Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

spacedesk_...22.msi

windows10-2004-x64

8

Analysis

  • max time kernel
    250s
  • max time network
    252s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/09/2024, 10:22 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    spacedesk_driver_Win_10_64_v2122.msi

  • Size

    4.7MB

  • MD5

    65f5f179e3da0dbfbd6b35cda7af3e0a

  • SHA1

    2569f9f147e989d5e0a766b80e18a64f44b531f7

  • SHA256

    049cad32f63e51a5c7755fe00d6cda2dc70bee89640d821ff3760cc42bad2499

  • SHA512

    810e97256811b409dffd063d91dc2d10ae7573ea2b76d6b1854f522b8bb5ba812f1b8a8a35d219f4e56c0e8e94a0724f577b9e5e474b5de382a401a1d590225b

  • SSDEEP

    98304:Jm0qsQ5enKbkLRkKGv6ySKD6GjwLNIUbG:IjxAKbkAvWujwBb

Score
8/10
discoverypersistenceprivilege_escalation

Malware Config

Signatures

  • Drops file in Drivers directory 4 IoCs
  • Blocklisted process makes network request 2 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 64 IoCs
  • Drops file in Program Files directory 26 IoCs
  • Drops file in Windows directory 59 IoCs
  • Executes dropped EXE 17 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Event Triggered Execution: Installer Packages 2 TTPs 1 IoCs
    persistenceprivilege_escalation
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 23 IoCs
  • Suspicious behavior: EnumeratesProcesses 17 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\spacedesk_driver_Win_10_64_v2122.msi
    1⤵
    • Blocklisted process makes network request
    • Enumerates connected drives
    • Event Triggered Execution: Installer Packages
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:4724
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4084
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding DAD3749DE5F68717F3065DFBB02A78BC C
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      PID:4548
    • C:\Windows\system32\srtasks.exe
      C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
      2⤵
        PID:1216
      • C:\Windows\Installer\MSIC7EB.tmp
        "C:\Windows\Installer\MSIC7EB.tmp" -preInstallCheck_W10
        2⤵
        • Drops file in Windows directory
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        PID:4784
      • C:\Windows\Installer\MSIC8E6.tmp
        "C:\Windows\Installer\MSIC8E6.tmp" -qWaveCheck
        2⤵
        • Executes dropped EXE
        PID:396
      • C:\Windows\Installer\MSIC993.tmp
        "C:\Windows\Installer\MSIC993.tmp" -install_android_control,C:\Program Files\datronicsoft\spacedesk\spacedeskTemporarySetupFiles\
        2⤵
        • Drops file in Windows directory
        • Executes dropped EXE
        • Checks SCSI registry key(s)
        PID:444
      • C:\Windows\Installer\MSICC53.tmp
        "C:\Windows\Installer\MSICC53.tmp" -install_android_usb,C:\Program Files\datronicsoft\spacedesk\spacedeskTemporarySetupFiles\
        2⤵
        • Drops file in Windows directory
        • Executes dropped EXE
        PID:400
      • C:\Windows\Installer\MSICDCB.tmp
        "C:\Windows\Installer\MSICDCB.tmp" -install_ktm,C:\Program Files\datronicsoft\spacedesk\spacedeskTemporarySetupFiles\
        2⤵
        • Drops file in Windows directory
        • Executes dropped EXE
        • Checks SCSI registry key(s)
        PID:4772
      • C:\Windows\Installer\MSICF33.tmp
        "C:\Windows\Installer\MSICF33.tmp" -install_hid,C:\Program Files\datronicsoft\spacedesk\spacedeskTemporarySetupFiles\
        2⤵
        • Drops file in Windows directory
        • Executes dropped EXE
        • Checks SCSI registry key(s)
        PID:3720
      • C:\Windows\Installer\MSID03E.tmp
        "C:\Windows\Installer\MSID03E.tmp" -install_iddcx,C:\Program Files\datronicsoft\spacedesk\spacedeskTemporarySetupFiles\,0
        2⤵
        • Drops file in Windows directory
        • Executes dropped EXE
        • Checks SCSI registry key(s)
        PID:1276
      • C:\Windows\Installer\MSID1B6.tmp
        "C:\Windows\Installer\MSID1B6.tmp" -install_audio,C:\Program Files\datronicsoft\spacedesk\spacedeskTemporarySetupFiles\
        2⤵
        • Drops file in Windows directory
        • Executes dropped EXE
        • Checks SCSI registry key(s)
        PID:2216
      • C:\Windows\Installer\MSID39B.tmp
        "C:\Windows\Installer\MSID39B.tmp" -install_bus,C:\Program Files\datronicsoft\spacedesk\spacedeskTemporarySetupFiles\
        2⤵
        • Drops file in Windows directory
        • Executes dropped EXE
        • Checks SCSI registry key(s)
        PID:1188
      • C:\Windows\Installer\MSID63C.tmp
        "C:\Windows\Installer\MSID63C.tmp" -install_server,C:\Program Files\datronicsoft\spacedesk\
        2⤵
        • Executes dropped EXE
        PID:416
      • C:\Windows\Installer\MSID6E9.tmp
        "C:\Windows\Installer\MSID6E9.tmp" -openFirewall,C:\Program Files\datronicsoft\spacedesk\
        2⤵
        • Executes dropped EXE
        PID:4052
      • C:\Windows\Installer\MSID719.tmp
        "C:\Windows\Installer\MSID719.tmp" -spacedeskProgramFilesDelete,C:\Program Files\datronicsoft\spacedesk\spacedeskTemporarySetupFiles\
        2⤵
        • Executes dropped EXE
        PID:3980
      • C:\Windows\Installer\MSID7C6.tmp
        "C:\Windows\Installer\MSID7C6.tmp" -otherFirewallCheck
        2⤵
        • Executes dropped EXE
        PID:2320
    • C:\Windows\system32\vssvc.exe
      C:\Windows\system32\vssvc.exe
      1⤵
        PID:5060
      • C:\Windows\system32\svchost.exe
        C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
        1⤵
        • Drops file in Windows directory
        • Checks SCSI registry key(s)
        • Suspicious use of WriteProcessMemory
        PID:4404
        • C:\Windows\system32\DrvInst.exe
          DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{84621e0f-fad5-ce4d-8f84-9ac98974dcf1}\spacedeskDriverAndroidControl.inf" "9" "44282f7e3" "0000000000000148" "WinSta0\Default" "0000000000000158" "208" "C:\Program Files\datronicsoft\spacedesk\spacedeskTemporarySetupFiles"
          2⤵
          • Drops file in System32 directory
          • Drops file in Windows directory
          • Checks SCSI registry key(s)
          • Modifies data under HKEY_USERS
          PID:4656
        • C:\Windows\system32\DrvInst.exe
          DrvInst.exe "2" "1" "ROOT\SPACEDESK_ANDROID_CONTROL\0000" "C:\Windows\System32\DriverStore\FileRepository\spacedeskdriverandroidcontrol.inf_amd64_c78e51cb686ef158\spacedeskdriverandroidcontrol.inf" "oem3.inf:*:*:1.0.452.9:ROOT\VID_DATRONICSOFT_PID_SPACEDESK_DRIVER_USB_ANDROID_0001," "44282f7e3" "0000000000000148"
          2⤵
          • Drops file in Drivers directory
          • Drops file in System32 directory
          • Drops file in Windows directory
          • Checks SCSI registry key(s)
          PID:2036
        • C:\Windows\system32\DrvInst.exe
          DrvInst.exe "4" "1" "C:\Program Files\datronicsoft\spacedesk\spacedeskTemporarySetupFiles\spacedeskDriverAndroidUsb.inf" "9" "4c4c2d17b" "000000000000015C" "WinSta0\Default" "0000000000000148" "208" "C:\Program Files\datronicsoft\spacedesk\spacedeskTemporarySetupFiles"
          2⤵
          • Drops file in System32 directory
          • Drops file in Windows directory
          • Checks SCSI registry key(s)
          • Modifies data under HKEY_USERS
          PID:896
        • C:\Windows\system32\DrvInst.exe
          DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{da1478d6-81b3-5d47-a8c2-6c844a0bab9c}\spacedeskKtmInputmouse.inf" "9" "431da1b7b" "0000000000000148" "WinSta0\Default" "0000000000000160" "208" "C:\Program Files\datronicsoft\spacedesk\spacedeskTemporarySetupFiles"
          2⤵
          • Drops file in System32 directory
          • Drops file in Windows directory
          • Checks SCSI registry key(s)
          • Modifies data under HKEY_USERS
          PID:1600
        • C:\Windows\system32\DrvInst.exe
          DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{dc2ee47a-f26b-4543-98ca-ded4eec082ed}\spacedeskDriverHid.inf" "9" "4427793e7" "0000000000000154" "WinSta0\Default" "000000000000015C" "208" "C:\Program Files\datronicsoft\spacedesk\spacedeskTemporarySetupFiles"
          2⤵
          • Drops file in System32 directory
          • Drops file in Windows directory
          • Checks SCSI registry key(s)
          • Modifies data under HKEY_USERS
          PID:3944
        • C:\Windows\system32\DrvInst.exe
          DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{51b17a3d-39c1-1243-9839-0a45dc633543}\spacedeskdisplay.inf" "9" "442436977" "000000000000015C" "WinSta0\Default" "0000000000000164" "208" "C:\Program Files\datronicsoft\spacedesk\spacedeskTemporarySetupFiles"
          2⤵
          • Drops file in System32 directory
          • Drops file in Windows directory
          • Checks SCSI registry key(s)
          • Modifies data under HKEY_USERS
          PID:4312
        • C:\Windows\system32\DrvInst.exe
          DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{e4348a7c-e7b9-c944-9f4e-836b0ebe846b}\spacedeskDriverAudio.inf" "9" "447268673" "0000000000000164" "WinSta0\Default" "0000000000000174" "208" "C:\Program Files\datronicsoft\spacedesk\spacedeskTemporarySetupFiles"
          2⤵
          • Drops file in System32 directory
          • Drops file in Windows directory
          • Checks SCSI registry key(s)
          • Modifies data under HKEY_USERS
          PID:4904
        • C:\Windows\system32\DrvInst.exe
          DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{bdca03fa-971c-e14c-b159-3cfe9b3701be}\spacedeskDriverBus.inf" "9" "4522ade83" "0000000000000154" "WinSta0\Default" "0000000000000178" "208" "C:\Program Files\datronicsoft\spacedesk\spacedeskTemporarySetupFiles"
          2⤵
          • Drops file in System32 directory
          • Drops file in Windows directory
          • Checks SCSI registry key(s)
          • Modifies data under HKEY_USERS
          PID:4800
        • C:\Windows\system32\DrvInst.exe
          DrvInst.exe "2" "1" "ROOT\SPACEDESK_VIRTUAL_BUS\0000" "C:\Windows\System32\DriverStore\FileRepository\spacedeskdriverbus.inf_amd64_97eac36ebcea4166\spacedeskdriverbus.inf" "oem9.inf:*:*:1.0.455.42:Root\VID_DATRONICSOFT_PID_SPACEDESK_VIRTUAL_BUS_0001," "4522ade83" "0000000000000154"
          2⤵
          • Drops file in Drivers directory
          • Drops file in Windows directory
          • Checks SCSI registry key(s)
          PID:3004
      • C:\Program Files\datronicsoft\spacedesk\spacedeskService.exe
        "C:\Program Files\datronicsoft\spacedesk\spacedeskService.exe"
        1⤵
        • Executes dropped EXE
        • Suspicious use of WriteProcessMemory
        PID:4616
        • C:\Program Files\datronicsoft\spacedesk\spacedeskServiceTray.exe
          This is spacedesk Service calling.
          2⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          • Suspicious use of WriteProcessMemory
          PID:5044
          • C:\Program Files\datronicsoft\spacedesk\spacedeskConsole.exe
            "C:\Program Files\datronicsoft\spacedesk\spacedeskConsole.exe"
            3⤵
            • Drops file in System32 directory
            • Executes dropped EXE
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of WriteProcessMemory
            PID:4912
            • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              "powershell.exe" /c Get-AppXPackage -Name AppleInc.iTunes > "C:\Users\Public\spAppxpackageinstalled.txt"
              4⤵
              • Suspicious behavior: EnumeratesProcesses
              PID:1836
            • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              "powershell.exe" /c Get-NetConnectionProfile > "C:\Users\Public\netconnectionprofile.txt"
              4⤵
              • Drops file in System32 directory
              • Suspicious behavior: EnumeratesProcesses
              PID:4760
            • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              "powershell.exe" /c Get-AppXPackage -Name AppleInc.AppleDevices > "C:\Users\Public\spAppxpackageinstalled.txt"
              4⤵
              • Suspicious behavior: EnumeratesProcesses
              PID:2388
          • C:\Program Files\datronicsoft\spacedesk\spacedeskConsole.exe
            "C:\Program Files\datronicsoft\spacedesk\spacedeskConsole.exe"
            3⤵
            • Drops file in System32 directory
            • Executes dropped EXE
            • Suspicious behavior: EnumeratesProcesses
            PID:4724
          • C:\Windows\SysWOW64\RUNDLL32.EXE
            RUNDLL32.EXE SHELL32.DLL,Control_RunDLL desk.cpl,,3
            3⤵
            • System Location Discovery: System Language Discovery
            PID:2308
            • C:\Windows\explorer.exe
              "C:\Windows\explorer.exe" ms-settings:display
              4⤵
                PID:3024
        • C:\Windows\explorer.exe
          C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
          1⤵
            PID:2488
          • C:\Windows\system32\svchost.exe
            C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
            1⤵
              PID:1404

            Network

            • flag-us
              DNS
              8.8.8.8.in-addr.arpa
              Remote address:
              8.8.8.8:53
              Request
              8.8.8.8.in-addr.arpa
              IN PTR
              Response
              8.8.8.8.in-addr.arpa
              IN PTR
              dnsgoogle
            • flag-us
              DNS
              42.56.20.217.in-addr.arpa
              Remote address:
              8.8.8.8:53
              Request
              42.56.20.217.in-addr.arpa
              IN PTR
              Response
            • flag-us
              DNS
              58.55.71.13.in-addr.arpa
              Remote address:
              8.8.8.8:53
              Request
              58.55.71.13.in-addr.arpa
              IN PTR
              Response
            • flag-us
              DNS
              95.221.229.192.in-addr.arpa
              Remote address:
              8.8.8.8:53
              Request
              95.221.229.192.in-addr.arpa
              IN PTR
              Response
            • flag-us
              DNS
              71.159.190.20.in-addr.arpa
              Remote address:
              8.8.8.8:53
              Request
              71.159.190.20.in-addr.arpa
              IN PTR
              Response
            • flag-us
              DNS
              104.219.191.52.in-addr.arpa
              Remote address:
              8.8.8.8:53
              Request
              104.219.191.52.in-addr.arpa
              IN PTR
              Response
            • flag-us
              DNS
              13.86.106.20.in-addr.arpa
              Remote address:
              8.8.8.8:53
              Request
              13.86.106.20.in-addr.arpa
              IN PTR
              Response
            • flag-us
              DNS
              50.23.12.20.in-addr.arpa
              Remote address:
              8.8.8.8:53
              Request
              50.23.12.20.in-addr.arpa
              IN PTR
              Response
            • flag-us
              DNS
              15.164.165.52.in-addr.arpa
              Remote address:
              8.8.8.8:53
              Request
              15.164.165.52.in-addr.arpa
              IN PTR
              Response
            • flag-us
              DNS
              217.135.221.88.in-addr.arpa
              Remote address:
              8.8.8.8:53
              Request
              217.135.221.88.in-addr.arpa
              IN PTR
              Response
              217.135.221.88.in-addr.arpa
              IN PTR
              a88-221-135-217deploystaticakamaitechnologiescom
            • flag-us
              DNS
              79.190.18.2.in-addr.arpa
              Remote address:
              8.8.8.8:53
              Request
              79.190.18.2.in-addr.arpa
              IN PTR
              Response
              79.190.18.2.in-addr.arpa
              IN PTR
              a2-18-190-79deploystaticakamaitechnologiescom
            • flag-us
              DNS
              57.110.18.2.in-addr.arpa
              Remote address:
              8.8.8.8:53
              Request
              57.110.18.2.in-addr.arpa
              IN PTR
              Response
              57.110.18.2.in-addr.arpa
              IN PTR
              a2-18-110-57deploystaticakamaitechnologiescom
            • flag-us
              DNS
              spacedesk.net
              spacedeskConsole.exe
              Remote address:
              8.8.8.8:53
              Request
              spacedesk.net
              IN A
              Response
              spacedesk.net
              IN A
              213.182.2.115
            • flag-de
              GET
              https://spacedesk.net/downloads/spacedeskPublicVersion.txt
              spacedeskConsole.exe
              Remote address:
              213.182.2.115:443
              Request
              GET /downloads/spacedeskPublicVersion.txt HTTP/1.1
              Host: spacedesk.net
              Connection: Keep-Alive
              Response
              HTTP/1.1 200 OK
              Content-Type: text/plain
              Last-Modified: Tue, 20 Aug 2024 09:40:16 GMT
              Accept-Ranges: bytes
              ETag: "9ff172f6e4f2da1:0"
              Server: Microsoft-IIS/10.0
              Access-Control-Allow-Origin: *
              Access-Control-Allow-Methods: GET,POST,PUT,DELETE,OPTIONS
              Access-Control-Allow-Credentials: true
              Access-Control-Allow-Header: Content-Type, X-Forwarded-For, X-Forwarded-Host, X-Forwarded-Server, X-Forwarded-Proto
              Strict-Transport-Security: max-age=31536000; includeSubDomains
              X-Frame-Options: SAMEORIGIN
              X-Content-Type-Options: nosniff
              Referrer-Policy: same-origin
              Permissions-Policy: midi=(self)
              Content-Security-Policy: default-src 'self' 'unsafe-inline' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' base.bibtip.de https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://code.jquery.com https://translate.google.com https://*.gstatic.com https://*.googleapis.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://*.gstatic.com https://*.googleapis.com; img-src 'self' 'unsafe-inline' data: https:;
              X-Permitted-Cross-Domain-Policies: none
              Set-Cookie: HttpOnly
              Date: Sat, 21 Sep 2024 10:25:06 GMT
              Content-Length: 73
            • flag-us
              DNS
              115.2.182.213.in-addr.arpa
              Remote address:
              8.8.8.8:53
              Request
              115.2.182.213.in-addr.arpa
              IN PTR
              Response
            • flag-us
              DNS
              115.2.182.213.in-addr.arpa
              Remote address:
              8.8.8.8:53
              Request
              115.2.182.213.in-addr.arpa
              IN PTR
            • flag-us
              DNS
              cxcs.microsoft.net
              Remote address:
              8.8.8.8:53
              Request
              cxcs.microsoft.net
              IN A
              Response
              cxcs.microsoft.net
              IN CNAME
              cxcs.microsoft.net.edgekey.net
              cxcs.microsoft.net.edgekey.net
              IN CNAME
              e3230.b.akamaiedge.net
              e3230.b.akamaiedge.net
              IN A
              23.213.251.133
            • flag-us
              DNS
              cxcs.microsoft.net
              Remote address:
              8.8.8.8:53
              Request
              cxcs.microsoft.net
              IN A
            • flag-gb
              POST
              https://www.bing.com/RelatedSearch?addfeaturesnoexpansion=relatedsearch&mkt=en-US
              Remote address:
              95.101.143.193:443
              Request
              POST /RelatedSearch?addfeaturesnoexpansion=relatedsearch&mkt=en-US HTTP/2.0
              host: www.bing.com
              accept-encoding: gzip, deflate
              content-length: 2222
              content-type: application/json; charset=UTF-8
              cache-control: no-cache
              Response
              HTTP/2.0 200
              content-length: 391
              content-type: application/json; charset=utf-8
              cache-control: private
              content-encoding: gzip
              vary: Accept-Encoding
              x-eventid: 66ee9f334d1e46ad8c791a41471f1cd6
              x-as-setsessionmarket: en-US
              useragentreductionoptout: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=
              p3p: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
              date: Sat, 21 Sep 2024 10:25:55 GMT
              set-cookie: MUID=270B320BE5AC6E7628A4270AE41E6F1A; domain=.bing.com; expires=Thu, 16-Oct-2025 10:25:55 GMT; path=/; secure; SameSite=None
              set-cookie: MUIDB=270B320BE5AC6E7628A4270AE41E6F1A; expires=Thu, 16-Oct-2025 10:25:55 GMT; path=/
              set-cookie: _EDGE_S=F=1&SID=36EA0CFE92926D9921AE19FF93206CE0&mkt=en-US; domain=.bing.com; path=/
              set-cookie: _EDGE_V=1; domain=.bing.com; expires=Thu, 16-Oct-2025 10:25:55 GMT; path=/
              set-cookie: SRCHD=AF=NOFORM; domain=.bing.com; expires=Mon, 21-Sep-2026 10:25:55 GMT; path=/
              set-cookie: SRCHUID=V=2&GUID=C9C117114D684528976A48CB085E8DC6&dmnchg=1; domain=.bing.com; expires=Mon, 21-Sep-2026 10:25:55 GMT; path=/
              set-cookie: SRCHUSR=DOB=20240921; domain=.bing.com; expires=Mon, 21-Sep-2026 10:25:55 GMT; path=/
              set-cookie: SRCHHPGUSR=SRCHLANG=en; domain=.bing.com; expires=Mon, 21-Sep-2026 10:25:55 GMT; path=/
              set-cookie: _SS=SID=36EA0CFE92926D9921AE19FF93206CE0; domain=.bing.com; path=/
              alt-svc: h3=":443"; ma=93600
              x-cdn-traceid: 0.d78f655f.1726914355.85b524d
            • flag-gb
              GET
              https://cxcs.microsoft.net/api/settings/en-US/xml/settings-tipset?release=20h1&sku=Professional&platform=desktop
              Remote address:
              23.213.251.133:443
              Request
              GET /api/settings/en-US/xml/settings-tipset?release=20h1&sku=Professional&platform=desktop HTTP/2.0
              host: cxcs.microsoft.net
              accept-encoding: gzip, deflate
              Response
              HTTP/2.0 404
              content-type: text/html
              content-length: 26
              date: Sat, 21 Sep 2024 10:25:51 GMT
            • flag-us
              DNS
              193.143.101.95.in-addr.arpa
              Remote address:
              8.8.8.8:53
              Request
              193.143.101.95.in-addr.arpa
              IN PTR
              Response
              193.143.101.95.in-addr.arpa
              IN PTR
              a95-101-143-193deploystaticakamaitechnologiescom
            • flag-us
              DNS
              133.251.213.23.in-addr.arpa
              Remote address:
              8.8.8.8:53
              Request
              133.251.213.23.in-addr.arpa
              IN PTR
              Response
              133.251.213.23.in-addr.arpa
              IN PTR
              a23-213-251-133deploystaticakamaitechnologiescom
            • 213.182.2.115:443
              https://spacedesk.net/downloads/spacedeskPublicVersion.txt
              tls, http
              spacedeskConsole.exe
              752 B
               4.8kB
               8
              6

              HTTP Request

              GET https://spacedesk.net/downloads/spacedeskPublicVersion.txt

              HTTP Response

              200
            • 95.101.143.193:443
              https://www.bing.com/RelatedSearch?addfeaturesnoexpansion=relatedsearch&mkt=en-US
              tls, http2
              8.1kB
               7.2kB
               25
              14

              HTTP Request

              POST https://www.bing.com/RelatedSearch?addfeaturesnoexpansion=relatedsearch&mkt=en-US

              HTTP Response

              200
            • 23.213.251.133:443
              https://cxcs.microsoft.net/api/settings/en-US/xml/settings-tipset?release=20h1&sku=Professional&platform=desktop
              tls, http2
              1.4kB
               7.0kB
               19
              14

              HTTP Request

              GET https://cxcs.microsoft.net/api/settings/en-US/xml/settings-tipset?release=20h1&sku=Professional&platform=desktop

              HTTP Response

              404
            • 8.8.8.8:53
              8.8.8.8.in-addr.arpa
              dns
              66 B
               90 B
               1
              1

              DNS Request

              8.8.8.8.in-addr.arpa

            • 8.8.8.8:53
              42.56.20.217.in-addr.arpa
              dns
              71 B
               131 B
               1
              1

              DNS Request

              42.56.20.217.in-addr.arpa

            • 8.8.8.8:53
              58.55.71.13.in-addr.arpa
              dns
              70 B
               144 B
               1
              1

              DNS Request

              58.55.71.13.in-addr.arpa

            • 8.8.8.8:53
              95.221.229.192.in-addr.arpa
              dns
              73 B
               144 B
               1
              1

              DNS Request

              95.221.229.192.in-addr.arpa

            • 8.8.8.8:53
              71.159.190.20.in-addr.arpa
              dns
              72 B
               158 B
               1
              1

              DNS Request

              71.159.190.20.in-addr.arpa

            • 8.8.8.8:53
              104.219.191.52.in-addr.arpa
              dns
              73 B
               147 B
               1
              1

              DNS Request

              104.219.191.52.in-addr.arpa

            • 8.8.8.8:53
              13.86.106.20.in-addr.arpa
              dns
              71 B
               157 B
               1
              1

              DNS Request

              13.86.106.20.in-addr.arpa

            • 8.8.8.8:53
              50.23.12.20.in-addr.arpa
              dns
              70 B
               156 B
               1
              1

              DNS Request

              50.23.12.20.in-addr.arpa

            • 8.8.8.8:53
              15.164.165.52.in-addr.arpa
              dns
              72 B
               146 B
               1
              1

              DNS Request

              15.164.165.52.in-addr.arpa

            • 8.8.8.8:53
              217.135.221.88.in-addr.arpa
              dns
              73 B
               139 B
               1
              1

              DNS Request

              217.135.221.88.in-addr.arpa

            • 8.8.8.8:53
              79.190.18.2.in-addr.arpa
              dns
              70 B
               133 B
               1
              1

              DNS Request

              79.190.18.2.in-addr.arpa

            • 8.8.8.8:53
              57.110.18.2.in-addr.arpa
              dns
              70 B
               133 B
               1
              1

              DNS Request

              57.110.18.2.in-addr.arpa

            • 8.8.8.8:53
              spacedesk.net
              dns
              spacedeskConsole.exe
              59 B
               75 B
               1
              1

              DNS Request

              spacedesk.net

              DNS Response

              213.182.2.115

            • 8.8.8.8:53
              115.2.182.213.in-addr.arpa
              dns
              144 B
               139 B
               2
              1

              DNS Request

              115.2.182.213.in-addr.arpa

              DNS Request

              115.2.182.213.in-addr.arpa

            • 8.8.8.8:53
              cxcs.microsoft.net
              dns
              128 B
               154 B
               2
              1

              DNS Request

              cxcs.microsoft.net

              DNS Request

              cxcs.microsoft.net

              DNS Response

              23.213.251.133

            • 8.8.8.8:53
              193.143.101.95.in-addr.arpa
              dns
              73 B
               139 B
               1
              1

              DNS Request

              193.143.101.95.in-addr.arpa

            • 8.8.8.8:53
              133.251.213.23.in-addr.arpa
              dns
              73 B
               139 B
               1
              1

              DNS Request

              133.251.213.23.in-addr.arpa

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Config.Msi\e59c3d4.rbs
              Filesize

              536KB

              MD5

              1d3bb51711277a6474dbae661fb9509d

              SHA1

              e81735634fd7b04abbd1e6b0bbf57b258c24a476

              SHA256

              64203023bb70d762384787793972dc32f152705a4daf4c9cc909cc5f75907695

              SHA512

              055f39b6f88fd5f6dfee0d6f9a36a00e5a32a0f78ed968e9b3122d704893ebdfbf3b1eeb2b16b6472dac8ac5e3dfae6cb2d8363273a9a4ca5224c71d2d08f0ab

              Download Submit

            • C:\PROGRA~1\DATRON~1\SPACED~1\SPACED~1\amd64\spacedeskDisplayUmode1_0.dll
              Filesize

              136KB

              MD5

              61ca37c0f525639d335c072395db5583

              SHA1

              22c2144fac657311d596edf01633c4dcd44eb7f1

              SHA256

              cd06c9a3499a6a0c39d247ca2f762016c07f4f424a53917dec06819a0d489803

              SHA512

              85d1314a02e987977f8e377f44d33a32161a0bef81d5875e60f9bbf621c01c72bb736036a5b59c7d3b8040c8bc867986f029cd3514a6407fc44700ee81e9760e

              Download Submit

            • C:\PROGRA~1\DATRON~1\SPACED~1\SPACED~1\amd64\spacedeskDisplayUmode1_2.dll
              Filesize

              136KB

              MD5

              e7162bda03b7d309f5e45699cf126446

              SHA1

              802dc50367b678c858d7f6a8cb859f80947098e7

              SHA256

              250888b00cd42b3f16bd1f9296e591d4435a5973319878afae4515a98222a7cb

              SHA512

              d5f7c4c0a23e8946a664c9db049e8aa1effdda496cf3533fdf5671c77649fca17f30f8478697caa852c6a2fec5d423cd75c9206953c885416b5204c4980c4360

              Download Submit

            • C:\PROGRA~1\DATRON~1\SPACED~1\SPACED~1\amd64\spacedeskDriverAndroidControl.sys
              Filesize

              51KB

              MD5

              3c4582ccc12d41c6ddcb8bebc3ffb62e

              SHA1

              799a3809b91768d081b994ae1e98fa548275de71

              SHA256

              d7c80666182b9e9418f24dac56f05dfe53bd28d37f7764572e2bc325d96054fa

              SHA512

              abd3265fc3e5c16167befe800d755678e2d4ac3008ae03c51f1c251a23e250be9bd72e05f1d10727edcd0334eed6c3f4ba76852a37a9d47fb93c9a97854dbb9d

              Download Submit

            • C:\PROGRA~1\DATRON~1\SPACED~1\SPACED~1\amd64\spacedeskDriverAndroidUsb.sys
              Filesize

              42KB

              MD5

              242f5cd519d0497129c9d8ca22e127eb

              SHA1

              1854b58cca948918f8e26864e727318482675e7f

              SHA256

              46585160227ef5c164a7005693ff0927f3048bbc57309f0061aaa5bca0e83038

              SHA512

              1f24b08e8c3c274638620ff6cb2de753fa56bf9c70adbb15ebe20ab0a09149d28be402795588c537c97075b3f5f960d0486e0df678f45875eb845ab9fdcc4e36

              Download Submit

            • C:\PROGRA~1\DATRON~1\SPACED~1\SPACED~1\amd64\spacedeskDriverHid.dll
              Filesize

              97KB

              MD5

              5095a2b55a1b7831a558ab8990e9801b

              SHA1

              bd157677e737b7238dee44d6405c4d6c36a5862d

              SHA256

              80e4565cca358710288c7bbc6a3287cbc03e61cf682eeadeb30d72e24b417224

              SHA512

              c5a6f1a81722297ca745cdd9bd74d86daf8d75f6bc5156f24d6647eeece0cdb0c00c0c77cfc75bb4d553a449e36ca1da77dbebf2d3ffc6b457d42ac00cda019a

              Download Submit

            • C:\PROGRA~1\DATRON~1\SPACED~1\SPACED~1\amd64\spacedeskKtmInput.sys
              Filesize

              41KB

              MD5

              fad80e5e02e03e48609c852a489f6cd3

              SHA1

              b711d9025e0b6f6567d1407d65d7f67daca292a5

              SHA256

              398582f8456f404653129df83d04b40f85c6b61cf213c86b75766cf77d323386

              SHA512

              fcc2bac894faae66c28168775bb97d75a708443bb4000c64e74ca21a3c357215f6a7bd626bbdbc090e6a55eec707de2faa7e7631129d3d4ed196fc6804033c06

              Download Submit

            • C:\PROGRA~1\DATRON~1\SPACED~1\SPACED~1\spacedeskDisplay.cat
              Filesize

              13KB

              MD5

              0ec09de9e91d4756f1a77a978a2722a7

              SHA1

              7ceb26ff0728b0c06ce3736af7d3e5896185ef0b

              SHA256

              b97ec9c0cdb7374929cdafd4d40f441fa6423fce9d7a2d70c2cbc2ad8e00ba2b

              SHA512

              b81e20ae2c6bcdef995b9442c3f9dd5e5f8d000eaabba984adbf5aaf755d7922e5e54a5137409445c96f0dba69773c5305533b9c979931712f5cd2bb93bec03e

              Download Submit

            • C:\PROGRA~1\DATRON~1\SPACED~1\SPACED~1\spacedeskDriverAndroidControl.cat
              Filesize

              12KB

              MD5

              71832827d1b1780b3151c6c1a75dace0

              SHA1

              dca0d64d9cc14d31c52d4cbf45653796ed935373

              SHA256

              6d638c3d97337d40f9d7863913e1bd588064a697475ddb43949d4924d4364835

              SHA512

              cf99c7314dc16abb13d7cbb948654be6b70a0e9baeebece5bb887362f0f2ddfef3e165e578b11606ea9ecb63b1f24760787f464b96d38212cac8192809f203ba

              Download Submit

            • C:\PROGRA~1\DATRON~1\SPACED~1\SPACED~1\spacedeskDriverAndroidUsb.cat
              Filesize

              12KB

              MD5

              06d3d57965a43836abc68b7ea95d9f81

              SHA1

              2c3bebf703e6c8c79918ea6b2db9f35546fe5670

              SHA256

              13cd508b1e6cd8ad6e13adef666e391ac1b1be627aceadc15e2335390885cfbf

              SHA512

              799c15ad5e76363c96b5c5b0265fe0e9574ac30491acec5e8c323dd4a416b4c82ff28652227ca353904cb00e84f4e2865122e5356047c00585c1f59aef0f0e8a

              Download Submit

            • C:\PROGRA~1\DATRON~1\SPACED~1\SPACED~1\spacedeskDriverHid.cat
              Filesize

              12KB

              MD5

              b6264f45c48cf007079dab66a0817025

              SHA1

              033f03ff29eebe1ca7fca1112fa5c1bf1358e00d

              SHA256

              c90188d91977544ea6bb213d6b7b648a313a8b751b41799b6b9ef89d661b9567

              SHA512

              f35e78482c98f6400063ab09621fe856634caa46513dfec84924f7415c2b132faac097b9ec433ed390e72c86c897048d3deb0af4d9e814b7405363b1baa58c97

              Download Submit

            • C:\PROGRA~1\DATRON~1\SPACED~1\SPACED~1\spacedeskKtmInputmouse.cat
              Filesize

              12KB

              MD5

              42a4ed6e6b94e1b74e9c5538ea3af0b4

              SHA1

              b394e9f6c9cde7985a86c87ab2823641f32c8eea

              SHA256

              6d363492a43aa06bf2e5ee919c3a1d4cdd4de1ae6eca0c6d94cedd0490d1e530

              SHA512

              5d9620a8f7c6b7033ead1e99ef74976c6fec066d56e5ba51abfbb616b93c970e73961aae8511656779a36d6c799363f1cf57eec889bb06223077a304a9f8848a

              Download Submit

            • C:\PROGRA~1\DATRON~1\SPACED~1\SPACED~1\spacedeskdriveraudio.cat
              Filesize

              15KB

              MD5

              710ee13c1f6ba72e25414ee4bff1e993

              SHA1

              50993cf17f397fe7f8b06df7af50b750781b76da

              SHA256

              34ffd8509dc23002d2d1dd9c1fef27ae8cd14bac5a99db73d427314c46c5ae8c

              SHA512

              4034b3eb2c2b03ba05f7215eba863c87a87f79389d55a3ac481b87256c21af2938d08d4549d089264e06e44e5d56eea21e1167331db32f4c602823487bd0c721

              Download Submit

            • C:\Program Files\datronicsoft\spacedesk\spacedeskTemporarySetupFiles\spacedeskDriverAndroidControl.inf
              Filesize

              3KB

              MD5

              b53adfc1d7f2a50f2964aefb0319ec28

              SHA1

              e3d1e97cc0c1e3654ead6a79b0cbb45daf415c00

              SHA256

              97238c12c44025580e4393f0b4e9f0d7e08d85f4b4496fd905e3cd99501b9a0b

              SHA512

              87f7886d85eba57c8546669bc1d3e72563e7cbb3bd65948d2274866dc3a451512dcd8c389e9117286e2e1bf5141d2a8ea67677d6872d5485e507611d7b8d03eb

              Download Submit

            • C:\Program Files\datronicsoft\spacedesk\spacedeskTemporarySetupFiles\spacedeskDriverAndroidUsb.inf
              Filesize

              4KB

              MD5

              a72d5e569094dedbeb0527254d90ff7b

              SHA1

              1199188d064d3bc8e4569a5793aba4a6e362e4c1

              SHA256

              cb73077aea0dbc48d46fbf270578654b3fff83d5c017d89f1a6ffe5d168b2cc5

              SHA512

              7b5a3a597823348c23d7a230dcd86c1aee9d19223869d3d4d74bd60f44881b0fd5ae6d27e9c1952952eee3a8845c3ed424c1a10d09750f423ce6e9e9766a8bb7

              Download Submit

            • C:\Program Files\datronicsoft\spacedesk\spacedeskTemporarySetupFiles\spacedeskDriverAudio.inf
              Filesize

              20KB

              MD5

              23e653a98b3ebfb5a474a30c0fb7f770

              SHA1

              8e9f5b638451379a5706df066e11657c484ae160

              SHA256

              6f1ea7acb6c668695d64cfe3d4323eaa6e997702b9ccb588e32d8e8156c5ed4b

              SHA512

              16d8acc399c92e94066b2e14a64e468363fb3e47e13b9cbe9da033ba085cf7054b8db57457ba1e1b437f0c5239a12e21a23070fce6bab9035d1f25f546f3c9b6

              Download Submit

            • C:\Program Files\datronicsoft\spacedesk\spacedeskTemporarySetupFiles\spacedeskDriverHid.inf
              Filesize

              6KB

              MD5

              7ededd3c7eab082b9ddc718b7db642e6

              SHA1

              53be30a1f2892ef54bbee533aad022cdb3b32d55

              SHA256

              a99a951bd2ef1362f5d2700fb5c2f326ed3def7a31824718d46bb802b83a07c0

              SHA512

              ff50e4a65bfd26e482367b620c13150c9bb0d95661627e0cd8494980d0ed0bee26586feffd5c7871527999d3c1356ad85119ddc66bcb0503890576264146adcf

              Download Submit

            • C:\Program Files\datronicsoft\spacedesk\spacedeskTemporarySetupFiles\spacedeskKtmInputmouse.inf
              Filesize

              2KB

              MD5

              c8e701ea27a2a1d0abc8bfa99509c5c4

              SHA1

              b3bd4debbd0ae0499a9da6867c83014f7328753d

              SHA256

              bfd53b3c4e0bbbda52a631f882eafb946d62c50ae6f8df0f446984b64eb5b474

              SHA512

              7dcc00c31c952d84858c34354214f738f58e1d20698a2f33ba5692b6ceda41e0dec78923739427392cbe14c7114dc73a0d89429727661b86fab21a260a335bef

              Download Submit

            • C:\Program Files\datronicsoft\spacedesk\spacedeskTemporarySetupFiles\spacedeskdisplay.inf
              Filesize

              4KB

              MD5

              1a26d9000f4f98b8709d0745d11974d0

              SHA1

              bf17ca852de9a0a2266366919af8f1037a0505c7

              SHA256

              d23f24c69153f4ee1aec3b1d05f205eee71d39c6af8705432b6b23534b17bc9f

              SHA512

              3be8687f4917d3b24b3d99fea1c0c1c3c6a5f9dbc97719cf1a22940d7b1811f4397814fda6a7fac3a89b4b2fcbcffe5d71eb4c0c9a32a00444c58ab86899773f

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
              Filesize

              471B

              MD5

              66c5789a95e11f7e48ee7c7aa494e081

              SHA1

              b590f30510690030aaf7a8e979223f1783f175cf

              SHA256

              ab2891d4e0867a968da5fd8803fa3f23235bc12260612301cc121725f1100207

              SHA512

              d5ab41515086bcb0fd1ee9dadb43c2b74c8ecc7e6f38671320438afb8d8cebd32d8740159f3203fea40998436c37bba840afa781f9b36c7135d701618270c09c

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_15A751EAC52E3BDD7E5151D6C1F63C61
              Filesize

              727B

              MD5

              95bb1968b0d42948e5ac25beb7491688

              SHA1

              1153020bfe4db3ae932ca6d267f0ea882c5052ac

              SHA256

              a773e37d275469ffd4dc9da02a8384ae020ffdaf44e61f770866a2868eaa4791

              SHA512

              1d59357cd0e1e3df44d572105423f0f9ec7321d72a8164c7a990cc13547b3b8d3ef3b355c812f22d369ee06db84222e6be847b8d835fe84406517fbb880dd5cd

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
              Filesize

              727B

              MD5

              2f149ff2949173cc82d27f2dbd226f84

              SHA1

              454829da9fdc5e864b04bc4891d827bc4345a7e2

              SHA256

              555d04832624cbe78ac96f5b93deb72f41b271b93b4b6807d03aa64e255afa3f

              SHA512

              7d7ee697ba51df5ae45e53c444bf54aa0c4561c0f44c265e941cf060f226a5aac6fa79f6df6d5a73e007c4ccfd1e19d2c2043dfb980478e7491ecf80f8ea9706

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
              Filesize

              400B

              MD5

              e66d05a6a5811213c4275387884d0525

              SHA1

              bf19695231b628d5e3e481db038d54ca8bdfbfc9

              SHA256

              903692e344feb353657361f9a9770beb61e7400c0f1e78763643deb6e4e64542

              SHA512

              7f639fa6091c18bfe1a4f8a68a974e3b454c68b482cb510253209ed8f89251a2e99b21945bf542003636b2caba1311a6470289f9b9924570d306dd76e7f946d8

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_15A751EAC52E3BDD7E5151D6C1F63C61
              Filesize

              408B

              MD5

              7585699c35737bbd00bbdd850d6bc7a4

              SHA1

              9c6bd23e8a6004bc5a6717114f9b40673dafce40

              SHA256

              3b63a08f24d4b9cf64e4af68673f4ee3c9b7a73a815ad011052eef8ee3a691c3

              SHA512

              0a6d0cb5349f8dd5102099d4c3ac6e9a7cab5dfe563ebbc6c1ce97575a726ccf1959914afc4fc26d164e86db13c1d0ede33709443fa3ced8832c3d1bf7d5657c

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
              Filesize

              412B

              MD5

              927283931f6517972afed8a2d8ca876d

              SHA1

              86ea47d13dcfe75b06aad91a7770a0cb891ba4cc

              SHA256

              565a628423fde8084a0c62c0d60c480be142f582277d11d345f5e26b5230f7fc

              SHA512

              11722a6ac32933092c39ae8ba450e98c2ed02f41be96573bd50cc18e039909d49a58ab227326ec39c869379e09675af1ad5791e6feebb12799215145c14102ea

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\MSIDBBA.tmp
              Filesize

              113KB

              MD5

              4fdd16752561cf585fed1506914d73e0

              SHA1

              f00023b9ae3c8ce5b7bb92f25011eaebe6f9d424

              SHA256

              aecd2d2fe766f6d439acc2bbf1346930ecc535012cf5ad7b3273d2875237b7e7

              SHA512

              3695e7eb1e35ec959243a91ab5b4454eb59aeef0f2699aa5de8e03de8fbb89f756a89130526da5c08815408cb700284a17936522ad2cad594c3e6e9d18a3f600

              Download Submit

            • C:\Users\Public\spacedeskSetup.log
              Filesize

              9KB

              MD5

              1f8f88c23861d9ab00d7f5f35d24a38f

              SHA1

              98931a031431e1c7a162dae55cf0a269a7cd1a33

              SHA256

              432ef2d6945812a00ee955b207df6de0b4485f58445b76ad8b9cab8e3e8d8331

              SHA512

              14ec9fce96997405f4bfa60cde53030617a214c4a0b06365c5a682a27fd21716be9092c85c0c8fcf7910101c1fae052771c6f6ceec8810bb5818fbeba176b9d3

              Download Submit

            • C:\Users\Public\spacedeskSetup.log
              Filesize

              10KB

              MD5

              94f48f62100ebef0cc292017a6a0b910

              SHA1

              38a60d9367234de9c30aa12eeb6720c43fff7700

              SHA256

              55fa67db91cabb6f3e30fb63baf69986881e5ceeb597ff714e49b553bf915e81

              SHA512

              6a27cc8b0d030e174fe770892f2b8344aa4df0db62295c856ce00e4a53e0c0ef58cd78370cbd3681771d4705484cf840eb43d45513e18f64cdbbbc37dabd6105

              Download Submit

            • C:\Users\Public\spacedeskSetup.log
              Filesize

              11KB

              MD5

              66b144ee8b95f7a483e32f768414712d

              SHA1

              881ba208a5c42366418ca0401c9fc54cf05701b5

              SHA256

              cbfa39ff4033a6c2bd7426d088b47ce3fb1c16d272bb394cbeb6d7474d737b57

              SHA512

              4ea24a96e0dd58544420aab519dbdee68ac7bf3adf58bd4729f4e6627e5617dd85930deb22f2a1a96a049155890c36ce18926663b5badf9a8d51183dcb5f8bb7

              Download Submit

            • C:\Users\Public\spacedeskSetup.log
              Filesize

              11KB

              MD5

              b4346f6b4fc8bd3af62b3dff1901e4d1

              SHA1

              4214da6ebc035f9a10700584952a5d1009bd7441

              SHA256

              5a583d299a90ea88403dedbd3abafe37fbdc50b4f746c913ff160945675b4218

              SHA512

              5bf6ed423cac0dcad144e31826dd6cedc39ef496c746f1ae3d003abe06caa3255180a8e1b0d8ae8749f8b1c4f945cc1f11a1ddee8c9a8b4c8ae2f1eb1f5111dd

              Download Submit

            • C:\Users\Public\spacedeskSetup.log
              Filesize

              12KB

              MD5

              e4e22f4d7759f8ca759e69adf64398ed

              SHA1

              c15039932e9a49c1e0a28aab7e8fa1d69d47b07f

              SHA256

              1bbac70b5700fc205e03445e351b4ccc6b3f20f21ebbc9c401bfdba4148a07f8

              SHA512

              84aaa29ac4901426f4723ab4f428b3567b436ce1f988e204d8e87b077c03ffab4091aec94c17852de736fdb259f32740af22d7d442df2d0ba2177f820836bf8e

              Download Submit

            • C:\Users\Public\spacedeskSetup.log
              Filesize

              12KB

              MD5

              1da6cd7d4f99da0f10e4b7db87c816fc

              SHA1

              51b91153e52242ab02573f4ed99ee41de7c78533

              SHA256

              11af88c5292dfe313736e8b4333620a7db0a2851229029e91ad08ade606facf2

              SHA512

              0a0ffbea722e7077c592a7b26fa2e6b9780ce6b40770aa36d709ca9eb98b0b9163745ab6f411f894b516beb7ef618c1033c10ec3001fdbf4ad91a6949c678a7c

              Download Submit

            • C:\Users\Public\spacedeskSetup.log
              Filesize

              567B

              MD5

              521501de7d2b4ac844ea535f4216dbac

              SHA1

              e56e35f707afb48f0b3048b3f72540f23bf07ea5

              SHA256

              9118ca009079d24a75da3ff17b827f3784b38fbe924d14b15a846bff5a4eb852

              SHA512

              7dff86a07de5066be32a34b0e93eec5264347078c243bc30f7fff4b6b9bc81d0804aa5389aa35d350d229d1293ed2b62bde3706a17fcc50af0701eac9515a994

              Download Submit

            • C:\Users\Public\spacedeskSetup.log
              Filesize

              13KB

              MD5

              df0e25e5ecb247dbde0f76aea4cec9f0

              SHA1

              36d887ac03a145c10b36c750167eefb6c7cb95d6

              SHA256

              3f045b06cd54dd9e7757a43e2757ef3b2732b1fd603c9644173cf2ebba0bd00d

              SHA512

              10b3e5f30ae1cd686e10d73c2c46947c66c678dfd6a106053e8d94f0883c08b36fcf3231ddab9a828d41231a4b1966045a5904de01c5d926f5331db40a2a9ccf

              Download Submit

            • C:\Users\Public\spacedeskSetup.log
              Filesize

              1KB

              MD5

              81a6aa236970daf112b8327477724b89

              SHA1

              2c8e4d92572d0f93a7ccba1b90cc0b324be4dd3a

              SHA256

              8fcde6ec8269334e6485a7bef7f0858c6f15b8642bb55adab5d1870aa44c0592

              SHA512

              5e5b75e669f139028b02cb5376eae4ff1a7f6f1fbea72a450905820b282fe1a90e48d08390435bbab9486a915dbbe83b0275455b5de3a0f0cff751de5c23b735

              Download Submit

            • C:\Users\Public\spacedeskSetup.log
              Filesize

              5KB

              MD5

              658be0685e93397243204b1e7af628ca

              SHA1

              dcd9ca469813675b6ff2c1c4a2d544c69e95eafb

              SHA256

              de2a679429d759b82126833110c45b955c9293e5bfe8790d57d04b5d0c421999

              SHA512

              2438a6ae8bdba573732437f1e53f2c554d5382e1585080d5a62b434a145fbc86048530dae56d9e296c05983ed8da00f8ad76f76caa188f0d82cb599dbc943e42

              Download Submit

            • C:\Users\Public\spacedesklist.xml
              Filesize

              636B

              MD5

              09dc1faa2be8ccf3ad7e2d24259b00b7

              SHA1

              24cbd5d2ff77ffc50f22729118d5922ec98699ad

              SHA256

              b57f5a4dcda2eebe0a80effeb7c0af7546875ba0cfae7d42fa52e7079b218964

              SHA512

              21111dfbb31535a1c35f947e64d9c540efddec3a15721025442349bf1d694d0955645c9992ced27c4236bf87e1a66e9f44b68326d78b2c579f8ceb436a075378

              Download Submit

            • C:\Windows\INF\oem0.PNF
              Filesize

              5KB

              MD5

              bb4d4b6edf7dc24757693af92c6ead50

              SHA1

              c3c71f1e62c9ee0da5aebe512351f3a3575ae2c1

              SHA256

              8f38420ba7b61653cbcf0c80a9039525c4da1c15ce8c6af0fcbadc6631b37752

              SHA512

              c550f377805f46ab8bb7525a30acf2b87f769dd4125fbff409a2703ddf64e5fa26a697c368791b4e6ff2d7491431e9ba4e7f965bb45cc75df04d8ddcd6d33169

              Download Submit

            • C:\Windows\INF\oem1.PNF
              Filesize

              5KB

              MD5

              5e8728cc257b8064238be61acef4dd0b

              SHA1

              7336d0df5ef1307db7dea6f2800e9bf3a17597a1

              SHA256

              989a2f2b7c4b29fc335433d12fdcbd61cab5d1b612ba8a40d44891c522111362

              SHA512

              5e0762d55950d6238eaad16bc1307af7f42a50a4adc77daabfbf266e3f2424443026050e5fd9f30d79f25831787f27bcf1f9fec5c929ea7adab31629f55e711a

              Download Submit

            • C:\Windows\INF\oem2.PNF
              Filesize

              6KB

              MD5

              0329b7705dfe228ebb37b72568d75999

              SHA1

              4183281161529b3bbe89fabbda78b9cda721dad0

              SHA256

              f6fc252ec44df4d55654e589d67f369bee13c08c3c0b319f02a97134512888d4

              SHA512

              b0a8ea3977c00906f916fd1b5de55d71c1dc6b5bec2ed70a1d5a2767ad486f248171046dbe70dab41869aec2be6742623611a473ef95476d73c8da1f83bb7b31

              Download Submit

            • C:\Windows\Installer\MSIC7EB.tmp
              Filesize

              520KB

              MD5

              2b201e0b41023ab27e222248dce7b5ae

              SHA1

              fbddd3f35309a6396db5ddb1b551ff15a992e978

              SHA256

              df9b26ad3d9064261ca7bcbc7de620c1eea51561c15becc1fe2162bde3c997cb

              SHA512

              fe84d561e4886c6d646982ed29da174277bd2f2e153f0cc85def3ce2426e349bec6c5d4daffe2930d0d4f1321f0969b6f4cdb918819c0e9086cb883c1f6a8bc8

              Download Submit

            • C:\Windows\Installer\e59c3d3.msi
              Filesize

              4.7MB

              MD5

              65f5f179e3da0dbfbd6b35cda7af3e0a

              SHA1

              2569f9f147e989d5e0a766b80e18a64f44b531f7

              SHA256

              049cad32f63e51a5c7755fe00d6cda2dc70bee89640d821ff3760cc42bad2499

              SHA512

              810e97256811b409dffd063d91dc2d10ae7573ea2b76d6b1854f522b8bb5ba812f1b8a8a35d219f4e56c0e8e94a0724f577b9e5e474b5de382a401a1d590225b

              Download Submit

            • C:\Windows\System32\CatRoot2\dberr.txt
              Filesize

              19KB

              MD5

              90ce281a3c2adc9631bacd23b9cd114f

              SHA1

              db969411f2bc2becea06de8bc41dbf076fa7f2c9

              SHA256

              53f395eafc65a76462308b8a9d72f153512a76f945862407633c770bc28175b0

              SHA512

              697d12b8ad7c410a5628ae3255327ce2a175f90bdf27d0d083e4049295497082f029d72825604c2abf2403ce0926b0afd609e437e8e26fb580576109296f062b

              Download Submit

            • C:\Windows\System32\CatRoot2\dberr.txt
              Filesize

              19KB

              MD5

              d8f72f13ec414862e3467ed9c69a2656

              SHA1

              67462e31b9a44b087e038301d41a1d93262476ea

              SHA256

              bc293c4afaad6cea2ebb0ad62a0ed96c042bb312aab7e849ce1fdf08f2168699

              SHA512

              f8e6ef11bf8c5b8671cd3313addeed82b43e6e9f4b3814a40a61587ae75166b772cf6e89301447ac6b06fb5c15113552590422a1148c5e996a26239c82881fcf

              Download Submit

            • C:\Windows\System32\CatRoot2\dberr.txt
              Filesize

              19KB

              MD5

              5f352d428f7aa580816b7bb6b4b932df

              SHA1

              6807bf117aef1be6bb17794ddd7805c6748267e0

              SHA256

              51a570208d83d692796e0e38c17053772ae43e89b5e37e7d3fea3c0c788a60b2

              SHA512

              2d49a61a231f65a497aebeefc2ca5eabdd694d20310a41ce9d744ec13271893eb73843a57b40bced4fd4e812edea07747c216183d0176dcdd3a21a12f49f5a48

              Download Submit

            • C:\Windows\System32\DriverStore\Temp\{a47c58c0-a396-0640-970d-6821560b605a}\amd64\SETD27B.tmp
              Filesize

              135KB

              MD5

              330c31805c9e2f8b594f79b7d8c63cd7

              SHA1

              af865cda469126d0f7208f92d8e5dd30331810d1

              SHA256

              ff09c098f44679fc668a10a837ca9de8f57d986c26bdec73513c7df58b06b800

              SHA512

              e23d5a1f1fbf75e5565dcf91555a025fb416bcee739b1c83d56c3f015668971b6422673ece28f2f4086b66d3bf1dbe3c00629cd2514c44459793581d03c1bbe2

              Download Submit

            • C:\Windows\System32\DriverStore\Temp\{c341b2bd-e89e-344f-83bd-5663f2171480}\SETD44E.tmp
              Filesize

              12KB

              MD5

              f7cc07b6573930b73a5fbc6c34e29776

              SHA1

              e1c5f999fc425320b2146d897c2d6beaa5d5960d

              SHA256

              1ec01584f1f3d528689586b993e57adda75d5ace39babadab16a04041a0b0911

              SHA512

              f48ea1d654dcea636269ba70f05d451909b102d9bc2f9b9506df0397b5f003711682fab1a0894e9ee649b07272b9f5992c1289e9d614326d07fb9e5813f818ee

              Download Submit

            • C:\Windows\System32\DriverStore\Temp\{c341b2bd-e89e-344f-83bd-5663f2171480}\SETD44F.tmp
              Filesize

              2KB

              MD5

              36764c342eacfc70e7861996ca2c4087

              SHA1

              9e877386d71118a1ef7f87a27b45558381d15bc9

              SHA256

              5daba34d40face26ff8c742111a677993cf291f7df4a93daae13d022f9074bf2

              SHA512

              8eb2af59cb1720d9cd3b25578a0b30db64ca46e0a546acf5f8eb05c562390ddb05e7be79dc4d08e2142e4b94e0240eb47a97a5e8bdc9d23a34f11e8a42d06867

              Download Submit

            • C:\Windows\System32\DriverStore\Temp\{c341b2bd-e89e-344f-83bd-5663f2171480}\amd64\SETD45F.tmp
              Filesize

              111KB

              MD5

              acad54323537d3721edba7441f1982ed

              SHA1

              c87c646d45b9a8ca25947c6b7098d967f2ef70ad

              SHA256

              16688a5329af55f8410b09d802cb19ed079385e97ae64b34183e36cd3db2a1f3

              SHA512

              a05e3d7d3897e2768f5bf160d860bd34f6f041f614e8d19c4a8047cdc43a477ba934304ed419d5ef43829a09bba9cb9e51a2b57b3c578af5df4eeee79f61a847

              Download Submit

            • C:\Windows\System32\catroot2\dberr.txt
              Filesize

              19KB

              MD5

              77b8a3a4694d424be7a95c870a234cb4

              SHA1

              57d64fa94e943e0a112bbc84c3911d89369ccaf5

              SHA256

              1e9df487a0b6d315fec76097411121340c6f8b2509adb7b0ced18d97bdb56a6a

              SHA512

              31ce8cd86907e10e3625cd120de5949cc3c67d05e7bc013ddfac0b703799dd3a4026dffefd7246a97fc41c952c777e186735a74be6d211c57131825dbaf973e6

              Download Submit

            • C:\Windows\Temp\__PSScriptPolicyTest_vrzhskcu.agd.ps1
              Filesize

              60B

              MD5

              d17fe0a3f47be24a6453e9ef58c94641

              SHA1

              6ab83620379fc69f80c0242105ddffd7d98d5d9d

              SHA256

              96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

              SHA512

              5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

              Download Submit

            • memory/1836-917-0x000001EAE0720000-0x000001EAE0736000-memory.dmp

              Filesize

              88KB

              Download

            • memory/1836-883-0x000001EADFFA0000-0x000001EADFFC2000-memory.dmp

              Filesize

              136KB

              Download

            • memory/1836-907-0x000001EAE0520000-0x000001EAE05D5000-memory.dmp

              Filesize

              724KB

              Download

            • memory/1836-906-0x000001EAE04E0000-0x000001EAE04FC000-memory.dmp

              Filesize

              112KB

              Download

            • memory/1836-919-0x000001EAE04E0000-0x000001EAE04EA000-memory.dmp

              Filesize

              40KB

              Download

            • memory/1836-920-0x000001EAE0790000-0x000001EAE07B6000-memory.dmp

              Filesize

              152KB

              Download

            • memory/4760-918-0x000001FCEB590000-0x000001FCEB59A000-memory.dmp

              Filesize

              40KB

              Download

            • memory/4760-922-0x000001FCEB5E0000-0x000001FCEB5FC000-memory.dmp

              Filesize

              112KB

              Download

            • memory/4912-877-0x000001D6E6D30000-0x000001D6E6D3E000-memory.dmp

              Filesize

              56KB

              Download

            • memory/4912-876-0x000001D6FF480000-0x000001D6FF4B8000-memory.dmp

              Filesize

              224KB

              Download

            • memory/4912-875-0x000001D6E53D0000-0x000001D6E53D8000-memory.dmp

              Filesize

              32KB

              Download

            • memory/4912-874-0x000001D6E4F00000-0x000001D6E4F78000-memory.dmp

              Filesize

              480KB

              Download

            We care about your privacy.

            This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.