5a56199921d2a15839f7ac924c6dd394a65dc |
| SHA256 | f9621117f4c50b57e0b0a6b7b62b2478b8b6469439810eb5ff40c1b65958a4d9 |
| SHA512 | 74640dbf8f66a5ed068ee8019edc0800c096cc8f14a8d7294a435644be54785e2083cb1bc9311ce0b3a45baf5469ce27eb10977e3aa4b0817b652ac65e3e1b01 |
C:\Config.Msi\f76dfe9.rbf
| MD5 | 0b92e34cbe0f5a2fd1d4623ac1adc70c |
| SHA1 | dc3ff919983d79e3b96f9c7d274cb3e88652503a |
| SHA256 | a7b6259921a56ea44d3560dbe99acef787f4fb6e785260f0601f13dc2d3c887b |
| SHA512 | 417fde41ba6ded8759a30e3078b2df801b2c578901a3367c4e49976f9a3a20902d758b0741b9b64779f52acbe692841bfc7dd4b057bd98f60ae249334e98bcb2 |
C:\Config.Msi\f76dfea.rbf
| MD5 | 5e65ed1f7efddd406ce16aaf90d45eaa |
| SHA1 | 27c0bea0fb39245c95650e6fc404cc69053bf61d |
| SHA256 | f792d18a252aa7b8cdf604352fc871b5346212e442c1785da8dc15657a4dda80 |
| SHA512 | ca4318127fef1a5a9adfc7aa7323219a2060c13f6bc5d8a8b892dd05f806eadcfd756318fe37c6f70f5a1589b733742360b7dcc9a8b2c694a4d5d0e6ffa98034 |
C:\Config.Msi\f76dfeb.rbf
| MD5 | 9b6728e20ab8bee1b196b1b52bb21321 |
| SHA1 | 89d58441380a25083b5e90dd30d74de8af0496bb |
| SHA256 | 959b8d276f0b74f902379d05f0a825b0b2118e96554ac22e6e070bcd650f0ab7 |
| SHA512 | 38195d1708e375f955b5924c37fd0fdddb88e22c29793c42b867ba4438fb1a7b48e45dac05315bfd7c9079039d8668c0aab3d4c74b69fb46b04d276477514aa7 |
C:\Config.Msi\f76dfec.rbf
| MD5 | ec62f94fd38011803a5d7646874780c7 |
| SHA1 | 2eefa5d657078c2608c994cb63e20992274fb4a7 |
| SHA256 | 295f491d55b4b265d7b8184e0ec379f51bc30aa424f15961687e2ca4ab1a223d |
| SHA512 | 25e06909ef92cf26d945760a75ff880401f0590b7e6e9bd32c1552634df33b2705ff9e810eb5d39757b0c985299c73f799e204cbceab5ce9b51644df3f664701 |
C:\Config.Msi\f76dfd9.rbs
| MD5 | 3b17d8d32a3ef89c20ef429bf5a3fc88 |
| SHA1 | e4f549cd73858c4939e9cec1c97d67359cbf2322 |
| SHA256 | b466a4d4051e29894e169da11349dfd69a348c6868086894af103a7cf33ca2ec |
| SHA512 | dd5bf88c06d43001b4afe50c5443c8e876d6088a14ae7c2f9ef429bf52a77b3891d49563aec291ae2ffda918386f256d4858682720357506426eeb58cf80bdc3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 401ba581ba21b3795c06dd3ce3ad6bff |
| SHA1 | 178a41db7c46501d07b5ab670dc6cc13fb10ddf3 |
| SHA256 | 026d59a4137c92b9835df08e2901f1317c7923e9333a6c23a5ae8a683288bf01 |
| SHA512 | 5f91f3b1e9f889f46179ffcba0a940bbf42966df2e531e4fda277a3011bfd536a35eee528aef9e065a1a78278b6ae85237871dd0e9936ef324bd7d0fee55f517 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 933fa4d93c94f41d6f5ab719b8b17bc1 |
| SHA1 | 28bbec57e921dd9b006808ddb8c06af49296afaa |
| SHA256 | 45c40dfb30a9a86f1e7a31a5f29b3e02c7c945c55b1c138b8c0b2bf5c2806d3e |
| SHA512 | ca196c8c2352f5c8bf75afdfa281ba347775f2cf70b5e548c44ca969e34f93411adf13a1d96a6c561b4535f0d575836912ce0f3ab7dd89c69178dd24f7b64274 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\Local\Temp\DX233A.tmp\dxupdate.dll
| MD5 | 57f0c80414609302bfd4dfbb61b69ac1 |
| SHA1 | f077266250833d2af729df9c00983d7f4ad2663a |
| SHA256 | dd8903faa5244492fdb8868dbca66d74aac98c394ca5382a0c24bcf621e7a16e |
| SHA512 | 2f171feb76b6014b10e493755c0138cd9edc12941b4f35faf2e99a49f08801b58cad8b4de5ef12fcba19e9261c864b911ace23c290f73384bfc378b6d9c1881b |
C:\Users\Admin\AppData\Local\Temp\DX360E.tmp\dxupdate.cif
| MD5 | b36d3f105d18e55534ad605cbf061a92 |
| SHA1 | 788ef2de1dea6c8fe1d23a2e1007542f7321ed79 |
| SHA256 | c6c5e877e92d387e977c135765075b7610df2500e21c16e106a225216e6442ae |
| SHA512 | 35ae00da025fd578205337a018b35176095a876cd3c3cf67a3e8a8e69cd750a4ccc34ce240f11fae3418e5e93caf5082c987f0c63f9d953ed7cb8d9271e03b62 |
C:\Windows\Logs\DXError.log
| MD5 | 0b4b7f8a3e584e79c5b4744aa3ef2e11 |
| SHA1 | 8cbca597c4ea01c3d4941b6a285778b6f12eb752 |
| SHA256 | 2cecfced79eacaef8a51ce29290669795c9da5b45eaf8fe5c289712ac385743b |
| SHA512 | d90a4ab709eabdf0e6170df7d7d749588915c8747f00eb07402ab3d28f4d6aa55e1469f0edb3d9e70dde9003ca6e6b4a3a12884196d5af46ea7603a522f4a783 |
C:\Windows\winsxs\InstallTemp\20240501212055588.0\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa.cat
| MD5 | 80f181c2010a7db0efcb5f13645e9c84 |
| SHA1 | 17f3d888de0f592bae3f8ef4a1581966124d3307 |
| SHA256 | c38f6cfc3f6aa11957113683c1bf7c3f44816ba359fe89eedd4ee92da1b3dca9 |
| SHA512 | ceabc0075e012cac43342f42b4e74331fa51bf3b2f280d788294b99682f84efb8eca039fb3be833112d8b0915a5fa65c922ee9800315ba4f17cd5643d016d034 |
C:\Windows\winsxs\InstallTemp\20240501212055634.0\9.0.30729.4148.cat
| MD5 | f9d94a589320dd63dd898c211d019012 |
| SHA1 | 304d84933e0ff0b421c1bc5f2fd51cf98a0495a3 |
| SHA256 | 83d24fe403df20693673c49b94091b577e1cb4fe975d9d79eb2e74fad693a937 |
| SHA512 | d118d45efe2ca085de6afe563dc8462457d48ba80a4b7e9d25adb2b2ed6d6db425f074dbba2df41307d38f70d95eb2066332108d5f50461fcf2ce6458f3cc167 |
C:\Windows\winsxs\InstallTemp\20240501212055588.0\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa.manifest
| MD5 | 6a912f492582eb415293421a9babe38c |
| SHA1 | f5be1af48df88218a416d0c4293b4b1ce58c0708 |
| SHA256 | 19f63f32922553d62a08d17f41a75ec07d687c0bdaf8aa4ceff6d9725b5b6d14 |
| SHA512 | f310afbb63b58a630317b0002b302cf7bd424cec20fc3d8e16d821652e2ebc8b3e10b9d2ea8a564c0df3986cf3aeb68fd13c6a5aa73032ff8fd8a9495c12ad57 |
C:\Windows\winsxs\InstallTemp\20240501212055634.0\9.0.30729.4148.policy
| MD5 | dccec0d4688b82ccd409ead94b9a52cb |
| SHA1 | 2a7fe58d3aac85da7dd7f0a68c0e4a459244e68f |
| SHA256 | 42935f89f488aca0615d5a8a9741c4b8830c36b5c971f5aa05c82df345ceccaa |
| SHA512 | 68d2ffc9c58c5089357e2d9145757d67b11b5885ebb79c32e857b845b8a7cd95d7eaa72670d4f5830bee1d0e64164308461cc3a9912db34a13ddaa0692444348 |
C:\Windows\winsxs\InstallTemp\20240501212055588.0\vcomp90.dll
| MD5 | 401f8901dbaac9b3033e42a0698a0676 |
| SHA1 | 8769d3c0980c5efe8b05f27ddb62b4a5f6fb6b33 |
| SHA256 | fa473512b462d89b1829f3222362ac02757538f252967d16fda485ffa92ccf74 |
| SHA512 | c879017075cffdd735c81ccf124516f71ee1833156e708b234423b82e787d06ff7dc96a1b00985a96608572b6cbca383313354eedd9ab3deb1598d1182f7670f |
C:\Config.Msi\f76dffb.rbs
| MD5 | 1372bf4501b5dd51fbae08af309713c8 |
| SHA1 | fd4c596cc973d5da668fefe84bde9ce120bc6daa |
| SHA256 | c1258154c0c8c327347d5db05d6b0eafcab65e81c7bbafebcde2d7cf047614e8 |
| SHA512 | b42bc771f2bb64839f4585425bc5fed89be418ef7b8f5a8b9a1b71c4f426cb046df0bd245f15e28e4024f8c059a47461d31d63b29044e10823f1c25ded1d185d |
C:\Config.Msi\f76dfff.rbs
| MD5 | efb7273e52756ef7872de9e5052a91af |
| SHA1 | eba80c036e1a414fc1be1036af66879404c4036b |
| SHA256 | 94b57c63c47b0bc1632fc6ffa4aec1a0b35e7d456c30b0d69e20a0ec8ab2df26 |
| SHA512 | 88d02601a13a54568bb19bcdf8adab899c6edabf2694b5cf8b6431e39e266282441e3f410676460303dccbf6f75b4095d2861d2d09d6a65684a7f3a958329f8f |
C:\Config.Msi\f76e003.rbs
| MD5 | 36ad1bf16088b6bcf8ce567341c3872d |
| SHA1 | 84c63174d69e890b32bea38b806b5052f96956f6 |
| SHA256 | ee5e6b4241f5eedf825a0fa2060f551e35970e8e54f943e4dfadbbf9b1f5c13b |
| SHA512 | 4867b5c9a8aceb189fc49b6c270b0aee1f25c6daff30c2d67a9c7b34b2ec77aab83f36df4c379ccfb7df9eb18f0568f9dd534400375204fcafb3e92b79304760 |
C:\Windows\Installer\MSI6340.tmp
| MD5 | 9c023adf5ede661ee2a0a5b189afbf5d |
| SHA1 | f1f6e1b9f8d022d4710c10c70f1a512e0b66b43f |
| SHA256 | 861c150262a7609779c0ea46ac5d6a21f3537a3ecdadb3e9011e71ca6095dc09 |
| SHA512 | ac4650c16703eb7885efcb7036d1d3eae3a052ec5c2a493a26817df944521595ed993b8dde5454a7d37afc241c54d651f0240c92ed6329b036d642ea370e1b9d |
C:\Windows\Installer\MSI646C.tmp
| MD5 | cc5ee31f6c41c9837536116fa39e950a |
| SHA1 | a2103322536c027b89106a911f038f512ab8ae4d |
| SHA256 | 42d53a13c1feafa293e86bd5d950ff307fca5f4938de82074e61f61cacd46473 |
| SHA512 | aaccbcd16d17171ae80c7c608856be3a318dbde83ad54c3484430923d0cd11984565804f5597e997fa842c7f942533f64c741a6f297761754349f5fb953770a0 |
C:\Windows\Installer\MSI66E0.tmp
| MD5 | 277fda69f225dd35f4e9973c62559dec |
| SHA1 | 4e1dc3dedd95034666c877dd1825df56e8db745e |
| SHA256 | 4432a6c1d40bf169f815bb47e8e26cbd03b020f30b72030cf2e782d8aa1cc831 |
| SHA512 | 60c30a685d65fec61e39ecdace8f17ba546c7971f2c2741eeffdedd5b917169231f878c4870a9c255a68f26b28b3017903cf7ecf0f767d364ab338d8c25d0b9b |
C:\Windows\Installer\MSI67CE.tmp
| MD5 | 85221b3bcba8dbe4b4a46581aa49f760 |
| SHA1 | 746645c92594bfc739f77812d67cfd85f4b92474 |
| SHA256 | f6e34a4550e499346f5ab1d245508f16bf765ff24c4988984b89e049ca55737f |
| SHA512 | 060e35c4de14a03a2cda313f968e372291866cc4acd59977d7a48ac3745494abc54df83fff63cf30be4e10ff69a3b3c8b6c38f43ebd2a8d23d6c86fbee7ba87d |
C:\Config.Msi\f76e00b.rbs
| MD5 | 807ce90463c92b3106f49359359313b6 |
| SHA1 | 060c814205d4d92c52bba0e5e67a2ada452a2593 |
| SHA256 | 8a15675b8f4341c4a39ba0b7980ed5c145a73dc055288e313733ece0fb004d48 |
| SHA512 | cdad3ae443e1f4e448e30ca78571128a6543aadc197cec33a9f2de9ab2f1ed1f83c2476891a38a15c963df3b492ea5d39547a93bcce735f409ad5ec2f053f57b |
C:\Config.Msi\f76e013.rbs
| MD5 | 0067af9412d4c3e272db855eef464b96 |
| SHA1 | f489c15f6ed330cd6deaa6104cd11bd6f4bb80ea |
| SHA256 | fd5eb5b0c0af991e06623566878270a57208eae682eb96c2767577477d525ba2 |
| SHA512 | b2cda8fae3dffc26cea2534aff500264e59aa0d92ee1ac16b9e01426990300bc545f6aecef049a1780d9c3deed91c027ac78a5b4ca17d5fddcb05cf39f433f07 |
C:\Config.Msi\f76e017.rbs
| MD5 | 3383f31d1e8cd980c08f5357e21cbf3b |
| SHA1 | 39f33cc209a53de7a52ab79d336253f8f4186937 |
| SHA256 | d996aa7385efcfc22d62c6470bced95f06e9e7fe5825a0fddd155e89a9569545 |
| SHA512 | 67f3abbb87bbd54b7a466af655143d6a4ce7ba9b87fc35dbb2ff0226bdff98a4724b4de8e726bd07613dd18137fb3e256ea0e73bd4fc94244674322a8bf44143 |
C:\Config.Msi\f76e01b.rbs
| MD5 | 143299ccb1de4573ff3b64bcf0dfef0a |
| SHA1 | 409241d4db9ea0cbb904135f3d0368d9ca6729ec |
| SHA256 | 9ad21d59a90825fc0e01fa2b4ad80ac7471e090648247748354eccf13efcd662 |
| SHA512 | 3b830ea2292990118d4ebfe429a25c961a280a45a9af531a8078cdc414594e0147a3e2dcd56892dfbae85c33f75dda590ea756624ed4a61ed09dd145c6296481 |
C:\Config.Msi\f76e01f.rbs
| MD5 | 44c3e7ef6e026c488eb2d8d8ac9ac594 |
| SHA1 | c0966c063a4d74ab01678a93d535929b04d9092d |
| SHA256 | fe2e24331e3da1457514cef19b2924f7792c27d4c0cafe1e92ba35b8471c3903 |
| SHA512 | dbd44a2c13d24b3f9fa223f46afeabe62e72e1e8fc2dd8de8a09fce87f65cc425c1e930bd84b190fd8ebb6797a7be6ef178da0144b4800ce36e04c64183d9fd7 |
C:\Config.Msi\f76e023.rbs
| MD5 | c86a2d5e456272f59aa17b6d114a2372 |
| SHA1 | 9f2fcb1afcfc289da656b92bbdd362339bdd1244 |
| SHA256 | a2222b4d573939a56b9694ef68f974b55a21958af17d2118c705e588b04ca359 |
| SHA512 | 434caad22f22d7747cb4ad24f23c0388d1948f79ab31b8f5213b7f051ab425c08acb4e8bbeeadf76ec671955794ad848b2c0fd65776d5349a7d20f81fa534b55 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-01 21:17
Reported
2024-05-01 21:21
Platform
win10v2004-20240419-en
Max time kernel
141s
Max time network
151s
Command Line
Signatures
PrivateLoader
Sets file execution options in registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WLXAlbumDownloadWizard.exe | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WLXAlbumDownloadWizard.exe\CWDIllegalInDllSearch = "4294967295" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MovieMaker.exe | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MovieMaker.exe\CWDIllegalInDllSearch = "4294967295" | C:\Windows\system32\msiexec.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Registers COM server for autorun
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6a93130e-1d53-41d1-a9cf-e758800bb179}\InProcServer32\ThreadingModel = "Both" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00F346CB-35A4-465B-8B8F-65A29DBAB1F6}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00F30F90-3E96-453B-AFCD-D71989ECC2C7}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5a508685-a254-4fba-9b82-9a24b00306af}\InProcServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6a93130e-1d53-41d1-a9cf-e758800bb179}\InProcServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{58FC39EB-9DBD-4EA7-B7B4-9404CC6ACFAB}\LocalServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00F30F90-3E96-453B-AFCD-D71989ECC2C7}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00F33137-EE26-412F-8D71-F84E4C2C6625}\InprocServer32\ = "C:\\Program Files (x86)\\Windows Live\\Photo Gallery\\PhotoViewerShimx64.dll" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5a508685-a254-4fba-9b82-9a24b00306af}\InProcServer32\ThreadingModel = "Both" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{cac1105f-619b-4d04-831a-44e1cbf12d57}\InProcServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{cac1105f-619b-4d04-831a-44e1cbf12d57}\InProcServer32\ThreadingModel = "Both" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6a93130e-1d53-41d1-a9cf-e758800bb179}\InProcServer32\ = "C:\\Windows\\system32\\XAudio2_7.dll" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00F30F90-3E96-453B-AFCD-D71989ECC2C7}\InprocServer32\ = "C:\\Program Files (x86)\\Windows Live\\Photo Gallery\\PhotoViewerShimx64.dll" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5a508685-a254-4fba-9b82-9a24b00306af}\InProcServer32\ = "C:\\Windows\\system32\\XAudio2_7.dll" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{cac1105f-619b-4d04-831a-44e1cbf12d57}\InProcServer32\ = "C:\\Windows\\system32\\XAudio2_7.dll" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{58FC39EB-9DBD-4EA7-B7B4-9404CC6ACFAB}\LocalServer32\ = "C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\DWTRIG20.EXE -s" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00F346CB-35A4-465B-8B8F-65A29DBAB1F6}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00F346CB-35A4-465B-8B8F-65A29DBAB1F6}\InprocServer32\ = "C:\\Program Files (x86)\\Windows Live\\Photo Gallery\\PhotoViewerShimx64.dll" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D}\InprocServer32\ = "C:\\Program Files (x86)\\Windows Live\\Photo Gallery\\PhotoViewerShimx64.dll" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00F33137-EE26-412F-8D71-F84E4C2C6625}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00F33137-EE26-412F-8D71-F84E4C2C6625}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\system32\msiexec.exe | N/A |
Drops desktop.ini file(s)
| Description | Indicator | Process | Target |
| File opened for modification | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini | C:\Windows\system32\msiexec.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
Drops file in System32 directory
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Windows Live\Shared\wliduxhc.thm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMakerTemplates\FanUpTransitionTemplate.wlmx | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Windows Live\.cache\3b7b36c81da9c0d07\WLXSuite.msi | C:\Users\Admin\AppData\Local\Temp\wlsetup-all.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft SQL Server Compact Edition\v3.1\sqlceer30EN.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Windows Live\Shared\WLMFDS.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMakerTemplates\PanAndZoomEffectZoomInFullToTopRightTemplate.wlmx | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Windows Live\.cache\3e7628531da9c0d11\PhotoLibrary.msi | C:\Users\Admin\AppData\Local\Temp\wlsetup-all.exe | N/A |
| File created | C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Windows Live\Shared\WLMFReadWrite.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMakerTemplates\HeartTransitionTemplate.wlmx | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMakerTemplates\RippleEffectTemplate.wlmx | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMakerTemplates\Spin360EffectTemplate.wlmx | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMakerTemplates\TextEffectContemporaryFade2Template.wlmx | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Windows Live\Shared\en\uxctlloc.dll.mui | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMakerTemplates\BowTieVerticalTransitionTemplate.wlmx | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMakerTemplates\WipeNormalDownTransitionTemplate.wlmx | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMakerTemplates\InsetUpLeftTransitionTemplate.wlmx | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Windows Live\.cache\3aba18a31da9c0d03\DXSETUP.exe | C:\Users\Admin\AppData\Local\Temp\wlsetup-all.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Windows Live\.cache\3c9951a41da9c0d0b\Contacts.msi | C:\Users\Admin\AppData\Local\Temp\wlsetup-all.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Windows Live\.cache\cache.ini | C:\Users\Admin\AppData\Local\Temp\wlsetup-all.exe | N/A |
| File created | C:\Program Files (x86)\Windows Live\Photo Gallery\WLXVideoTrim.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMakerTemplates\InsetDownRightTransitionTemplate.wlmx | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Windows Live\Photo Gallery\en\WLXVideoAcquireWizardResources.dll.mui | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Windows Live\Photo Gallery\WLXImageTranscode.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMakerTemplates\FadeLowerThirdTextScript.wlms | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMakerTemplates\TextEffectFlyInLeftTemplate.wlmx | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMakerTemplates\WhirlwindTransitionTemplate.wlmx | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoVoyager.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Windows Live\Contacts\ObjectStore.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMakerTemplates\DiagonalDownRightTransitionTemplate.wlmx | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMakerTemplates\DiamondTransitionTemplate.wlmx | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMakerTemplates\SlideUpCenterTransitionTemplate.wlmx | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Windows Live\Shared\wlbici.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Windows Live\Photo Gallery\WLXMediaPublishSubscribe.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft SQL Server Compact Edition\v3.1\sqlcese30.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Windows Live\Photo Gallery\WLXQuickTimeControlHostPS.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMakerTemplates\BlurThroughBlackTransitionTemplate.wlmx | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMakerTemplates\FadeOutToBlackEffectTemplate.wlmx | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Windows Live\Photo Gallery\WLFlickrPlugin.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMakerTemplates\TextEffectBigZoomTemplate.wlmx | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMakerTemplates\TextEffectCinematicTitleTemplate.wlmx | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMakerTemplates\ZigzagVerticalTransitionTemplate.wlmx | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Windows Live\Photo Gallery\PublishPluginsInterop.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMakerTemplates\HueEffectTemplate.wlmx | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMakerTemplates\PanAndZoomEffectZoomInFullToRightMiddleTemplate.wlmx | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Windows Live\Photo Gallery\WLXTranscode.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMakerTemplates\FlipTransitionTemplate.wlmx | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Windows Live\.cache\3c83dbf91da9c0d0a\soxe.core.msi | C:\Users\Admin\AppData\Local\Temp\wlsetup-all.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Windows Live\.cache\433926c91da9c0d17\MovieMakerLang.msi | C:\Users\Admin\AppData\Local\Temp\wlsetup-all.exe | N/A |
| File created | C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMakerTemplates\ShatterInTransitionTemplate.wlmx | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMakerTemplates\SlideTransitionTemplate.wlmx | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Windows Live\.cache\3a4a0a4a1da9c0d02\Jun2010_XAudio_x64.cab | C:\Users\Admin\AppData\Local\Temp\wlsetup-all.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Windows Live\.cache\3aba18a31da9c0d03\Aug2009_d3dx10_42_x64.cab | C:\Users\Admin\AppData\Local\Temp\wlsetup-all.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Windows Live\.cache\3a4a0a4a1da9c0d02\Jun2010_D3DCompiler_43_x64.cab | C:\Users\Admin\AppData\Local\Temp\wlsetup-all.exe | N/A |
| File created | C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMakerTemplates\PanAndZoomEffectZoomOutRightMiddleToFullTemplate.wlmx | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMakerTemplates\Contemporary2TransitionTemplate.wlmx | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMakerTemplates\SplitHorizontalTransitionTemplate.wlmx | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMakerTemplates\TextEffectContemporaryFlyInLeft2Template.wlmx | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMakerTemplates\WheelTransitionTemplate.wlmx | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Windows Live\.cache\3a4a0a4a1da9c0d02\dsetup32.dll | C:\Users\Admin\AppData\Local\Temp\wlsetup-all.exe | N/A |
| File created | C:\Program Files (x86)\Windows Live\Installer\en\startuplang.dll.mui | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Windows Live\Installer\LangSelector.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Windows Live\Shared\uxcontacts.dll | C:\Windows\system32\msiexec.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Installer\e585abd.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e585add.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Logs\DirectX.log | C:\Users\Admin\AppData\Local\Temp\DX561A.tmp\infinst.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{E9FA781F-3E80-4399-825A-AD3E11C28C77} | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\8CDD41E806AE81E43B3E917301D4B5AD | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e585abf.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{1D6432B4-E24D-405E-A4AB-D7E6D088CBC9} | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e585ae1.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Logs\DirectX.log | C:\Users\Admin\AppData\Local\Temp\DX52BF.tmp\infinst.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\InstallTemp\20240501211946628.0 | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI9135.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}\ProductIcon | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\$PatchCache$\Managed\8CDD41E806AE81E43B3E917301D4B5AD\16.4.1108\F_CENTRAL_vccorlib110_x86.F9D0B380_EB85_31D4_96AC_C6CB40086A55 | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\F187AF9E08E3993428A5DAE3112CC877\16.4.1109\F_CENTRAL_msvcr110_x64.4006A2C6_1BD5_3759_9C0C_17A8FFBF6E3C | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\$PatchCache$\Managed\F187AF9E08E3993428A5DAE3112CC877\16.4.1109\F_CENTRAL_msvcp110_x64.4006A2C6_1BD5_3759_9C0C_17A8FFBF6E3C | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e585acf.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e585adb.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e585ae6.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Logs\DirectX.log | C:\Program Files (x86)\Common Files\Windows Live\.cache\39ce0fa51da9c0d01\DXSETUP.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI989E.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI9C5A.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI705C.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{41C61308-6CFD-4D54-AB6A-7136ED08A18E} | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI88B7.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI8EA4.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI9A75.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIA16E.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI8028.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI6A01.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\F187AF9E08E3993428A5DAE3112CC877\16.4.1109\F_CENTRAL_vccorlib110_x64.4006A2C6_1BD5_3759_9C0C_17A8FFBF6E3C | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e585abd.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI983F.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\DirectX.log | C:\Users\Admin\AppData\Local\Temp\DX4E2B.tmp\infinst.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20240501211946613.0\msvcr90.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI6CFF.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e585ab9.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI7435.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI828B.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e585ad1.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WLXPGSS.SCR | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Logs\DirectX.log | C:\Program Files (x86)\Common Files\Windows Live\.cache\3a4a0a4a1da9c0d02\DXSETUP.exe | N/A |
| File created | C:\Windows\Installer\e585aae.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{6522F5F9-411B-4513-A75B-CEA00395F032} | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e585ade.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20240501211946644.1\9.0.30729.4148.cat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20240501211946613.0\msvcm90.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20240501211953707.0\msvcp80.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e585ad5.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20240501211946628.0\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa.manifest | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI74C3.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{659CB81C-B54E-4DF1-B618-F35777393A54} | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e585aba.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI7842.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI8048.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI82CB.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIBDD5.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20240501211946628.0\vcomp90.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\InstallTemp\20240501211946644.0 | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIB883.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e585ab7.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI93E6.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20240501211953707.0\msvcm80.dll | C:\Windows\system32\msiexec.exe | N/A |
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr | C:\Windows\system32\vssvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000828eb54ef8e6371f0000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000828eb54e0000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff000000000700010000680900828eb54e000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d828eb54e000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000828eb54e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\vssvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\vssvc.exe | N/A |
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{380689D0-AFAA-47E6-B80E-A33436FE314B}\ = "Windows Live Contact Database" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{380689D0-AFAA-47E6-B80E-A33436FE314B}\AppPath = "C:\\Program Files (x86)\\Windows Live\\Contacts\\" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{380689D0-AFAA-47E6-B80E-A33436FE314B}\Policy = "3" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Version Vector | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Version Vector\WLPG = "3" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9019d14b-638d-4383-bb95-441b7f57eafb} | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9019d14b-638d-4383-bb95-441b7f57eafb}\Policy = "3" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{380689D0-AFAA-47E6-B80E-A33436FE314B} | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9019d14b-638d-4383-bb95-441b7f57eafb}\AppPath = "C:\\Program Files (x86)\\Windows Live\\Installer\\" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9019d14b-638d-4383-bb95-441b7f57eafb}\AppName = "wlstartup.exe" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{380689D0-AFAA-47E6-B80E-A33436FE314B}\AppName = "wlcomm.exe" | C:\Windows\system32\msiexec.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\37 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3c | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2F | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\34 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\30 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\31 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\32 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\33 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\36 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\36 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2c | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2e | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\3C | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3d | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2D | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\39 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2d | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\31\52C64B7E | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\33 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\35 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\38 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\39 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3b | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2f | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\30 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\31\52C64B7E | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\32 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3e | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2C | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\31\52C64B7E\@%systemroot%\system32\FirewallControlPanel.dll,-12122 = "Windows Defender Firewall" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2E | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2A\52C64B7E | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\38 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3a | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\3A | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\3B | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\35 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\37 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\34 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\3D | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2B | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\31 | C:\Windows\system32\msiexec.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8CDD41E806AE81E43B3E917301D4B5AD\ProductName = "MSVCRT110" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0003981D77AEC394D8DD2E2634E659B9\Language = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{600FA303-4E2D-4C85-989D-5CA19A41D121} | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{483A53CD-EF18-4B19-8AA3-2E2E3214EB41}\TypeLib\ = "{EF401225-1260-4716-A842-7D180DC14C1E}" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A5FA3C31-EA68-4A02-AC07-7C64D64B6E7F}\TypeLib\Version = "10.4" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{015A3968-837D-4D35-BD89-C9A4C5750DDC}\ProxyStubClsid32 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4CBEE322-1627-41F4-B655-AE18F6B088A1}\NumMethods\ = "9" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3FBB103C-F1B9-47DC-9EB3-A0C07F5F6AFA}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5AB59828-D660-489E-AC97-F1996D5129B0}\ProxyStubClsid\ = "{00020424-0000-0000-C000-000000000046}" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{8FBB844D-953A-4D0C-9A2C-DB1327A0C89F}\ProxyStubClsid32 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{66BB2723-7E7D-4AB3-BD1F-843CCF00B640}\TypeLib\ = "{A5FA3C00-EA68-4A02-AC07-7C64D64B6E7F}" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D84A00B2-87F0-4285-848E-3C833E82F4C0}\ = "ILiveTransportIdentityServiceCom" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WLXAutoPlayMgr.WLXHWEventHandler.1\ = "WLXHWEventHandler Class" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\SystemFileAssociations\.WLMP\OpenWithList\MovieMaker.exe | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8CDD41E806AE81E43B3E917301D4B5AD\PackageCode = "1739CF8EBF5A4504CBA2DB826C3F5138" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9BE8AE00-AF70-4C02-BC1E-9BC069D84030}\ProxyStubClsid32\ = "{81C55BCB-3490-436A-9F94-A264C15BFC54}" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WindowsLive.PhotoGallery.jpg.16.4\shell\preview\command | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00F30F90-3E96-453B-AFCD-D71989ECC2C7}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{32A7EBE8-A0FA-4A9C-A402-E0DA8E95A060}\ = "ISqmAdapter" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{03F8D437-1586-46AF-B78E-D4FA71943E4A}\InprocServer32\ = "C:\\Program Files (x86)\\Windows Live\\Contacts\\ObjectStore.dll" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{B90B14DA-6965-4BEA-8A2D-BD910041B941}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A937E757-3D1C-4FB3-BAA7-99F68F4CAA88}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2CE55E82-C49F-4E21-BFF8-6E59B819576A}\ProxyStubClsid\ = "{00020424-0000-0000-C000-000000000046}" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3519154C-227E-47F3-9CC9-12C3F05817F1}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6DC016B3-B4A5-4B29-8582-0D6FE5F56BF9}\NumMethods\ = "6" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{581376AA-EB28-4689-A5FF-E2E042506CFF}\NumMethods | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.mpa\OpenWithList | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C18BC956E45B1FD46B813F757793A345\SourceList\LastUsedSource = "n;1;C:\\Program Files (x86)\\Common Files\\Windows Live\\.cache\\3b7b36c81da9c0d07\\" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Microsoft.LivePhotoAcqDTShim.1\CLSID | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WindowsLive.PhotoGallery.video.16.4\DefaultIcon | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.mpeg\OpenWithList\WLXPhotoViewer.dll | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.wvx\OpenWithProgIds\WindowsLive.PhotoGallery.video.16.4 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{D84A00B2-87F0-4285-848E-3C833E82F4C0} | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F89A7F69-0506-4071-874F-42FC2D729601}\VersionIndependentProgID\ = "Microsoft.Photos.LiveSlideshow.ClassicTheme" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E30A45E6-1916-4659-95EE-035E62DB9AB0}\LocalServer32\ = "\"C:\\Program Files (x86)\\Windows Live\\Photo Gallery\\WLXCodecHost.exe\"" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WindowsLive.PhotoGallery.raw.16.4\shell\preview\DropTarget | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\.mpeg\OpenWithProgIds | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{508B548F-252D-45C2-91BB-2E6E9164D81C}\ProxyStubClsid32 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{E84D0D46-3D57-4039-9EFE-310AF1CAF92A}\ProgID | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A0F97DCA-FFA8-48DE-AB20-7782040C67A9}\TypeLib\ = "{A5FA3C00-EA68-4A02-AC07-7C64D64B6E7F}" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{080D5974-4B61-458B-921B-17628E423713}\ = "WMT DV Extract Filter" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Microsoft.Photos.LiveSlideshow.CinematicFullScreen1.1 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8C0613A5-8F7A-4252-859E-980DE2DFE2B0}\ = "ISSCEErrors" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Microsoft.Photos.LiveSlideshow.ClassicTheme\CurVer\ = "Microsoft.Photos.LiveSlideshow.ClassicTheme.1" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WindowsLive.PhotoGallery.ico.16.4\FriendlyTypeName = "@%ProgramFiles(x86)%\\Windows Live\\Photo Gallery\\regres.dll,-3077" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DE181FAB-D331-4D48-9443-18C395B853B0}\TypeLib\ = "{A5FA3C00-EA68-4A02-AC07-7C64D64B6E7F}" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{120E3B77-B437-48AD-94F1-653BA199CC5C}\NumMethods\ = "8" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0D5A7D0E-9A06-4E17-85D9-A0B24036371D}\VersionIndependentProgID\ = "Microsoft.LivePhotoPickerDialog" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{BF620143-7420-460A-9EEE-178B78D4939D} | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Microsoft.Photos.LiveSlideshow.VoyagerThemeFlip\CurVer\ = "Microsoft.Photos.LiveSlideshow.VoyagerThemeFlip.1" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{A98858BE-062E-41FD-B46A-E1BA5F61794B} | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3E96782C-FAB2-4552-ADB8-4F3CC70FFE8B}\ = "ISimpleContact" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8FBB844D-953A-4D0C-9A2C-DB1327A0C89F}\ProxyStubClsid32\ = "{F2AC1396-CF5A-4A0D-88FA-32EBBC4D4632}" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{CE9495E5-76C2-487A-85C0-2F7127CF359E}\ = "ILiveSocialNewsActivityIdData" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0DDA997F-E7FA-404B-B3D3-F1610807FB66}\TypeLib\ = "{7B996FF4-FFF2-4573-9728-C1A612BD8592}" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A5FA3C12-EA68-4A02-AC07-7C64D64B6E7F}\ = "ILivePlatformFactory" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.mpe\OpenWithList\WLXPhotoViewer.dll | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{636F33CF-E833-4761-BD18-60C1902529F2}\ = "BinaryObjectSyncRequestFactory" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0E12FF79-7432-437B-A7EB-7EDB35E76217}\NumMethods\ = "42" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Microsoft.LivePhotoAcqOptionsDlg.1\ = "LivePhotoAcquireOptionsDialog" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7F2CE947-4E80-446D-9AE4-17DD9D82A353}\InprocServer32\ThreadingModel = "Both" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1D8D19C8-0A33-45A4-9B3E-255B85C363A8}\InprocServer32\ThreadingModel = "Both" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{600FA302-4E2D-4C85-989D-5CA19A41D121}\TypeLib\ = "{A5FA3C00-EA68-4A02-AC07-7C64D64B6E7F}" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{75278229-E27B-4370-A85F-FFD82CC1F1EA}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\system32\msiexec.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\wlsetup-all.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Processes
C:\Users\Admin\AppData\Local\Temp\wlsetup-all.exe
"C:\Users\Admin\AppData\Local\Temp\wlsetup-all.exe"
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\4gnkc157\v7n8i19u.exe
v7n8i19u.exe v19o4ogh.tmp
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\oxn422ri\imxe1f9p.exe
imxe1f9p.exe gi3areoq.tmp
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\u8wrkqzc\ra86dy6k.exe
ra86dy6k.exe dgbrnyc0.tmp
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\y9mzp14r\0coupy19.exe
0coupy19.exe 5ym8ttku.tmp
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\eonr4zy4\5swsjb9a.exe
5swsjb9a.exe 6cc02wx3.tmp
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\nwhdwtk8\pzztmi4k.exe
pzztmi4k.exe 1q58q6mp.tmp
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\z2l70du6\1r1j1hp0.exe
1r1j1hp0.exe anga8rwr.tmp
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\0zw6a798\bm2ex01v.exe
bm2ex01v.exe emcdqxd8.tmp
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\n747du3f\ssxl4o9j.exe
ssxl4o9j.exe e68trmsh.tmp
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\l9sncgw8\7kk874sv.exe
7kk874sv.exe sbw1cn63.tmp
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\2wkvgnaq\cedtkp5c.exe
cedtkp5c.exe ue3we1gk.tmp
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\fumfz07y\s6w903kx.exe
s6w903kx.exe 528awnb6.tmp
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\md65gl97\v3ro364v.exe
v3ro364v.exe btvygr5v.tmp
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\fwzz3wsh\kphy9ogx.exe
kphy9ogx.exe jd8ijiot.tmp
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\xdotjgj9\om4f5gpo.exe
om4f5gpo.exe 8uj1hoht.tmp
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\z3vu74rp\izsocva8.exe
izsocva8.exe qavzvej9.tmp
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\lq2fasep\8nxx29ii.exe
8nxx29ii.exe y5m509no.tmp
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\myns44gd\raiapyg8.exe
raiapyg8.exe eq5ys233.tmp
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\gfojbsg0\z0oihpku.exe
z0oihpku.exe n7fx28jz.tmp
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\29gct92p\wctuq0y4.exe
wctuq0y4.exe umu9sx12.tmp
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\w0pp9t5q\6pkpusx4.exe
6pkpusx4.exe uhc8evq9.tmp
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\v2dva0xq\e8c85nyl.exe
e8c85nyl.exe tveg53c5.tmp
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\gys4882u\i420ou7r.exe
i420ou7r.exe no46y2mr.tmp
C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
C:\Program Files (x86)\Common Files\Windows Live\.cache\39ce0fa51da9c0d01\DXSETUP.exe
"C:\Program Files (x86)\Common Files\Windows Live\.cache\39ce0fa51da9c0d01\DXSETUP.exe" /silent
C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:3
C:\Users\Admin\AppData\Local\Temp\DX4E2B.tmp\infinst.exe
C:\Users\Admin\AppData\Local\Temp\DX4E2B.tmp\infinst.exe d3dx9_32_x64.inf
C:\Program Files (x86)\Common Files\Windows Live\.cache\3aba18a31da9c0d03\DXSETUP.exe
"C:\Program Files (x86)\Common Files\Windows Live\.cache\3aba18a31da9c0d03\DXSETUP.exe" /silent
C:\Users\Admin\AppData\Local\Temp\DX52BF.tmp\infinst.exe
C:\Users\Admin\AppData\Local\Temp\DX52BF.tmp\infinst.exe d3dx10_42_x64.inf
C:\Program Files (x86)\Common Files\Windows Live\.cache\3a4a0a4a1da9c0d02\DXSETUP.exe
"C:\Program Files (x86)\Common Files\Windows Live\.cache\3a4a0a4a1da9c0d02\DXSETUP.exe" /silent
C:\Users\Admin\AppData\Local\Temp\DX561A.tmp\infinst.exe
C:\Users\Admin\AppData\Local\Temp\DX561A.tmp\infinst.exe d3dx11_43_x64.inf
C:\Users\Admin\AppData\Local\Temp\DX561A.tmp\infinst.exe
C:\Users\Admin\AppData\Local\Temp\DX561A.tmp\infinst.exe D3DCompiler_43_x64.inf
C:\Users\Admin\AppData\Local\Temp\DX561A.tmp\infinst.exe
C:\Users\Admin\AppData\Local\Temp\DX561A.tmp\infinst.exe XAudio2_7_x64.inf
C:\Windows\system32\regsvr32.exe
C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\XAudio2_7.dll
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 5E5C3783503A87DA0A743DC3D951DD39
C:\Windows\System32\MsiExec.exe
C:\Windows\System32\MsiExec.exe -Embedding 21DCB84B9622A7AA19B1AA5E5654E8AE
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 5CFD420159F9FEA665AD48A3F10D0892 E Global\MSI0000
C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\SysWOW64\schtasks.exe" /Create /tn "Microsoft\Windows Live\SOXE\Extractor Definitions Update Task" /xml "C:\ProgramData\Microsoft\Windows Live\SOXE\updaterTask.xml" /F
C:\Windows\Installer\MSI9C7A.tmp
"C:\Windows\Installer\MSI9C7A.tmp" -i
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| IE | 68.219.88.225:80 | g.live.com | tcp |
| US | 8.8.8.8:53 | www.msn.com | udp |
| US | 204.79.197.203:80 | www.msn.com | tcp |
| NL | 23.62.61.171:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 225.88.219.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.14.97.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.234.34.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.15.97.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.197.17.2.in-addr.arpa | udp |
| IE | 68.219.88.225:80 | g.live.com | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ls2web.redmond.corp.microsoft.com | udp |
| US | 8.8.8.8:53 | ssw.live.com | udp |
| US | 40.90.130.194:80 | ssw.live.com | tcp |
| US | 8.8.8.8:53 | sqm.microsoft.com | udp |
| US | 8.8.8.8:53 | 194.130.90.40.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\050121~1\tmp52F2.tmp
| MD5 | 8274c233094ab59f40135619f32848cc |
| SHA1 | cb588154fc7e951e0199d2a56dc494010e7a994f |
| SHA256 | ac1a5b92fc478ed69aec3d94c6c0ba328789bb4e44a9c56598a4f961edfcb09c |
| SHA512 | 08434975e41233ac9efe507d87743fa3962321b2b556b1066514745d9a885f62ceab2d0bb6eb8d045186e5b9d1efee561851a7fdd5726495658ebf4d7693d105 |
C:\PROGRA~3\MICROS~1\WLSetup\wlt54AA.tmp
| MD5 | cbf9a63a3faccbb98f8056b9ee1118e3 |
| SHA1 | 2a1404023097cdfc07a578e0a8b5b5abe4db7b90 |
| SHA256 | 21679dca7b22f90fb864b4a30d7ef032710804b04bfd9c369305f50d8ad6e81c |
| SHA512 | b20458b6c80503e62a282c872dfa4fb40b53bbc079ab43ce721f47910b72cc7e5cb77123b5da8e4b72fb0a2b87b4151bd5467ef7fa2f7424ed49762b25184d47 |
C:\Program Files (x86)\Common Files\Windows Live\.cache\cache.ini
| MD5 | 6bba5a7ea205b00474d9073b1a75f67e |
| SHA1 | 6f501f39be35fd6e29753a7e648d1f040e733bcf |
| SHA256 | e63258d9621253183e15b4ae01438f85cd94f2391493d127134e3b4d4e00f0b7 |
| SHA512 | 95d23a109c61bac6ca1ca7d6c77ba26d6221f078548353d0c62bf4e9897b3ab7bc3ea3eafe5e2458852f37ab733dc92a9bb4101eee01a67bf6c8f67c761158e7 |
C:\PROGRA~3\MICROS~1\WLSetup\wltEBFA.tmp
| MD5 | 6df4dd5ef40cdb035d1851ecb495d498 |
| SHA1 | 5c8752da038c7218d6d3bb2d0217f1a40a2a2da3 |
| SHA256 | cd4a58a31dd7dbabffbff3a16f1771e500480b6054581ab9f5c6c029807931df |
| SHA512 | 8f6ed579df5822869c9f16f579ffb32be3c2218b7b898b97976d1f9099fc47d6703740fc9e6894328eda42c8f141b579c8ea3f074214a5b73a3284d67279a75e |
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\4gnkc157\v7n8i19u.exe
| MD5 | b3695953f17eb4ef1c67422007304546 |
| SHA1 | a4915419b346f11d304f337f4e9bb627be5171ea |
| SHA256 | 650b8d8737e5565709c740508b41b187720eaa32edd12f8b66bacc27f2270953 |
| SHA512 | 73b5aab985ca473b88d2efb3386a0c22eec12c035bf6f89e23905d58e6e5cd83d71ecf2909e06d661011da4987badc1b5a071613980260c5bc75a9e48ee93db2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\4gnkc157\v19o4ogh.tmp
| MD5 | a6bcdb8f4c2995fdd878db23f9d800f1 |
| SHA1 | 3d58e01f26811095e7ab09ef7ca117ffbb831276 |
| SHA256 | ef36704ed00de8491b983b191968fbb8a06d17af675de19dcf0506edee8f26be |
| SHA512 | 5f6fcf82275b567b56b59f1e9485102a6c7fa94b63d3b1f72501f498d82802b5d9d1f8650cd82e489d0616573a58ce808e1c9021ac01b2e9b8f9ec5d3e567812 |
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\4gnkc157\D3DX9.cab
| MD5 | 692b02ad89ed82727a47247556320ea8 |
| SHA1 | cfb54a9792ca16d8fb8c35513015abd5ae996ea0 |
| SHA256 | ada3f11e2be0f1e9faf4634de6cf5f95eebb65d24ec6b9220b479b70fe584be2 |
| SHA512 | 1a9165fe1001671ab3d3f8bc9eb7532b95848c7b0582e3aad8bad53ed90dbbca0a6df1fa154afac9f4d18184a51422ca72131e92cb977ec3e25d2d860814229a |
C:\PROGRA~3\MICROS~1\WLSetup\wltEF19.tmp
| MD5 | 5fb8878a81b4814ccbaa4c9c1a8b5702 |
| SHA1 | f53bcf0dba7960a7e085a4283d8aac8488459e15 |
| SHA256 | 4cbac23a4d6e893d1038bdbe33775924ed9c48ebb6c1e43e70074c8d8b571c21 |
| SHA512 | 9fa503ca6682db982e0138f81972dcf700c7264a6c3f280c68860b10aba68132a9d5a6b60f195e40b971572dbdb0e52b391cd70120c326f2ab7a6ab1c671d43b |
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\oxn422ri\gi3areoq.tmp
| MD5 | 46869c11974313746173fa325517d5d5 |
| SHA1 | ee07cc2700fd628cd55a9083b440efd394803172 |
| SHA256 | 967c62f26e6556453e5a38ec192f02fd25bbb983fdd2c9ccab012528b9001dd7 |
| SHA512 | f273ac7affd55675711335e3d948d94aeb86ef8a06db0b972017f2d08ee6d3efe9ffa5ae0c10d4c3acd32a13895a4b4753a457c11f2a0ac59c1bd49eab528b29 |
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\oxn422ri\D3DX11_43.cab
| MD5 | 169d9f118ff7ddc6fd8388e673c0b72d |
| SHA1 | 23c5bcfdc3e8ea04951805bcf8736f4dfd9b11ae |
| SHA256 | 82670e1c9092db7e00b9c91cf73c7b12251e4714ec66926f3bf616b2ce8df98c |
| SHA512 | 31b02fb847c0c9ac1fd01ff8e802f61d83a9e3197813f181395c7fe53d2e7096be6617ca169af1c827be97fc44c080f2b23d4a4f78e026a6d785ec4552af2ef0 |
C:\PROGRA~3\MICROS~1\WLSetup\wltF209.tmp
| MD5 | 02136a305a5fcbc5b31373cb489a1a34 |
| SHA1 | c6d9d7390c781ddce4d972bc92f57a00952f32b4 |
| SHA256 | 0de72fad2d446e5a49da3e8f2193dd20eedc5efc15de5f628b6f84cb58d7b00f |
| SHA512 | 1bc2e54b11e6eeca047804d77eb7f7ec9f0f3dd539e5a8ae2b7dced5653c985dcc25eec9f0f65153935f06b8d4b36f21d00c53cdaf32773e93a4bb3e244e36f5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\u8wrkqzc\dgbrnyc0.tmp
| MD5 | 0edc6461b2b7af6dcec4a152c6d12797 |
| SHA1 | 0c0f0df6223a061e7661d772761020ac2e2e06a2 |
| SHA256 | 5a754fc90bfa2f60b3a0fbf45e9ff7658f77daa08debb2bdb6ca6c26304bd627 |
| SHA512 | 54a540e6e410fc7740317e494f60c8b12b2b824fe5ede4d5339e79c0cde4ff8db09f1c9c4350cf175cd6898a77e74e8efe5973dc526e3d990380940c01e0a99f |
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\u8wrkqzc\D3DX10_42.cab
| MD5 | 0a1d01413e017982e2d9d819e94b6a11 |
| SHA1 | 9fa93226a928772754a0e30e8872d961a013a7d9 |
| SHA256 | b77ba929b68ba8fdd40209ddf39ad6443b0513b7be639c87f69d8afba90173c7 |
| SHA512 | 881b22755fb56f38cef0d668ef23df14e3ee0e85218cfd485add3d102da25eec5aa00931dea3ff6934077e03d8eb4f93e688518a37ecc7b308c23d443e47253f |
C:\Program Files (x86)\Common Files\Windows Live\.cache\cache.ini
| MD5 | 622f87970b917b53f81554131b63e21d |
| SHA1 | 55f8c0a1096b5d415485468488b35b0b0dae4d39 |
| SHA256 | fba65c31b7a67bf9a1a2f1cbf07d4dac3362c17376993b83df5a81790c188190 |
| SHA512 | 4ccb85c462d537786dcb9eab85a634ff07d8e2511e3183bf1046af26faa1b1fec5ab420abacaa0534cffb3e4eacb0481573a29c5e9cee0eb061217ad991731bb |
C:\Program Files (x86)\Common Files\Windows Live\.cache\3aba18a31da9c0d03\dxupdate.cab
| MD5 | 8adf5a3c4bd187052bfa92b34220f4e7 |
| SHA1 | b52be74c4489159bd343d3c647f28da1fd13d9b9 |
| SHA256 | 13393a91201e69e70a9f68d21428453fff3951535dec88f879270269cfe54d6f |
| SHA512 | 3e2f2fe4b5742a4cf6ee2f6b8c0ca734fd0b3c5431dff112c907231846dd3eebee7b9b8117f0256119614282cc7a4896474a199563078481d48a1204ca96f92d |
C:\Program Files (x86)\Common Files\Windows Live\.cache\3aba18a31da9c0d03\DXSETUP.exe
| MD5 | ddce338bb173b32024679d61fb4f2ba6 |
| SHA1 | 50e51f7c8802559dd9787b0aebc85f192b7e2563 |
| SHA256 | 046041aba6ba77534c36bb0c2496408d23c6a09f930c46b392f1edc70dfd66de |
| SHA512 | 7a63925278332c8e7949555383b410d8848a7834b85f34d659e351ba78cbe4d2ec09caccb2178d801b9b68725c9cbae48a6a1f07f0804a0c41eb51df79b7eca4 |
C:\Program Files (x86)\Common Files\Windows Live\.cache\3aba18a31da9c0d03\dsetup32.dll
| MD5 | 0f58ccd58a29827b5d406874360e4c08 |
| SHA1 | ba804292580be6186774e7f92e6dfb104e46bf25 |
| SHA256 | 642d9e7db6d4fc15129f011dce2ea087bf7f7fb015aececf82bf84ff6634a6fb |
| SHA512 | 3e3d4f2de5dc5addc86765a2f888487ea0c9ee0208fac60187ddaa9a2bfd73cfd7734836d32805fa43222470c8f6cb9a10e2a099aef72c67ad7c789096e57ce4 |
C:\Program Files (x86)\Common Files\Windows Live\.cache\3aba18a31da9c0d03\DSETUP.dll
| MD5 | 9e0711bed229b60a853bcc5d10deaafc |
| SHA1 | 2bea53988bd35c5df5c9edcef0bc234c37289477 |
| SHA256 | def6f245762be36cf18b435ba8b7ebc224b9c21d1a1db606a8e8fafdaa97bba0 |
| SHA512 | c0b31872e52c8f4270d991c70d1a1c9ef9a4bbee4807c54c05a449cd1607506ab16ff1e74b378651b36e3276322c86cd843565c8a1aa33a49c47322ef4df0185 |
C:\PROGRA~3\MICROS~1\WLSetup\wltF363.tmp
| MD5 | c70d9646c09c2f27ee53b5788419d7f3 |
| SHA1 | f143de048873e4dba0eecb2a34a98ed5998d12c1 |
| SHA256 | 21f718f04df5a024b8db72f5995fd53a7aec14198977d7b418925040af233a0d |
| SHA512 | 6ef9e829118880a9c1c77a36302b8f5305635fe738edd36134fb136c242580fe7a7a3532880364342caf8ce36d0cd17ee97f2de387faac197ce0cd37d5de4ecf |
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\y9mzp14r\5ym8ttku.tmp
| MD5 | 4ed866061580d42f96f09c16987462c7 |
| SHA1 | ee69d20909acec25024fdb8680a9dda03ad51d2c |
| SHA256 | 225a26cf9670ab0344b052474fe5ff576c808b53eed275d66efc51d16a149804 |
| SHA512 | 4f9c871a138729e8af4970f7259ee44375de6a949452d0a768938d263b095fd76ebcb4354ce437d96c6c84d0562ff08cb2dd4fa5ace3fa497fb039113dd76e90 |
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\y9mzp14r\crt90.cab
| MD5 | 575a2172466e1a8b0f17bb3d64f0fc94 |
| SHA1 | 86778234f14757b95f475dd6cb7fec32ff179cd8 |
| SHA256 | a2ae8965a8502654e7e8458c301dc0225d893a55d3c71b1cbbf6e9c0f3204a8a |
| SHA512 | a79a9e7e2f101487d80de9ab6e4990502fffc932abd41549894bda32ac5707574e9b5ffe9f40f9f075915bb6a4c7d2215c28d461c1cdf45246f202c1121b6cee |
C:\Program Files (x86)\Common Files\Windows Live\.cache\3aee8bfb1da9c0d04\crt90.msi
| MD5 | 1c26a77f50bfca590760bdac24e84e03 |
| SHA1 | 856b931bb34ef8aabdc924c0e017a18c78430aa7 |
| SHA256 | 184f0e66df21a08c25afc6b7243d1f38feb19b5a45d2b2bd5963037c4fb908b7 |
| SHA512 | 638573cbb2c260e9ee8a79e39bb095fb43be9d31641fc7f4ce906378811e6c2d77175c6b39c3ff9a877236bddf5a42b1000adf8acfe95d0248e8b2a2cd263bf2 |
C:\PROGRA~3\MICROS~1\WLSetup\wltF549.tmp
| MD5 | 447ecd02b6dd7367994fdaf6ad40f1a2 |
| SHA1 | 41e5ad502ac8f903ffd143fa6626ad332b9e38d1 |
| SHA256 | c840030ca34878f7205ef9ff19ac1a3bc904f46ca31db8606fb04f81d986e8bd |
| SHA512 | 10971224c4b9263ba22c4bf62dee73fc51e9c7d787ff02d0cd02ad3adb598acf79f6130e48131ecc1032d01deae35e889db45c1b39ad2e6b6875bbf86a5f325f |
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\eonr4zy4\6cc02wx3.tmp
| MD5 | 6971afaa9cc2552c74fdb965c2fb76d0 |
| SHA1 | 2a384297c92a41f12d467642adc72b9b585374e5 |
| SHA256 | 0dd513040077b5c7e1a869f1e1e1f709cc669d21105650e6515ceab34627d468 |
| SHA512 | af3a47a32f0c5f01623c1d280159995ae6102f986ff4c7b475b7235cddbf32296e726f2be4203de293095fdd18a5065c9d6855f1e4d072142ac793152f318055 |
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\eonr4zy4\crt110.cab
| MD5 | d119aaf4bf4085612e9af0518bef08e2 |
| SHA1 | 06a029c35d3161aeaeb7189f3cb27fa855c6fbf6 |
| SHA256 | d7161a6d9176ed76ecb13b0931bdef32cb3239e9559c875ebd9cd485a2e31d39 |
| SHA512 | 015b19f5894c09df2a553f56ae3151a2ea0671020379dd818d1a7c1b9fe69772d67daed4e6c6afef5faf1aa9994a061345f816ad191ca0e20988c67b9c02ef58 |
C:\Program Files (x86)\Common Files\Windows Live\.cache\cache.ini
| MD5 | 807d29601e502b5546b1e75064a0c45d |
| SHA1 | c99e58c2fd1b8830990bed53ef69816b6b2b77be |
| SHA256 | 9e1a8d3807a49e82bbaf255ea379ada65b9f9d7316827f57b6244c36ecca8f9c |
| SHA512 | cff1fd047147eb57a3b31828597caa6e2669a080d355129377eeeae31f1ed6f75c6441d87bc5237f8dedab27dab92bf7e6c48b19a748969d6f6a320e79607ac2 |
C:\Program Files (x86)\Common Files\Windows Live\.cache\3b3874da1da9c0d05\crt110.msi
| MD5 | b6874af023443ad4bff84ddd4a219aa7 |
| SHA1 | 358e1c9245cd0e916712586e459d038e3e6807fa |
| SHA256 | e66c187e6633b82bcb64201600bbe6eade67e40bc23aaecab71c0c130d3a4c30 |
| SHA512 | b1588d6f69b2537090eaaa198ca46ba697c0c704ad2a2c81d56040095840e21860a0f714abe37ace67b08d4251b27240bc183a62a11e3ae7a6c091377cce7689 |
C:\PROGRA~3\MICROS~1\WLSetup\wltF635.tmp
| MD5 | 222a19d7053676738a56fd3705303200 |
| SHA1 | 10756e87ed956adbc8b3a73e3b4b1a0f62c06545 |
| SHA256 | 430dd49b0fead20b222985ededc24686e254f171c4d7abd3a009d725f3666681 |
| SHA512 | 3f125562f99a200aae441414d5d248550715cf1421fb0dbfe0f9052f0ba70482004596aa0532037d5d605472be722dde1181b7ba5e0b3e416bb1437d7a74f58f |
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\nwhdwtk8\1q58q6mp.tmp
| MD5 | 3ffdc68017839bba5212426593646e16 |
| SHA1 | d159eab8ad10eb07cf15f55c52220748fe1d30ed |
| SHA256 | cc40009fe1e528af8bb5f24687324999d36e948d69197b88761b0e93d704eb0b |
| SHA512 | 7cebe2dfe1384bee8dbbe0afef02b11b0c70fb612eed85ce3d53228a629338b250922fb93f503195734106fc83aa7a35961c1caf0a12d41e92e068c79afa10b6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\nwhdwtk8\crt110_amd64.cab
| MD5 | 52eeeca22f1c4f393702ab75ca4a0c7f |
| SHA1 | 188c56555be4bfddabc1bdfbee827e47ec6b64b9 |
| SHA256 | bc1671181fb9179dbf6e326b23030e0ffc19c9a2b084c7c28ad80152b40569a3 |
| SHA512 | cd6feb5535807253b64923029d6d4ea4c2a7464eee1ec2ce07af5c224ee3a714f537ba7327f105b223fddec08b1297b0a61150537222b19b061ed06fa2abb624 |
C:\PROGRA~3\MICROS~1\WLSetup\wltF6F3.tmp
| MD5 | fd61bf6ae58ec3aa09157fed71f14492 |
| SHA1 | eed13224b402129767d24ed82d09d8473eb5e806 |
| SHA256 | 08d2e9ee6fe16a67242176d218b6423a1be21fd81c1ee60d45cbf0651647fb70 |
| SHA512 | 20a2c4f5c19b931c1367a095ab65e50deb16fbd4bd4e98f9ba1ebf6d7c776d975dc6bd4a57ff9f9952569c43c01bf2f8f100202e4aae0ae7d61d2ae22a4aafea |
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\z2l70du6\anga8rwr.tmp
| MD5 | 6b0e1c4a026558ebd9b7adf2478256b4 |
| SHA1 | 09d4806b572891dec18f8ea36fc783ae3fa2f333 |
| SHA256 | f4d56250a6ad6ebe6d16444e7bb65daf8cadc94e12be7d7f4a156acbb52f1059 |
| SHA512 | a8e8f71b202a4ae1bdecdd7ac1b96e791d6663aa731def39bb561c89d350a1029c41a7aaee133bb8c8d68502a45ca4fef16d2192df6592db711011a9523150e0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\z2l70du6\WLXSuite.cab
| MD5 | dd4976b6bbde52aceed41ea0e619c7cd |
| SHA1 | eb0d5db7445bfcd5254c0b1e95cd60aa0f16105e |
| SHA256 | 2e14e58be3fa84b292bd49be75a053340c878956c5f7eb76bf1d68464e0b9648 |
| SHA512 | a7502c2e40a99aa508731c0cfb0fe6317c64381816ad6fc0a3524f7540559d762261e0a957235bbf128ab75adabcd8dbbc425e71d577376e859712084593af2e |
C:\Program Files (x86)\Common Files\Windows Live\.cache\3b7b36c81da9c0d07\WLXSuite.msi
| MD5 | 9f91bd1204abad23916cea89e0a6502b |
| SHA1 | 9b23bcadaee6fc61d02ae5b0aad060cdeec61023 |
| SHA256 | f213e44352caa38ae3b443b76377d62a686a6697dd55fd3120e0b86cdd571c87 |
| SHA512 | 95b313aa1e7bc71d13f82f3219f7e03f076d08cb8f5cdc31b1858af1791b745fa7cae6bd2513ef8614abd186fa9f3f8401d882e5d1d9331259910fb2f3c679fc |
C:\PROGRA~3\MICROS~1\WLSetup\wltFADD.tmp
| MD5 | f9f7f6c1ee64179ac24c2797097d5706 |
| SHA1 | 8c17d7f8efbf19b76d3d843a2a2e8a7828cf314f |
| SHA256 | 696f86945af7fcc7ed0fef9c95c7343e44db8c61c14ffeb5f35381664f1f5191 |
| SHA512 | 2c3fd69f1db6ef20c115febb912dadfa9e7048743837f1dc5fffadff42efdb9a751fdd99390ce0e2cb54c1519f9183c8ded6fba4cea5433933cd73a023304e50 |
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\0zw6a798\emcdqxd8.tmp
| MD5 | a6b1bf5479520ded28fa779a66c14dad |
| SHA1 | 1e14710a9e9c58ce227b9d4b2c960997a5577815 |
| SHA256 | b0cd17b8c87e89a17743c8f1c75e401984b4ba2a8127f38aaef62c83cfdd4df3 |
| SHA512 | 28063d56c23123c38d0bbbf8a9ba5b5dd2630c379ad8592973bf84139a91b392a8b32f8a9ec4fa82adc6426192c85b9c15860b87880a4bcb459cb3cdcb063758 |
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\0zw6a798\Watson-x64.cab
| MD5 | abc26cf06709db3146c92e0c8377a8b1 |
| SHA1 | 2125a3554005ece8524b919815fdd9cc1037a66b |
| SHA256 | cebe84014bfea44543c3c956d665b2d3d30c0308b80ca90a831b9c7d846356cf |
| SHA512 | 48906552f9a7b90ac76a242601739e3533859117125b912f02c40a38a756a9099bcc291cdbe98e1a9bc832bd734dbad610d9994223624127c8a28cfe0829c9d9 |
C:\Program Files (x86)\Common Files\Windows Live\.cache\3c116b351da9c0d08\dw20sharedamd64.msi
| MD5 | 2459308b46fde807b05e541ed484af4f |
| SHA1 | 6d6732af93fce1f5f4bb8f9e41cab2c70c1b7bf8 |
| SHA256 | 46a2b00e630d478780bc0db5c312811ed0e194f0680ecb1df769cd3103bcd422 |
| SHA512 | ceffece9a3d10f88194846d463c95880b2af203d65d1077415f433c3e657b501cefad07410ce650ce534485a6bd756e8937151b67714045b528bc88979864a87 |
C:\PROGRA~3\MICROS~1\WLSetup\wltFD02.tmp
| MD5 | 10b8dd1e4ee0a05ec2e1e31510b37d61 |
| SHA1 | 672c7950d93f23e7b100a2fc5bc8797adcec95ee |
| SHA256 | a94259c2dfd6f0422a31494bc0474189605883ca10bfd2a8b9317b6381c170d7 |
| SHA512 | d08d34098d321847c330ba132181d2ede1c8a5d8aa845c7bebdabab1596beaf1a92889c5824f48b370e2c3471dace1b6ba92c85b6715d284d0c4ae27bfecb4a4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\n747du3f\e68trmsh.tmp
| MD5 | 7b68481c3758c89baf84408ca6a516a9 |
| SHA1 | 50bfcb68317aa5c41bf163b1e1d6b9a3e1b50d45 |
| SHA256 | 7a6ad74823dacf11e46e4b9d720bb610ddf0b0653963d616671e926748133e0e |
| SHA512 | ad4b42ec85c977f31ee552bb51287e46333ce163e2652f3d640d87431e059cd8e5426241e34c37ac3d23806ecac05b042311db5ebb1b0553016c4353b7baca1e |
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\n747du3f\soxe.definitions.cab
| MD5 | 3bd00551de772995f7671a6ba45d65ab |
| SHA1 | 8249b2c28c73cd3a0bae4067e5cbd8c0e65d6923 |
| SHA256 | 23c26ddeb0a3576c50d7ebae995a807163c63fdd5e8319aa071d13fa9a0a6496 |
| SHA512 | 4e40ad0e7a414911b578ec515666475f9ab981723760fb6aa0b697e417a004cbae725f1ab295ac3026d22323dddab9db7f298d2cfebba854a1f2bf5ff5a6b6eb |
C:\PROGRA~3\MICROS~1\WLSetup\wltFDCF.tmp
| MD5 | 5ac50acb23e095fc4a3b3754b7e67e29 |
| SHA1 | c5f5157c33924313787f007a1f54406d2cba16b8 |
| SHA256 | 83a4fc7db344ce7e7225e92ee0a3b8df86549a0ae43d3d536acb90ffdebd9ba3 |
| SHA512 | e5daea306d18b2b6ffc0f2554ff3bd2fcb1119b693125965fc780c7d89d47355f041b0747d133eb2e7ee82b1a60a7f0549005fb972161222c8821a01ba862d00 |
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\l9sncgw8\sbw1cn63.tmp
| MD5 | 6fee869fb755bace369d1ab411e7b378 |
| SHA1 | c7f5a525cab44441e30de2fcd2b17d60c099d40f |
| SHA256 | ea894ba961f35cbd34f63a5569a8fc9642bf82ed5d6cf2df2618d84e7328feff |
| SHA512 | c6175007077dab80a11e2bf4606735fc382d602f60c2ab26e90e221ae1aaeca9e782c8698e589e0e4299b43e02b1c68b59297737ce820f870742dbf141560107 |
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\l9sncgw8\soxe.core.cab
| MD5 | 22ca63e33ab582842692359e8178ef1f |
| SHA1 | da6d9d58e849cafed8a58a331ef1ffd17ee085a4 |
| SHA256 | 48f7e9437dc980c37c284e3157f5651663725cbae5e4341f70e6672972cb87fe |
| SHA512 | caebfa50b3c1f8b64bcd08b08d6f3b41ed6e4683767b5764ae2b636bcd67bbe845aa38747c0bd6bc9f552d24dc89a00e43cdc2668d1645ea7b4540768be702a8 |
C:\PROGRA~3\MICROS~1\WLSetup\wltFE5E.tmp
| MD5 | 7fa4c347edd4745f69e50e04d6c759fd |
| SHA1 | 4d65e4997b62bacbfb881437fe69bcc11c868ad3 |
| SHA256 | 474ac624b9291612f7d3870ae1b972dd2cff6b4e58d36e68fe57e4c9dbf1d4fd |
| SHA512 | fdc6bd74509d8f7264bc2afda8da88fcbc899cce1d27772121dfc43d3166f105adcde311fbf279235e2e0bdf0debf8eff1be593226673acfbfb522bee4423d0a |
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\2wkvgnaq\ue3we1gk.tmp
| MD5 | 34983f6eb1552b4805a6766c9461cef3 |
| SHA1 | 7f52a185a5c10c1291be7907731d1e990f8a4a90 |
| SHA256 | c4d4ce3d9a3a8c881281858045075997747a4ce8ea953a1f5f301e60a09093b1 |
| SHA512 | 9f8e41f3b79cbf9b56b737abb779a6c4ab95aec07e9961240fb08efd1ed78fa677be9a9e841bc2bdd185631ecb986ad8820fb6ff098fe7866f7ce74f3d5ef6a6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\2wkvgnaq\Contacts.cab
| MD5 | 5f26b195ce2d0e31cee1efc7005eec86 |
| SHA1 | d7b8aa59ee38748d843033c066c6b61da57ccf64 |
| SHA256 | 35debf728fc1abcbc96048e4d386b81c12bbe7ad1558e4ccee0002edd6b7da09 |
| SHA512 | 55b037584949ba68993646c3fc49938890cc08c4a98766ee3d9e53d651db3dd2cb5a6399709690dc042ae1c9236aa26113ea416c333eb50b1218cb194615ef38 |
C:\PROGRA~3\MICROS~1\WLSetup\wltFFE6.tmp
| MD5 | 35cac173c2b8032543c5977e34277238 |
| SHA1 | 28930a5c72f00723d1f471004f4b2a4bcdd63573 |
| SHA256 | b2ad5d9c9d9df2d9aaec5e00bd8adceb36de0d3fe66c23fe6567c084a7107ad4 |
| SHA512 | aeb83d0d8e293c90ffcdb2157431c6566c8c69487067e96755d17de4383d0d752760f66b8a1c666175317b3c7260f1291503504c08fed910f5b0969e50b1716a |
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\fumfz07y\528awnb6.tmp
| MD5 | ee3ac9d9b218516b43d3a2b8f2a24508 |
| SHA1 | 8f0e3f8edc39a816f2c8edd171a7738c45bfb6bb |
| SHA256 | 98f6006ffb554539cf1cf6be46795e7e6b9b1592ae42a97f780a467badb07ada |
| SHA512 | 0048ffd26aad92b1545414c99c5825315f8538a34d46017629be49e9ebe817cb5a5bfa3aa699afe4316f886bb2791d84609cc7e10b589a2e2584be51788e28c4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\fumfz07y\PIMT.cab
| MD5 | 801f96ac4b7e12b9691c12e94c7abe2d |
| SHA1 | 05b2618a84a080d3e41725bdc6f73632cfbb4a8f |
| SHA256 | a030b62c1da3ba7d8821e60fb4427c9041fbc077867b59a528371b5e5cdc419a |
| SHA512 | a75d0e8074f55bd1cacc3f6b7938fd111d5328963dfb6573f0b2f1e8ab9738887b2f55e657893d37319feb922e4bd998e20a91a516d7783f472bc8fff5aef95d |
C:\PROGRA~3\MICROS~1\WLSetup\wlt121.tmp
| MD5 | 6733a81b51871a2a23b55a3701647aed |
| SHA1 | 1d954976870df0085660db7333a70e5c7badf54e |
| SHA256 | 071ab4216d435c8e1b65e7c7193067a3ab02b70b2b5eff1c2a0eb505b86f1129 |
| SHA512 | 541131798086fa172be0810adde06c5a4a94449e0c222fd40070c570f409c8a11b342c6e243bf295221e868a53fa77c09e25c45d5ba69d59ae88e4806e154ef7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\md65gl97\btvygr5v.tmp
| MD5 | 5a9d80b5422ab12c962cb2e62e865485 |
| SHA1 | 9a0e76535e25e71bb9225509a32ab95df5c0703d |
| SHA256 | e05f4900a6c6765a339a12fbe2d4a163413c09432d9845934ad9e0ffc032790c |
| SHA512 | ddd059f2435e113c3bcb3cceb2224dee2b566ec6a1283a18f50861ef9499df73cdc6fb7ec88a11285b0a431bbf98ba678b8f0c17868214a34629c5b9066d082a |
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\md65gl97\d3dx10-x86.cab
| MD5 | e2c883cf5af7ffd177c2e885e7b9211a |
| SHA1 | 1133cc73222ee105989ef10ac06a421f62b77ab0 |
| SHA256 | 100f6fdade69a4efa4e315154046b13e5dd6af2d091a573f27dd922f242c07dd |
| SHA512 | bc9e8304cfb131ac300485d9b2a221da434733b23a9b7235b044ce22fdaf0c0ba22ed74caedfbdfb1a044345bbb04d954e2d6cb3b74591c4c5df324ea99c679a |
C:\Program Files (x86)\Common Files\Windows Live\.cache\3d0239281da9c0d0d\d3dx10-x86.msi
| MD5 | 141021890289016535d5d12741a0cbec |
| SHA1 | 67cd42ff9e9cf6433b16eb638fb08d6d77c9fb3b |
| SHA256 | 66dfe4c288e800d098e8ee5c02c7fb8d8279ace5e105a946f2517877ef550fe0 |
| SHA512 | 393af5d625ef751a986ed2b90a4edcd5ae7b842d228dbc5e41ecbc5d7ecb4d176264f80ac951ad1b698c1b49b435befa5117e77778aec5696f031db85349992e |
C:\PROGRA~3\MICROS~1\WLSetup\wlt23C.tmp
| MD5 | 81a7886ba27f04ce9d4905c57df4963f |
| SHA1 | 7cbc155539038abcdab731aa7afb8843ff504fa6 |
| SHA256 | 2973ea30120ad3475971e4f96cc73f32176ce29204deb1f1e62eadbfb5f7576f |
| SHA512 | 861a73c358a74d985cff144cee7370dce97bfc1de182431d7d0acea6f7161acc1b7a32abccc881511819d6b06acf59fe12a427a56f057506565010e5a8c64289 |
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\fwzz3wsh\jd8ijiot.tmp
| MD5 | 1d71f23b16a5fa228583e8d43861b114 |
| SHA1 | 947a1bbd7478f586bc59c42962dd3a0ecffc5d1d |
| SHA256 | fc75b41a31b7d2d91ccf1b49c801ec6233af8f83bb98b10247a65041d5b58f2d |
| SHA512 | a2ee87cd8da55f4ce7f81cbe7a15f08054478ed8222e71019fc7069e6cf8acd6f63b341557c3439b833d4fe69ed84688beea08fabfeba04fd7603fdac9f7a591 |
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\fwzz3wsh\UXPlatform.cab
| MD5 | c012292727bb374cfa9dd557ee29d2b4 |
| SHA1 | 123197276bae304ba78ee833dc6f9d9e59a0b0b8 |
| SHA256 | 6e2eb5f8da9c05983c68c9e9df6d3a449bdd940526795564f34381d254e30766 |
| SHA512 | 38e34b21c60c3f5055e2e844266dc1a52085e3036f11fcd589972dc75ac68cefe777a6a2947de3a9a002271b7ad3e7bae5f3d49e133a34f4af615c32ce488a51 |
C:\PROGRA~3\MICROS~1\WLSetup\wlt5C8.tmp
| MD5 | 68aefb6ed3bf7aa1d1993ecda73b05aa |
| SHA1 | 34daa72e1a210d7366560deed0ff06ab4d01bab7 |
| SHA256 | 23c33b9cca2501a9dade1827fea716ccfc2ceff590b7aaa5d58e4a44d4e79d12 |
| SHA512 | 23a21ad23edfe3fd1f52893bb427180d6e97b43821391519b522c7b6c75cb10b505bf5dc033e8694102094ebb972c16dfa19788d3e02f714d74fe04cd2e86b8a |
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\xdotjgj9\8uj1hoht.tmp
| MD5 | 482282c1d8b97485791896ff1d5de587 |
| SHA1 | 187adb3cceaeb7c566af159e1fb832d555e9b50a |
| SHA256 | b9e4292c40d759cf1fd235463429912fd70a9e5f0d4bd8fb8ac9f0a6cbb8dd9e |
| SHA512 | e05e1982b8aa9259127e8966dfd5e085b435b114253133fb417fd50985c13ec9a0f0bd58dd52a82ce695a11e697f7f21e96bf40a00cf6888b16e8689139d325c |
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\xdotjgj9\PhotoCommon.cab
| MD5 | b37655c4d63f411a6b23eaf89bf981cd |
| SHA1 | 09cb0a0f7bec9b62db44d24a1aa11b4fdd40c7c7 |
| SHA256 | 108c6d632199dfb6146d86c35b7aaa29443ba869d46dd99605ca9a455f0c7217 |
| SHA512 | 2169c6e9a7482643003a41fdc3dd27d67bafac415cf393c4b75e53766ad68e13616b790a7e1d7933499c1b86410e5f8ef5e1413fd93ae0ab0462b5ae526770aa |
C:\Program Files (x86)\Common Files\Windows Live\.cache\3db9cd7b1da9c0d0f\PhotoCommon.msi
| MD5 | ff2a751d2b5e41a1451d2fb6bdfd13e9 |
| SHA1 | 8c625401a9b1ef7a5143c704dce8c24b7c888bbb |
| SHA256 | 02a76e8a58daf828e774c1c78206db50bbcc24a735b0fd26de4a9c99cce5486d |
| SHA512 | beba30d47a25b573751df37431a4397e3506671709a571bf62cf6bc20fdfa0bb410f463d9f87affade4a9e98964e6a67221341aae79c496ec8474938bc67c880 |
C:\PROGRA~3\MICROS~1\WLSetup\wlt8C8.tmp
| MD5 | a1ca671aaacab805e8f2abcb395ff9e6 |
| SHA1 | c76bf6223557be1b66a315dca5689f1b52c35fcd |
| SHA256 | 6a4f1cedad70d61082136d23ec223e0dd8d8ce0ced4fce5865411e73ff6be43e |
| SHA512 | e765f1c9638239fbed86ba40b16c0b58639a58ca4133fe78600ccbfc7e7e2946a7c156fee455285b7c0e0f0cd170c54b790645b023a010801557cfa84d7d8f3b |
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\z3vu74rp\qavzvej9.tmp
| MD5 | f21475d6334dd07e5fc46d2944041625 |
| SHA1 | 25af2cbbd7d2c06ece4b8d2d0bf8f9efeb97e3ba |
| SHA256 | 6344dc693f5a109ce7c553e8f9f3151f9d32219bd7d399ea0d9b2f3c53ab6008 |
| SHA512 | 42e9012ec27ea53f8c1939a5627c3156512c1934dc9221c91d8c5a9ad79ee352b40311118148ad9d0fbf22b69bc4dd3bdb3ad535892170de55c14853b34d209f |
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\z3vu74rp\SQLServerCE31-EN.cab
| MD5 | 37fc354101535eea1153bc3db872cebd |
| SHA1 | 954e75db8e79d6472c15055d9a0050a719633e29 |
| SHA256 | 13e3510939eb95edcd43512f03684f799e6d3ad3600569523d7ba69dc0cd5f8e |
| SHA512 | 23e97e433730dee8e7ee606682cd6b76a2f0bab667e37081af0f1f8bc1bc29b9da3e881499e110cb365d9ba0f23f1d46e5faeadfd8f8d40eff3a917472eeb003 |
C:\Program Files (x86)\Common Files\Windows Live\.cache\3e2ea1021da9c0d10\SQLServerCE31-EN.msi
| MD5 | 54854bac91e616bf8f71184c05ad0355 |
| SHA1 | 73b893c66a58b3b581bbdb50cf069f9e44c7e657 |
| SHA256 | f14f64c25cbdc7e06f2ea7f08170305a5990fa0449d9371056ec59441e24476d |
| SHA512 | 7cf8114350b2d6e6e4c7940601f6b3da28f8f5397895033f2d82c97d2fc8c6ba71bc46b12abe254be521906fae0422b1084567cb70332103b29d851803b46c99 |
C:\PROGRA~3\MICROS~1\WLSetup\wltA7F.tmp
| MD5 | d1f5aaf5952b8ab8bc00c2050b0f7b17 |
| SHA1 | 6ddf870ac98ef74628b843fd1d55826469ecb15a |
| SHA256 | f134e280ad2376d8ab260663f4411d2c5795aa1d46d61bb70b241223c1ffa07b |
| SHA512 | 5ce822e3040204f41a546979134155d4f3f51365b83c412d320e9e022d7db4282f3d29875a70a8f05f4e9f25ef8ae4e5f3cabb3f4a83e09832ebee4dcaf98d1b |
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\lq2fasep\y5m509no.tmp
| MD5 | 15b6c63a96afb7046b5a4647bd42afa3 |
| SHA1 | f44ab9202277891e7d0b5c6dcd6034ab15b0c2ae |
| SHA256 | a57fe9702b3f706f723f5dce75d6ba41cdd1aff71119691e49745f19559a911a |
| SHA512 | 0259c29a3e24b7a5cab10c41e94e421a7b2947e4933ca1bce1a2a7b37e6c9442792fad0bd1d391675fcda49f212b0b991c41a73d57acf88e0946af0b061f5ba8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\lq2fasep\PhotoLibrary.cab
| MD5 | 0e858e55ff6d484000a15b127b327b2d |
| SHA1 | 99e9f82cec40ffe800dc40aac3aff679987b16b5 |
| SHA256 | 2df461dc570aacfb03320d402e99472d7b1010ef2d30d17e577ee6a1b371da95 |
| SHA512 | 480c69713b6e335d28e4628bca6475e108808983e4a63ddb3a65e583581ce9d9bbd5bf17f7dd1f85b5c9dea5d2e738bdc249c2427845d2579221bb07470dfae9 |
C:\Program Files (x86)\Common Files\Windows Live\.cache\3e7628531da9c0d11\PhotoLibrary.msi
| MD5 | 3e04cec983eaed85e81bf35de71f8bf7 |
| SHA1 | 3f38e49179b4a5fd9e7704fbb29ead21e139cbfc |
| SHA256 | 22a0a57db76c1a2409760d4c9ee59b7ce1ee1a9d0208267cbdfa67579b31b63e |
| SHA512 | 789f361e89f292962aad8b2e54146ce252be2434adcae6f093fad66a403e5292916d923610266b76ecadd47f59d878226603c68b03d682b867994ac70af6b31c |
C:\PROGRA~3\MICROS~1\WLSetup\wlt1530.tmp
| MD5 | 89cd9901db2cad003e71b38f4d8e1091 |
| SHA1 | 1ab795681f702456c0c9e1681dd796e4455208f7 |
| SHA256 | 18f354f3bde3411c90d948e02e60de5e11faa131ce04da242925dd0f004cd4d9 |
| SHA512 | 14f0152eab4ec8fdd57dfbe9fb690ae9d0770feb7826224adc2b44bf826d7498a329757ba4a338c92c226cbe8ad3e14dc671d9767a3e13f87606e43af13c5bb1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\myns44gd\eq5ys233.tmp
| MD5 | 0c3dcf52147fc517105085a2cf29f276 |
| SHA1 | 1452ed0b01002e26bff7144c8173ffe7f8204c6a |
| SHA256 | 5a0973f8aa75ef72f429af1174dd758e98a89a52601e09f06301fb5e9cfa0d69 |
| SHA512 | 32757d69f29dd29550dc3d9cffe4f62e72893b0f2a990a3ff9669a8524a6148fed8adef5ee4258201bde3c89906ad97e40cbedfb056c5dc471654b0b7f0e16f9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\myns44gd\MovieMaker.cab
| MD5 | e4dd66c57f1f7bab8698f33b63fc8953 |
| SHA1 | acf6e50512ba97d9faddb2f5f32758adc6d21b86 |
| SHA256 | 51f718660147fb21f8e3533e84ed607944a9fb6d7b3935d5d2ac625c0d5834cf |
| SHA512 | 513976514f9ea5357517e9ac8283411e359a434bc02fd95f885968d2e19ca42ff2cc993aac7a68d890fec02521662905f4a740c50449d06e3b9379b240d860d9 |
C:\Program Files (x86)\Common Files\Windows Live\.cache\4015adbb1da9c0d12\MovieMaker.msi
| MD5 | 33cfb91ec616a06b8af75e772e966433 |
| SHA1 | 69ccfa871359a84467d243f280dfc813b428d5c2 |
| SHA256 | 00c89e20a23be3aa005bc2eb75cc4a6c6fb89b6623cfec017282a6e547ad9790 |
| SHA512 | 61dcf628e1595169a2d9abd8113cb77ecc0606d083f90f57f964f46abab7949c0083b7d268a3c662510ca4cf3c4a561c89d41f07ca46e0ce8c7080097f6d2fd1 |
C:\PROGRA~3\MICROS~1\WLSetup\wlt232C.tmp
| MD5 | 44623495b671a344259bb39829452204 |
| SHA1 | 333a5196dca06c815d930e225637db95a8d3197a |
| SHA256 | 28af1144633453ec668884b1513d0f5bdfde61333e183b5187634c59d60bbbfd |
| SHA512 | 7d4362c833fd4dd3180a7b5f0772f68ddc93659564350e63bf659cccec9507d6ace15d230d0a2965c260325dd1f7bfecec9963ed4b08d7cddb37df2d1e9959a9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\gfojbsg0\n7fx28jz.tmp
| MD5 | 689289a46d4201c65f55d8bc55727962 |
| SHA1 | a8c7ae37ced5e023d799e9bc1117dea0937d30aa |
| SHA256 | 061a0adcb5b78ca9c0d270afd2d8ee726d61a76e784a0f17da39b82cd3bab324 |
| SHA512 | cb857422767f42bf5e2967a28e86b2d730c049098e2656c8c2d53974eb34f3700887b8673431946195c6e7d322801548676df5d4149b234588ce05aba606b6a5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\gfojbsg0\UXPlatformLang.cab
| MD5 | 214c866506d9f5daac7e143aa6c34113 |
| SHA1 | 22945fc13b4f4642097dbf20307d6605cbef8b21 |
| SHA256 | f0d961af77d8eeac0aa5b759332161d97497d632c646b548d570de12eccae50d |
| SHA512 | 01a7d0cab0b99a9046c2b0718949aba48850c54fb341f280534d20edfe361663fee929d5961e44d49df90519170882138da03d52c76e5a8ed23cf0ae7f498783 |
C:\PROGRA~3\MICROS~1\WLSetup\wlt26A8.tmp
| MD5 | 96aec171dd6a4eb4e4ef59b1dc287fbf |
| SHA1 | 7675f8808b74f66714ea778774f9b37f5a8fb8fc |
| SHA256 | d4fada7f0157e181127d56799ad85152a500d484f16a2d31058285801ee0fc9c |
| SHA512 | bb9d7769b0a202133a5e635fb185b53593eeffbe1f84e58755bbe14adea77c8a90fd114846aa574c3c78efc119420e573d2fbd2006928b749000f4619678389a |
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\29gct92p\umu9sx12.tmp
| MD5 | 41f796559068c3eee4439b1ce316e16d |
| SHA1 | 6459a9f903daddcb6062ebd1cc535bab8c23037f |
| SHA256 | 51108a4d8194c4474de0197f532387e0647e968318dab1423f808bb638f5cb9f |
| SHA512 | cc088c3c6e3c1fcd270820809ba5a8792287b76a54b2dc02233d08b019db4feb16b2ac303009b6c6a88c73d3ab890292f064fc897690036dca69d437e6a50b8d |
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\29gct92p\WLXSuiteLang.cab
| MD5 | 49b7599ebea3ee623e597db46c7e242d |
| SHA1 | d5d0f3a77e19a05b563edd4eff414c7028c47e17 |
| SHA256 | 61954d216412aa914fa85eafaa0a57278c9e225acbc6e1eb79f44c80417be095 |
| SHA512 | 608a6c3bc7ba75b44f063c1d4bef9a2864799d3d66afae6264bf2fa95ccda9667c406add98350ff569c4dc3b4b90657611020edf6580f30304a568feb85e5f1c |
C:\PROGRA~3\MICROS~1\WLSetup\wlt2785.tmp
| MD5 | e03b80e674707a949f63897fd4cd2a97 |
| SHA1 | a593fb96e478076ee3e8aa32677a58255fc5a944 |
| SHA256 | 9048360b66c7acd4d4cfb84a7498421ab6e3fee8db8b41c2b913695ec70dbf78 |
| SHA512 | d1921db4517a7ceb210874871b7b2e26dde5102dd9002c46de6be05f98842a5e147741a78ad22c6930efac5ac0e344e6d45629e035567462df946895d9f48408 |
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\w0pp9t5q\uhc8evq9.tmp
| MD5 | f4ef088077682987634607e514d71f20 |
| SHA1 | 685b510b43cf9ab0b0ae4958426af70c8b7b59f1 |
| SHA256 | 55054add1c3ad636c9dc0ac0787251bffd4080df08918d76e6843a5a54eae980 |
| SHA512 | 3bcf8b87f5b650b8a9a9db01e33b16ed1959b562227d5d24d9ba6ecacc494e90f3bb01777fc487e42cf6c0e465d0d58b84429b158409be42aaa6ff05d0dac37d |
C:\Users\Admin\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\w0pp9t5q\PhotoCommonLang.cab
| MD5 | 0ccef7ead7f4d81b3de61c10bfef0d8e |
| SHA1 | 840a64697ce4e24f7e1238de8e11b638c0dd8e8c |
| SHA256 | 4d62c558732ceba418de8b020c174e7aee102196c6ae40046eea7f485d1d78c5 |
| SHA512 | d2aa10f5793a2373f6cb65c5369d0c7f71ba2ea687ee757108bba3219831ede28342a3dab1455f09c4fdea1499e853fc5ff773da49e9a6dc5cb7842a75bbda88 |
C:\PROGRA~3\MICROS~1\WLSetup\wlt2881.tmp
| MD5 | 65394a7bdab03c429522cdd490a134a0 |
| SHA1 | afe2564e539027cb1e2cf2154e5aedf609cf0bcb |
| SHA256 | 7daa30526128109b67310a3581f37c2b112d6e66e74ee2b6b74512378fda30ec |
| SHA512 | 579016091d455f75ee0f25dae7eb1a69e1c4fa6773dc739b3954ce7575dff82ca328276e648c0042f16e959502ff5aa24630bdfaf37168ebb15303bc8dbb7032 |
C:\PROGRA~3\MICROS~1\WLSetup\wlt29EB.tmp
| MD5 | 9971f5592ec6f9f159cd1210da51921d |
| SHA1 | 90035e88438350a128773ad22c8a4140a1e4036e |
| SHA256 | 5790818fcead57808d9d43ae94ad8c0ef44c7d2e3e89aca2152ffcf3a1cf4c25 |
| SHA512 | b0724fb4375e2cf9ca5433f78317cf6a055760165b2caf29b2213427baf5918fedc7e2dc327cee91ccecc1b95c4448a4ecca6f38094e44a49c0b19088decf4ac |
C:\Windows\Logs\DirectX.log
| MD5 | a6d31bb2f41aa46a0f24014432f192bb |
| SHA1 | 84145c8aaeb0bd474836c92443c9d095bd4cf006 |
| SHA256 | 8959ceab297a7b2bfd58051ff14dcf4acd94da4eb56c15f8bf595a23f3243bdd |
| SHA512 | 2ad52f4662ba34ff4fb6d8b0f3a6c87651c32ea49e1116867591c5010154933b5e0ebe578ceb3f58ba6613e1a97b189efd34ed4468c022ac100951f195ab5f75 |
C:\Users\Admin\AppData\Local\Temp\DX4E2B.tmp\dxupdate.inf
| MD5 | 8c281fcb5546d1ed3cdaf6e3f7303139 |
| SHA1 | de342a17f2df0386f6584e2f55ae43c558ceb6c4 |
| SHA256 | 7530c6e18dbb522c5f4fbf6714962c185ea318f9eab7aeb833b0cc07cd2fe656 |
| SHA512 | 344ea0a375c8851fcf413f441a1cac3013b3748d1630a4d677da72e98f41823bf9427d896de7e1fe35bf868279538cf3b8322aa6ef20025bff48a6bb7f8c42d3 |
C:\Windows\Logs\DirectX.log
| MD5 | b4c9c5aa4b88587d9c2a9b0d8720dc8a |
| SHA1 | e83d8ac0cac94e18510d7b2aa7135b994399d8d6 |
| SHA256 | 4bfac163e35c2734df4361b0f754b8c265e8c377e11c129d1a06a93cddc74209 |
| SHA512 | fda9d0a9c185350fcd573de248aab2f438571ee467803b92597c09a346c7f9cfd25cdbc19d28f9c7d140ff018d1c7fa2f61ba361f831b0876ebcddbe7d020b86 |
C:\Users\Admin\AppData\Local\Temp\DX4E2B.tmp\dec2006_d3dx9_32_x86.inf
| MD5 | c28f4fd1644e2a20b1c897438e197e1a |
| SHA1 | 5178534444ed7dec8c63f02defe7bdb864c47123 |
| SHA256 | ef09d783bf5cff2cfba99946e5e71fda577b196a49c88bed1c51b5fd29cecf94 |
| SHA512 | 7cf93260efb1d794a17ba25b1fa02ba03b0ceeed8131d274b805155072a9a2b92a899471a8b23add8bf46c6a5a3cda63499043eaa754001bb43cafd882c8e708 |
C:\Users\Admin\AppData\Local\Temp\DX4E2B.tmp\dec2006_d3dx9_32_x64.inf
| MD5 | 39929631df326b944470256c4f9cbbf3 |
| SHA1 | 932de27abf59c889c02ed747f0ac04f5e494492a |
| SHA256 | ff00313af4a90f426492d72969f5efc6c56a17f2dd91f20cb5c0a38d9f1f2b6b |
| SHA512 | 8dd2755a2b2fb90c6880cbbde65d127f55d12df2bab4560ddf86d6793b2cd4733929d97efef5fd8eeb417731a571888c893188df0361ee57eb4437fab331cb13 |
C:\Users\Admin\AppData\Local\Temp\DX4E2B.tmp\dxupdate.dll
| MD5 | 57f0c80414609302bfd4dfbb61b69ac1 |
| SHA1 | f077266250833d2af729df9c00983d7f4ad2663a |
| SHA256 | dd8903faa5244492fdb8868dbca66d74aac98c394ca5382a0c24bcf621e7a16e |
| SHA512 | 2f171feb76b6014b10e493755c0138cd9edc12941b4f35faf2e99a49f08801b58cad8b4de5ef12fcba19e9261c864b911ace23c290f73384bfc378b6d9c1881b |
C:\Users\Admin\AppData\Local\Temp\DX4E2B.tmp\d3dx9_32.dll
| MD5 | 26af232140c88b42d92a88f2198edf6a |
| SHA1 | b62aed3f71d8963227e5021c2222192873ce753b |
| SHA256 | e96693794daa05a75a83c11df2e7b42f2de61567c6ad0b69e353b50f6c88119f |
| SHA512 | 54a6a235af4dc3f3c693fba5ac2d487d96c9d7a2bb7deeab35d5a252e723e597226ec84e953625c8808546f91fbcfc42add85076846a63925fd9eabc09dbf935 |
C:\Users\Admin\AppData\Local\Temp\DX52BF.tmp\AUG2009_d3dx10_42_x86.inf
| MD5 | b3a2e761e5da007cc6036c5703e12eed |
| SHA1 | 447e852f9bdc357b00864d4dccc7486f1313918b |
| SHA256 | a80a00464775da82c02f628c5bc13cab0d0643ec2a44b28d2acf7c77d467becf |
| SHA512 | 28a106886578fb38f144602d2b29c72a906bb24a50b16ea7d3f71f8bd7f194fc0d7c8451dd1c3e9ecc59be3a866c07a23dd394a17d39eb7b55cde7b347bed3a1 |
C:\Users\Admin\AppData\Local\Temp\DX52BF.tmp\AUG2009_d3dx10_42_x64.inf
| MD5 | 8d272f58bf5ce42962d7d9835e9b489e |
| SHA1 | 7e0969289f839b5dfe606f6ce6ed106460f97682 |
| SHA256 | 2bfdd3d3bf485439013045b3a08942f457385bb89ab76d9479fbdd85f09e9d96 |
| SHA512 | 0554257a41df07860233f26330020a45e2dab2613a6028f79914aec7552d5c54525b137e450202db1283b602c3d95908acbf9f1eed20dd79c21fda5963fc2b5e |
C:\Users\Admin\AppData\Local\Temp\DX52BF.tmp\dxupdate.dll
| MD5 | 94202f25810812f72953938552255fb8 |
| SHA1 | c1e88f196935d8affc1783ccf8b8954d7f2bfb62 |
| SHA256 | 6dcad858cc3ff78d58c1dae5e93caf7d8bacb4f2fcf9e71bccb250bf32c7f564 |
| SHA512 | 65b66d07ef68e0d1e79f236a4800c857e991ee3ff80ece4cfdd0b5f6083ea16f8a52d351c3af721cb05c06394ec91b4b5e3cfa4b0f0879f7549f3e3ed035e79e |
C:\Users\Admin\AppData\Local\Temp\DX52BF.tmp\d3dx10_42.dll
| MD5 | 501ac862517c5445742bee8a2b88414e |
| SHA1 | 49f3f2df66d357aa84a5e7a0eb368ea595b7d95a |
| SHA256 | 46429c4affe041b08a7acfda0e9162ba42de966acb2cbcaf09ef976232073b51 |
| SHA512 | 08dc13d5ad0a0d2aaca9d3dbfb53304216111da73bf48810df2982650d580757c10c8b9bf80ae5191e06ebaa44b2bf9c244ae141308748c3e7fb9ef6088900ad |
C:\Users\Admin\AppData\Local\Temp\DX561A.tmp\dxupdate.cif
| MD5 | b36d3f105d18e55534ad605cbf061a92 |
| SHA1 | 788ef2de1dea6c8fe1d23a2e1007542f7321ed79 |
| SHA256 | c6c5e877e92d387e977c135765075b7610df2500e21c16e106a225216e6442ae |
| SHA512 | 35ae00da025fd578205337a018b35176095a876cd3c3cf67a3e8a8e69cd750a4ccc34ce240f11fae3418e5e93caf5082c987f0c63f9d953ed7cb8d9271e03b62 |
C:\Users\Admin\AppData\Local\Temp\DX561A.tmp\JUN2010_d3dx11_43_x86.inf
| MD5 | fb5d27c88b52dcbdbc226f66f0537573 |
| SHA1 | 2cbf1012fbdcbbd17643f7466f986ecd3ce2688a |
| SHA256 | 3925c924eb4ec4f5a643b2d14d2eda603341fbbd22118cdd8ae04aaa96f443c0 |
| SHA512 | 8aa2200f91eca91d7ee3221bc7c8f2a9c8d913a5d633aa00835d5fb243d9cb8afa60fe34a4c3daa0731a21914bc52266d05d6b80bfc30b2a255d7acdf0d18eb5 |
C:\Users\Admin\AppData\Local\Temp\DX561A.tmp\JUN2010_d3dx11_43_x64.inf
| MD5 | 590fe1ea1837b4bfb80dc8cb09e7815f |
| SHA1 | 792b5b0521c34c6b723a379dd6b3acf82f8afb1f |
| SHA256 | 2c4cf75b76203cba6378693668c8c00b564871c8bfd7fbda01e1e841477b2a3b |
| SHA512 | 80bee8f1ad5bfaba6b3ac5a39302a1427dbaa5919d76c89b279dc753170ec443924eadf454746ce331a6682ee729ab79bd390a5d3b55db8d08fd6f4869101f53 |
C:\Users\Admin\AppData\Local\Temp\DX561A.tmp\JUN2010_D3DCompiler_43_x86.inf
| MD5 | 1a86443fc4e07e0945904da7efe2149d |
| SHA1 | 37a6627dbf3b43aca104eb55f9f37e14947838ce |
| SHA256 | 5dd568919e1b3cbcb23ab21d0f2d6c1a065070848aba5d2a896da39e55c6cbbf |
| SHA512 | c9faa6bb9485b1a0f8356df42c1efe1711a77efa566eee3eb0c8031ece10ffa045d35adb63e5e8b2f79f26bf3596c54c0bd23fea1642faae11baf2e97b73cf5e |
C:\Users\Admin\AppData\Local\Temp\DX561A.tmp\JUN2010_D3DCompiler_43_x64.inf
| MD5 | 6494a3b568760c8248b42d2b6e4df657 |
| SHA1 | 700f27ee4c74e9b9914f80b067079e09ec7c6a7f |
| SHA256 | 3e779533a273e3395109c7efac13ba1c804c01b3ddb16938406fbdf90d851216 |
| SHA512 | 2bf68b123d7823ad7182e132d9e55f8de7580229e8e1b3b40030da50bb9bdeaf67bb9727ce2171fa83b7f804c24d9728ffabb44cb5017b16b771bb19e62b1b42 |
C:\Users\Admin\AppData\Local\Temp\DX561A.tmp\JUN2010_XAudio_x86.inf
| MD5 | 31d8732ac2f0a5c053b279adc025619f |
| SHA1 | c8d6d2e88b13581b6638002e6f7f0c3a165fff3c |
| SHA256 | d786d06a709d5dc26067132b9735fc317763fcf8064442d6f77f65012ba179da |
| SHA512 | abc37922307f081a1ffdc956ce59598c19ad1939ecfb6ea3280aa6aa7a99c3eba5462731586ca262f7d7257d7d2a74ff57a45abf6b93521eb6f1c9f22f8eb244 |
C:\Users\Admin\AppData\Local\Temp\DX561A.tmp\JUN2010_XAudio_x64.inf
| MD5 | dd987135dcbe7f21c973077787b1f4f8 |
| SHA1 | ed8c2426c46c4516e37b5f9aac30549916360f7e |
| SHA256 | 1a0f1b929724f8b71d5ce922f19b9d539d2d804c89af947d5927b049ef0fd3d8 |
| SHA512 | f0469c94219b4df99d7b9b693161a736fa8eec88a3f6c7f2cf92fab2ade048dfe61fcde3a4cf4f7a2aaf841d079a46b17259dea22cfb02831983f55bd7f61899 |
C:\Users\Admin\AppData\Local\Temp\DX561A.tmp\d3dx11_43.dll
| MD5 | 8e0bb968ff41d80e5f2c747c04db79ae |
| SHA1 | 69b332d78020177a9b3f60cb672ec47578003c0d |
| SHA256 | 492e960cb3ccfc8c25fc83f7c464ba77c86a20411347a1a9b3e5d3e8c9180a8d |
| SHA512 | 7d71cb5411f239696e77fe57a272c675fe15d32456ce7befb0c2cf3fc567dce5d38a45f4b004577e3dec283904f42ae17a290105d8ab8ef6b70bad4e15c9d506 |
C:\Users\Admin\AppData\Local\Temp\DX561A.tmp\D3DCompiler_43.dll
| MD5 | 1c9b45e87528b8bb8cfa884ea0099a85 |
| SHA1 | 98be17e1d324790a5b206e1ea1cc4e64fbe21240 |
| SHA256 | 2f23182ec6f4889397ac4bf03d62536136c5bdba825c7d2c4ef08c827f3a8a1c |
| SHA512 | b76d780810e8617b80331b4ad56e9c753652af2e55b66795f7a7d67d6afcec5ef00d120d9b2c64126309076d8169239a721ae8b34784b639b3a3e2bf50d6ee34 |
C:\Users\Admin\AppData\Local\Temp\DX561A.tmp\XAudio2_7.dll
| MD5 | 81dfddfb401d663ba7e6ad1c80364216 |
| SHA1 | c32d682767df128cd8e819cb5571ed89ab734961 |
| SHA256 | d1690b602cb317f7f1e1e13e3fc5819ad8b5b38a92d812078afb1b408ccc4b69 |
| SHA512 | 7267db764f23ad67e9f171cf07ff919c70681f3bf365331ae29d979164392c6bc6723441b04b98ab99c7724274b270557e75b814fb12c421188fb164b8ca837c |
C:\Users\Admin\AppData\Local\Temp\DX561A.tmp\XAPOFX1_5.dll
| MD5 | 8a4cebf34370d689e198e6673c1f2c40 |
| SHA1 | b7e3d60f62d8655a68e2faf26c0c04394c214f20 |
| SHA256 | becfdcd6b16523573cb52df87aa7d993f1b345ba903d0618c3b36535c3800197 |
| SHA512 | d612e2d8a164408ab2d6b962f1b6d3531aed8a0b1aba73291fa5155a6022d078b353512fb3f6fff97ee369918b1802a6103b31316b03db4fa3010b1bf31f35fb |
C:\Users\Admin\AppData\Local\Temp\DX561A.tmp\infinst.exe
| MD5 | a7ba8b723b327985ded1152113970819 |
| SHA1 | 50be557a29f3d2d7300b71ab0ed4831669edd848 |
| SHA256 | 8c62fe8466d9a24a0f1924de37b05d672a826454804086cddc7ed87c020e67ff |
| SHA512 | 60702f08fb621bf256b1032e572a842a141cf4219b22f98b27cb1da058b19b44cc37fb8386019463a7469961ca71f48a3347aaf1c74c3636e38d2aea3bca9967 |
C:\Config.Msi\e585aaf.rbs
| MD5 | a870df4e144c88390d3d59f585e7cd04 |
| SHA1 | ce4ebd9067edf9f4515ea04652a08d92a7c5d8ad |
| SHA256 | dc013dc3a55086c78ac7be896f1f98e3e22b9e0c46c80529d86951be55fcc636 |
| SHA512 | 05999d976c6d2b110908792c98825c2346eae5d9f246a7ae26915392420e4863c4242473890bd5c39ecc173f4a0ec5331cba7d782a7daab47999579542cc9f9d |
C:\Config.Msi\e585ab2.rbs
| MD5 | 175225fad0287627c02b063cb2007476 |
| SHA1 | 534c2cb41dfd6a76c39f894c1330834faaa51491 |
| SHA256 | a9cbb0a382a9d9714592f8fd0c4e6f879da56258ff9e8d00e26cfc8bc74e6688 |
| SHA512 | df6fa03abc4673e4f71b205fa233170c9a4bbe8fd6fabc33742919fcd553ee8620477d32683ae0508116db0f6bfe907db0bbfab21283138d7b10c5ddaaddbfc2 |
C:\Config.Msi\e585ab5.rbs
| MD5 | cbb34a362d1328cac88e8f80fd1e7b4e |
| SHA1 | 5cc35cf753df8ea260df5f0b226357c8bcee05ac |
| SHA256 | 669c74172411f5b15b6e89dfb2e12fe44c13b8af0f662f43037200acdd0f3cbe |
| SHA512 | cc1448f089c606e2f4030f1ea2a6393f7beac472b3ba6e22038a8b1dbac1cd1eb0842b6865e306edd07b3ba4b701fd499a0b53a2d92bc3ca00db43ff80419afc |
C:\Config.Msi\e585ab8.rbs
| MD5 | 5a59c1dccd0d4e631766350c167a3020 |
| SHA1 | 9ceb65ff2323220be8920a8627d2b70c0cc75151 |
| SHA256 | 75aa1254bc5d42ec337b10e40fd9dbd41d36c4b1c4accb4bd60761659b00d696 |
| SHA512 | 4deead3d0110b2c8f14c4b096da829c897f8f3aa2a9a2bac7b095da61830d2211ca6e4fce3d41f6de71cefdf430c89ca81be2623e871ba5a8d0ae1a610d71bd0 |
C:\Windows\Installer\MSI82CB.tmp
| MD5 | afa2262aaada580a74e1dddaeb03bc58 |
| SHA1 | 5738eb9ba190361390d97725f90a71c6bb5bf5b0 |
| SHA256 | 1deffb4fd70c9c346e1c5121b5069f758198ce12cdec5c2151127658bf12e460 |
| SHA512 | 86099269378b31483480c36107f357f06d27e4c9e4892ee184438f7a3730f67853b5d44bf0bb7049242ad9ae262d08b07052bcd9f9f72175e754185725787f99 |
C:\Windows\Installer\MSI96A7.tmp
| MD5 | 6d37510237c55f1bc5b9c725b5f4a29b |
| SHA1 | 74bf05bfffc85676902f576c2e98bc0bb5f06481 |
| SHA256 | 02316d156568ea766e803738db187a83b02c86dd897042e005fc4846f4c489e0 |
| SHA512 | 906a02a68074a534b1348eb710929bd21ff9d94a83f34df3ab55f2959ea437a613d478be86e2243ad2abc3aa4f6656f5a7e7ff54f0e30b2c6440905b4e0a071c |
memory/5792-4229-0x000001421D2C0000-0x000001421D2FC000-memory.dmp
C:\Windows\Installer\MSI9C5A.tmp
| MD5 | aca45d29a6d4b8b6f5bec262f10bbfd5 |
| SHA1 | adedad9ecfda50861c5f426442d12413a2392c64 |
| SHA256 | 3ebb755cb7cc4e4f6d62b0bfc0656300941f4ec255fb3128378dd1453f943b06 |
| SHA512 | 6bf7c048b41479a5521f88926ea3c6048423ab42b950a220f44c79d3d4ae4a3244581a2a666cb6d6d977425f8efbbbb1c9d2ae69c11e59a3bfabb15a9e2d7c59 |
memory/4412-4242-0x000000001C3E0000-0x000000001C8AE000-memory.dmp
memory/4412-4243-0x000000001CAB0000-0x000000001CCAA000-memory.dmp
C:\Windows\assembly\tmp\WPWLCW52\System.Data.SqlServerCe.dll
| MD5 | a200e7209b42baa18f438695ce45b0b9 |
| SHA1 | 8a9a7c8d450dbdd1aee86c100a70f651740c56e2 |
| SHA256 | 14e15167dd36575ddd4ebd99894212c6d1493321c9c261d541828da56b8262e2 |
| SHA512 | 558337b85e55abe409ddbda86ed86905fd561c91c1007064e8848ee126299bfbdb088dc9d3fe9b0038d96fd5bb0886090b7f06ebece8822dc288d6eba280f6c9 |
C:\Config.Msi\e585abb.rbs
| MD5 | 306807a1f49a755c04c5ec9e91e8f73e |
| SHA1 | 4b25ff42f485c72ce2ffbb5d92f53fc7f87e94fe |
| SHA256 | 593b1666228a4bef47146f96a28a377162394e8f61ff754eb20d34ead3bde577 |
| SHA512 | 4101b0ebbdb3bf82f9eb0e890340d69126083f9e6e329e067fb1f96ea822127f34daea38f62eef283f7ab0747edeab98483a13327edb91685a6a702d0a8644c3 |
C:\Config.Msi\e585abe.rbs
| MD5 | 5fa7888c10df31f25e41ee74fa7285f3 |
| SHA1 | c628dfc29e033bffc67c5e159c651d233e69b80f |
| SHA256 | a228f3f83c9ea3263b6ea0f549589cb96dc62851a5c3487b6740abe429bdc13a |
| SHA512 | 97e736d07fc5d5370e214240a8990a411d7ecb43f5aca5167b221c87be6a604ea42bd81f232e33f3fcac3a93eb52296e0a6ecd9a81e9ad98c21df57128407864 |
C:\Config.Msi\e585ac1.rbs
| MD5 | 2189d7bec50d111e2c7eb1cccecf91e9 |
| SHA1 | c2c6c88384298423fe0214a08f66e7a6e327ed93 |
| SHA256 | 45ba4c28987dc265689f7bfa4929c856a4f846091b7bcd19e037b03e667042af |
| SHA512 | 2e2d6d9e1b60d69cc4d9b511a3c66f4c19fcea5c036b9126e35f2aec1a2ff261f4a75facc808b763050bd9c69dfcb8939d1d0a90a86dc1b5b847d257d7fbca62 |
C:\Config.Msi\e585ac4.rbs
| MD5 | 5a8ca5a286d51bb76670e2905c95a0e1 |
| SHA1 | 88499673afc7869e42fb3ed73ff86ae9211f347d |
| SHA256 | 60636f4dc30aeca0561adcd1a082af11b2b36407c7e80b6beae0f9e54357054f |
| SHA512 | c1e02ae9103c4ce6ae38756cc73c703cc5269293b703b7c97b26392820d7b4ca042803af1a4fbd665219413cf12c197690090fa5933294eaabaa4e59ad14648e |
C:\Config.Msi\e585ac7.rbs
| MD5 | ecccfe342e278309f77c055c36d3570c |
| SHA1 | fbc2a75247c29e4cee357fb8a0865862ed22b4d3 |
| SHA256 | b1ec75c796b6a0c974d45664f5fe47c86d708e47a81c2fd06cbe4578a8a8aca6 |
| SHA512 | 342be251945c9b443bb41fce1f7779cb74cdcff22d5dcd1a54ece893be5e3801f70c133679f9cbfafe22e3cda1e922c719cd407256681c5c75e54edb78151ce0 |
C:\Config.Msi\e585aca.rbs
| MD5 | 5ea508041fd9e4a9df24e7156e087385 |
| SHA1 | 1daa1909589aa275e374ea379b64e5176952e3cb |
| SHA256 | a43554eb5a6f7d2bed98fcf9f64dde8dca58bddc2cc36f6433b7a68bc2f051af |
| SHA512 | 3ef4e8fed02eca03f80e8124d7d4de60bec14cfa8d08d29ba9e62adb1af4250aedd1e5226fc07b9052456857d6bc41a5867d95e6310cc5ce6e0d62f0f6669e2e |
C:\Config.Msi\e585acd.rbs
| MD5 | b669b8965c7dd27868e40296c9b2f3bc |
| SHA1 | d24cbd57a711c61bff9ec643a667dc4e1d192be6 |
| SHA256 | 1eed71b77ccd9611f811fa668b276e8b70cf4fb5683b3800eb038b3825d6e0f4 |
| SHA512 | e30b6e90e717540d78c8cdb2e4f2503839ea5d91411e2f5b6df10430915284c267fbd7abd44dfbfe7696ac81812713fad57929cd76d34e00f589dddcd2ce52ee |
C:\Config.Msi\e585ad0.rbs
| MD5 | 909cf1ba6a66aeb7ff9590b29cffc7f6 |
| SHA1 | 84eb005e67338e606f6a8bbfa844279b3296a3ac |
| SHA256 | 866da9cd48838457cd8134b7fade5ae9095eff93c800f59e064790b33cdc5b6d |
| SHA512 | 601a50d1c4ec0a43a8949df4ce05adf6393bf4948a9d5125484207c4629018f8e74f6cc8e58a3395654b4ff035feaf92f95e2285ebcd36261244c98f2a055fc8 |
C:\Config.Msi\e585ad3.rbs
| MD5 | 14530f5117ee1c1af123c64a305cc2f5 |
| SHA1 | e373f724185fcf75c9c5ceae297a206155e9d3f5 |
| SHA256 | a44747160e1cd40d8517f502082ce753d743c5809d5ab53d7fcb40cd6b4a0773 |
| SHA512 | 383b68dcc8cafd482ed1f4a9cdccd20e3f02dafaf8ed8307966e8ab11a4af418e7b827bc642846d40f87d367a1c25c30995e04dd5da9018b1c74c9c7e8d5db6c |
C:\Config.Msi\e585ad6.rbs
| MD5 | 79f67325554ce92ad89b649c8ac59199 |
| SHA1 | ca11db8bdaeb7193399474cba5d286d55bb1cb92 |
| SHA256 | 16230e7edf891c4ee345bd8ac711aa2b4cff835180e176ef7e3d8dbb71773a4b |
| SHA512 | 536919ae140f15be877efc0990b84d6be9c893e89c72ab47036c190d97193104f1266950cb799acbf9c93ee8cb07e6e2c0bae1e543b3a9521c3db652cfed97ad |
C:\Config.Msi\e585ad9.rbs
| MD5 | cdbe8c8da8004b22d3ed7e9c6a85a4f5 |
| SHA1 | 979606885c3be3fb358b3618d2851d8b106f9e62 |
| SHA256 | 001f4eae8c41d6ec047b242dffe34c936a6a6c333dbc72e992cc80e8dbe09b72 |
| SHA512 | 301c9c1d16cfaacdee77673dc555cd0e4d30e4bfa10187fe0ea8705c34b915d77e01b741a1752e8c2a68f156c2ec17a1f9a472761113ae6f54c61763c188ceaa |
C:\Config.Msi\e585adc.rbs
| MD5 | ff0778d632fa3d272aeed2b324b9c795 |
| SHA1 | ecd025cdf9d89056495611ecb673c169216fc5e6 |
| SHA256 | 62565a9e9c883118597263d8c629ca17be4d1a13f228c4c1f736117bbb586c16 |
| SHA512 | 94c98d0f5f2cb3dd26cab7352aa942d5750d10c6122236b05213bbe82a1f1d9e8251359d43d78469be29c8c22bcbf8debb103ab06b27bb80331920e63c37d405 |
C:\Config.Msi\e585adf.rbs
| MD5 | 2d7f0de3f248da836cbacb21d298fb6a |
| SHA1 | 1014637a989d171ac5bfd80ff582781600e18713 |
| SHA256 | 1d227a28996349a459e83a11b600fd56462dc8a94f720a5cd0753d9ec10e84bc |
| SHA512 | 6f2aa7822971864d4f9a0f353afc8ab720fc823a11b868b9f9ff924b3f151ad96986109d208d2180698589f53a4d69cfaec5cd0779ba9b2cbf0172ef783d6160 |
C:\Config.Msi\e585ae5.rbs
| MD5 | ce763be6df663de6fc5ff511250e0516 |
| SHA1 | 06ea024c94807dc348bb1e52d415b5b54fde4980 |
| SHA256 | 2a52ac2353ef162e25111db4664b96e2d7cf55b8116e4e94c7cdc8ae33a9e31b |
| SHA512 | 7d12950ccd4dac6209974a42ef7ee4cfb4221fefd8b10495cfd3d6a2685ca65d1e7d3a6d1372b0639669131088bf75fbf6927583fa5e61d85455e773912b84d7 |
C:\Config.Msi\e585ae2.rbs
| MD5 | b41d23adf3c5fe12d74874463aa7f0a6 |
| SHA1 | 6a137f1eb7fc1c27020ad0c6f419dbbe65b534c2 |
| SHA256 | 2f2bd79ac2e88968787513c4fb4e1fc91dca9079313811ff85ecbed1c946a46c |
| SHA512 | 50d54b085fe9b9996853bc1e4df848e91038f8d02377a686c40fca3201f6e92963ddb32463b29ba0d30fe99d0edc3d0cc56e1d98e9a1fa0b17399c57693121f9 |
C:\Config.Msi\e585ae8.rbs
| MD5 | 0d2a4d8af3350eca7c4a6a721c781e85 |
| SHA1 | 3623682789b52d99c4750cd1e2b69c0f960b9cdd |
| SHA256 | 121d0c3673a354faff45a051d210a53546f8bffe834da60e4340d464c463d9bd |
| SHA512 | 96396e1e144c53b31ec5e739e28ec4ef38a7dcecf9b5bc4e2089ada3375096bac1a6ec0a91e511bb05cd974c065483bd62a1254b3d9d0d68ea044aa8bbd69cdc |
C:\Users\Admin\AppData\Local\Temp\05012120-00000be8-gwlv0p79d6\Files\2024-05-01_21-18_be8-ptbmqxam.log
| MD5 | d6144a10cc819ae2edd867eb54aaefa1 |
| SHA1 | 881d705751a7badeec985be79720f573b16b80ef |
| SHA256 | c9cdf0bff0beee0ba49486b23fb1a07f88ed20e00d2ee7e6a825ad5f783a3e73 |
| SHA512 | 4ad3f171194043f40d0f1419717e5eba05195739e3dfa493239b27bb76767dfc314fc32652df9e061738cbbe0e9ca994343e7dc239749a4bf7807556d3c8cbc7 |