Analysis Overview
SHA256
cef0c590bbf88c948495f8b3d0681732056a2b44f3c0169f488b265fed9ae29f
Threat Level: Shows suspicious behavior
The file StrideSetup.exe was found to be: Shows suspicious behavior.
Malicious Activity Summary
Loads dropped DLL
Enumerates connected drives
System Location Discovery: System Language Discovery
System Time Discovery
Enumerates physical storage devices
Suspicious use of AdjustPrivilegeToken
Modifies registry class
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Suspicious use of FindShellTrayWindow
Modifies system certificate store
Checks SCSI registry key(s)
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-09 23:22
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-09 23:22
Reported
2024-11-09 23:23
Platform
win11-20241007-en
Max time kernel
14s
Max time network
7s
Command Line
Signatures
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\StrideSetup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\StrideSetup.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
Enumerates connected drives
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\StrideSetup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\StrideSetup.exe | N/A |
System Time Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\StrideSetup.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr | C:\Windows\system32\vssvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 000000000400000089ac4f3df1c89d300000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff00000000270101000008000089ac4f3d0000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff00000000070001000068090089ac4f3d000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d89ac4f3d000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff00000000000000000000000089ac4f3d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\vssvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\vssvc.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\MuiCache | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5EEED86FA37C675230642F55C84DDBF67CD33C80 | C:\Users\Admin\AppData\Local\Temp\StrideSetup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5EEED86FA37C675230642F55C84DDBF67CD33C80\Blob = 040000000100000010000000a733edbf1b5de119c491c94aeaf76dc70f000000010000003000000082ef60cde833832df196a3351df5b2b90029e31f679cec503aeea7ca8893db9d81d4e576a9f216dd0baec61cb02a14600b00000001000000380000004400690067006900430065007200740020004300530020005200530041003400300039003600200052006f006f00740020004700350000006200000001000000200000007353b6d6c2d6da4247773f3f07d075decb5134212bead0928ef1f4611526094153000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000016000000301406082b0601050507030306082b06010505070308140000000100000014000000680193b1d24a40426994462c1c5a88a925b4474f1d0000000100000010000000cfa020613a558555d3c1ea201f6276da0300000001000000140000005eeed86fa37c675230642f55c84ddbf67cd33c8019000000010000001000000016aee18d205d4e54b5aee9b3c1466a21200000000100000068050000308205643082034ca003020102021006cee131be6d55c807f7c0c7fb44e620300d06092a864886f70d01010c0500304c310b300906035504061302555331173015060355040a130e44696769436572742c20496e632e312430220603550403131b4469676943657274204353205253413430393620526f6f74204735301e170d3231303131353030303030305a170d3436303131343233353935395a304c310b300906035504061302555331173015060355040a130e44696769436572742c20496e632e312430220603550403131b4469676943657274204353205253413430393620526f6f7420473530820222300d06092a864886f70d01010105000382020f003082020a0282020100b6337380d8620370142c111c395e7cae7c83861dfe262f4c24ad8bea835fa9bc3d5bfc0b984c024730ece2feece8345b665ebf3bd72ca625ff8c59b3dfeada7c29d9465072081d6ed11b0add1fcd9989fa0f0f73c4e19c1d7532cd6f97da2a6a95b26cc909d0ea0b7b7d17064999efd6dee0c853d4aec677f186bb231cb8c0df59f78e7dd1ef82e6268b5a38b5ff75d5b2d94f09f3378850da11a48a1414d15304007df36a4418fe507032071ca89a0e3a1dc50a1f6e0b2669b73ca257702c86fa4c6e95a95843b9ac12d6ff3fedd743176b4cce9ec490abfffa10509aa39057d6e78c10ae9f161acf351d7fd776ed8a9c35a728b8a75d21fc3037ddde08194f15c6e7a6da90478ef794534c8e5302befd99e5ea86d0af0302d39baa93f1ab288e2001ff4cfbccb72940f587a41213051f436ed751509f38b420ed1709128fccb919af9fcdbe6911d3af55106d1786799652c6b2009de5af38b035f4886b8f0e043d7ceeafcdd36a104ac6cd86ca223da14a5cfb0eff88df5c62a7c0b91ed9ac6c7e3837fe779325c2858a4fb537065a068114f1ce949d9991ea325ace673d6e0466ad0c4f2da32ef79ef5789df70afd7e8fe3428a5596bcf19f372dfc9e5f95fe8c181bfc8efd4b90afd703681263ace293a7a2cb04e54f64ce03fac6149fd98be8ccd4628c6be4002c199f1a06c6318154fb53249aaf5599ba9d75aeb8c2dd0203010001a3423040301d0603551d0e04160414680193b1d24a40426994462c1c5a88a925b4474f300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff300d06092a864886f70d01010c0500038202010092fceeb802791702517d21c54967a7a4f1a82438eb0c68ea5a426b9cf473c1694a2db33705504298929e06792c2e0699f6efdf2ba0cdb3920183b5a0cb27b53c231a9849a2ec2d99a55943acd2b193d657d71cbc93d6c640e1b36f1955b713d7e54333a4b5abcbdac131640d74d62cedc38d6eebbbaf194761612dc0f405b96f78dc3af74240655391bd990d939254a6a937592b9bcb99c6bc3df70484f094331d0f825a39cb2e45c32819a3b29b98c8fc316b608ff6e98628bce03c7d745d16895b6924c7108bc44bbb364fd4593fc3b0a49199f82ed14a019df58812efbf5a116a594f596b5a67f38fb4130fc0d82f3d2872aa197f117d6a5b9f95e75fb7944ff13ea15aff2dcc9ddf27778f32731c670a76f3fa5cb1bfbc1dbd0c289bb2c717670b330fc3bd36dcfbba420babed84c362d68416a9b1076ba96eeec6cfe6b04429c2f0b361802a8b6fd2145c25875464f3a44cc1a1f8a76beafeea3afc79db0e8fdcc6f3c9d46cdee983a18e1d22ecc93ab2007bdc3ba7421a7fdc8ba9113d8ea7c0206f5d095d4344e68f66cca95b07f1ef9b7a0eb354e194fd0e2cc693d755fd719835b8094affc629282cf6522ddb14189227e2167e8ccad461be828791eb98373fbf5f5d773f34ac1b3843ab687299321e3a1a19a5a3384c23d7a3e7ccd52a9217900b5a4bbd16bdfb866ae28999ece4a05518c9a3081f13e0320872d0 | C:\Users\Admin\AppData\Local\Temp\StrideSetup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5EEED86FA37C675230642F55C84DDBF67CD33C80\Blob = 5c00000001000000040000000010000019000000010000001000000016aee18d205d4e54b5aee9b3c1466a210300000001000000140000005eeed86fa37c675230642f55c84ddbf67cd33c801d0000000100000010000000cfa020613a558555d3c1ea201f6276da140000000100000014000000680193b1d24a40426994462c1c5a88a925b4474f090000000100000016000000301406082b0601050507030306082b0601050507030853000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c06200000001000000200000007353b6d6c2d6da4247773f3f07d075decb5134212bead0928ef1f461152609410b00000001000000380000004400690067006900430065007200740020004300530020005200530041003400300039003600200052006f006f00740020004700350000000f000000010000003000000082ef60cde833832df196a3351df5b2b90029e31f679cec503aeea7ca8893db9d81d4e576a9f216dd0baec61cb02a1460040000000100000010000000a733edbf1b5de119c491c94aeaf76dc7200000000100000068050000308205643082034ca003020102021006cee131be6d55c807f7c0c7fb44e620300d06092a864886f70d01010c0500304c310b300906035504061302555331173015060355040a130e44696769436572742c20496e632e312430220603550403131b4469676943657274204353205253413430393620526f6f74204735301e170d3231303131353030303030305a170d3436303131343233353935395a304c310b300906035504061302555331173015060355040a130e44696769436572742c20496e632e312430220603550403131b4469676943657274204353205253413430393620526f6f7420473530820222300d06092a864886f70d01010105000382020f003082020a0282020100b6337380d8620370142c111c395e7cae7c83861dfe262f4c24ad8bea835fa9bc3d5bfc0b984c024730ece2feece8345b665ebf3bd72ca625ff8c59b3dfeada7c29d9465072081d6ed11b0add1fcd9989fa0f0f73c4e19c1d7532cd6f97da2a6a95b26cc909d0ea0b7b7d17064999efd6dee0c853d4aec677f186bb231cb8c0df59f78e7dd1ef82e6268b5a38b5ff75d5b2d94f09f3378850da11a48a1414d15304007df36a4418fe507032071ca89a0e3a1dc50a1f6e0b2669b73ca257702c86fa4c6e95a95843b9ac12d6ff3fedd743176b4cce9ec490abfffa10509aa39057d6e78c10ae9f161acf351d7fd776ed8a9c35a728b8a75d21fc3037ddde08194f15c6e7a6da90478ef794534c8e5302befd99e5ea86d0af0302d39baa93f1ab288e2001ff4cfbccb72940f587a41213051f436ed751509f38b420ed1709128fccb919af9fcdbe6911d3af55106d1786799652c6b2009de5af38b035f4886b8f0e043d7ceeafcdd36a104ac6cd86ca223da14a5cfb0eff88df5c62a7c0b91ed9ac6c7e3837fe779325c2858a4fb537065a068114f1ce949d9991ea325ace673d6e0466ad0c4f2da32ef79ef5789df70afd7e8fe3428a5596bcf19f372dfc9e5f95fe8c181bfc8efd4b90afd703681263ace293a7a2cb04e54f64ce03fac6149fd98be8ccd4628c6be4002c199f1a06c6318154fb53249aaf5599ba9d75aeb8c2dd0203010001a3423040301d0603551d0e04160414680193b1d24a40426994462c1c5a88a925b4474f300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff300d06092a864886f70d01010c0500038202010092fceeb802791702517d21c54967a7a4f1a82438eb0c68ea5a426b9cf473c1694a2db33705504298929e06792c2e0699f6efdf2ba0cdb3920183b5a0cb27b53c231a9849a2ec2d99a55943acd2b193d657d71cbc93d6c640e1b36f1955b713d7e54333a4b5abcbdac131640d74d62cedc38d6eebbbaf194761612dc0f405b96f78dc3af74240655391bd990d939254a6a937592b9bcb99c6bc3df70484f094331d0f825a39cb2e45c32819a3b29b98c8fc316b608ff6e98628bce03c7d745d16895b6924c7108bc44bbb364fd4593fc3b0a49199f82ed14a019df58812efbf5a116a594f596b5a67f38fb4130fc0d82f3d2872aa197f117d6a5b9f95e75fb7944ff13ea15aff2dcc9ddf27778f32731c670a76f3fa5cb1bfbc1dbd0c289bb2c717670b330fc3bd36dcfbba420babed84c362d68416a9b1076ba96eeec6cfe6b04429c2f0b361802a8b6fd2145c25875464f3a44cc1a1f8a76beafeea3afc79db0e8fdcc6f3c9d46cdee983a18e1d22ecc93ab2007bdc3ba7421a7fdc8ba9113d8ea7c0206f5d095d4344e68f66cca95b07f1ef9b7a0eb354e194fd0e2cc693d755fd719835b8094affc629282cf6522ddb14189227e2167e8ccad461be828791eb98373fbf5f5d773f34ac1b3843ab687299321e3a1a19a5a3384c23d7a3e7ccd52a9217900b5a4bbd16bdfb866ae28999ece4a05518c9a3081f13e0320872d0 | C:\Users\Admin\AppData\Local\Temp\StrideSetup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5EEED86FA37C675230642F55C84DDBF67CD33C80 | C:\Users\Admin\AppData\Local\Temp\StrideSetup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5EEED86FA37C675230642F55C84DDBF67CD33C80\Blob = 0f000000010000003000000082ef60cde833832df196a3351df5b2b90029e31f679cec503aeea7ca8893db9d81d4e576a9f216dd0baec61cb02a14600b00000001000000380000004400690067006900430065007200740020004300530020005200530041003400300039003600200052006f006f00740020004700350000006200000001000000200000007353b6d6c2d6da4247773f3f07d075decb5134212bead0928ef1f4611526094153000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000016000000301406082b0601050507030306082b06010505070308140000000100000014000000680193b1d24a40426994462c1c5a88a925b4474f1d0000000100000010000000cfa020613a558555d3c1ea201f6276da0300000001000000140000005eeed86fa37c675230642f55c84ddbf67cd33c80200000000100000068050000308205643082034ca003020102021006cee131be6d55c807f7c0c7fb44e620300d06092a864886f70d01010c0500304c310b300906035504061302555331173015060355040a130e44696769436572742c20496e632e312430220603550403131b4469676943657274204353205253413430393620526f6f74204735301e170d3231303131353030303030305a170d3436303131343233353935395a304c310b300906035504061302555331173015060355040a130e44696769436572742c20496e632e312430220603550403131b4469676943657274204353205253413430393620526f6f7420473530820222300d06092a864886f70d01010105000382020f003082020a0282020100b6337380d8620370142c111c395e7cae7c83861dfe262f4c24ad8bea835fa9bc3d5bfc0b984c024730ece2feece8345b665ebf3bd72ca625ff8c59b3dfeada7c29d9465072081d6ed11b0add1fcd9989fa0f0f73c4e19c1d7532cd6f97da2a6a95b26cc909d0ea0b7b7d17064999efd6dee0c853d4aec677f186bb231cb8c0df59f78e7dd1ef82e6268b5a38b5ff75d5b2d94f09f3378850da11a48a1414d15304007df36a4418fe507032071ca89a0e3a1dc50a1f6e0b2669b73ca257702c86fa4c6e95a95843b9ac12d6ff3fedd743176b4cce9ec490abfffa10509aa39057d6e78c10ae9f161acf351d7fd776ed8a9c35a728b8a75d21fc3037ddde08194f15c6e7a6da90478ef794534c8e5302befd99e5ea86d0af0302d39baa93f1ab288e2001ff4cfbccb72940f587a41213051f436ed751509f38b420ed1709128fccb919af9fcdbe6911d3af55106d1786799652c6b2009de5af38b035f4886b8f0e043d7ceeafcdd36a104ac6cd86ca223da14a5cfb0eff88df5c62a7c0b91ed9ac6c7e3837fe779325c2858a4fb537065a068114f1ce949d9991ea325ace673d6e0466ad0c4f2da32ef79ef5789df70afd7e8fe3428a5596bcf19f372dfc9e5f95fe8c181bfc8efd4b90afd703681263ace293a7a2cb04e54f64ce03fac6149fd98be8ccd4628c6be4002c199f1a06c6318154fb53249aaf5599ba9d75aeb8c2dd0203010001a3423040301d0603551d0e04160414680193b1d24a40426994462c1c5a88a925b4474f300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff300d06092a864886f70d01010c0500038202010092fceeb802791702517d21c54967a7a4f1a82438eb0c68ea5a426b9cf473c1694a2db33705504298929e06792c2e0699f6efdf2ba0cdb3920183b5a0cb27b53c231a9849a2ec2d99a55943acd2b193d657d71cbc93d6c640e1b36f1955b713d7e54333a4b5abcbdac131640d74d62cedc38d6eebbbaf194761612dc0f405b96f78dc3af74240655391bd990d939254a6a937592b9bcb99c6bc3df70484f094331d0f825a39cb2e45c32819a3b29b98c8fc316b608ff6e98628bce03c7d745d16895b6924c7108bc44bbb364fd4593fc3b0a49199f82ed14a019df58812efbf5a116a594f596b5a67f38fb4130fc0d82f3d2872aa197f117d6a5b9f95e75fb7944ff13ea15aff2dcc9ddf27778f32731c670a76f3fa5cb1bfbc1dbd0c289bb2c717670b330fc3bd36dcfbba420babed84c362d68416a9b1076ba96eeec6cfe6b04429c2f0b361802a8b6fd2145c25875464f3a44cc1a1f8a76beafeea3afc79db0e8fdcc6f3c9d46cdee983a18e1d22ecc93ab2007bdc3ba7421a7fdc8ba9113d8ea7c0206f5d095d4344e68f66cca95b07f1ef9b7a0eb354e194fd0e2cc693d755fd719835b8094affc629282cf6522ddb14189227e2167e8ccad461be828791eb98373fbf5f5d773f34ac1b3843ab687299321e3a1a19a5a3384c23d7a3e7ccd52a9217900b5a4bbd16bdfb866ae28999ece4a05518c9a3081f13e0320872d0 | C:\Users\Admin\AppData\Local\Temp\StrideSetup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5EEED86FA37C675230642F55C84DDBF67CD33C80\Blob = 19000000010000001000000016aee18d205d4e54b5aee9b3c1466a210300000001000000140000005eeed86fa37c675230642f55c84ddbf67cd33c801d0000000100000010000000cfa020613a558555d3c1ea201f6276da140000000100000014000000680193b1d24a40426994462c1c5a88a925b4474f090000000100000016000000301406082b0601050507030306082b0601050507030853000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c06200000001000000200000007353b6d6c2d6da4247773f3f07d075decb5134212bead0928ef1f461152609410b00000001000000380000004400690067006900430065007200740020004300530020005200530041003400300039003600200052006f006f00740020004700350000000f000000010000003000000082ef60cde833832df196a3351df5b2b90029e31f679cec503aeea7ca8893db9d81d4e576a9f216dd0baec61cb02a1460200000000100000068050000308205643082034ca003020102021006cee131be6d55c807f7c0c7fb44e620300d06092a864886f70d01010c0500304c310b300906035504061302555331173015060355040a130e44696769436572742c20496e632e312430220603550403131b4469676943657274204353205253413430393620526f6f74204735301e170d3231303131353030303030305a170d3436303131343233353935395a304c310b300906035504061302555331173015060355040a130e44696769436572742c20496e632e312430220603550403131b4469676943657274204353205253413430393620526f6f7420473530820222300d06092a864886f70d01010105000382020f003082020a0282020100b6337380d8620370142c111c395e7cae7c83861dfe262f4c24ad8bea835fa9bc3d5bfc0b984c024730ece2feece8345b665ebf3bd72ca625ff8c59b3dfeada7c29d9465072081d6ed11b0add1fcd9989fa0f0f73c4e19c1d7532cd6f97da2a6a95b26cc909d0ea0b7b7d17064999efd6dee0c853d4aec677f186bb231cb8c0df59f78e7dd1ef82e6268b5a38b5ff75d5b2d94f09f3378850da11a48a1414d15304007df36a4418fe507032071ca89a0e3a1dc50a1f6e0b2669b73ca257702c86fa4c6e95a95843b9ac12d6ff3fedd743176b4cce9ec490abfffa10509aa39057d6e78c10ae9f161acf351d7fd776ed8a9c35a728b8a75d21fc3037ddde08194f15c6e7a6da90478ef794534c8e5302befd99e5ea86d0af0302d39baa93f1ab288e2001ff4cfbccb72940f587a41213051f436ed751509f38b420ed1709128fccb919af9fcdbe6911d3af55106d1786799652c6b2009de5af38b035f4886b8f0e043d7ceeafcdd36a104ac6cd86ca223da14a5cfb0eff88df5c62a7c0b91ed9ac6c7e3837fe779325c2858a4fb537065a068114f1ce949d9991ea325ace673d6e0466ad0c4f2da32ef79ef5789df70afd7e8fe3428a5596bcf19f372dfc9e5f95fe8c181bfc8efd4b90afd703681263ace293a7a2cb04e54f64ce03fac6149fd98be8ccd4628c6be4002c199f1a06c6318154fb53249aaf5599ba9d75aeb8c2dd0203010001a3423040301d0603551d0e04160414680193b1d24a40426994462c1c5a88a925b4474f300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff300d06092a864886f70d01010c0500038202010092fceeb802791702517d21c54967a7a4f1a82438eb0c68ea5a426b9cf473c1694a2db33705504298929e06792c2e0699f6efdf2ba0cdb3920183b5a0cb27b53c231a9849a2ec2d99a55943acd2b193d657d71cbc93d6c640e1b36f1955b713d7e54333a4b5abcbdac131640d74d62cedc38d6eebbbaf194761612dc0f405b96f78dc3af74240655391bd990d939254a6a937592b9bcb99c6bc3df70484f094331d0f825a39cb2e45c32819a3b29b98c8fc316b608ff6e98628bce03c7d745d16895b6924c7108bc44bbb364fd4593fc3b0a49199f82ed14a019df58812efbf5a116a594f596b5a67f38fb4130fc0d82f3d2872aa197f117d6a5b9f95e75fb7944ff13ea15aff2dcc9ddf27778f32731c670a76f3fa5cb1bfbc1dbd0c289bb2c717670b330fc3bd36dcfbba420babed84c362d68416a9b1076ba96eeec6cfe6b04429c2f0b361802a8b6fd2145c25875464f3a44cc1a1f8a76beafeea3afc79db0e8fdcc6f3c9d46cdee983a18e1d22ecc93ab2007bdc3ba7421a7fdc8ba9113d8ea7c0206f5d095d4344e68f66cca95b07f1ef9b7a0eb354e194fd0e2cc693d755fd719835b8094affc629282cf6522ddb14189227e2167e8ccad461be828791eb98373fbf5f5d773f34ac1b3843ab687299321e3a1a19a5a3384c23d7a3e7ccd52a9217900b5a4bbd16bdfb866ae28999ece4a05518c9a3081f13e0320872d0 | C:\Users\Admin\AppData\Local\Temp\StrideSetup.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\StrideSetup.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2556 wrote to memory of 2120 | N/A | C:\Windows\system32\msiexec.exe | C:\Windows\syswow64\MsiExec.exe |
| PID 2556 wrote to memory of 2120 | N/A | C:\Windows\system32\msiexec.exe | C:\Windows\syswow64\MsiExec.exe |
| PID 2556 wrote to memory of 2120 | N/A | C:\Windows\system32\msiexec.exe | C:\Windows\syswow64\MsiExec.exe |
| PID 5084 wrote to memory of 4472 | N/A | C:\Users\Admin\AppData\Local\Temp\StrideSetup.exe | C:\Users\Admin\AppData\Local\Temp\StrideSetup.exe |
| PID 5084 wrote to memory of 4472 | N/A | C:\Users\Admin\AppData\Local\Temp\StrideSetup.exe | C:\Users\Admin\AppData\Local\Temp\StrideSetup.exe |
| PID 5084 wrote to memory of 4472 | N/A | C:\Users\Admin\AppData\Local\Temp\StrideSetup.exe | C:\Users\Admin\AppData\Local\Temp\StrideSetup.exe |
Uses Volume Shadow Copy service COM API
Processes
C:\Users\Admin\AppData\Local\Temp\StrideSetup.exe
"C:\Users\Admin\AppData\Local\Temp\StrideSetup.exe"
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 63A8A337E7716C06E8E6E938E2F651CB C
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
C:\Users\Admin\AppData\Local\Temp\StrideSetup.exe
"C:\Users\Admin\AppData\Local\Temp\StrideSetup.exe" /i "C:\Users\Admin\AppData\Roaming\Stride\Stride 5.0.6\install\0F45DFB\StrideSetup.msi" AI_EUIMSI=1 APPDIR="C:\Program Files\Stride" SHORTCUTDIR="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stride" SECONDSEQUENCE="1" CLIENTPROCESSID="5084" CHAINERUIPROCESSID="5084Chainer" ACTION="INSTALL" EXECUTEACTION="INSTALL" CLIENTUILEVEL="0" ADDLOCAL="Stride" AI_INSTALLPERUSER="0" PRIMARYFOLDER="APPDIR" ROOTDRIVE="F:\" AI_FOUND_PREREQS=".NET Framework 4.7.2" AI_DETECTED_ADMIN_USER="1" AI_SETUPEXEPATH="C:\Users\Admin\AppData\Local\Temp\StrideSetup.exe" SETUPEXEDIR="C:\Users\Admin\AppData\Local\Temp\" EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1730953953 " TARGETDIR="F:\" AI_SETUPEXEPATH_ORIGINAL="C:\Users\Admin\AppData\Local\Temp\StrideSetup.exe" AI_INSTALL="1"
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 71.209.201.84.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Roaming\Stride\Stride 5.0.6\install\decoder.dll
| MD5 | 8a3f1a0da39530dcb8962dd0fadb187f |
| SHA1 | d5294f6be549ec1f779da78d903683bab2835d1a |
| SHA256 | c6988e36b1e1d6ffc89d9fa77ad35f132f5aa89e680d0155e0b6aee1c524c99f |
| SHA512 | 1e0d5be3ee164fb16de629a975f3c3da61659b99a0fc766850ffeeddb2d32b7ee0d3b85c77f01d34d9fe2933bd7bd11c6dba7b35d30faed7ce09485fd706d49d |
C:\Users\Admin\AppData\Roaming\Stride\Stride 5.0.6\install\0F45DFB\StrideSetup.msi
| MD5 | 775c85ef44bf84630ad3c91a44fac042 |
| SHA1 | 985d94cc355d0be896008c4982a0b4031783d847 |
| SHA256 | adff585419f2c8d4c6ef68eedbbd73b59baa4dc12ff142cbdb32479b6c160679 |
| SHA512 | 9fdf17ea5c4173b09fb95e102c546a3308c952d7a62ee037fd4c6e65811fb1593b4cad0bf04595b5765d778be8d3b7286225874e2ebee6e7f73c96eb7d2e3dd8 |
C:\Users\Admin\AppData\Local\Temp\MSI9A1E.tmp
| MD5 | 6ea65025106536eb75f026e46643b099 |
| SHA1 | d6f5801e370c92d8e5c2336b4022cc6cb6ec1f99 |
| SHA256 | dae76cce74d63e7935fde4383020659d75b68632f8a01f2053ec895e69bb4efb |
| SHA512 | 062aed4c7541346b7338e1d234a50aa9af76f103a65268ba65a42508a26c10cc27ccfce6131485403afa36d8a8cd69f3bf1e55cd1a1f675357b87228aacbb988 |
C:\Users\Admin\AppData\Local\Temp\MSI9ABB.tmp
| MD5 | 91d4a8c2c296ef53dd8c01b9af69b735 |
| SHA1 | ad2e5311a0f2dbba988fbdb6fcf70034fda3920d |
| SHA256 | a787e7a1ad12783fcbf3f853940590329e0ff0dddf17282324f2d95ed6408f23 |
| SHA512 | 63c5506a55dea2b3bd1c99b79b5668f5afc0104564e92f07afb42f2f2b67eae9d0e0174cb36e6095a27a6c71496206042079b6e5a2b2ff787f3cb9ef20995e9e |
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_5084\sys_close_normal.png
| MD5 | 8ba33e929eb0c016036968b6f137c5fa |
| SHA1 | b563d786bddd6f1c30924da25b71891696346e15 |
| SHA256 | bbcac1632131b21d40c80ff9e14156d36366d2e7bb05eed584e9d448497152d5 |
| SHA512 | ba3a70757bd0db308e689a56e2f359c4356c5a7dd9e2831f4162ea04381d4bbdbef6335d97a2c55f588c7172e1c2ebf7a3bd481d30871f05e61eea17246a958e |
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_5084\sys_min_hot.png
| MD5 | 1a883668b735248518bfc4eefd248113 |
| SHA1 | 1112803a0558a1ad049d1cac6b8a9d626b582606 |
| SHA256 | bcbb601daa5a139419f3cd0f6084615574c41b837426ebff561b7846dfec038e |
| SHA512 | d321878ed517544c815fd0236bdff6fcb6da5c5c3658338afba646f1d8f2e246c6c880d4f592ff574a18f9efdf160e5772bbf876fb207c8fd25c1f9dd9ddfd04 |
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_5084\nextcancelbuttons
| MD5 | 583580e2c651f5c230fb3235b7ca0e3b |
| SHA1 | a9bd6aeef43a6f4c0c00d1ecd98a585d7eb0aaa3 |
| SHA256 | 65172283ee04f2fa18d0e57b21471be2e68017d1f61816aaaa6be070b446346f |
| SHA512 | 6c61e6c06c883113a7a0efbd352120354c070f5c17d770b6b821c42cb9d9ca895992842b29b51bd3e569b0c95e93709dd7c1c2a26bcff0ad425079f5302670ce |
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_5084\StrideLogoNoTextWhite.png
| MD5 | 7e811d909411ec74df1c8594bf4268cf |
| SHA1 | 2071ed7e66815264f4bd2b5b6ed79cf41da0c347 |
| SHA256 | c3008d3f99be01aab071b7127c83ccf20554dad94816733d19234a14e772bfd0 |
| SHA512 | 110e8b30d69de4b83ce5e688da263a6d63efac10616e4be70e7b6c505f55aee2c7218ebd63408cb9090dd8074af76530686947050378ee32dabdc60f92d2c8ca |
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_5084\PreparePrereqDlgProgress.gif
| MD5 | f550f449baed1315c7965bd826c2510b |
| SHA1 | 772e6e82765dcfda319a68380981d77b83a3ab1b |
| SHA256 | 0ee7650c7faf97126ddbc7d21812e093af4f2317f3edcff16d2d6137d3c0544d |
| SHA512 | 7608140bc2d83f509a2afdaacd394d0aa5a6f7816e96c11f4218e815c3aaabf9fc95dd3b3a44b165334772ebdab7dfa585833850db09442743e56b8e505f6a09 |
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_5084\backbutton
| MD5 | 50e27244df2b1690728e8252088a253c |
| SHA1 | b84ad02fd0ed3cb933ffbd123614a2495810442b |
| SHA256 | 71836c56ec4765d858dc756541123e44680f98da255faf1ece7b83d79809b1c3 |
| SHA512 | ba3d3535bfd2f17919e1a99e89fdb1c9a83507ff3c2846c62770e210a50aee1281445d510858d247cc9619861089aaf20f45b0b7c39f15c0ea039ac5498fa03e |
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_5084\backgroundprepare
| MD5 | a0efb0e7b9cee25b09e09a1a64e96ba6 |
| SHA1 | 0c1e18f6f5e6e5e6953e9fb99ca60fdec35d6e39 |
| SHA256 | f044f542bc46464054084c63596877f06c6e2c215c0e954c4ace9787ced82787 |
| SHA512 | 7e53f9f564aaa529b3b15035671957c2923ec98ddee93758ea7a4c8645ee9058962078771b853e3490290fde1f57030dff5092d40d69418776ffee89f79c8a7c |
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_5084\frame_bottom_mid.bmp
| MD5 | 71fa2730c42ae45c8b373053cc504731 |
| SHA1 | ef523fc56f6566fbc41c7d51d29943e6be976d5e |
| SHA256 | 205209facdebf400319dbcb1020f0545d7564b9415c47497528593e344795afd |
| SHA512 | ea4415619720cc1d9fb1bb89a14903bfd1471b89f9c4847df4839084aae573d49b4969d3799ad30ff25b71f6e31f8d9f30701e1240d3cd6a063819c04873f21f |
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_5084\frame_bottom_left.bmp
| MD5 | 1fb3755fe9676fca35b8d3c6a8e80b45 |
| SHA1 | 7c60375472c2757650afbe045c1c97059ca66884 |
| SHA256 | 384ebd5800becadf3bd9014686e6cc09344f75ce426e966d788eb5473b28aa21 |
| SHA512 | dee9db50320a27de65581c20d9e6cf429921ebee9d4e1190c044cc6063d217ca89f5667dc0d93faf7dcc2d931fe4e85c025c6f71c1651cbd2d12a43f915932c3 |
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_5084\frame_left_inactive.bmp
| MD5 | 4b84f29fbce81aab5af97a311d0e51e2 |
| SHA1 | 60723cf4b91c139661db5ecb0964deca1fc196ea |
| SHA256 | c93be5a7c979c534274fc1a965d26c126efa5d58c14066b14937e5aba3b9eb55 |
| SHA512 | 775eadccc44fddbd1e0d4231bc90d222f0a9749199e1963449ad20285ea92941a5685cdc12c0cd8c0ef0a21e10bdacaf139e5c69cd5e402cc110679323c23df1 |
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_5084\frame_left.bmp
| MD5 | 30384472ae83ff8a7336b987292d8349 |
| SHA1 | 85d3e6cffe47f5a0a4e1a87ac9da729537783cd0 |
| SHA256 | f545ec56bc9b690a6b952471669a8316e18274d64e2ebc9e365fcf44363a125a |
| SHA512 | 7611f930a0a1089cc5004203ec128c916f0c2aedae3a6fcc2eaffa8cd004dcbf154714e401947921a06896ca77c77daec7f9bda82369aacd3bb666f8a0331963 |
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_5084\frame_caption.bmp
| MD5 | 8641f45594b8d413bf1da25ce59f1207 |
| SHA1 | afebb23f5a55d304d028ca9942526b3649cddb52 |
| SHA256 | 0403ed31d75dcc182dd98f2b603da4c36b6325e9d159cac4371e1448244bb707 |
| SHA512 | 86a5f959f8462f866466dc706d3ae627b1fb019b8a33ee7fe48e3b69f92bf33dc0f1417c0d5116552b25b488bcb5d9050a33773e6883ebe08410267d95b2353a |
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_5084\frame_top_mid.bmp
| MD5 | 4e0ac65606b6aacd85e11c470ceb4e54 |
| SHA1 | 3f321e3bbde641b7733b806b9ef262243fb8af3b |
| SHA256 | 1d59fe11b3f1951c104f279c1338fc307940268971d016ebe929a9998a5038ee |
| SHA512 | 7b28bcb4e76af3b863a7c3390b6cd3316c4631434e1d1e2df8d6e0eb9987a61a4f1a24de59567394e346d45e332403a0817ed0b0b64d7a624dbe48e30db9bb64 |
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_5084\frame_top_left.bmp
| MD5 | 1966f4308086a013b8837dddf88f67ad |
| SHA1 | 1b66c1b1ad519cad2a273e2e5b2cfd77b8e3a190 |
| SHA256 | 17b5cd496d98db14e7c9757e38892883c7b378407e1f136889a9921abe040741 |
| SHA512 | ec50f92b77bca5117a9a262ba1951e37d6139b838099e1546ab2716c7bafb0fc542ce7f1993a19591c832384df01b722d87bb5a6a010091fc880de6e5cfa6c17 |
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_5084\sys_close_hot.png
| MD5 | 17242d201d004bb34449aab0428d2df1 |
| SHA1 | 77a332c6a6c4bfc47a2120203cfeabb8a2268a6b |
| SHA256 | 15405855866fa2b7c60afbc8ba720aae8f2ba7fb60bfa641dc9d10361e56f033 |
| SHA512 | 605a97e2614c664417d53263be21c67b1504a46ee61b92b0a84ac18a7baab05eb56b72d4cf27372ae6c157928080ba16e24081e95458eb122ba18f3722c2d21f |
C:\Users\Admin\AppData\Local\Temp\MSI9C85.tmp
| MD5 | 0d093a6db075db4d3af06337a6cfc3f3 |
| SHA1 | 7a27265809c47f96f29a09a960badd4c83bdb167 |
| SHA256 | f4c42c1393b907430c89bc504b24a589438690496a38bf7b75358adbdb48f6b3 |
| SHA512 | 1d857ebfcf2526dd142ab72320073ae582dcf26c2d2a0d4c67267bd038182145572ca9c015f06a895555b90d8558dacfa4df6d7a105f6072d356a71532ac87f9 |
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
| MD5 | 96329c73cc49cd960e2485210d01c4d2 |
| SHA1 | a496b98ad2f2bbf26687b5b7794a26aa4470148e |
| SHA256 | 4c159cab6c9ef5ff39e6141b0ccb5b8c6251a3d637520609dfbdd852fa94d466 |
| SHA512 | e98736a879cad24c693d6c5939654b2fd25bf9d348f738668624214f22d541a9b781c967201ab2d43cbac9207946824a0299d482485f4b63c48d5d2a839e5baf |
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_5084\browsebutton
| MD5 | 9554be0be090a59013222261971430ad |
| SHA1 | 9e307b13b4480d0e18cfb1c667f7cfe6c62cc97c |
| SHA256 | f4302ee2090bc7d7a27c4bc970af6eb61c050f14f0876541a8d2f32bc41b9bab |
| SHA512 | ac316f784994da4fed7deb43fe785258223aba5f43cc5532f3e7b874adc0bc6dbcd8e95e631703606dfaa2c40be2e2bb6fa5bc0a6217efe657e74531654ea71c |
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_5084\metrobuttonimage
| MD5 | 17368ff7073a6c7c2949d9a8eb743729 |
| SHA1 | d770cd409cf1a95908d26a51be8c646cace83e4c |
| SHA256 | 16e6e7662f3a204061c18090a64a8679f10bc408be802abd2c7c0e9fe865cbb4 |
| SHA512 | cbc3a378335f131d0146e5fe40cea38a741a0754a26304daebfda6f82c394cf0e151654782c6c8c7bbf7c354fcb72a2c66a77a87df528c2a3fa87c88f204059d |
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_5084\ProgressImage.png
| MD5 | 6bbc544a9fa50b6dc9cd6c31f841548e |
| SHA1 | e63ffd2dd50865c41c564b00f75f11bd8c384b90 |
| SHA256 | 728c6cc4230e5e5b6fdf152f4b9b11ac4d104fa57a39668edea8665527c3bcc2 |
| SHA512 | 2cf43d3a3f2e88805824e4c322832af21c4c49d5309387aa731ddbea8cc280a6049cab4526e20b1c87c39c8781168c5ff80083c94becf0984b94593b89ab77f8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8757A0F68C921927F887F6D56B2C1640_711B0FFDF677284507E7F65614F211FA
| MD5 | 92f4fb5a70c8b2b439d5db4d67d53adc |
| SHA1 | 5bd81ff1e7220b21da71ee4bdec9a9b0bc98b474 |
| SHA256 | 8264163fb914003ec1b10966f45862f5e792c6db1a1af69bbe51bdc7cf4cc7c6 |
| SHA512 | 3081a426ab7f51b06f201696511ac4476b688d74459f5b9130d365db4c62fbc14088ebc23284eb50f8833ece9b1798f433b9e0a0492f17fde17af0a55b7f42dc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1591D5F7B0682312DEC3539E38F11DA5_42A3F57312DF87F42A6DF55DF37AC1A6
| MD5 | 224f4fea70af115c2226228f3c3214cd |
| SHA1 | 8be55d1d0f0d5cb569ff8be2721436aa8471cac7 |
| SHA256 | 9056925e394c019c14821ad1d915620e699c2298d91a324a4ce47f2728de513d |
| SHA512 | 4acbebcc36418868df00e167997238bfa9031dd73c33ce5cff12b7d0f6563218ea54e137322292e7a10e859bd8acd63f48aaf050df7a9b1b69c1e803b61ff0ad |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1591D5F7B0682312DEC3539E38F11DA5_42A3F57312DF87F42A6DF55DF37AC1A6
| MD5 | 0fa63832376f3e8721761c6a625a68c8 |
| SHA1 | 29ed9d00ead67fc517b7ba119e8aa4b39ecf4855 |
| SHA256 | 034ff1959f2833bfdf089758468e0d6b6260a35babd4fd800b52b3a32c1d8ac2 |
| SHA512 | 7ea9debf0dc185057314066bd5bf6119a4c4aab14eb8ca0fc8360a454b5e01d0bf54d515a5f53260bb64f5a36d1aa862013897be2bbb255b240a118191d218d0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8757A0F68C921927F887F6D56B2C1640_711B0FFDF677284507E7F65614F211FA
| MD5 | 065fece3e1db15878a4b6d3a92fcc82f |
| SHA1 | 8bfcbdbe66e0f6bdb72d17dcb41b4aac1269e6d4 |
| SHA256 | b59534eae9bfdbcfe28ffb6de2f49500a57a27dde8e1fc99d0663678d26f0279 |
| SHA512 | 4f97632cafc8d54ca7f09b87e310bd2146cadc4eb045eb1ec21eabc204ca4cbf448f00633b82cfa0b082e77ac089cd44de201271f8aff800e0b54b51b5203935 |
C:\Users\Admin\AppData\Local\Temp\shiB9CA.tmp
| MD5 | b40e4304f279119d9345be970babce41 |
| SHA1 | f76f5b30e7c333efcba1d4e19215ef1fd21d6943 |
| SHA256 | 06285446d57089fe85b3b6127bbc92508773af458ad5cf20abf4570d41c0fee7 |
| SHA512 | ad7e6b30b3ba32d641737f499874f23ccda7c4539def0465d1723d579c79c5e3e981df8526d31f2eb79dc0fe572eb4b71a780eb63df11170d4b6a0786f588299 |