606705ca6fc48f162242749b9de521668dafc74caaf2d04b74a2b097f23f25ad

Analysis

max time kernel
142s
max time network
135s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
10-08-2024 15:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

tkt.py
Size

120B
MD5

3f1e74a5ca282c1d80783f7699c25c44
SHA1

7b0ff72e72bf14af2b9d7f3245e8364ed7aa2407
SHA256

606705ca6fc48f162242749b9de521668dafc74caaf2d04b74a2b097f23f25ad
SHA512

6fa22faedb0567f5a3c7488ce7c3b0c3e116f31646336795d17d7a6600c34d4ec05d6ccdc226e12844f63dd17520b77a59134d67783fa4d3844d6942b7536ad0

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings	OpenWith.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
684	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\tkt.py
1⤵
- Modifies registry class
PID:3716

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:684

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1864

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\Prefetch\-RQQG4.EXE-33B2D13C.pf

Filesize
3KB

MD5
b703547ae95e8b5d4f451dcf1826502a

SHA1
abfa6858715e3ea61f60cb2691c42ea0d0d0a6d9

SHA256
eda49dc4b6e3a7770d852c45123e9854984c2d43564b47926f1fd81595e8ce5c

SHA512
11b6de326deff0dfd3520061a224db64ed2f4d44417a55bf2de0dd518efc8a585a0699764831bb407687005512774336465967cbc0c5a75beca162e2b3168c51

Download Submit
C:\Windows\Prefetch\ASPNET_REGIIS.EXE-945CDB73.pf

Filesize
6KB

MD5
dae05088e7aa5f4954783f6a3715c282

SHA1
22aa341d720fcb2574be64ce86bd78c65039a86e

SHA256
9e05b31c666674878b4abe4017f1ea87d75d981e909757ee7166ac80752a5328

SHA512
97aff1de618e1f8bbad4a1b366a0d94b316e768bdad04bfafdf821a961db07886374c4257161555c05c1b2ca57471d95a8706dfce9af1848424f0e51e1cd06f4

Download Submit
C:\Windows\Prefetch\ASPNET_REGIIS.EXE-A5891C91.pf

Filesize
6KB

MD5
96c51d7f134fd88368c8e8469a5c0ed7

SHA1
b19204b20a65182b5d6376972a6f271534f16089

SHA256
932fd0f667f5be3b1a4c6bb05441ff608eb5e1796d5c33b1ded585e77f96dd39

SHA512
1b2cbf5e6316b7a46f9015a7df6e3a313e4718eeed50d52dd8c44a394fd3972175b75759ef1381453340afbb65039e0df4f046778788dbced8249aa537b9ec54

Download Submit
C:\Windows\Prefetch\AgAppLaunch.db

Filesize
326KB

MD5
ee8b42029e36b0ea0ec26514152b68a5

SHA1
4cc13a2d452726af12cf07e92c0e1de02b491106

SHA256
8256c62fbe4a1e3bfe9184947e83f071a127a721c0ea0eca8ebd6c1e4079b2ac

SHA512
48564ef72517bedf28ded17ff02bb03a9f199a5b0d441bec3fc0376e18905997ab8059b6c7d5a0aad11d352e21d514ef339302fdc768c835b17ce8e6a4b26420

Download Submit
C:\Windows\Prefetch\AgGlFaultHistory.db

Filesize
42KB

MD5
31d4048bbc7d4b74adc87679156679dc

SHA1
e050821a271c4cc5474bd522f8d95708e6b44399

SHA256
5f9458a3b104470c5c6515add7280ea73917bd68e08105c4ccf88c038e6d5535

SHA512
0f248a686a72e5c6f495822cb08287fff493ecf23772f55a945071bd38926592868d11dfc5e53b889ea7179f08c9629b3155d6c6d7e37c6bad46ea6548e6e706

Download Submit
C:\Windows\Prefetch\AgGlFgAppHistory.db

Filesize
60KB

MD5
0028a975f366e2c33d786377e75ae636

SHA1
c8ca94652ed6ff6fb025ea3243a11df424727b08

SHA256
7af0dfe1ccd273987e507a2181107f9899b239102af949a32b24baf83df9a5ed

SHA512
4ee8e0f59856d8e797a6713102e81a0ce3193e4fb9aa38b50e6ab2f2da4158b51251e60377bab3f61c5fd31ffd1e7e0d39c72427038463ef924f733d9a74e6a9

Download Submit
C:\Windows\Prefetch\AgGlGlobalHistory.db

Filesize
243KB

MD5
e5e6332f7300e2cba3a794a1a0a1b268

SHA1
b0c7b38c55d419d601d3c7841c65270676790dc5

SHA256
fa5b541b15776926ba8f3f989afca6a1a15aa36ab565fd7590c61a2ef08ddb22

SHA512
9fbca7b564dc018248a785507d1122b8bf04f31abab8e00c5be9518257b77bbbc46a48788f3d3506852ce17bd80ae148f58a457065c8eff4493050452ddb16ac

Download Submit
C:\Windows\Prefetch\AgRobust.db

Filesize
639KB

MD5
8a49bc72a971f482c74c23d32a8c6d0e

SHA1
c0deb547c99e04f136f2d545f069d37fe055400c

SHA256
168731cd1976de963bf4c63143695b12b093cf3426fea4558b84799bd2a59fc6

SHA512
dc6ef08daf77bfbecb8e36fc4254bef22d214e63a7e7ebb27d1d2857ace73e691de84d9549e667c579a42bcfec251e5eab4b69ac3576fa2cee019ca11346aaf3

Download Submit
C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pf

Filesize
3KB

MD5
4c85327d199da71de3fa61533baee4a4

SHA1
2792aeed5ef719ec5efcfc02d8d0ce4ca8497492

SHA256
9889f0f6535ed2418fb5144f588dac5edf9de41497635741cfaeae242eb35b25

SHA512
b74a3ebd46216f67a3ab985c98b5201c2430d275ab40bca1b6273b79d2adc15bed51c3446f63fa5bbb1494859b9999bfaff462b8ec923fbf4e32363831329a69

Download Submit
C:\Windows\Prefetch\DISM.EXE-DE199F71.pf

Filesize
12KB

MD5
67990f2d28ef71363c11cda6d986758b

SHA1
a5cd452916758fbdb5632f25df77ec886c7e72c8

SHA256
23c071214802d3cb367afab796eb739586fc0d3809681da0f3b6a2fa057ae85f

SHA512
f4de704b7cfa0a0a098b5949219d5a1af020df51181dfc0b7ea4b8f31a55c37607d6b061f35d24d3156e18760bb4a91a66170331b168632e673ba00cc84d489d

Download Submit
C:\Windows\Prefetch\DISMHOST.EXE-0DD953E1.pf

Filesize
12KB

MD5
c8ef44304fe98730891a0c02b5354cbe

SHA1
bfdff1a270e1af4eeffa303bd0eb55e4831a0464

SHA256
b0d0f77d30f0308952ed3119dc78026d89580668d89facd05cb4cf8127fba899

SHA512
e7b7de1de5a3fe6a45f01e7455b981b7661c57fcc193e4388e82c85840243af56791c987087197ca96ec408b4695a2d9a57db243b4b2a19062d0e5059cabbe32

Download Submit
C:\Windows\Prefetch\DLLHOST.EXE-28A8211F.pf

Filesize
4KB

MD5
019b2e5a80545afa55d82118c6e4e9d4

SHA1
8a7b575a14118ea9aaab626440a3ecdb4b86abef

SHA256
13f630551ad93b1c78aaaff7587f2c1b727b5e803d99db2ccf828209aea4af1e

SHA512
fce27a7dfc7d11052892340e0aff9829239a5a5d858f3b329b6bdfc1d84a83ecd6fb0ae9219219f11544b06ac4a4041a96956fc7c4c27bdbf4107eaf238aefeb

Download Submit
C:\Windows\Prefetch\DLLHOST.EXE-5E46FA0D.pf

Filesize
7KB

MD5
c374ca61b4b6d92423c1025d6340031c

SHA1
20461fc02721d901785cf4a4abb4753ae924c611

SHA256
6a479aecb0d6a78b837d9bfa5f0ba9d204bb3ae272fc0582a299c1c7ed9c9c0a

SHA512
cf93c90e344905fa203dcf96d525f0f21c0fd10c92bc2e39f1400326f84552fd078795d15b5537579f4a713b24a5b30f3b89c35f6060422d1dbe0b71105439d1

Download Submit
C:\Windows\Prefetch\DLLHOST.EXE-6BCB9FAA.pf

Filesize
5KB

MD5
3953fee240cbd93817adcdce80a3f320

SHA1
747a783f5dd4dcefaec9bc9376c1384636a474ef

SHA256
8e3dabaac7c8740c6e4d0c7b5cff54f7ed8b3543c511c988418bd80fabab78c0

SHA512
6fc8945c0a5c8ddcc0772aebb6d1e80d721b7cf001a9a458090c71b9280844d748d04d3391f6c3079f7f8e07e12f5aa70fe33634cf5ae0438d43abf0262c7975

Download Submit
C:\Windows\Prefetch\DLLHOST.EXE-766398D2.pf

Filesize
3KB

MD5
72b4e2f1edb83abab72ca0ed36d88d86

SHA1
2479e32a67196fa6b21ac2e6acce2b7e8ef16309

SHA256
ba043aaa13c0c9df7bcdb59b678966cc8499206d8f3ffbee28eeb432f0364c39

SHA512
128ec34cb2bb982040bb30103f822bda4b23defac93e8d4d8c4c9ea7873fd1accf36ad4a77dcb1185913be49dc7eed20d2e2c53368ace7978f0678be89282e68

Download Submit
C:\Windows\Prefetch\DLLHOST.EXE-FC981FFE.pf

Filesize
3KB

MD5
265b4b131ec986e812009387abab6989

SHA1
23fd49449e6172d329743e8859bb4f44fdf669d3

SHA256
bf41f856cc00007a5ec3dc00a0febd6c050799eb2e36704c893b67820e79bca6

SHA512
09f143943c7ef6bbc269da0c7b2a41b3dad741da49d7d55e342885b78ef6ab4d0a4312ac9176d473a4ba179eebcd0a7fd7ce82b78d4ab6c1cd0187638016914c

Download Submit
C:\Windows\Prefetch\DSMUSERTASK.EXE-35CC97B6.pf

Filesize
7KB

MD5
cd1a38bf563aa83de0b2d608bd3c5f7a

SHA1
d324b5f4e058a6842c068971f54cac955a550d59

SHA256
be5eeeba6137c4ebc0ae097943e28a480d802f4a52c40df2907de1333e867060

SHA512
eea9af7bcb673a8fd24af1064e83c02513f6f7548d2d282ddded8c76bb1761e250a4e69e78cffa7317c51645066bebf4a58694d1fe914966f4644736e8400a76

Download Submit
C:\Windows\Prefetch\FSQUIRT.EXE-BBD9646E.pf

Filesize
7KB

MD5
ac3abb4473617fc079e5a57ab85f9d2a

SHA1
abed4e97b6e39e761bc17e7c2c336b6c65f686ab

SHA256
6a4426c1b3cf598b18962ee6ae6ae23b3ec49920a790710eba994bef172bfae7

SHA512
485550dfa1b37f90fb812b4656223e3281e74e4c9f3fc433504286937b6f37304ef1da86359042bd74da647aa69e9fe26533c202c62122f99cea1bbac36a8c45

Download Submit
C:\Windows\Prefetch\INSTALLAGENT.EXE-2CA93386.pf

Filesize
6KB

MD5
ef19449179ac066095e6cd61e4288c27

SHA1
a4df65724036aa69e316f7a25510fed977da5e90

SHA256
4e038a6739cfb17b48eae7f2d9c65871e3e4b75a621c8849099d627b3131cb0c

SHA512
7e52d6043047a194e7b0dd1efa07467eb8c85679a8ea7bafcb70526911394b176ed644b212d5db667289c1fea0100d2c8c4fd8b8771f849d5d3a5cb6d91a22b0

Download Submit
C:\Windows\Prefetch\LINQWEBCONFIG.EXE-6C523757.pf

Filesize
5KB

MD5
ccbd1d1b7d76dae9b57830b09e3adef1

SHA1
13c2bd6f7f7477d7cfc6dc5f2ec1736c4ba7e74e

SHA256
a9abd10e0e6d69a80ddfe6eff4aad1f81ef646e3d36c90c2cb6c61c805f36d84

SHA512
4e5dbfdce0da0b079355c9bf5c6ebab4f94a73fbba44301a674371080a81841fb343e197babd29eb4cd314dcffa20c148abbbfaea09707784c0fb116d54dfd94

Download Submit
C:\Windows\Prefetch\LINQWEBCONFIG.EXE-F9945120.pf

Filesize
5KB

MD5
2682927cc4ee3f707350b6618619907f

SHA1
d8f12d4fef1c2bf71a8e5cb1a3d7f0759e658481

SHA256
8381cf9673f7722e5fa403e5b224b66e9054419626d81f8fc83fd45a34096ad6

SHA512
cc80e36141bc8e45084759400eb6111aebf7282c1b8f274b154917275d687c8b82e5c5c58d777bb9685553ac52c5b7a6befd662da6b0488c3294115bb89ebc24

Download Submit
C:\Windows\Prefetch\MOBSYNC.EXE-C5E2284F.pf

Filesize
7KB

MD5
7d16c03fffde74b0d8bbcab8d47872df

SHA1
adc7f9a9a68f7143a15212d49b7947f33350a8c3

SHA256
7d961bca68b16d99bbcd79c73bdf9e9ee1109cf5f591d9ef5bab5b4250cb7000

SHA512
58481336604afb5c1f4b1c7ec4473c5839d1d8bc94ec607ba96e09f2399f6064956fe8b73709f313e6aa56b3a5e88c379669420d79414ada0fd29886086fc8ba

Download Submit
C:\Windows\Prefetch\MSASCUIL.EXE-B411EDE3.pf

Filesize
5KB

MD5
a90afda8058d67e5bdbfa15d80d18d78

SHA1
97fbf9bb71f880f71d9a6a1817e49892d9eb3f08

SHA256
651ee85435c0bc44e04064ff828412bc0d6f62d896aa2daf64419ed062b302aa

SHA512
9a6d5d7e26685bf96ff154e5aae57a1b530fba47d4b21bedc9656550b8b46ded8baa80e2ec62874c7502dcaec0110346b9291cd4329383950f8d604aec067a34

Download Submit
C:\Windows\Prefetch\NGEN.EXE-AE594A6B.pf

Filesize
4KB

MD5
58b5746211586abd8fd2c18bdd429b67

SHA1
717eed2293fa4242c9e01e4fdb0178d0bdf096d8

SHA256
21a13a292357f601538b36dc882fb5dc7b4fe852d9330ef2dca22a15189d80de

SHA512
a899588843720d9c7f87574d7d0a1072ac5f90ad8f27a63d0b285446c0d38cbd5d272d2f1eb8e61e6a13b0e5225214a89d9349675e95eee1c6318a2a0c2332c6

Download Submit
C:\Windows\Prefetch\NGEN.EXE-EC3F9239.pf

Filesize
5KB

MD5
115d44803f62df31a33176606b9ab2f4

SHA1
8226d462237b5ac0e6540c1e9c4b51d4e132df1c

SHA256
1f63b714fec2fea1075086c4129fc40c817e48c9582249e552e46473b135513a

SHA512
ab6717503993e02581d59fa34574b7c44b8986b5d8c6e1b18e83960a6cea080638400e27bc4d008fd94f469fca755cc5d48eb3fdb4aa275767ae5c4391addc01

Download Submit
C:\Windows\Prefetch\ONEDRIVESETUP.EXE-ADFC0EFD.pf

Filesize
40KB

MD5
4b749dbcda99a2633a8ad432fe75b09f

SHA1
4df987b1313bd475592acd0ffd100567a42729d3

SHA256
f1b689a1ae058c5669e2f8b13e2af4c401d5fe41b31f56376ad0879e6f89e229

SHA512
cb39a15e6d5f7239d72a66c532b01900278bf941f257dc4ed85ea4616a1ed4f3860d8c588f2dc7a39f3e2a495eb762d39967a2de312fac3fcbd4ba321048db06

Download Submit
C:\Windows\Prefetch\PfPre_6ad49e18.mkd

Filesize
192KB

MD5
5b7eb71d0a159547392a86584cecae29

SHA1
4406a665639b0411fe8220db25464a8001e94d17

SHA256
cc59a949fb2a3ae59b5dcb6c90f6ca6da11150ff03c7fae93321730c61f32604

SHA512
fa5a021bed5524018aa6cf6deb1544df45c37510f6ea7bd031360a74e0eaf91060c4a74637af845bc020613dd42ade5f5d71ee79e47852a05ab63de874a8bc10

Download Submit
C:\Windows\Prefetch\PfSvPerfStats.bin

Filesize
1KB

MD5
00f4e8c2a62192225294143f05cbe3f4

SHA1
bd684466f59ebfe069ba9dd2b357db16bd9660e7

SHA256
e13702c5462e253e14da26e17267c1193ec88d1062a436b9445cbd96eabec47c

SHA512
a0d14f73e071a1d8927029b7c486e707d9d958702251f51f7808159e51cd4ebd97859be7e2a9353a4e6a6a7247c1ff71316fe4b71e6b2bc7533a85de0fbe44f0

Download Submit
C:\Windows\Prefetch\REG.EXE-E7E8BD26.pf

Filesize
2KB

MD5
8003046272a073e0eb9d474620434e6b

SHA1
2a42056d65e0b8a62a427ec0ff454d8a98fb9ba2

SHA256
8d0145b04392b68fd4c2b223b1967e4cdddb7cb2fa603cb931b82e0890053303

SHA512
2f89d5a141e3965dcb286d4574f6b77d2960c474e81537db072bb95e9e051a7494afad08662dda1f8136bfc5da5f6a15738e93374a58932bddd46c0a1ca21c45

Download Submit
C:\Windows\Prefetch\RUNDLL32.EXE-1296E45D.pf

Filesize
5KB

MD5
d168ff5d84d69ffac70f0fba7f9d7752

SHA1
75fea2d33ed9d0fe214945cd8d046b40e6b1ed4d

SHA256
f20689396e1a4bdb19f22cada95b3dbe72dd215c6aca9514bdc4c7a4fa1887e8

SHA512
2f215c08151263bb4ee098cb86c7bbfff5ae167161b75ab6bfbadad34ec6a678a41e383f5e4ec845ea49895bdb974eeaea3a15ad5c8357c269a9d8872921c6d6

Download Submit
C:\Windows\Prefetch\RUNDLL32.EXE-23EA2E5B.pf

Filesize
4KB

MD5
4c9db7574f63e5911d68bfdb76c6af4f

SHA1
e826669ea4b17a90f031b6586a4679832836eeea

SHA256
9d1bc650cec6d6d20efe5fe572e3dbcef1908fde1a4d2644eb30cd9599248d10

SHA512
08588dcc996189b874b276fd2f53cefa9e524ff1bcff8c02e72f4e023405c37b8c78aca259b0367199c7f582b357d9553c1a89dd4fbdbe06f1c0e4d646ba6ddb

Download Submit
C:\Windows\Prefetch\RUNDLL32.EXE-354DF41A.pf

Filesize
5KB

MD5
2dcfb502148a3c2199a781998ef45b1f

SHA1
d968057367f11da26a78d298ba6714336b968735

SHA256
c984218bdb74cd471bf72f7ca590e1caaa43494ff0b27aa6261ad7bc2ca4b81d

SHA512
fae0f868f4fc910c2f67724a00dd0c4e2f2bd16f2c17661c3da81ec266fd9a1ac9e227b5deb4183501c059f8c1fc749b7b4d083ef82cb314fed9a06079d654fb

Download Submit
C:\Windows\Prefetch\RUNDLL32.EXE-4AA64FDC.pf

Filesize
5KB

MD5
ec42ad0440247141a41bbbc381496257

SHA1
88e53df3df5c1293c6d8dc4a2d857ff625ba422a

SHA256
316b5543b71b6b844cbee8bfd15c4f34dca4dde0650e804c7a74965e8b97146b

SHA512
d545e6b266374b8c0f4f10423078435a013ac9103b53e3243b5cc2bef374c82184850a225e7a53f02067fabdd31f1bf431d7af3917207d1feb9a4c6885a0ca7d

Download Submit
C:\Windows\Prefetch\RUNDLL32.EXE-75574BF9.pf

Filesize
5KB

MD5
2f98e061354268ab3dd4231b6973c9e4

SHA1
a9b57725a95679b99779898f95fed883bf50ca6b

SHA256
705edb1c6420f34430dcd4ac10f88ab3206383f81190c6704e47b19ab862a6cd

SHA512
8a6da2581827581164dcb98e9f284c3a60cd50d4d2e9e281743b48f16bb0d519d02e161eda7d7e6dc01117fe39ce4df5b777df783dc32895ac6673a9034f8607

Download Submit
C:\Windows\Prefetch\ResPriHMStaticDb.ebd

Filesize
46KB

MD5
ae1a98fdabb6ac21e44edff3473560de

SHA1
2bf83e03f4708327b8ca4628f1e415608564439d

SHA256
d6557c19e7ca50418e5c5ae4de13ed71eca7493e0cfd00ddca37b050b9e43f1a

SHA512
a27428f33fd444ca77b0f0dedabf46c86f1fb6e01a0fce6629e992f09478642ec733a48c287454eb30dee9b6c5c8405b7364abd58df77b506348e1fc3a0c7e3f

Download Submit
C:\Windows\Prefetch\SETTINGSYNCHOST.EXE-2521C7ED.pf

Filesize
5KB

MD5
b26fa80294eb5db4316341e544c2f8b9

SHA1
e33375c15896bac6893aee5fc70b09a7fcb23985

SHA256
2d1e3b0d10c8ebbdeeba15c7d6d8c9e971133ac449d6ee54ce7b7cd0b62e2009

SHA512
884221450b2ca711734dde5bcce022de71c12759f7a4ee63c9361508cd08b4a302067f62f37e3c2c717ae8ce2b1a79f3926b5bcf8ed88232aa5e94cc6578eaf4

Download Submit
C:\Windows\Prefetch\SHUTDOWN.EXE-E7D5C9CC.pf

Filesize
3KB

MD5
80bf223c9a0c4ba35e1a5838f18d02ce

SHA1
58818e0073ce5b540759f069abeb51f171923229

SHA256
5f5a84039929368ec0f76c07be77291fa349f1b5e37bf2cf7f716184b6f97f8d

SHA512
6dcae5c4f0c4723fb3ee00cd5fdb65fe42a24b7e5f6e795d1a9d503cbc7962a8ccc177e988c985ee8836b48326b3668b2854d90f81b674123d891ebc41286fc7

Download Submit
C:\Windows\Prefetch\SMCONFIGINSTALLER.EXE-039D5D2E.pf

Filesize
3KB

MD5
e2c2838b3e42f294de5c188650dd6c74

SHA1
609f18f2f86518df8e547b69d934a5dd9ec87dcc

SHA256
2cf31d6d57950a394653e09f118f04f5880aa41919b99dcd7e37c0d24e8848c8

SHA512
936356c62d2217a0cd7bd0284e27437767a7b12e89240408e08da57ab36aae780ee7f5b808430392be0282aeeb26e6489bfc5d52bf3e784c032bf33a3d0e3a3c

Download Submit
C:\Windows\Prefetch\SMCONFIGINSTALLER.EXE-EC979AE0.pf

Filesize
3KB

MD5
3d7f69f35ff7d4469836da45fcb1bd1f

SHA1
939e7a6369a4fbfa546f3f79cc5c21f3729887ad

SHA256
398a8fb06b0bba6f9ccfe57265550ebe90a9784b638fd7ebcefe8815b591fb88

SHA512
c45b50d37493b452f9ac55077d77a456f35eba65629ee77743da2ef51b0c345c0cadd95ed0a48248b46f013dbc4e5dd665fb3cddfbc09e79107e56f379878249

Download Submit
C:\Windows\Prefetch\SPPSVC.EXE-B0F8131B.pf

Filesize
8KB

MD5
a76b0afe5ca02f60db12dea4c13c621f

SHA1
fac6e06b70e7e45db94277662a8d25f5607fed7d

SHA256
1bae514b0e8147f49f6e41ab36e6a5ab825287c9580315692a6e2720b2ad7c47

SHA512
94531215f33c80d10d41d311f6df94da5173f266f93d07002142f78c3bd1c1d9987b52f18cf22852df02633fc44a783589dbfd20410db996596ea75a21cb7731

Download Submit
C:\Windows\Prefetch\SVCHOST.EXE-0F1D54AD.pf

Filesize
6KB

MD5
074ff18add344bbfb932fa1ae7370be5

SHA1
c7cae2fa31d903f077533f96998d68a2c701d3ee

SHA256
0151f480405de03ef9fe4ed66c5788e00d0787504c5fb6b6eb11d7d60cf7fbb8

SHA512
2f08fee4563718a7a1dfab8d37b78ba21d76ac812399a75b995b1cb1bbf67f04ecf0d3ced1dfc68047ce4c0722f7673dfc7f9a5b13930e85661c58fbd4951941

Download Submit
C:\Windows\Prefetch\SVCHOST.EXE-25BF109C.pf

Filesize
9KB

MD5
a14a8e176e0461aa1c32c83be3f8c257

SHA1
6ea79bc3b36b499d0cec20af9eaec409195eaa71

SHA256
b90c23a2450e2e66f9e80298608e8d49b04030eba9803a7abb67a61a230993fe

SHA512
525d0c059e56db9a12bfc1777393c6e2634f6e751f2e8f4ea704230b8874267919b9fbc5111db42f4b2a4218b50619beca041370ffc1c56d2a362c61a9fe179b

Download Submit
C:\Windows\Prefetch\SVCHOST.EXE-32F0CF8B.pf

Filesize
4KB

MD5
340852bf51e345c33ea215b43dfae9a0

SHA1
27e1ff402ea640436fdc92f5be1227d65ac6cf13

SHA256
b7068361123882978367fe873959e0094737b9c1de5a23356a4320ffa0ec2033

SHA512
81c620df489e64aeacc8aaaa5fcf255f023d3982f63b1fbd3140dc30c9c7123d8a0d8fd31472f191a794d311f8bd25cd191450592d10f31fb6e5932f3dd8345e

Download Submit
C:\Windows\Prefetch\SVCHOST.EXE-7F879A40.pf

Filesize
7KB

MD5
89b401f798dc53bd6eb4fd30b245e91c

SHA1
54e2149dbe232474f1141659dbbec89059f5b660

SHA256
2c937849cd72a7a8879a7c7bd48f5bb47380705fdefd7bbafcff059f3a379471

SHA512
ba660077fe6fad4d7888c4a2cf8faac4ac9365b421e3d929c53dd198689b07fb00315625004c2f16f622899e2d74653d3715ad3c995abaae44049f39ae7f4a29

Download Submit
C:\Windows\Prefetch\SVCHOST.EXE-80F4A784.pf

Filesize
3KB

MD5
be5779763b2a4e0437a5ffb4d733a5de

SHA1
b628ff4ee628f04fdcf0b8edacc0230da92cad6c

SHA256
6903aca32d6a4cb943bd69883ef5935f6ff9b0f61357adbbed1ae0dc55b98f6c

SHA512
ad0795c78b5d6f6fc4c79ec0b8366a2c650f71db657be6006e263765b7a73ed5880630274d118d1be9e056f1aa7e6fa839b7cf74c446b0a6846dc8df4336c5e4

Download Submit
C:\Windows\Prefetch\SVCHOST.EXE-FF0E80B4.pf

Filesize
5KB

MD5
1898682a9fcbfa0015dd49712280e5dc

SHA1
2d350c69004b1a60ed092ac297178d6a53301913

SHA256
34e6590c5daf3c466203ef5ba5ba1561e34be65f946a475bac7cea95a76251d2

SHA512
2f66c823c4ecef950a92b81e99b93b077631370b1f586ec655fab57f7fe35485665807d67feba67a28164ac7e76de0002aa4c0fe852cf73ee0b2641e896ab384

Download Submit
C:\Windows\Prefetch\TAKEOWN.EXE-A80759AD.pf

Filesize
3KB

MD5
dab79b3e50a666a375f0ce567e93d464

SHA1
99ae8280040067778d5696ff14baaf8ca1fb30b0

SHA256
475fb53caf5138eb1864336b6b9a522fa0dcda1d99fdd51c36863f1334861c4f

SHA512
9688a56697d1dde54117e54f3036ce3f40e37eccb43012cc38e99bfa8941e214eaccccb5bee3d9122b4c8586e1801be9173be02714499bf11e70de9d2abc96e3

Download Submit
C:\Windows\Prefetch\TASKHOSTW.EXE-3E0B74C8.pf

Filesize
5KB

MD5
97ab1b44742ad348bcb80045de3c7843

SHA1
f0030bde4d900df644a6ea44cde91267e0c952b5

SHA256
1ba8dd87d52d717f925df9a9a7304efb4335da3c858b63dc493f18ffad977746

SHA512
25c9de79ab524840f10422b90fdedb051feb86866222fd8aab3397e88bc934cc41abb34df8ad3c43151b444f3bba8079e42e0b1df9b1d0ac61f3eccaaac495a7

Download Submit
C:\Windows\Prefetch\TIWORKER.EXE-80A69FC2.pf

Filesize
17KB

MD5
33c7a8872474da77904e826c0c2caa9e

SHA1
f04d62191a9c0fec37984ef554261498aefcc0be

SHA256
ebd04c2b0daf7f9cea9c5221234d8bc1fe91cda2049b65e9f2acbec4fba1f6f2

SHA512
f38ee92129f1faec5903dbd8dab6800c7d7214145d4600ad5bf333260a2b8b0b34297b7b26ffc97d771b50c0fb73e88e178841c0dfa9d7c0241c8640d9d4103f

Download Submit
C:\Windows\Prefetch\TRUSTEDINSTALLER.EXE-3CC531E5.pf

Filesize
4KB

MD5
c1fefadfb31e957609bd05c661832af2

SHA1
0a4347caa20e47f9c9aea341464d2ef76f0af31e

SHA256
8b2dc5b53eb445d147f0c43b0eaea6bbbda09f87211ee2a1a741ff1417999180

SHA512
1fdac379560f46cf90d76f64902238db4836f35ebb9509bbedcdfc0c0b4d77b6622f405027083d6341ce86b3a1335beb851075094b45f510b2c93c9ad8ee387a

Download Submit
C:\Windows\Prefetch\VERCLSID.EXE-7C52E31C.pf

Filesize
3KB

MD5
cfb6d79f7dde50d0abdd340e587d918a

SHA1
af4df1131b4642413ce3b93b29681b4b08eaf78e

SHA256
0f54bddfb40b96d2aa445ac5a047c58e0b7360fb9cc9112a046bd721f8dbc263

SHA512
bffd1f740eb2f81b0ea46031327c0be7b1a8c734c3309aa3f04f665183772122ec1863e439821a26c387a21b830766ede0f3cb56dd61d5b6fa1c1217f7751256

Download Submit
C:\Windows\Prefetch\VSSVC.EXE-B8AFC319.pf

Filesize
4KB

MD5
a1ebebd09b7e529fcac82de0a8fbbcf0

SHA1
7ba505b8b9011b6838547b1a59af63a6e102e880

SHA256
d21168db20baaf4b4ed17f58827a7def63fd065cc8095e4e9ae6f5d4071a4dcf

SHA512
2a9a7c04717d54cdbc11089a53358e3f4cfba84db7a17ba6fa69961ed5cc9f074fd20066405401a68143700cbee44d732fb7a02c7fdb8eb44115b7815f9398ad

Download Submit
C:\Windows\Prefetch\WFSERVICESREG.EXE-122A0E00.pf

Filesize
5KB

MD5
ae5d238f9aa019446d93beed3cc41f8c

SHA1
4486ac2299d6f0391c5ea66f2b7e4d4cd28268a4

SHA256
21e4b326b4459e22c02256eaa09441c9b801e0eb4505310a3aaa79be51f62855

SHA512
e0ce0583d851f7cabed65651a141a14af6f824d8bd2e9d67176e11e332b6ed598b71c7b415d44750975a6a162b6667582bba7725b0c5d7feff0c6ac1d2be5984

Download Submit
C:\Windows\Prefetch\WFSERVICESREG.EXE-C6979A7A.pf

Filesize
6KB

MD5
321b51c156fb7d4fb6915226d48e5edc

SHA1
c3cb2b4b1566ce58e050d19425272ab74fabbf34

SHA256
514d7ff1cf2ac1f061b8e838024eee7fdade7b1db5a2e951e324ce7031eeb998

SHA512
2c453d05668db006224c7293aaae4b1799e8186790f7e7ca312383ff4958e13c66c2a871b634093a7b865cf4aef653e66d025ebef35462c0b4bd4eda0c410bde

Download Submit
C:\Windows\Prefetch\WLRMDR.EXE-C2B47318.pf

Filesize
9KB

MD5
b4975231da1ff47e656f7f44d909891c

SHA1
512a893d9288941526dcc5e5c7566c696ec8af6d

SHA256
b4fa3a3f562b428e5feba5d95859343af510602375c658f8e767bedcb9978874

SHA512
a0770ae48f9383f531e28a9b375c25033366a4c098da5b97b31c00f91b095d33c259690e4017024974ef02490558be7919b4531812e72a5da224c04c9cd8b9da

Download Submit
C:\Windows\Temp\ASPNETSetup_00000.log

Filesize
957B

MD5
8271f65f6e3e4610ba741ceae98c605a

SHA1
5b2d44b534788ba4148a2cb7e176d29d68504966

SHA256
bc23bbaa707ed8d8865c984df13c1038bf5c1be8b0bbb22bc1f69eba8c04e7d2

SHA512
508cc22d10a8e9503cc23eb669876211dc50ad9760900bee22081146caf34703f87132d182071868071d8eff992d7bc46e77d899c04ebf8b53a14a75604ba7f6

Download Submit
C:\Windows\Temp\ASPNETSetup_00001.log

Filesize
959B

MD5
864eb3d61fd9c2065cc8277db6a683c5

SHA1
d76183f15d29698cf3b63b1e68ddde00de35573e

SHA256
a687e59c61967409b166ec477875b96dc1eebcb80f00ef1f0bfbe6c1be96aa70

SHA512
10842ad09d0286a8c273a5c360a29a961adf40f2408f998c507ed883fcece23be9a2418840548741d20bce5947239719b0324fd8f9914c8c8db41fe5e693af91

Download Submit
C:\Windows\Temp\MpCmdRun.log

Filesize
1KB

MD5
0d8d9cedfb10f67e0a9876b1c4b2b07f

SHA1
ab3c3752604cac85098da6e7308f3c3458dde675

SHA256
e5cfb23ff1b67f820bbe5981ab14d0aca00215d81438c761c1a0afa4d2d788f9

SHA512
2dbb3c7b6bab4e5907dbe2c1f01a950762840d3709cfef768edba8092de0f67cb9b20452fd9bd1840139687b648e65e48ace91e041f3b713238ecbfd8de842e9

Download Submit
C:\Windows\Temp\tem48C1.tmp

Filesize
312B

MD5
32f437229a70cd4e901d1b9ac47f99b9

SHA1
c460dae1a701d9d0f3c0e5a3a4303472b39f4ef5

SHA256
c1691708f1697216ff5076cff5149c74a7fe69c508c6d5bf14813129a20eb5ea

SHA512
528aa4a8d2ea5b0587e25e29c7cb18e40bb8ed0af941f09946a4ec016e3435286a02b6dcd07f4f7bd84f78a926ad974ef8e6f2577625dff5ace62e80f259f96b

Download Submit