641ce30df0fd4d72bb4d932abbc04a2e037922592b205fed5475d1af1a71f882

Resubmissions

30/09/2024, 17:19

240930-vvwz1awhkm 7

Analysis

max time kernel
66s
max time network
69s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
30/09/2024, 17:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

KOMPAS-3D_LT_V12/setup.exe
Size

361KB
MD5

9fc884fb8b65d347ca93f8e4762f1110
SHA1

b0a4f5b33b7d9cd2411ddee5e2e37e8c0fcb866d
SHA256

4ed10c98c9a625913f6475c841e27f91b7e8f57f99921496092fd71e8f061c36
SHA512

5659ed5854f8eb1917096195e197c63c1cabd18e07273bef8e7dfd08246a8d8d801bf22cd458b4b23d8f4c513b3f812318c1f747010466b2381069bc9cb119d0
SSDEEP

6144:8tGrLFaxvDJDPAernALxwapvmNWz8+DeqXHpXsGKLu8NOBCGvVpT0PFn0wcccccg:iewD2OAONV+DeWHtmxGF9gj

Score

7^/10

discovery persistence privilege_escalation

Malware Config

Signatures

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Loads dropped DLL 1 IoCs

pid	Process
2416	MsiExec.exe

Blocklisted process makes network request 4 IoCs

flow	pid	Process
2	4940	MSIEXEC.EXE
3	4940	MSIEXEC.EXE
4	4940	MSIEXEC.EXE
6	680	msiexec.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\X:	MSIEXEC.EXE
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\U:	MSIEXEC.EXE
File opened (read-only)	\??\Z:	MSIEXEC.EXE
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\E:	MSIEXEC.EXE
File opened (read-only)	\??\I:	MSIEXEC.EXE
File opened (read-only)	\??\P:	MSIEXEC.EXE
File opened (read-only)	\??\R:	MSIEXEC.EXE
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\B:	MSIEXEC.EXE
File opened (read-only)	\??\Q:	MSIEXEC.EXE
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\G:	MSIEXEC.EXE
File opened (read-only)	\??\J:	MSIEXEC.EXE
File opened (read-only)	\??\M:	MSIEXEC.EXE
File opened (read-only)	\??\N:	MSIEXEC.EXE
File opened (read-only)	\??\V:	MSIEXEC.EXE
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\A:	MSIEXEC.EXE
File opened (read-only)	\??\H:	MSIEXEC.EXE
File opened (read-only)	\??\O:	MSIEXEC.EXE
File opened (read-only)	\??\S:	MSIEXEC.EXE
File opened (read-only)	\??\W:	MSIEXEC.EXE
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\K:	MSIEXEC.EXE
File opened (read-only)	\??\L:	MSIEXEC.EXE
File opened (read-only)	\??\T:	MSIEXEC.EXE
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\Y:	MSIEXEC.EXE
File opened (read-only)	\??\Z:	msiexec.exe

Drops file in System32 directory 6 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\INetWH32.DLL	msiexec.exe
File created	C:\Windows\SysWOW64\RoboEx32.DLL	msiexec.exe
File created	C:\Windows\SysWOW64\BDS501T.DLL	msiexec.exe
File created	C:\Windows\SysWOW64\CW3220MT.DLL	msiexec.exe
File created	C:\Windows\SysWOW64\OWL501T.DLL	msiexec.exe
File created	C:\Windows\SysWOW64\libmmd.dll	msiexec.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\SDK\C++\Visualc\TestVCTree\TestVCTree.h	msiexec.exe
File created	C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\SDK\C++\VisualcAUTO\step11\step11.h	msiexec.exe
File created	C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\SDK\OCX\VCTree\VCTree.rc	msiexec.exe
File created	C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\SDK\Basic\step3a\step3a.vbw	msiexec.exe
File created	C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\SDK\C++\Visualc\studs3d\studs3d.dsp	msiexec.exe
File created	C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\SDK\C++\CBuilder\eventsCom\Object2DEvent.h	msiexec.exe
File created	C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\SDK\C++\Visualc\step3\step3.dsp	msiexec.exe
File created	C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\SDK\C++\VisualcAUTO\kscontr\StdAfx.h	msiexec.exe
File created	C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\SDK\Basic\step8\step8.vbw	msiexec.exe
File created	C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\SDK\C++\CBUILDERAUTO\GAYKA.HLP	msiexec.exe
File created	C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\SDK\C++\Visualc\MyConverter\MyConverter.dsw	msiexec.exe
File created	C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\SDK\Pascal\DELPHIAUTO\step7\step71.pas	msiexec.exe
File created	C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\SDK\Include\ks3DCOM_TLB.pas	msiexec.exe
File created	C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\SDK\C++\Visualc\Gayka1\CPar.cpp	msiexec.exe
File created	C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\SDK\C++\Visualc\Step2_API7_3D\res\1001.bmp	msiexec.exe
File created	C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\Tutorials\Video\Lesson_3d_01_16.avi	msiexec.exe
File created	C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\SDK\Include\ActiveXWnd.h	msiexec.exe
File created	C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\SDK\Basic\Libs.vbg	msiexec.exe
File created	C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\SDK\Basic\events\1018.BMP	msiexec.exe
File created	C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\Libs\ImpExp\DD_Ge_3.02_6.dll	msiexec.exe
File created	C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\SDK\C++\Visualc\Gayka1\res\6013-s.bmp	msiexec.exe
File created	C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\SDK\C++\VisualcAUTO\step3d1\step3D1LT.def	msiexec.exe
File created	C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\SDK\Pascal\Delphi\step2\7.bmp	msiexec.exe
File created	C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\SDK\Pascal\DELPHIAUTO\EventsAuto\EventsAutoLT.dpr	msiexec.exe
File created	C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\SDK\Include\kapi5.h	msiexec.exe
File created	C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\SDK\Include\LDefin2D.pas	msiexec.exe
File created	C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\SDK\Pascal\Delphi\gayka1\base.pas	msiexec.exe
File created	C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\Libs\ImpExp\TFN\AIGDT.tfn	msiexec.exe
File created	C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\SDK\C#\Automation\Load\22038.LOA	msiexec.exe
File created	C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\SDK\C#\Automation\Step4\FrmTest.cs	msiexec.exe
File created	C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\SDK\C++\CBuilder\studs3d\studs3d.h	msiexec.exe
File created	C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\SDK\C++\Visualc\load\22033.LOA	msiexec.exe
File created	C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\SDK\C++\Visualc\slideWrk\SLDECOM.BMP	msiexec.exe
File created	C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\Sys\templet.lcs	msiexec.exe
File created	C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\SDK\C++\CBuilder\step3\Step3.cpp	msiexec.exe
File created	C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\SDK\C++\VisualcAUTO\slideWrk\slideWrk.rc	msiexec.exe
File created	C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\SDK\C++\CBUILDERAUTO\step10\step10.bpr	msiexec.exe
File created	C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\SDK\C++\Visualc\Gayka1\cPropMen.h	msiexec.exe
File created	C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\SDK\C++\Visualc\Step1_API7_2D\StdAfx.cpp	msiexec.exe
File created	C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\SDK\C++\Visualc\Studs3d1\studs3d1.def	msiexec.exe
File created	C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\SDK\Include\ksAPI7.cpp	msiexec.exe
File created	C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\SDK\Basic\step2\Step2.vbp	msiexec.exe
File created	C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\SDK\C++\CBuilder\slideWrk\SLWRITE.BMP	msiexec.exe
File created	C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\SDK\C++\Visualc\gayka\GaykaLT.dsp	msiexec.exe
File created	C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\SDK\C++\VisualcAUTO\slideWrk\slideWrk.def	msiexec.exe
File created	C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\SDK\Pascal\DELPHIAUTO\step9\step91.pas	msiexec.exe
File created	C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\SDK\C#\Automation\ksContr\ksContrForm.cs	msiexec.exe
File created	C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\SDK\C#\Automation\Step2_API7_2D\ResTempl1.rct	msiexec.exe
File created	C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\SDK\C++\Visualc\TestVCTree\aBaseEvent.h	msiexec.exe
File created	C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\SDK\Pascal\Delphi\gayka1\gayka1.dof	msiexec.exe
File created	C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\SDK\Pascal\DELPHIAUTO\step1\Step1.dpr	msiexec.exe
File created	C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\SDK\Basic\step3d1\step3D1.vbp	msiexec.exe
File created	C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\SDK\C++\Visualc\ConverterTst\ConverterTst.def	msiexec.exe
File created	C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\SDK\C++\Visualc\Gayka1\res\6014.bmp	msiexec.exe
File created	C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\SDK\C++\VisualcAUTO\gayka\resource.h	msiexec.exe
File created	C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\SDK\Pascal\Delphi\Step2_API7_2D\step.rc	msiexec.exe
File created	C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\SDK\Pascal\DELPHIAUTO\ksActiveX\kgAXForm.pas	msiexec.exe
File created	C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\SDK\Include\ConvertLibIntDual.h	msiexec.exe
File created	C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\SDK\Basic\gayka\gaykaDlg.frm	msiexec.exe
File created	C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\SDK\C++\Visualc\step2\3.bmp	msiexec.exe
File created	C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\SDK\Pascal\DELPHIAUTO\step1\step11.pas	msiexec.exe
File created	C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\SDK\C++\VisualcAUTO\step11\res\step11.rc2	msiexec.exe
File created	C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\SDK\C++\VisualcAUTO\step2a\Resource.h	msiexec.exe
File created	C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\SDK\C#\Automation\Gayka\G_SIMPLE.BMP	msiexec.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\WinSxS\InstallTemp\20240930172147711.1\mfc80.dll	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240930172147852.0\mfc80CHS.dll	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI27D6.tmp	msiexec.exe
File created	C:\Windows\Fonts\SYMBOL_B.FON	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\8BAA2B075078F5A4EB8671AE72AACF0D\12.0.1\Global_VC_MFC42ANSICore_f0.51D569E2_8A28_11D2_B962_006097C4DE24	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\8BAA2B075078F5A4EB8671AE72AACF0D\12.0.1\Global_VC_CRT_f0.51D569E0_8A28_11D2_B962_006097C4DE24	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\8BAA2B075078F5A4EB8671AE72AACF0D\12.0.1\Global_System_OLEAUT32_f3.8C0C59A0_7DC8_11D2_B95D_006097C4DE24	msiexec.exe
File opened for modification	C:\Windows\Installer\{70B2AAB8-8705-4A5F-BE68-17EA27AAFCD0}\_E7C65187_24A6_4793_9915_ACB79646F8C3	msiexec.exe
File opened for modification	C:\Windows\WinSxS\InstallTemp\20240930172147680.0	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240930172147836.1\8.0.50727.762.cat	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240930172147852.0\mfc80ITA.dll	msiexec.exe
File created	C:\Windows\Installer\{70B2AAB8-8705-4A5F-BE68-17EA27AAFCD0}\_1D3B27CF_E274_4176_BDBF_C5DE42A9BC9E	msiexec.exe
File created	C:\Windows\Installer\{70B2AAB8-8705-4A5F-BE68-17EA27AAFCD0}\_4EE31E5D_222B_44DF_83B1_0C7C3E262F4E	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240930172147680.0\8.0.50727.762.cat	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240930172147852.0\mfc80FRA.dll	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240930172147773.0\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05.manifest	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\8BAA2B075078F5A4EB8671AE72AACF0D\12.0.1	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\8BAA2B075078F5A4EB8671AE72AACF0D\12.0.1\Global_VC_MFC42UnicodeCore_f0.7EBEDD6A_AA66_11D2_B980_006097C4DE24	msiexec.exe
File created	C:\Windows\Installer\{70B2AAB8-8705-4A5F-BE68-17EA27AAFCD0}\_0403ABAD_86D2_4E36_9230_1EB2E77AC3B1_1	msiexec.exe
File created	C:\Windows\Installer\{70B2AAB8-8705-4A5F-BE68-17EA27AAFCD0}\ARPPRODUCTICON.exe	msiexec.exe
File opened for modification	C:\Windows\Installer\{70B2AAB8-8705-4A5F-BE68-17EA27AAFCD0}\ARPPRODUCTICON.exe	msiexec.exe
File created	C:\Windows\Fonts\SYMBOL_B.TTF	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240930172147711.0\8.0.50727.762.policy	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\8BAA2B075078F5A4EB8671AE72AACF0D	msiexec.exe
File opened for modification	C:\Windows\WinSxS\InstallTemp\20240930172147633.0	msiexec.exe
File created	C:\Windows\SystemTemp\~DF8C843694A8208570.TMP	msiexec.exe
File created	C:\Windows\SystemTemp\~DF01EFC5664D49DD22.TMP	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240930172147773.0\mfc80u.dll	msiexec.exe
File opened for modification	C:\Windows\Installer\{70B2AAB8-8705-4A5F-BE68-17EA27AAFCD0}\_0403ABAD_86D2_4E36_9230_1EB2E77AC3B1_1	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240930172147570.0\msvcm80.dll	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240930172147773.0\mfcm80.dll	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240930172147773.0\mfcm80u.dll	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240930172147852.0\amd64_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_c351f8e3.cat	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240930172147633.0\msvcp80.dll	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240930172147852.0\mfc80CHT.dll	msiexec.exe
File created	C:\Windows\Fonts\GOST_B.TTF	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240930172147633.0\msvcr80.dll	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\8BAA2B075078F5A4EB8671AE72AACF0D\12.0.1\Global_System_OLEPRO32_f0.8C0C59A0_7DC8_11D2_B95D_006097C4DE24	msiexec.exe
File created	C:\Windows\SystemTemp\~DFFA519F398BB75C52.TMP	msiexec.exe
File created	C:\Windows\Fonts\GOST_A.TTF	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240930172147852.0\mfc80DEU.dll	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\8BAA2B075078F5A4EB8671AE72AACF0D\12.0.1\Global_System_STDOLE_f1.8C0C59A0_7DC8_11D2_B95D_006097C4DE24	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240930172147633.0\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700.cat	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240930172147773.0\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05.cat	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240930172147711.1\amd64_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6e02dfe5.cat	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\8BAA2B075078F5A4EB8671AE72AACF0D\12.0.1\Global_Controls_COMCATDLL_f0.3207D1B0_80E5_11D2_B95D_006097C4DE24	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\8BAA2B075078F5A4EB8671AE72AACF0D\12.0.1\Global_Controls_COMCATDLL_f0.3207D1B0_80E5_11D2_B95D_006097C4DE24	msiexec.exe
File opened for modification	C:\Windows\Installer\e5823a0.msi	msiexec.exe
File created	C:\Windows\Fonts\GOST_AU.ttf	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240930172147711.1\mfcm80u.dll	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240930172147852.0\mfc80JPN.dll	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240930172147898.0\8.0.50727.762.policy	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\8BAA2B075078F5A4EB8671AE72AACF0D\12.0.1\Global_System_OLEAUT32_f3.8C0C59A0_7DC8_11D2_B95D_006097C4DE24	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240930172147570.0\msvcp80.dll	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240930172147633.0\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700.manifest	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240930172147836.0\8.0.50727.762.cat	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240930172147852.0\mfc80KOR.dll	msiexec.exe
File created	C:\Windows\Installer\{70B2AAB8-8705-4A5F-BE68-17EA27AAFCD0}\_0403ABAD_86D2_4E36_9230_1EB2E77AC3B0_1	msiexec.exe
File created	C:\Windows\Installer\SourceHash{70B2AAB8-8705-4A5F-BE68-17EA27AAFCD0}	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240930172147633.0\msvcm80.dll	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240930172147711.1\amd64_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6e02dfe5.manifest	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240930172147852.0\mfc80ENU.dll	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\8BAA2B075078F5A4EB8671AE72AACF0D\12.0.1\Global_VC_MFC42UnicodeCore_f0.7EBEDD6A_AA66_11D2_B980_006097C4DE24	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\8BAA2B075078F5A4EB8671AE72AACF0D\12.0.1\Global_VC_CPPRT60_f0.51D569E3_8A28_11D2_B962_006097C4DE24	msiexec.exe

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MSIEXEC.EXE

Checks SCSI registry key(s) 3 TTPs 5 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000b63f186ec435d5ff0000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000b63f186e0000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff000000000700010000680900b63f186e000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1db63f186e000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000b63f186e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters	vssvc.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\26\52C64B7E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27	msiexec.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{42F8FCEF-E56F-466C-8814-BEBAC0719AE6}\ProxyStubClsid32	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{EA92E649-239E-4105-BBD3-AEF4817BD783}\ProxyStubClsid32	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7F7D6FA5-97DA-11D6-8732-00C0262CDD2C}\ = "ksCentreParam"	MsiExec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B94C65D-3473-4FF2-B185-0B1C2C98FCAE}\TypeLib	MsiExec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4D91CD9A-6E02-409D-9360-CF7FEF60D31C}\ProxyStubClsid32	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{508A0CC1-9D74-11D6-95CE-00C0262D30E3}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9D111C31-1629-4A0B-89E5-8461CDFA2157}	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7170F38E-8230-4C9C-B36B-0BACBB27B123}\TypeLib\ = "{0B83FE6B-0F4E-4931-AA7A-7D9FD3C063D4}"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8FE1CADA-DE72-4A55-B303-EAF1F4748CF6}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	MsiExec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DEEFEFFF-C3E2-11D6-8734-00C0262CDD2C}\TypeLib	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FC04C62E-AB0F-4614-B3D9-0EA8671CEB08}	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99797F89-FBA4-4582-812F-226AFB50ED7D}\ = "ksUnionComponentsDefinition"	MsiExec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5C952F95-DFED-4EEE-B39A-6699EDE08676}\ProxyStubClsid32	MsiExec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{BB66E097-95C7-49B1-B6FD-3506C7758D09}\TypeLib	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0ED06421-907C-4EF0-89F7-AEFC81BEF1DF}\TypeLib	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C1F0A911-8B4A-48B5-9611-5250D3FC2ACA}\TypeLib	MsiExec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{72EB4E8E-7952-4B36-852B-4816B7B5AFEE}\ProxyStubClsid32	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E79C2504-9584-11D6-8732-00C0262CDD2C}\TypeLib\ = "{737224C1-8E29-48E7-918F-09922E51B664}"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2E29C343-C521-4B0F-B37D-587D0347B7BA}\TypeLib	MsiExec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{414CF83E-4FA3-42AB-BC26-6C6BBF91BB0F}	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{910EC544-958D-11D6-95CE-00C0262D30E3}	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0307BBA8-C193-11D6-8734-00C0262CDD2C}\TypeLib	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2FE3B199-A6B2-4644-9950-F9905250FF0D}\ProxyStubClsid32	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FABAF607-CB92-47C4-9409-B7678162051D}\ = "IUnitNumber"	MsiExec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5BA6324E-E555-490F-A0E2-68D3C6C88D92}\ProxyStubClsid32	MsiExec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6D51EC19-200C-47A2-AE55-0593AD746851}	MsiExec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0403ABAD-86D2-4E36-9230-1EB2E77AC3B4}\ProgID	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2DFACC6A-C4A4-11D6-8734-00C0262CDD2C}	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1D238C4C-AAD7-4374-B372-013CF7FCEDB4}\TypeLib	MsiExec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{EA92E649-239E-4105-BBD3-AEF4817BD783}\ProxyStubClsid32	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7EA65CA0-420D-4E1D-8C19-998495C4DA2F}\ProxyStubClsid32	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E7A8DD07-CD6B-45A6-B6AF-155A674BC7E4}\ = "IOleDrawingObjects"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{81FAB1C5-F566-4D06-8D3D-17FF01D3566F}\TypeLib\Version = "1.0"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DBFF6D98-8F79-453E-9B8B-81E40A6D8027}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E32E5703-0141-41CF-9917-9565648FE331}\TypeLib\ = "{0B83FE6B-0F4E-4931-AA7A-7D9FD3C063D4}"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7F7D6F90-97DA-11D6-8732-00C0262CDD2C}\TypeLib	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CD1C0144-98DC-11D6-95CE-00C0262D30E3}\TypeLib\ = "{737224C1-8E29-48E7-918F-09922E51B664}"	MsiExec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{74D745F1-9A3A-11D6-95CE-00C0262D30E3}	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0307BB93-C193-11D6-8734-00C0262CDD2C}\TypeLib\Version = "1.0"	MsiExec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DB1F3224-837E-437F-8944-6FB9703F528B}\ProxyStubClsid32	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0D7FFE70-33EB-442C-A9B6-A205EA85A237}\TypeLib	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6D57994F-C170-4CED-968A-6AD69C1A2C7D}\TypeLib\ = "{0B83FE6B-0F4E-4931-AA7A-7D9FD3C063D4}"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{261AE065-69B8-4B42-B103-C8746720C5BF}\ProxyStubClsid32	MsiExec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F4BAB79A-8A35-44D5-BE44-C566E444F342}	MsiExec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{508B5962-DF59-4CEE-8611-AD10FDF0C811}\ProxyStubClsid32	MsiExec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\KOMPAS.LYT	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{4FD7CEAB-9968-11D6-95CE-00C0262D30E3}\TypeLib	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9F44BF03-DE25-4DDE-ADA0-92384199C100}\ = "ISpecificationColumns"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{18CE6BBE-63FB-4C94-8998-E40BC5B5D1C6}\TypeLib\Version = "1.0"	MsiExec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CF9150BA-0E3A-46DE-8973-332A00361474}\TypeLib	MsiExec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7F7D6F81-97DA-11D6-8732-00C0262CDD2C}	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FFED03F1-481A-4ACD-A39E-C5D4A8828236}\MiscStatus\ = "0"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FDA3B147-BAF1-4F75-99AA-39D11323EA97}\ProxyStubClsid32	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D06C910A-98CA-11D6-8732-00C0262CDD2C}\ = "ksFragmentLibrary"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4CAE21E3-4183-47A6-94B8-8AD14D5775EE}\TypeLib\ = "{0B83FE6B-0F4E-4931-AA7A-7D9FD3C063D4}"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7257E73-EB61-4602-BC8B-2D00EA4AA062}\TypeLib	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{97337DAF-B7CD-4FB8-8E18-23F0230E5CBE}\TypeLib	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FC04C62E-AB0F-4614-B3D9-0EA8671CEB08}\TypeLib	MsiExec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3FFE9799-DF8D-4936-980C-BEA28964A3A7}\TypeLib	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A92F2938-F1D4-475E-AAB4-962FAA4A4366}\TypeLib\Version = "1.0"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{453E0E34-4D2D-47B2-8E95-EB05C731961D}\TypeLib	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1AF590A9-C339-477A-9F22-799C04D20BB4}	MsiExec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{9B9CC387-E217-4EED-BCE9-9E1D645B49EE}\TypeLib	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1BD030F4-4058-4A86-9F4F-1AEEF8BE8D23}\TypeLib\ = "{737224C1-8E29-48E7-918F-09922E51B664}"	MsiExec.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
680	msiexec.exe
680	msiexec.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4940	MSIEXEC.EXE
Token: SeIncreaseQuotaPrivilege	4940	MSIEXEC.EXE
Token: SeSecurityPrivilege	680	msiexec.exe
Token: SeCreateTokenPrivilege	4940	MSIEXEC.EXE
Token: SeAssignPrimaryTokenPrivilege	4940	MSIEXEC.EXE
Token: SeLockMemoryPrivilege	4940	MSIEXEC.EXE
Token: SeIncreaseQuotaPrivilege	4940	MSIEXEC.EXE
Token: SeMachineAccountPrivilege	4940	MSIEXEC.EXE
Token: SeTcbPrivilege	4940	MSIEXEC.EXE
Token: SeSecurityPrivilege	4940	MSIEXEC.EXE
Token: SeTakeOwnershipPrivilege	4940	MSIEXEC.EXE
Token: SeLoadDriverPrivilege	4940	MSIEXEC.EXE
Token: SeSystemProfilePrivilege	4940	MSIEXEC.EXE
Token: SeSystemtimePrivilege	4940	MSIEXEC.EXE
Token: SeProfSingleProcessPrivilege	4940	MSIEXEC.EXE
Token: SeIncBasePriorityPrivilege	4940	MSIEXEC.EXE
Token: SeCreatePagefilePrivilege	4940	MSIEXEC.EXE
Token: SeCreatePermanentPrivilege	4940	MSIEXEC.EXE
Token: SeBackupPrivilege	4940	MSIEXEC.EXE
Token: SeRestorePrivilege	4940	MSIEXEC.EXE
Token: SeShutdownPrivilege	4940	MSIEXEC.EXE
Token: SeDebugPrivilege	4940	MSIEXEC.EXE
Token: SeAuditPrivilege	4940	MSIEXEC.EXE
Token: SeSystemEnvironmentPrivilege	4940	MSIEXEC.EXE
Token: SeChangeNotifyPrivilege	4940	MSIEXEC.EXE
Token: SeRemoteShutdownPrivilege	4940	MSIEXEC.EXE
Token: SeUndockPrivilege	4940	MSIEXEC.EXE
Token: SeSyncAgentPrivilege	4940	MSIEXEC.EXE
Token: SeEnableDelegationPrivilege	4940	MSIEXEC.EXE
Token: SeManageVolumePrivilege	4940	MSIEXEC.EXE
Token: SeImpersonatePrivilege	4940	MSIEXEC.EXE
Token: SeCreateGlobalPrivilege	4940	MSIEXEC.EXE
Token: SeCreateTokenPrivilege	4940	MSIEXEC.EXE
Token: SeAssignPrimaryTokenPrivilege	4940	MSIEXEC.EXE
Token: SeLockMemoryPrivilege	4940	MSIEXEC.EXE
Token: SeIncreaseQuotaPrivilege	4940	MSIEXEC.EXE
Token: SeMachineAccountPrivilege	4940	MSIEXEC.EXE
Token: SeTcbPrivilege	4940	MSIEXEC.EXE
Token: SeSecurityPrivilege	4940	MSIEXEC.EXE
Token: SeTakeOwnershipPrivilege	4940	MSIEXEC.EXE
Token: SeLoadDriverPrivilege	4940	MSIEXEC.EXE
Token: SeSystemProfilePrivilege	4940	MSIEXEC.EXE
Token: SeSystemtimePrivilege	4940	MSIEXEC.EXE
Token: SeProfSingleProcessPrivilege	4940	MSIEXEC.EXE
Token: SeIncBasePriorityPrivilege	4940	MSIEXEC.EXE
Token: SeCreatePagefilePrivilege	4940	MSIEXEC.EXE
Token: SeCreatePermanentPrivilege	4940	MSIEXEC.EXE
Token: SeBackupPrivilege	4940	MSIEXEC.EXE
Token: SeRestorePrivilege	4940	MSIEXEC.EXE
Token: SeShutdownPrivilege	4940	MSIEXEC.EXE
Token: SeDebugPrivilege	4940	MSIEXEC.EXE
Token: SeAuditPrivilege	4940	MSIEXEC.EXE
Token: SeSystemEnvironmentPrivilege	4940	MSIEXEC.EXE
Token: SeChangeNotifyPrivilege	4940	MSIEXEC.EXE
Token: SeRemoteShutdownPrivilege	4940	MSIEXEC.EXE
Token: SeUndockPrivilege	4940	MSIEXEC.EXE
Token: SeSyncAgentPrivilege	4940	MSIEXEC.EXE
Token: SeEnableDelegationPrivilege	4940	MSIEXEC.EXE
Token: SeManageVolumePrivilege	4940	MSIEXEC.EXE
Token: SeImpersonatePrivilege	4940	MSIEXEC.EXE
Token: SeCreateGlobalPrivilege	4940	MSIEXEC.EXE
Token: SeCreateTokenPrivilege	4940	MSIEXEC.EXE
Token: SeAssignPrimaryTokenPrivilege	4940	MSIEXEC.EXE
Token: SeLockMemoryPrivilege	4940	MSIEXEC.EXE

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
4940	MSIEXEC.EXE
4940	MSIEXEC.EXE

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 4420 wrote to memory of 4940	4420	setup.exe	78
PID 4420 wrote to memory of 4940	4420	setup.exe	78
PID 4420 wrote to memory of 4940	4420	setup.exe	78
PID 680 wrote to memory of 1576	680	msiexec.exe	82
PID 680 wrote to memory of 1576	680	msiexec.exe	82
PID 680 wrote to memory of 1576	680	msiexec.exe	82
PID 680 wrote to memory of 2240	680	msiexec.exe	86
PID 680 wrote to memory of 2240	680	msiexec.exe	86
PID 680 wrote to memory of 2416	680	msiexec.exe	88
PID 680 wrote to memory of 2416	680	msiexec.exe	88
PID 680 wrote to memory of 2416	680	msiexec.exe	88
PID 680 wrote to memory of 4992	680	msiexec.exe	89
PID 680 wrote to memory of 4992	680	msiexec.exe	89
PID 680 wrote to memory of 4992	680	msiexec.exe	89

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\KOMPAS-3D_LT_V12\setup.exe
"C:\Users\Admin\AppData\Local\Temp\KOMPAS-3D_LT_V12\setup.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4420
- C:\Windows\SysWOW64\MSIEXEC.EXE
  MSIEXEC.EXE /i "C:\Users\Admin\AppData\Local\Temp\KOMPAS-3D_LT_V12\KOMPAS-3D_LT_V12.msi" SETUPEXEDIR="C:\Users\Admin\AppData\Local\Temp\KOMPAS-3D_LT_V12"
  2⤵
  - Blocklisted process makes network request
  - Enumerates connected drives
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  PID:4940

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:680
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 1719033BFDFCBE00CD895D348E11F777 C
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1576
- C:\Windows\system32\srtasks.exe
  C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
  2⤵
  PID:2240
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 8EE45B5EAEEA9FDA133A6A9D765918F4
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2416
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 306BA37B1FEF73BB121CF7A76ECAD317 M Global\MSI0000
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  PID:4992

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Checks SCSI registry key(s)
PID:4788

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\Bin\kAPI2D5COM.tlb

Filesize
23KB

MD5
eb654d3fc7a3d06f699627c52e2c2986

SHA1
eb6bbe6904777fe8e921eed5409f360f560bf705

SHA256
7258f489f0b7d5d37ee368dbcc0968f6fcf8989fec03ece3b11862abe457892d

SHA512
e0594e7ccd9cc7abfc4c4d96158e936edd41360cb313eca35bab2445cbaa1e138fcfd1a09f4afc0dc4fedab2cfb70b51d6fc6bd22880924740dc6f0df3c439ab

Download Submit
C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\Bin\kAPI3D5COM.tlb

Filesize
191KB

MD5
f42af9745e2db554ba57116221863c47

SHA1
30b5747f97a22c8135e4b0c31dc86943e0efefc6

SHA256
fd5e57e96b853e6fa7f538e39f9a719a2e62239e9569ed4e8f766b97dd2d20ec

SHA512
d639cfe2c26f6a9f9cf4ac619e0ba7b118b7242485cb36a8a19aaa6f3f4111b8126eb687e3f12ce2cae61c548be541a87968ac4bf4c5900a487986955b51b321

Download Submit
C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\Bin\klAPI5.tlb

Filesize
397KB

MD5
09db5583d3031fd56cb7cacc216c523f

SHA1
b3a711c319e4994d3f6495a0c2b4ccdceef159b9

SHA256
2fc9bbc69fa9e175332236ddd50273f7d79cf0bad3fdc852db3eace9e03530fa

SHA512
6ec0ca72c4e60afdc9d2201a315173461f58379deff90459b7bfca9c01d06556407e996a48a5a4e581bc7f877830f52ab61d4f3b23df5a3f1d2a81481e80b84a

Download Submit
C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\Bin\klAPI7.tlb

Filesize
507KB

MD5
43ad65c0e4e6a4c3eb09aa812d672498

SHA1
bcf66a697f437bdec50cd07e680e18ae5c054bd7

SHA256
54ed2cb0b73a24902c6d07b4d5111c1ff5663482656c0d62e585db4c6d5b56cc

SHA512
f335ec011fdb7efde5e6f9e66a5beb1ab455eb5d5d2538696cbb94e53acf2356bdec62c8c4602ae4d2b3ec8be6fc30e36936d4ffe5f58847cba0c2784721a9eb

Download Submit
C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\Bin\ksConstants.tlb

Filesize
233KB

MD5
fe9c03e31f0e4162957987928a6497ed

SHA1
dd14abb3992bdb1bc992efb0470aab98f71266ae

SHA256
54a5242b2248e967a29d989922e57b69236ad278bf96c29e267c24d32e98a839

SHA512
d938ed15a55ea3d5a47dc4b96bcfca6c4e3c685c0167ae03bc036b1622b01e4e694af09a695ee834dd87f88253d12d4b7af2c3659566a5969590aeca60bc8365

Download Submit
C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\Bin\ksConstants3D.tlb

Filesize
58KB

MD5
4a7f0cda20571a2168387235a3d50f9a

SHA1
35b1f6c8310c1ac81ec3be104daf7e55f6499f51

SHA256
5fd0fea7b689653f7df7a1276ab53ed84baf8d9693fa4f57192973b58f864b2f

SHA512
5f13c66e7d3feac8ac6f52fb5a9a9d3c8120cc0fe877da5f05a107617bdcad7f61088e19d0f3e51cffaa56501bc01fef14acf7a8d5974254c1787a1cfd447820

Download Submit
C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\SDK\C#\Automation\Load\22032.LOA

Filesize
853B

MD5
e977da577e05e654fdbc70df59a9f84e

SHA1
9746d7947d026de44042c9445f721d0dfbafeee7

SHA256
a1de0e501ea14ba8080a87dfe3286e912bd094d44320d3d5719fda9b143656ab

SHA512
4ba2d84a16030b7406bb2623d56de822c7f6ab96fce75cc83f35c2eb295ea38cb7c29c2eca34833b872391861da92b36402b4c94c50c573719a67c89d333a053

Download Submit
C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\SDK\C#\Automation\Load\22033.LOA

Filesize
963B

MD5
69dcea52e8123eba987b9a04fc71d30b

SHA1
86125bbf9f99149ad01c99f0a04566270bfdc717

SHA256
a4724b9d387ac5826ceca6d8d05b80defb277898107acbc08df97bb9138b390e

SHA512
bf2a894ef35e4162ab13a2713375e3fe41ed0ae41a336fca3e11eaffd7652aa9a16da3701eb94d2fa40359e5f101e06d4badbac36dc287aaf8245dd9253bf5f7

Download Submit
C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\SDK\C#\Automation\Load\22035.LOA

Filesize
950B

MD5
bc9ce247e57756fe2327fcb663bd6d01

SHA1
6743d98c6811c2d687b1c1cc56e80b6f86193631

SHA256
6bbe886398f5ad04430c656ee9fe13e11e7066a975892907b40139d20797c2b1

SHA512
612e68ec804c7c6f921ee64ad15aa8d269ecb68e5f975612a49f63aee8a1e8f60eadad59ac7d04050e654a01b2e425fd5fe8cc7d1173b67b79519af4ed949e60

Download Submit
C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\SDK\C#\Automation\Load\22040.LOA

Filesize
1KB

MD5
be10770779ad6d55f2d30673c245f989

SHA1
f32dffefce21ce52866ff76796d0c2a629c8ba96

SHA256
9f7122630d1172905d3681c32fac32f1083ffee35af9a98362cafe87617f7f82

SHA512
ec4f23120f4a6bbfad859397c238e7ea9f66b7874076575a19308a03a865e6ed49d9cff9faa6747dc92eae18657e65c2c9ece4613d9ab0ae5caf75a8e4417e68

Download Submit
C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\SDK\C#\Automation\Load\ST22032.LOA

Filesize
18KB

MD5
3a4aaa185f8cf97724c5be6dbcad0154

SHA1
ad05fcb46b8e3f5441a86d1ea5dab479420be8c3

SHA256
e5598377b7589278e76661e185adeff5094992736607f9e3616c0e5199cdf7b9

SHA512
b641ff4e22cc575508f61e4a85d22e8d102c3d70a4341ff6e52971ae2c272a174d2dc5432a3505987872da00571f7b4699a8f18175668fb142c6dcaa830565da

Download Submit
C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\SDK\C#\Automation\Load\ST22033.LOA

Filesize
22KB

MD5
c61cb0bc5853f89d7348d9061448213f

SHA1
9f6d4a4941a213c800125fc0d12aae515a2c8739

SHA256
49bf62250d25176f8d5dd8ff1e717f69eb3a0608d6ab91522f921d270c351667

SHA512
daa56f09e4b8c25fd1788e041f7a57e0365afedccedd4ddcbc5bc6bb113b30b92cc8efb9e9136f35f81b4d93c8d31c4e9ef250922e98a408cd6635217e6bffb5

Download Submit
C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\SDK\C#\Automation\Load\ST22035.LOA

Filesize
21KB

MD5
e19549c6b734c0d256ea4788e6d8618f

SHA1
f4662ff71086ee4c29957cba2a7eb34c4712edb5

SHA256
3cad32681bfbbc17dcca3bc12b71b295018576dc441d8ad502ae87e0d5310edb

SHA512
21d069737644b1df17c3f075f206d262af0e82dddac80464d3ada1b2047247f26f8e9bdb1f62969c68e262c3ba47785764ba309930cea52868502f826ce8965b

Download Submit
C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\SDK\C#\Automation\Load\ST22037.LOA

Filesize
18KB

MD5
dd853f87305f09b268c9323c52d78dca

SHA1
f3a0dd844e7613fd97bb20b435b2504c25fc21fc

SHA256
c4f58a483d416f6524d1b480a57884aaccfb50ada3a164bf3a1baafd88eecc55

SHA512
db0b1e94e32e43e7ac1f2fe65422ad032d4e06624363789afc626e19bf80f68c21795fad25a879e0ec00a2e97f6b07568e09b1105211126768087759bf055e36

Download Submit
C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\SDK\C#\Automation\Load\ST22039.LOA

Filesize
19KB

MD5
3a2cd79538376d23f77f61b69d7a09fb

SHA1
8056cee939778023621c67d0783ea83280f3c8a4

SHA256
983c72ba17db51191142149fdab0029d962a0693604638d14bd32c33a70f040e

SHA512
43c52c2c95b074ecda6473027524f016b68ac6a3ed9277b6d4b3ab3acc66000e5dc2761f38be02d823d31aacb100ceac975d11f36b82db54c3124893357d983c

Download Submit
C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\SDK\C#\Automation\Load\ST22040.LOA

Filesize
19KB

MD5
42b649e5d19b6605a2d80f1a800eb410

SHA1
00d79e2cf7154c8fd9b1de12ffee3181dfb0baad

SHA256
53bd9e9ce4d374f1cecd86b5e5eedbfbacc3b4cbec79fae7a3b7d3e76fddc679

SHA512
eb22e0f40662fba1246f23a2edf46b31778dac3fa65d9be777b012a7d7a5de28f2a7c3482729ab21c6463ccd6d9904fc526ce80d55495fdf2a03ff1b36a0ccf4

Download Submit
C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\SDK\C#\Automation\Load\ST22041.LOA

Filesize
19KB

MD5
d35a5daa4631b7345a322359e79c123a

SHA1
b9086a15f7239792230216bd3f5ddd57ef601580

SHA256
9f4844c7c7d006ef93b06f4e17d190d303bc0d74c9045ce2ebe269b581b88d49

SHA512
4e3006203661bacd6c4b6877ec749a0009f06551a4885dfda0c1c619f90cd4f7d28cd690f5409e908a1d0f41bfb3d704e68d3b732df351d35f8b8b2d6f5226bd

Download Submit
C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\SDK\C#\Automation\Load\ST22043.LOA

Filesize
17KB

MD5
ca5cd8000e40c22ff160b35b6d5d525b

SHA1
66fab712761095772c9d1ab4b88b73579c10f61e

SHA256
7a9151f269f29b5c4cbcc5816e4c32f6d6d9caa38c23f5dbbe4fd6910791e7df

SHA512
c4e584356cb2c6410364f96e49207f4f1dfdda7a3946085f6b0312a328f5539ef95d559c782c9da93649d9fb4aa91cca6bff1759af1b742080ada73f16f4264d

Download Submit
C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\SDK\C#\Automation\ksContr\ksContrForm.resx

Filesize
14KB

MD5
3d217e67f5e28e1eb276e230b0738e4e

SHA1
9e2a189e35e6a28fc75f86e9bc73ffb12e6c0c1c

SHA256
82bb0bf90a1ea07587a90fbde7909632613fd031848b402e3628f653e7c697cb

SHA512
7dd95a4760840420972a09d7118e011214290b6ae5c9b707dd76b413ced60cd62c02ac27e9ed03a604e1c2026ab2c453119b556c26824120b8607c50cce92397

Download Submit
C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\SDK\C#\Automation\stud.l3d

Filesize
54KB

MD5
4629a9fa530ff6361b7935ca63979985

SHA1
d0943845e7b258d852eed344fda807a4746eb462

SHA256
42da21d880309cf3f3cdba39f40fd74683412508575a4f8868f41cbd0fcd977d

SHA512
dfd3c99041f993fdbdc81b01c6968206fd1d03d0f3898860b49fd1cae8c35db705075c9487767a7aff9c367ee4666737d64d12a15b34c39010736db46de863b1

Download Submit
C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\SDK\C++\CBuilder\step3a\entry.cpp

Filesize
1KB

MD5
14e99f187d4a522bcb214d756c8ff9ac

SHA1
0a0157e989b08bc05b6e70d5008c9a7e12505b9f

SHA256
90ca0c7b6aa2a51e133caba376dbcd55e2346d075976b67194ae723807a699cb

SHA512
b35974adf71fa737e87f6b2b3758597a72e5faa284f91a6087ac1e5d13c6ca0eca3f8f1a8e64227b676881d88d45053b4b523f792a2bdde1860cbd5b4b4ef408

Download Submit
C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\SDK\C++\CBuilder\step3d3\maing.cpp

Filesize
1KB

MD5
bb9bd62b0028cdffaf2b2ca8c5f81879

SHA1
5f1ca274ab13e9cf0e6f5fdd6e8e02387755e103

SHA256
a071019561afdf6beefb9bd1469d53f3d4f551c0737e860afc089de653fdc75d

SHA512
7aa47aa4306ae6993e9a262c7baf44696815425465057932859474e2844c721d38de201c7b1a3eaeea1f98bcd287d9fd22ecf00ed10acb131b022d2b56809d67

Download Submit
C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\SDK\C++\VisualcAUTO\GAYKA.HLP

Filesize
10KB

MD5
be163a4d3103e2881651e784fab39b7e

SHA1
4b535d72bf2e7cf96532f3ed874993760d3446c1

SHA256
f24421df750a662683d4a1f06a6d68adb237ce29dcb467d3c1f931f91eda15c5

SHA512
5fd1e791f4a2851fb741638304e2146ec30970fd684509461df5228137ade3afb35e318b9c4fc3b5a95fab1e6ad699ffdc4144c17d7c9402cb82d3a5580b373e

Download Submit
C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\SDK\C++\VisualcAUTO\Step4.loa

Filesize
201B

MD5
4301232e9cf3e26a109ef8e1c5df97f7

SHA1
859b92726f842b5641ce7c95e4b74b1b58067698

SHA256
044c744790c5a4ed94a8808d59a0b0eca86e0e7c12f808ec3af4511444475ed0

SHA512
3ecc16689f7c4edfefdfd91cf2f52a224cadbc76702afadd9204d5f3c95252ba14eeea2d4e32c877fc8654e04a4dba7fe8808bd73d55857a310267e15f743ca3

Download Submit
C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\SDK\C++\VisualcAUTO\load\22034.LOA

Filesize
858B

MD5
d2c058bc1636dcb6df21709f3d9766ec

SHA1
993b1e4efa12320f3cf32ccb758ee9350dc591f2

SHA256
ac024b75bce33525a3544e38caf0da0067ffc6c9c6b60275b8bf526c9d65e8cd

SHA512
aa3ad7b414d4596269f87c1ee8b0e32748fa523fc6bf3909d1b69ac90d2cc9693fcbe4835e914e2577228dc0a6ec2ad1a68d5d42676a8597774fdf238ebc0bcd

Download Submit
C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\SDK\C++\VisualcAUTO\load\22036.LOA

Filesize
962B

MD5
744955089bc7e18f43a0ec2e10c843d1

SHA1
f42c56c990c98c6cc6cf29bdd97ae62617dcec09

SHA256
65ffc4f9ab0eb28598f2fae976994b456b6e88b2680416da7e2c31760bc634c9

SHA512
e0908c3059110546d06b8c7c995c8a1251b1721ba8a730c7eafdea0fba531f8bca91bac78d71970ec1ee143d2aa8c4f0638cae96b0bc745a06ce0d70fe95eaf0

Download Submit
C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\SDK\C++\VisualcAUTO\load\22038.LOA

Filesize
959B

MD5
1f0c8ebbb3f5ce18a92bed0d2fd7e6d8

SHA1
32565114127a2b73a63f5903850d8b3ca4551668

SHA256
1a8b3f76ac89908b5d68cd42bbd585c68f351e2bb736960645bebb369e2e8d30

SHA512
a828e01cbc03bba3dc6d603a6348a5304a5f067ef948b9f9c736a38f713c0d81a6da4a35700596d522e57762a28f56d4036a01b1060c445ece1f4ec61e243d6e

Download Submit
C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\SDK\C++\VisualcAUTO\load\22042.LOA

Filesize
929B

MD5
2af0ec3965c8e318665f44a963e93575

SHA1
ddd6f7f688dc3e9fbe25353d7197f4d6fe52b911

SHA256
0d8ab38ffd85e71c8f5bbaa6bc29d0ea3bc6f02870fbb3e6ea4e619d08d9b0a9

SHA512
ced0c41341b7a54f322c56be2bd54aea8194180f4cc7c1d998db60c0ad04ad62372fa2663532ede498c4527d34cf610e7a80b2aae3cc568caa4a145efb82877f

Download Submit
C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\SDK\C++\VisualcAUTO\load\ST22034.LOA

Filesize
19KB

MD5
d2b378a271e8f63d2996407cd26111a9

SHA1
9c7d6d71b2307244eba9e057acc4fae524a72b68

SHA256
fd3100dbb95532bf88a67574a638809268f65997e29b3732080b30fb3fccd3d3

SHA512
b35cf8bc81a49f01e100f1be8c5fb0431a9a98dd2be6dd0596de6dcf260aa9b5c871dc3ab660cc7523545a9b8f57839b63640dbaa12c5df799dc13177a7618c5

Download Submit
C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\SDK\C++\VisualcAUTO\load\ST22036.LOA

Filesize
18KB

MD5
d37d4df7f118d7ff1ceeaf0e5a9b7bec

SHA1
35c1daca5889707816523cb11714a77d6a9f2b3d

SHA256
87f0b1bdbee96ed51698039986d62e9f4900e3cded65dfb625106b14aec01bd8

SHA512
d2a7f0043fc6580a666d1335758a2e93b22ddc8febda5524508d746a36b94ffa420bb10f537a396c29d5ccd426916d6f6f2a5ba824118f80842fbffefec8e668

Download Submit
C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\SDK\C++\VisualcAUTO\load\ST22038.LOA

Filesize
18KB

MD5
a1009f5f1eaa8da587b75d2b8344b57f

SHA1
9f6f288d4d2f803ac5fb7ac5ae8b7a557df033ad

SHA256
068c724dfdc792890dd27aa45562c6c79a1cadaff6e43ec30488f84ce32b37a1

SHA512
6bda1832214323a9349fb3fd16472683b82743dbd0595e680fe9df3f18b2fa97803fac7ceef896ff10f90b98ed70acc4ec8de4c8264556b3f79928074f372dd9

Download Submit
C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\SDK\C++\VisualcAUTO\load\ST22042.LOA

Filesize
17KB

MD5
ce966b11f573bac01edf486da6f6fb6d

SHA1
41d0d23b49393c50cc32d3d4030c182cb379fe04

SHA256
a057b26265af2cacd33e377f95493e660250d03519b93f8442e6742234f86392

SHA512
e10bc5ced2c1c0d71e9d1c02d5cd294adc469d0c4c65e1291d8ad0ae73df16a31a3cee3780d461560560ad727d97b205c04a889e86b05e08be2048bef37e6f60

Download Submit
C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\SDK\C++\Visualc\Gayka1\res\G_OSX_OFF.BMP

Filesize
1KB

MD5
bdcff2d23d787bc22b36c7bc7eeff896

SHA1
8096c95dc5c0a531851827b1df9d576e9cadd7cc

SHA256
c9d4d494dae5230cbe8e9b0aaaf837b2dcb21f89bcd3fe7a653c11dd51d25d69

SHA512
0b7159785aebd8a33b473e2884c8a5f8593e5626783fa839c33b99867a70053b4bd66af84d6247e64013737476c1ce4cd1793ae3970026aca2c9f9b9313f0121

Download Submit
C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\SDK\C++\Visualc\Step1_API7_2D\StdAfx.cpp

Filesize
203B

MD5
50c1f3eb59572813ea0b684179dcdb8f

SHA1
2703ccec5844c76b43c6425e39569488e63118cc

SHA256
79945023ffe57d5c5c31dc13a1a83729137a6dad5982332d53ee50fa77a4f320

SHA512
d89e81460bd806e18bfa15adbade08e4f43ac44c5e01b85248a3c308063d35ce89eaa61b4ee6772bbbe0c184233b52bff99604bf5fad21d863abc13526ac96fd

Download Submit
C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\SDK\C++\Visualc\Step2_API7_3D\res\1001.bmp

Filesize
1KB

MD5
bc4b9b7ad17e03866e78187a428ae3f3

SHA1
15af2b4d3ccee41606a0951f32cc4b9ea7ba2cd8

SHA256
5c026f1537c7111b79d4109387488a70bdfc17de8c3f0f3c38ae994a2aba1818

SHA512
ee9006f9b67b3fe0d32d98a05e7f10a349f2e170d49140186a15726783a3cdc2cee1c09a21dd76aa59c23b0ce41c6574245469ab42dfa18083266a0f01db1401

Download Submit
C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\SDK\C++\Visualc\step1\StdAfx.cpp

Filesize
27B

MD5
614907522fd5ad4768868cd662362f40

SHA1
d03b138c226fef6585647ce3cd3949b699fdcf77

SHA256
2f41109cceec313abdfd1901e0fb00f221479687e937ade413345329b5ca366c

SHA512
f64311e078ad955b11ae7969a2ff82d5dd529be78d327c1e8e9ef364718abea34370922990f6c9fcd80d7119a33b9a99a0836ef6bd097a71cfd5bc572e8ee226

Download Submit
C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\SDK\C++\Visualc\step2\5_48.bmp

Filesize
6KB

MD5
c7890d78f0f6df14b08ec47b56a14290

SHA1
a4c37d29748cbf144ce9475f6719a79791448554

SHA256
a4182d46401c0dcad2d0855caf7d341b0b1fceb14ce74973c362b9715f8e8951

SHA512
46d2d3730f3a2a4b7546220faf708afa56ff4b7beae5a87b08a9db6b1894daa321210c526ea654721c7f72370dfa0cbd0c7a23d5d2d5880f13cf67c7cf55c28a

Download Submit
C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\SDK\C++\Visualc\step2\StdAfx.h

Filesize
1015B

MD5
982ea88b769212de8e6c2e420a6ed0ea

SHA1
dd02d2ce22012e471761303166acaa1eab5d6b18

SHA256
d70c863d8b34966c5a82c4d3bc132406acef43098244169e89a43c12c2bc7db6

SHA512
58c0ccfa4ce67a37c32c7b01968e4fdc6c2ef8c9efbd1e2d98dd5e5c4dea1dc267662e010af9c083a1cb8e699a5ebec45bdbbfbb785f629b8d097feae8e34a56

Download Submit
C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\SDK\C++\Visualc\step3\res\step3.rc2

Filesize
193B

MD5
ed96fd83e16a5afdad7886daf8ab7bef

SHA1
b46123f91864e92871a8c7308ef5b39c0a473d80

SHA256
4fe5f9f505e95546ce38e13481d7823e123f83302e542db4cf388de2a546c414

SHA512
27ed28d2cf2db3876a0e72409227c2d8e8e445f7ce5d20c9616c3e51f993a9515fa0c477eccaf5f95aab66aa7b20214523a4f7f3e16240f30e419e540fc9d719

Download Submit
C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\SDK\C++\Visualc\step4\1006.bmp

Filesize
246B

MD5
844f82a199478466a2f99f8700a85ffc

SHA1
82ef6d54b337905fa9779d09a64e08b1576f58c1

SHA256
507a395bd0bf028bfe7f845a75468be702ec4a70c1360f3e9867c6ded930a5a3

SHA512
8d2827858b288e1911e02b907d52cf3a5a5a4a10e6a6820b3ef87ad0e535e69e6f7dd47aff31fe8b4f1e71be824ff7cbf543350cd79c6a8d58c12f98f542eea5

Download Submit
C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\SDK\Lib\VCHatch.ocx

Filesize
41KB

MD5
1ecbb600ff4dedb3e89def2afa171bf4

SHA1
b459adabfe4a1ba2eb0b9044fc5d73abd93dc304

SHA256
ad02d8169641730c9e99dc6fcb70dcb09b0c47a88e0ae5b3da285690fca66535

SHA512
ae695b406bca1b03c693ae1e11cf0e1a1c255e7d0f04e49bc8222cf075f33404c849d2f8a1eaa900a5f3276fb7c1d56690c22a60386f773f453b8a9920a672f5

Download Submit
C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\SDK\Lib\VCHatch.tlb

Filesize
2KB

MD5
473e7491e8aebfc1aaffef9ca2ff61ea

SHA1
73858de7628e63f783d0ead1a28b93400f0562fa

SHA256
4099908d324acd499a050ef40ef087bc9d5e28e41b37bb309cf52e6fd6280f7d

SHA512
8ff4bf147b7061b26888709509ae33409a338e410c7091fdc1a75bcbffe7aa74d19bc2e8f1455dc3f44660c1319411c7599b87713ab78554a570051e75a77c3a

Download Submit
C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\SDK\Pascal\DELPHIAUTO\step4\1002.BMP

Filesize
358B

MD5
56a9fd1aff2f77fc37872f7c42c0b3e6

SHA1
afd7e9886a8c235601c0ee252d4470a5eccb66c0

SHA256
57f4249c558a6b444f4d4e3c6b26f19d081297019843ef1acb123cdfa436d9ee

SHA512
d704de6a0fc3b949f16908a5509a7b48257b8f4b41a3e1f5c4284686e4ebba3c376df1307e701f44604e5383406da26c056c062e07a82301c93c392a5b73b45e

Download Submit
C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\SDK\Pascal\Delphi\1.rc

Filesize
2KB

MD5
0119d89d0329849bb1ffab615a491f2e

SHA1
9697476b0c6971c7aac988b2cf2114692ac8aa1c

SHA256
fde006e926180806512dd36a33f3825d8c2aed0bb1067b38cb6ded2b1dcdf87f

SHA512
98fa1807fd2871ddb76a02e3ed0df6ff54acddca400a74476626c636701f666ab789e508b734c344a7669c571db96d4d887ae8bd706c658c88caf59367e08f69

Download Submit
C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\SDK\Pascal\Delphi\load\5915.LOA

Filesize
2KB

MD5
3a98882362f4b86167435185b8af08fa

SHA1
63f074545b9683f3b3cde5352d051201fa56c3e2

SHA256
586b1198974fe33b2ef51f2d5f3b051337f09182df20dd4934a29bab55eeeb80

SHA512
2047a10f81111b11b6eb3d9076d0c766615f3f95279e63704e19521394a7f1c6b7bcb2f7ca7014084a5fdbd219e44eca59bc369fd34ade19f01be3e074a8452f

Download Submit
C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\SDK\Pascal\Delphi\step4\1001.BMP

Filesize
358B

MD5
b08d69e01deb17feaeb9e32915e73c20

SHA1
26afdbd7c367ed25a30b0e72e3dda1879ad88b67

SHA256
4e16b2670a29e8e6832011b06f8f526c4b308e6608626476b7fc7f57b0748836

SHA512
879db40dcf49f7c94bc5a55cfd14036ff238cd91bc812fabb9930892a95a4e292d296ee1cd732e369099553c3d3600e24e9d78f5c1074898a0f17cea29ccf2a5

Download Submit
C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\SDK\Pascal\Delphi\step5\Step5LT.dof

Filesize
1KB

MD5
3688995b324a6215297c887580c3037b

SHA1
09838bcffb4e4e5f5a1488db11d8e60946349559

SHA256
7591c61cf1df5e6fa42488c7aa489d0622c04edbe2d489f57ac85e19df78691b

SHA512
f2ca1b8c963ef8d7e81fb3e80ab4d33cffad42c0508e46d95338d7051d04b322eec7d8a4423ed2cb761fd13583f7d97f49fc24d7335822cc68013bf331f1887d

Download Submit
C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\SDK\Pascal\Delphi\step9\Step9.dof

Filesize
1KB

MD5
fe4964e050610ee06a96eb8d06f48d0c

SHA1
f306ad5084e4a3b9de732890601f0901df9b3638

SHA256
c7b44ca65623c2e3cd71dfc0af566c53fb98ad014e5fe9e5999b18b5ad3dfe3e

SHA512
653102f027b6e04e547c034c61b023401041727aa007739a9d5d57bada43d05af882d1fd4a74bfbdf971a434337c12a745631368800546d798a8411e9d3d84c5

Download Submit
C:\Program Files (x86)\ASCON\KOMPAS-3D LT V12\SDK\Pascal\Delphi\step9\Step9LT.dof

Filesize
1KB

MD5
c96ec01082886c018ea96af044f17309

SHA1
9433bad63804d1accb309e949277cf04f186dc20

SHA256
e750ea60ed0f05a3e2277488ccb4110ab57259dea788f0cf2371de839b491a35

SHA512
8cbdf09b74aa9f54a074cc968c479380ecf3fc14c5c244893a94275e69641c61e9e5ebf7dcd014b9e4bd43a2a5f1ae020bba246172907d61e32f684c1b6f3e5d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4DD39726D4B55AC3B4119B35A893323C_5DC72EE8CB88B288842756D1BC4523A2

Filesize
5B

MD5
4842e206e4cfff2954901467ad54169e

SHA1
80c9820ff2efe8aa3d361df7011ae6eee35ec4f0

SHA256
2acab1228e8935d5dfdd1756b8a19698b6c8b786c90f87993ce9799a67a96e4e

SHA512
ff537b1808fcb03cfb52f768fbd7e7bd66baf6a8558ee5b8f2a02f629e021aa88a1df7a8750bae1f04f3b9d86da56f0bdcba2fdbc81d366da6c97eb76ecb6cba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\60E31627FDA0A46932B0E5948949F2A5

Filesize
1KB

MD5
1ba25895dc793e6826cbe8d61ddd8293

SHA1
6387cc55cbe9f71ae41b2425192b900a1eb3a54f

SHA256
cc4c5c999ca59e5a62bc3ffe172a61f8cf13cc18c89fe48f628ff2a75bdc508a

SHA512
1ff9b34fdbeae98fa8b534ba12501eb6df983cc67ce4f8ffc4c1ff12631aa8ed36ff349c39a2186e0ac8d9809437106578a746eec3854b54fef38a3cc0adb957

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC

Filesize
5B

MD5
5bfa51f3a417b98e7443eca90fc94703

SHA1
8c015d80b8a23f780bdd215dc842b0f5551f63bd

SHA256
bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128

SHA512
4cd03686254bb28754cbaa635ae1264723e2be80ce1dd0f78d1ab7aee72232f5b285f79e488e9c5c49ff343015bd07bb8433d6cee08ae3cea8c317303e3ac399

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4DD39726D4B55AC3B4119B35A893323C_5DC72EE8CB88B288842756D1BC4523A2

Filesize
482B

MD5
4467a1ac1aaeafc594fa528286c44e60

SHA1
978d9363caf1c5f9f21507015ec52e3f3a1dd2ba

SHA256
fddca8773ba611518e4353ccc84528bb445a39ae9f39603ba23d97cff398776d

SHA512
ec8e0c080d09a339f6a99aed9c257ea8540d56f964c3aea32b91934c59fd8704ca69b08d042e1a50f884774cf7c878178ce490220dc957850c9bfeff5f552276

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4DD39726D4B55AC3B4119B35A893323C_B4344691DBF5C987296B9A0ED71DD96B

Filesize
404B

MD5
5db2874be6e7d9baedbbfc84cc42f072

SHA1
947520e839573640a1d2e6bee72b2a8ab80b540a

SHA256
390f61735eda7107ffa7bf68b6389d866f0acd0e32ef44ea556b5ae211c2cead

SHA512
3edc3248b286ccca130aa9be5aaae8a9ddb21e547dedd57511707eff5a416d52ee20270f660a9fc4bde0f06ed8ccbb153bcd993842a93270de54a7116635ca79

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\60E31627FDA0A46932B0E5948949F2A5

Filesize
182B

MD5
75b2073860c9e9bcfb89b92a0c4a9188

SHA1
de4169c6224760e2f3c5137fbf34f019251f1d8f

SHA256
85d95882a1c7f24d340f160e4cbef33a452d29e727999ddf789efd0dfa1f4e75

SHA512
d34cf1e4fb3e4699f2b328d1c701d831087b589319067137edf8797083dbf5f594623828bbf24b4f432309a90dd62bd43ceaa0a811f79c8b6259d694c3ce3c0d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC

Filesize
404B

MD5
1bb4659a4ef60656e5cfa6cb22aa87fb

SHA1
215ee409b52834c78326698d0b4b5f2d28b87e6a

SHA256
e3c37acd837998a4ae3638e16d4e4d0a0f898ab44ff8b889259672bfe14f755c

SHA512
71791d4baafa275d841c1f4d2f2a42dfb4b7501de374ff5d2bd3f33898df6b03e609ab1774c638f9ab12a00133d3005839a87576e7e7faa5fd8716d4b356c202

Download Submit
C:\Windows\Installer\MSI27D6.tmp

Filesize
28KB

MD5
85221b3bcba8dbe4b4a46581aa49f760

SHA1
746645c92594bfc739f77812d67cfd85f4b92474

SHA256
f6e34a4550e499346f5ab1d245508f16bf765ff24c4988984b89e049ca55737f

SHA512
060e35c4de14a03a2cda313f968e372291866cc4acd59977d7a48ac3745494abc54df83fff63cf30be4e10ff69a3b3c8b6c38f43ebd2a8d23d6c86fbee7ba87d

Download Submit
C:\Windows\Installer\{70B2AAB8-8705-4A5F-BE68-17EA27AAFCD0}\ARPPRODUCTICON.exe

Filesize
416KB

MD5
a935569999614e2541cc728aab0a9cce

SHA1
8d3bf77ca7c69979dbd59978a9411fe2716d9253

SHA256
ce71cb6529ade772f293b51be4814f1e2a80c6a4eeaac2a6be35f1a3cf18cb87

SHA512
ab553795445db23cdf221e78dd7c32bee8b28b57892a74d9c7e37045546852617702d26af22739e24ea4c7e03b2c586d9f3fe31de88d35bdf35fc0fec6accd8a

Download Submit
C:\Windows\Installer\{70B2AAB8-8705-4A5F-BE68-17EA27AAFCD0}\_E7C65187_24A6_4793_9915_ACB79646F8C3

Filesize
52KB

MD5
a2b3319c6b7f75007723469e51a34281

SHA1
276c121a71d37028ba8e9c961f73681ab587daf7

SHA256
7ed636d142dbddf2dad7c3474a74efb158af4b1e52e242a61b4762344daab9e4

SHA512
5db6f881c8185338c76c7930da03cbb4ecb5b796c3aa2a2ec3433d12f9403c4bb60448de00719080723ec94a3e1934c25c494699ab2590ed762df69c28b9b972

Download Submit
C:\Windows\fonts\GOST_A.FON

Filesize
5KB

MD5
f1ebc0a49b16f0dc6beefc26342f18f8

SHA1
ac4e1f784d22629bdc5cb3f26aa9e9141b1a085b

SHA256
6054c2990e3f44366188f076eba8888b883b0a561a92a149388435ffed228f07

SHA512
b8174cf76e530b361ce45565d388efff2795f4881ca24538f4777a99f647dbcfff163feafca22a5f5c72eb79cacd7cd137f59e9dd2c5e6359031d10e9698c973

Download Submit
C:\Windows\fonts\GOST_A.TTF

Filesize
42KB

MD5
a29e6cd406efdf578c1f77b8f56e0b3e

SHA1
45927f2d95a55630fe12fa68d44dfd07d764c1cf

SHA256
787cc8ec17b780f69323a5025aba35bc91ad5e37202d1b781b11f6697cd70c7c

SHA512
0694227bc7124a12017ee18ea28d774a1f72863ee75848666f4f35dece6249f2f951d0261347aa61177e407b5f4ea785d82ce537c4cf98f839cc96a00658a722

Download Submit
C:\Windows\fonts\GOST_AU.ttf

Filesize
177KB

MD5
8f9a9fb370d1de11d9052a9e6ea480b0

SHA1
622a0ef76248de026ce644f35f4a3ded0e722100

SHA256
f5253cb2fed5810a8070b279137fee76998c487b19af5e3bdc79c6d2660fff4a

SHA512
007b07301197b1de186664a9782e039036f9367a88f0db323c5a4c65f485010d6d40e0c5e65ca25313e3880247e3d37c4b6d3bc66e458c727b7eb2398314eed4

Download Submit
C:\Windows\fonts\GOST_B.FON

Filesize
6KB

MD5
baf9e1384d762c56215a6a7f71c62185

SHA1
41e5a7d6cadc4f212b5e55dfe12275b549f784ab

SHA256
030ac93951e552820a5e48223caae068d763a0a8b670feb05ee620977486c316

SHA512
4c51fc08ba3dfc014d68ae9a813587f12cc0a8a8d8d378be3a678e071a4500d0994c721262086407ffb239f3af9d44f26d1aa3dc0cd1345d5bb5eba55708e35b

Download Submit
C:\Windows\fonts\GOST_B.TTF

Filesize
42KB

MD5
6dea6491fef8b6778445a83a1b929a9a

SHA1
0870f1cc5844d5167a1e352ee31cf789342c184d

SHA256
740d834dd173ccc5633a971fad1ebc38a0d838980dcd5339920953e7be266718

SHA512
d51482335e5ea9c4cddeedecd248f565bc4afc5f7c9320a99825466801b174f9ba2bebded58e5730979b20f43afbfa8525d67367b4a10329abcb7b3d6a7285ba

Download Submit
C:\Windows\fonts\GOST_BU.ttf

Filesize
200KB

MD5
cfedc0391f79a7b84d3e0323d0a9bd7f

SHA1
0a36407fd597b5b59800f39728e10d6da132562a

SHA256
0feb86a9f64771a1de49873cc5ff15a9bf47b508622bad6d522a7549f0300027

SHA512
cea3230d64ad07ddd1382e71b9034c8e69f6d729241ee4a352e8e65cab954ad3bf37215c1b0b63747fc34044b51bead6798aa4d6177c498fa647ca5e7fe98ea9

Download Submit
C:\Windows\fonts\SYMBOL_A.FON

Filesize
5KB

MD5
b1cf29e2b5149e5b3f7f983c316e9121

SHA1
b8eec199c1bc5db8e2357ba772232ea09793b3c1

SHA256
732c26621246e7dcd93a73246b7298a56ad9b1411270839a2cced20fde51ff4d

SHA512
3c566dc4c830da6f7d0c7f099219a152de9242087ec909ba1b7eb0e2e5ff87e9359909046ef3ec25a7b489aa98ca7190de4e2de27f1dc607f7ecb018c349474d

Download Submit
C:\Windows\fonts\SYMBOL_A.TTF

Filesize
24KB

MD5
72511357d63e276c0edf1c267f3c8037

SHA1
03848b878b149d19bdaee6a026b582c529b74adc

SHA256
5e3f343193aca8c11b239dd46cae7caa8cd39bca2207e5b14c8c4b6c40e30c28

SHA512
e4aa1d90cc339b7c837079e5b7b8cc0e9d77281525ccb6159cb725da8dd416a8569d220410e607b58e4ee1eeaddc01e7fddd64661c393d05832561cd57023dff

Download Submit
C:\Windows\fonts\SYMBOL_B.FON

Filesize
5KB

MD5
9133ea26651944424b038798a221f44e

SHA1
a0325fa7705b9e20fc4e499eab242993da2fd2c4

SHA256
7fdb5c328e171c99910d9d5bb1d793147bd1dea4c7684cd56dde2411b6c3fe2d

SHA512
b54959a40a2cdfbac06eb31daad8d38e2f2a4dcaec2ba7c2564181f8b42c329e92f3e5117cfb92db31d9ed8d049a28a5c3957eea796a5c69b765f1ab60d9192e

Download Submit
C:\Windows\fonts\SYMBOL_B.TTF

Filesize
23KB

MD5
1106692ed0132d0d0d586b2b8af1c9b9

SHA1
558ac6a51fdfadb4ab761af4ef65d71ef3eea5e2

SHA256
ecda330debd221ad78546ce4f85f7da73c180d30e1bcfea98b91af574bf51a14

SHA512
ef0542d8937df6d5244bc40b572a952086f933e2309476b81c1b6b50c23368de66819c4752f581fcb7411dff602377c3634be596103628787c8077ee518e50ea

Download Submit
\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2

Filesize
12.8MB

MD5
6118446d1050f0e7e58dd377bd266adf

SHA1
92fe34efae849b2b9774b86cc7f8d85c0c455eac

SHA256
cc4c1d479ee078eb0ddd01a68f6732aed5f1dfc311d24c7a348d5e78494b843a

SHA512
1184cee2f9ed65a590e4271b49febde9a9f552a75e19103b9f116244e489066254a3c0bfff3232b6cfdddb4ab170e7de29b76bbaa82415dfd0e3e8cd5b170f2c

Download Submit
\??\Volume{6e183fb6-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{8c6e7bb7-02ed-468a-9cad-a750bcd9d718}_OnDiskSnapshotProp

Filesize
6KB

MD5
c8bcce73e5f6ee499c5b4340dc1745cd

SHA1
7500a8fcfa58a4632018dc176198e73b8ce0db80

SHA256
9c775c03724b2e17f18c7a1678ef371cc827317a2d6bd90ef11306b3ec816504

SHA512
b2b4d239c034cda79691b778b794b794b399dbf2f9ee8c232725178fe342f3a4370c0df73dfd849364312a8b22410af274113dbc373b4478914fe94f6e1cef7e

Download Submit