hxxps://drive[.]google[.]com/file/d/1ZPLsxYhJTl08W-8xLyUILsejGP_jTxbL/view?usp=sharing

Analysis

max time kernel
900s
max time network
899s
platform
windows11-21h2_x64
resource
win11-20241023-en
resource tags

arch:x64arch:x86image:win11-20241023-enlocale:en-usos:windows11-21h2-x64system
submitted
01-02-2025 14:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1ZPLsxYhJTl08W-8xLyUILsejGP_jTxbL/view?usp=sharing

Score

8^/10

discovery execution persistence

Malware Config

Signatures

Manipulates Digital Signatures 1 TTPs 5 IoCs

Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\400AD8F92EF9445A4B101365446A8D4D187233B9	move-display-driver-installer.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\400AD8F92EF9445A4B101365446A8D4D187233B9\Blob = 030000000100000014000000400ad8f92ef9445a4b101365446a8d4d187233b92000000001000000e4020000308202e030820249a00302010202107661f506013cdc9f44c7fc5d8c715cf9300d06092a864886f70d0101050500306f316d306b06035504031e64005500530042005c005600490044005f00320039003800320026005000490044005f00310039003500380026004d0049005f0030003000200028006c006900620077006400690020006100750074006f00670065006e0065007200610074006500640029301e170d3235303230313134353235365a170d3239303130313030303030305a306f316d306b06035504031e64005500530042005c005600490044005f00320039003800320026005000490044005f00310039003500380026004d0049005f0030003000200028006c006900620077006400690020006100750074006f00670065006e006500720061007400650064002930819f300d06092a864886f70d010101050003818d0030818902818100c7f1d938c2a432dbe26d213a488b5dbd727fb15d7465262b3f57bcd4c05afa9504fe24c41d40c7baf9a7c5d4800a4e5c0b7fa15acfa476b81e037c62311d1c00c76ed84a00019cf05440d5da88d812d30301adb3de857e5dd66607b1a3fa6550e389ba5157a9ded945807b86d4da235163b3979c1df4876a0a3f2bc61514c4190203010001a37d307b30160603551d250101ff040c300a06082b0601050507030330200603551d07041930178615687474703a2f2f6c69627764692e616b656f2e6965303f0603551d2004383036303406082b060105050702013028302606082b06010505070201161a687474703a2f2f6c69627764692d6370732e616b656f2e696500300d06092a864886f70d0101050500038181004f204b82d4e979353124bab8ae573107eb94ee0c05b44d737f7220580c3b688cbd29b728c6006008379657639555aa069296d676f91b1a83718152f76e148b05f33872e5dc92c16643d5385c286179f1fd8bdd820986bee43090423eb970365902c3432d581a08abc46b4ac61341610a33aff3de69e9402a19a6f6051bfdd91b	move-display-driver-installer.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\400AD8F92EF9445A4B101365446A8D4D187233B9\Blob = 0b000000010000000e0000006c00690062007700640069000000030000000100000014000000400ad8f92ef9445a4b101365446a8d4d187233b92000000001000000e4020000308202e030820249a00302010202107661f506013cdc9f44c7fc5d8c715cf9300d06092a864886f70d0101050500306f316d306b06035504031e64005500530042005c005600490044005f00320039003800320026005000490044005f00310039003500380026004d0049005f0030003000200028006c006900620077006400690020006100750074006f00670065006e0065007200610074006500640029301e170d3235303230313134353235365a170d3239303130313030303030305a306f316d306b06035504031e64005500530042005c005600490044005f00320039003800320026005000490044005f00310039003500380026004d0049005f0030003000200028006c006900620077006400690020006100750074006f00670065006e006500720061007400650064002930819f300d06092a864886f70d010101050003818d0030818902818100c7f1d938c2a432dbe26d213a488b5dbd727fb15d7465262b3f57bcd4c05afa9504fe24c41d40c7baf9a7c5d4800a4e5c0b7fa15acfa476b81e037c62311d1c00c76ed84a00019cf05440d5da88d812d30301adb3de857e5dd66607b1a3fa6550e389ba5157a9ded945807b86d4da235163b3979c1df4876a0a3f2bc61514c4190203010001a37d307b30160603551d250101ff040c300a06082b0601050507030330200603551d07041930178615687474703a2f2f6c69627764692e616b656f2e6965303f0603551d2004383036303406082b060105050702013028302606082b06010505070201161a687474703a2f2f6c69627764692d6370732e616b656f2e696500300d06092a864886f70d0101050500038181004f204b82d4e979353124bab8ae573107eb94ee0c05b44d737f7220580c3b688cbd29b728c6006008379657639555aa069296d676f91b1a83718152f76e148b05f33872e5dc92c16643d5385c286179f1fd8bdd820986bee43090423eb970365902c3432d581a08abc46b4ac61341610a33aff3de69e9402a19a6f6051bfdd91b	move-display-driver-installer.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\400AD8F92EF9445A4B101365446A8D4D187233B9\Blob = 0f0000000100000014000000095a6624113e7d96fe6764fc46a147c9ed16cc01030000000100000014000000400ad8f92ef9445a4b101365446a8d4d187233b90b000000010000000e0000006c006900620077006400690000002000000001000000e4020000308202e030820249a00302010202107661f506013cdc9f44c7fc5d8c715cf9300d06092a864886f70d0101050500306f316d306b06035504031e64005500530042005c005600490044005f00320039003800320026005000490044005f00310039003500380026004d0049005f0030003000200028006c006900620077006400690020006100750074006f00670065006e0065007200610074006500640029301e170d3235303230313134353235365a170d3239303130313030303030305a306f316d306b06035504031e64005500530042005c005600490044005f00320039003800320026005000490044005f00310039003500380026004d0049005f0030003000200028006c006900620077006400690020006100750074006f00670065006e006500720061007400650064002930819f300d06092a864886f70d010101050003818d0030818902818100c7f1d938c2a432dbe26d213a488b5dbd727fb15d7465262b3f57bcd4c05afa9504fe24c41d40c7baf9a7c5d4800a4e5c0b7fa15acfa476b81e037c62311d1c00c76ed84a00019cf05440d5da88d812d30301adb3de857e5dd66607b1a3fa6550e389ba5157a9ded945807b86d4da235163b3979c1df4876a0a3f2bc61514c4190203010001a37d307b30160603551d250101ff040c300a06082b0601050507030330200603551d07041930178615687474703a2f2f6c69627764692e616b656f2e6965303f0603551d2004383036303406082b060105050702013028302606082b06010505070201161a687474703a2f2f6c69627764692d6370732e616b656f2e696500300d06092a864886f70d0101050500038181004f204b82d4e979353124bab8ae573107eb94ee0c05b44d737f7220580c3b688cbd29b728c6006008379657639555aa069296d676f91b1a83718152f76e148b05f33872e5dc92c16643d5385c286179f1fd8bdd820986bee43090423eb970365902c3432d581a08abc46b4ac61341610a33aff3de69e9402a19a6f6051bfdd91b	DrvInst.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\400AD8F92EF9445A4B101365446A8D4D187233B9\Blob = 030000000100000014000000400ad8f92ef9445a4b101365446a8d4d187233b902000000010000004c0000001c0000000000000001000000200000000000000000000000020000006c006900620077006400690020006b0065007900200063006f006e007400610069006e006500720000000000000000000b000000010000000e0000006c006900620077006400690000002000000001000000e4020000308202e030820249a00302010202107661f506013cdc9f44c7fc5d8c715cf9300d06092a864886f70d0101050500306f316d306b06035504031e64005500530042005c005600490044005f00320039003800320026005000490044005f00310039003500380026004d0049005f0030003000200028006c006900620077006400690020006100750074006f00670065006e0065007200610074006500640029301e170d3235303230313134353235365a170d3239303130313030303030305a306f316d306b06035504031e64005500530042005c005600490044005f00320039003800320026005000490044005f00310039003500380026004d0049005f0030003000200028006c006900620077006400690020006100750074006f00670065006e006500720061007400650064002930819f300d06092a864886f70d010101050003818d0030818902818100c7f1d938c2a432dbe26d213a488b5dbd727fb15d7465262b3f57bcd4c05afa9504fe24c41d40c7baf9a7c5d4800a4e5c0b7fa15acfa476b81e037c62311d1c00c76ed84a00019cf05440d5da88d812d30301adb3de857e5dd66607b1a3fa6550e389ba5157a9ded945807b86d4da235163b3979c1df4876a0a3f2bc61514c4190203010001a37d307b30160603551d250101ff040c300a06082b0601050507030330200603551d07041930178615687474703a2f2f6c69627764692e616b656f2e6965303f0603551d2004383036303406082b060105050702013028302606082b06010505070201161a687474703a2f2f6c69627764692d6370732e616b656f2e696500300d06092a864886f70d0101050500038181004f204b82d4e979353124bab8ae573107eb94ee0c05b44d737f7220580c3b688cbd29b728c6006008379657639555aa069296d676f91b1a83718152f76e148b05f33872e5dc92c16643d5385c286179f1fd8bdd820986bee43090423eb970365902c3432d581a08abc46b4ac61341610a33aff3de69e9402a19a6f6051bfdd91b	move-display-driver-installer.exe

Executes dropped EXE 17 IoCs

pid	Process
944	Ableton Live 12 Suite Installer.exe
3704	Ableton Live 12 Suite Installer.exe
792	vc_redist.x64.exe
4908	vc_redist.x64.exe
2832	VC_redist.x64.exe
1644	tlsetupfx.exe
2168	tlsetupfx.exe
2268	tlsetupfx.exe
2468	tlsetupfx.exe
2512	AbletonAudioCpl.exe
2960	tlsetupfx.exe
1512	AbletonAudioCpl.exe
948	InstallHelper.exe
3332	move-display-driver-installer.exe
2096	push2-display-driver-installer.exe
240	installer_x64.exe
1960	keygen.exe

Loads dropped DLL 35 IoCs

pid	Process
944	Ableton Live 12 Suite Installer.exe
944	Ableton Live 12 Suite Installer.exe
4908	vc_redist.x64.exe
2712	VC_redist.x64.exe
1124	MsiExec.exe
1124	MsiExec.exe
1124	MsiExec.exe
1124	MsiExec.exe
1124	MsiExec.exe
1124	MsiExec.exe
1124	MsiExec.exe
1124	MsiExec.exe
1124	MsiExec.exe
1124	MsiExec.exe
1124	MsiExec.exe
1124	MsiExec.exe
1540	MsiExec.exe
1540	MsiExec.exe
1540	MsiExec.exe
1540	MsiExec.exe
1540	MsiExec.exe
416	regsvr32.exe
2280	regsvr32.exe
2172	regsvr32.exe
2472	regsvr32.exe
1124	MsiExec.exe
2508	MsiExec.exe
948	InstallHelper.exe
948	InstallHelper.exe
948	InstallHelper.exe
2508	MsiExec.exe
3752	MsiExec.exe
1960	keygen.exe
1960	keygen.exe
1960	keygen.exe

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
4576	icacls.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{9FE4C915-316D-4C18-B4C4-BF627B8504DD} = "\"C:\\ProgramData\\Package Cache\\{9FE4C915-316D-4C18-B4C4-BF627B8504DD}\\Ableton Live 12 Suite Installer.exe\" /burn.clean.room /burn.runonce"	Ableton Live 12 Suite Installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{8bdfe669-9705-4184-9368-db9ce581e0e7} = "\"C:\\ProgramData\\Package Cache\\{8bdfe669-9705-4184-9368-db9ce581e0e7}\\VC_redist.x64.exe\" /burn.runonce"	VC_redist.x64.exe

Blocklisted process makes network request 2 IoCs

flow	pid	Process
81	1216	msiexec.exe
82	1216	msiexec.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File created	C:\ProgramData\Ableton\Live 12 Suite\Resources\Misc\Metronome\Desktop.ini	msiexec.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
2	drive.google.com
5	drive.google.com

Drops file in System32 directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\mfc140chs.dll	msiexec.exe
File created	C:\Windows\system32\mfc140rus.dll	msiexec.exe
File created	C:\Windows\System32\DriverStore\Temp\{cb634119-5319-e040-a0bf-205c14e092fa}\SET6C69.tmp	DrvInst.exe
File opened for modification	C:\Windows\system32\vcruntime140.dll	msiexec.exe
File opened for modification	C:\Windows\system32\msvcp140.dll	msiexec.exe
File created	C:\Windows\system32\concrt140.dll	msiexec.exe
File created	C:\Windows\system32\msvcp140_2.dll	msiexec.exe
File created	C:\Windows\system32\msvcp140_atomic_wait.dll	msiexec.exe
File created	C:\Windows\system32\mfc140kor.dll	msiexec.exe
File created	C:\Windows\system32\vcruntime140.dll	msiexec.exe
File created	C:\Windows\system32\mfc140.dll	msiexec.exe
File created	C:\Windows\System32\GroupPolicy\Machine\Registry.pol	installer_x64.exe
File created	C:\Windows\system32\msvcp140_codecvt_ids.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc140.dll	msiexec.exe
File created	C:\Windows\system32\mfc140enu.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc140rus.dll	msiexec.exe
File created	C:\Windows\system32\mfc140chs.dll	msiexec.exe
File created	C:\Windows\system32\mfc140deu.dll	msiexec.exe
File created	C:\Windows\system32\mfc140ita.dll	msiexec.exe
File created	C:\Windows\system32\mfc140jpn.dll	msiexec.exe
File opened for modification	C:\Windows\system32\msvcp140_codecvt_ids.dll	msiexec.exe
File created	C:\Windows\system32\msvcp140.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc140jpn.dll	msiexec.exe
File opened for modification	C:\Windows\System32\GroupPolicy\GPT.INI	installer_x64.exe
File created	C:\Windows\System32\DriverStore\Temp\{cb634119-5319-e040-a0bf-205c14e092fa}\SET6C6A.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	DrvInst.exe
File opened for modification	C:\Windows\system32\mfc140enu.dll	msiexec.exe
File opened for modification	C:\Windows\System32\GroupPolicy\gpt.ini	installer_x64.exe
File created	C:\Windows\System32\DriverStore\Temp\{cb634119-5319-e040-a0bf-205c14e092fa}\amd64\SET6C68.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{cb634119-5319-e040-a0bf-205c14e092fa}\amd64	DrvInst.exe
File opened for modification	C:\Windows\system32\vcamp140.dll	msiexec.exe
File created	C:\Windows\system32\vcamp140.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfcm140u.dll	msiexec.exe
File opened for modification	C:\Windows\System32\GroupPolicy	installer_x64.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{cb634119-5319-e040-a0bf-205c14e092fa}\amd64\SET6C68.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\move_display.inf_amd64_3ede6511c3a4d6a7\amd64\WinUSBCoInstaller2.dll	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{cb634119-5319-e040-a0bf-205c14e092fa}\move_display.inf	DrvInst.exe
File created	C:\Windows\System32\DriverStore\drvstore.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\move_display.inf_amd64_3ede6511c3a4d6a7\amd64\WdfCoInstaller01009.dll	DrvInst.exe
File opened for modification	C:\Windows\system32\vcomp140.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc140u.dll	msiexec.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{cb634119-5319-e040-a0bf-205c14e092fa}\move_display.cat	DrvInst.exe
File created	C:\Windows\system32\mfc140esn.dll	msiexec.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{cb634119-5319-e040-a0bf-205c14e092fa}\SET6C6A.tmp	DrvInst.exe
File opened for modification	C:\Windows\system32\concrt140.dll	msiexec.exe
File opened for modification	C:\Windows\system32\vccorlib140.dll	msiexec.exe
File created	C:\Windows\system32\vcomp140.dll	msiexec.exe
File created	C:\Windows\system32\mfcm140u.dll	msiexec.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{cb634119-5319-e040-a0bf-205c14e092fa}\amd64\SET6C57.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{cb634119-5319-e040-a0bf-205c14e092fa}\amd64\WdfCoInstaller01009.dll	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\move_display.inf_amd64_3ede6511c3a4d6a7\move_display.cat	DrvInst.exe
File opened for modification	C:\Windows\system32\vcruntime140_1.dll	msiexec.exe
File created	C:\Windows\system32\vccorlib140.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc140cht.dll	msiexec.exe
File opened for modification	C:\Windows\system32\msvcp140_1.dll	msiexec.exe
File created	C:\Windows\system32\mfc140fra.dll	msiexec.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\move_display.inf_amd64_3ede6511c3a4d6a7\move_display.inf	DrvInst.exe
File opened for modification	C:\Windows\system32\msvcp140_atomic_wait.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc140deu.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc140fra.dll	msiexec.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{cb634119-5319-e040-a0bf-205c14e092fa}	DrvInst.exe
File opened for modification	C:\Windows\system32\msvcp140_2.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc140kor.dll	msiexec.exe
File created	C:\Windows\system32\mfc140u.dll	msiexec.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Propellerhead Software\ReWire\ReWire.dll	InstallHelper.exe
File opened for modification	C:\Program Files\Common Files\Propellerhead Software\ReWire\ReWire.dll	InstallHelper.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\inf\mdmnttd6.PNF	tlsetupfx.exe
File created	C:\Windows\inf\mdmvv.PNF	tlsetupfx.exe
File created	C:\Windows\Installer\{9EB6A2F0-740F-4F13-9592-84F0D67C0DD1}\pckHtUoGQayNxP\x64\AbletonAudioCpl.exe	MsiExec.exe
File created	C:\Windows\Installer\{D766854D-7739-44F1-9E9E-CDD222E6C5C3}\pckHtUoGQayNxP\x64\AbletonAudioCpl.strings\de.txt	MsiExec.exe
File created	C:\Windows\inf\c_fsreplication.PNF	tlsetupfx.exe
File created	C:\Windows\inf\c_receiptprinter.PNF	tlsetupfx.exe
File created	C:\Windows\inf\mdmcodex.PNF	tlsetupfx.exe
File created	C:\Windows\inf\mdmeric.PNF	tlsetupfx.exe
File created	C:\Windows\inf\usbvideo.PNF	tlsetupfx.exe
File created	C:\Windows\inf\c_61883.PNF	tlsetupfx.exe
File created	C:\Windows\inf\c_image.PNF	tlsetupfx.exe
File created	C:\Windows\inf\c_scsiadapter.PNF	tlsetupfx.exe
File created	C:\Windows\inf\ks.PNF	tlsetupfx.exe
File created	C:\Windows\inf\mdmgl004.PNF	tlsetupfx.exe
File created	C:\Windows\inf\prnms007.PNF	tlsetupfx.exe
File created	C:\Windows\Installer\{564F61C6-7D04-4B19-91F4-C9570AC062A6}\pckHtUoGQayNxP\x64\AbletonAudioapi.dll	MsiExec.exe
File created	C:\Windows\inf\c_mediumchanger.PNF	tlsetupfx.exe
File created	C:\Windows\inf\mdmgsm.PNF	tlsetupfx.exe
File created	C:\Windows\inf\netefe3e.PNF	tlsetupfx.exe
File created	C:\Windows\inf\PerceptionSimulationHeadset.PNF	tlsetupfx.exe
File opened for modification	C:\Windows\Installer\MSI52AE.tmp	msiexec.exe
File created	C:\Windows\inf\mdmsupr3.PNF	tlsetupfx.exe
File created	C:\Windows\inf\netnvma.PNF	tlsetupfx.exe
File created	C:\Windows\inf\netwtw02.PNF	tlsetupfx.exe
File created	C:\Windows\inf\prnms013.PNF	tlsetupfx.exe
File created	C:\Windows\inf\wvmic_ext.PNF	tlsetupfx.exe
File opened for modification	C:\Windows\Installer\MSI4F60.tmp	msiexec.exe
File created	C:\Windows\Installer\{9EB6A2F0-740F-4F13-9592-84F0D67C0DD1}\pckHtUoGQayNxP\x64\custom.ini	MsiExec.exe
File created	C:\Windows\inf\mdmatm2k.PNF	tlsetupfx.exe
File created	C:\Windows\inf\netjme.PNF	tlsetupfx.exe
File created	C:\Windows\inf\vca.PNF	tlsetupfx.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\F5FC08302FE9ABA4FB78AE84621A8BB9\12.0.0\F_CENTRAL_mfcm120u_x64.05F0B5F5_44A8_3793_976B_A4F17AECF92C	msiexec.exe
File created	C:\Windows\inf\oem3.inf	DrvInst.exe
File created	C:\Windows\Installer\{564F61C6-7D04-4B19-91F4-C9570AC062A6}\pckHtUoGQayNxP\x64\AbletonAudioCpl.xml	MsiExec.exe
File created	C:\Windows\inf\BthLCPen.PNF	tlsetupfx.exe
File created	C:\Windows\inf\c_floppydisk.PNF	tlsetupfx.exe
File created	C:\Windows\inf\mdmcm28.PNF	tlsetupfx.exe
File created	C:\Windows\inf\netvg63a.PNF	tlsetupfx.exe
File created	C:\Windows\inf\wnetvsc.PNF	tlsetupfx.exe
File created	C:\Windows\Installer\{564F61C6-7D04-4B19-91F4-C9570AC062A6}\pckHtUoGQayNxP\x64\AbletonAudio.cat	MsiExec.exe
File created	C:\Windows\inf\mdmairte.PNF	tlsetupfx.exe
File created	C:\Windows\inf\mdmiodat.PNF	tlsetupfx.exe
File created	C:\Windows\inf\mdmisdn.PNF	tlsetupfx.exe
File created	C:\Windows\inf\mdmwhql0.PNF	tlsetupfx.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagerr.xml	UserOOBEBroker.exe
File created	C:\Windows\inf\c_fscfsmetadataserver.PNF	tlsetupfx.exe
File created	C:\Windows\inf\mdmkortx.PNF	tlsetupfx.exe
File created	C:\Windows\inf\rndiscmp.PNF	tlsetupfx.exe
File created	C:\Windows\inf\tsusbhub.PNF	tlsetupfx.exe
File created	C:\Windows\inf\mdmmcom.PNF	tlsetupfx.exe
File created	C:\Windows\inf\mdmnis5t.PNF	tlsetupfx.exe
File opened for modification	C:\Windows\Installer\MSI3C32.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI4CF5.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI4D36.tmp	msiexec.exe
File created	C:\Windows\inf\c_cdrom.PNF	tlsetupfx.exe
File created	C:\Windows\inf\c_modem.PNF	tlsetupfx.exe
File created	C:\Windows\inf\c_smartcardreader.PNF	tlsetupfx.exe
File created	C:\Windows\inf\mdmomrn3.PNF	tlsetupfx.exe
File created	C:\Windows\inf\mdmx5560.PNF	tlsetupfx.exe
File created	C:\Windows\inf\SmartSAMD.PNF	tlsetupfx.exe
File created	C:\Windows\Installer\{D766854D-7739-44F1-9E9E-CDD222E6C5C3}\pckHtUoGQayNxP\x64\tlsetupfx_main.xml	MsiExec.exe
File created	C:\Windows\inf\hidserv.PNF	tlsetupfx.exe
File created	C:\Windows\inf\mdmnova.PNF	tlsetupfx.exe
File created	C:\Windows\inf\net1ic64.PNF	tlsetupfx.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Using powershell.exe command.

execution

PowerShell

T1059.001

pid	Process
2984	powershell.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 20 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Ableton Live 12 Suite Installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Ableton Live 12 Suite Installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	move-display-driver-installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Ableton_KeyGen.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	keygen.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Ableton Live 12 Suite Installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	VC_redist.x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	VC_redist.x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FileCoAuth.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	VC_redist.x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	VC_redist.x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	push2-display-driver-installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vc_redist.x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	icacls.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vc_redist.x64.exe

Checks SCSI registry key(s) 3 TTPs 43 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	tlsetupfx.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	tlsetupfx.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	tlsetupfx.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	DrvInst.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr	vssvc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	tlsetupfx.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	tlsetupfx.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	tlsetupfx.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	tlsetupfx.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	tlsetupfx.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	tlsetupfx.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	tlsetupfx.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	DrvInst.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 00000000040000000ffe3df86b77af750000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff0000000027010100000800000ffe3df80000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff0000000007000100006809000ffe3df8000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d0ffe3df8000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000ffe3df800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	tlsetupfx.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	tlsetupfx.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{8330D1E8-0F05-4622-AA17-E3FC379E5C6A}Machine\Software\Policies\Microsoft\Windows	installer_x64.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects	installer_x64.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{8330D1E8-0F05-4622-AA17-E3FC379E5C6A}Machine\Software\Policies\Microsoft\Windows\DeviceInstall	installer_x64.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{E5C9C585-FDB0-4120-A3AD-862B9B4ED501}Machine\Software\Policies\Microsoft\Windows\DeviceInstall	installer_x64.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{E5C9C585-FDB0-4120-A3AD-862B9B4ED501}Machine\Software\Policies	installer_x64.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{E5C9C585-FDB0-4120-A3AD-862B9B4ED501}Machine\Software\Policies\Microsoft\Windows	installer_x64.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	move-display-driver-installer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	move-display-driver-installer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	move-display-driver-installer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	move-display-driver-installer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	move-display-driver-installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b\52C64B7E\@%SystemRoot%\System32\wuaueng.dll,-400 = "Windows Update"	DrvInst.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{E5C9C585-FDB0-4120-A3AD-862B9B4ED501}Machine	installer_x64.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	move-display-driver-installer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	move-display-driver-installer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion	installer_x64.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b\52C64B7E\@%SystemRoot%\System32\ci.dll,-100 = "Isolated User Mode (IUM)"	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects	installer_x64.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\GROUP POLICY OBJECTS\{8330D1E8-0F05-4622-AA17-E3FC379E5C6A}USER	installer_x64.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	move-display-driver-installer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	move-display-driver-installer.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{8330D1E8-0F05-4622-AA17-E3FC379E5C6A}Machine\Software\Policies\Microsoft\Windows\DeviceInstall\Settings\DisableSystemRestore = "1"	installer_x64.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2A	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	move-display-driver-installer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b\52C64B7E\@%SystemRoot%\system32\NgcRecovery.dll,-100 = "Windows Hello Recovery Key Encryption"	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{E5C9C585-FDB0-4120-A3AD-862B9B4ED501}Machine\Software	installer_x64.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	move-display-driver-installer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	move-display-driver-installer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	move-display-driver-installer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows	installer_x64.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	move-display-driver-installer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b\52C64B7E	move-display-driver-installer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	installer_x64.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{8330D1E8-0F05-4622-AA17-E3FC379E5C6A}Machine\Software\Policies\Microsoft\Windows	installer_x64.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\28	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\29	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\	InstallHelper.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1"	InstallHelper.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{8330D1E8-0F05-4622-AA17-E3FC379E5C6A}Machine\Software\Policies	installer_x64.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{8330D1E8-0F05-4622-AA17-E3FC379E5C6A}Machine	installer_x64.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{8330D1E8-0F05-4622-AA17-E3FC379E5C6A}Machine\Software\Policies\Microsoft	installer_x64.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{8330D1E8-0F05-4622-AA17-E3FC379E5C6A}Machine	installer_x64.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{8330D1E8-0F05-4622-AA17-E3FC379E5C6A}Machine\Software	installer_x64.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{8330D1E8-0F05-4622-AA17-E3FC379E5C6A}Machine\Software\Policies\Microsoft\Windows\DeviceInstall\Settings	installer_x64.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{E5C9C585-FDB0-4120-A3AD-862B9B4ED501}Machine	installer_x64.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{E5C9C585-FDB0-4120-A3AD-862B9B4ED501}Machine\Software\Policies\Microsoft\Windows\DeviceInstall\Settings\DisableSystemRestore = "1"	installer_x64.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{9FE4C915-316D-4C18-B4C4-BF627B8504DD}\Dependents\{9FE4C915-316D-4C18-B4C4-BF627B8504DD}	Ableton Live 12 Suite Installer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\8A567BD6FA501A947AD1F646E53EEC14	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\INSTALLER\DEPENDENCIES\VC,REDIST.X64,AMD64,14.30,BUNDLE\DEPENDENTS\{57A73DF6-4BA9-4C1D-BBBB-517289FF6C13}	VC_redist.x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.ablpresetbundle	InstallHelper.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Ableton.Live.AppLiveSuite.adg.12\shell\Open	InstallHelper.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\Ableton Live 12 Suite.exe\FriendlyAppName = "Ableton Live 12 Suite"	InstallHelper.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{A823612A-AA91-4911-886A-7C589452C65C}_v5.68.0\Dependents\{9FE4C915-316D-4C18-B4C4-BF627B8504DD}	Ableton Live 12 Suite Installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Ableton.Live.AppLiveSuite.amxd.12\shell\ = "Open"	InstallHelper.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.ablpresetbundle\OpenWithProgids	InstallHelper.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\27DD5200959A5B540A3AE7EF1BA50805\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532\\packages\\vcRuntimeAdditional_amd64\\"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F2E91D5D9817EF24183029DCF14A752C\SourceList\Media	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8A567BD6FA501A947AD1F646E53EEC14\SourceList\Net	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Ableton.Live.AppLiveSuite.abl.12\shell	InstallHelper.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.asd\ = "Ableton.Live.AppLiveSuite.asd.12"	InstallHelper.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\.amxd\OpenWithProgids\Ableton.Live.AppLiveSuite.amxd.12 = "0"	InstallHelper.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ableton\ = "URL:Live Protocol"	InstallHelper.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Ableton.Live.AppLiveSuite.auz.12\shell	InstallHelper.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{9FE4C915-316D-4C18-B4C4-BF627B8504DD}\DisplayName = "Ableton Live 12 Suite"	Ableton Live 12 Suite Installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Ableton.Live.AppLiveSuite.abl.12\shell\Open\Command	InstallHelper.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.asd\OpenWithProgids	InstallHelper.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Ableton.Live.AppLiveSuite.adv.12\FriendlyTypeName = "Ableton Live Device Preset"	InstallHelper.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Ableton.Live.AppLiveSuite.adg.12\DefaultIcon	InstallHelper.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.amxd	InstallHelper.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ableton	InstallHelper.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeMinimumVSU_amd64,v14\Version = "14.36.32532"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F2E91D5D9817EF24183029DCF14A752C\SourceList\Media\1 = ";"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.als\ = "Ableton.Live.AppLiveSuite.als.12"	InstallHelper.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Ableton.Live.AppLiveSuite.asd.12	InstallHelper.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{9FE4C915-316D-4C18-B4C4-BF627B8504DD}\ = "{9FE4C915-316D-4C18-B4C4-BF627B8504DD}"	Ableton Live 12 Suite Installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{A823612A-AA91-4911-886A-7C589452C65C}_v5.68.0\ = "{A823612A-AA91-4911-886A-7C589452C65C}"	Ableton Live 12 Suite Installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F5FC08302FE9ABA4FB78AE84621A8BB9	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F5FC08302FE9ABA4FB78AE84621A8BB9\SourceList\Media\3 = ";"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Ableton.Live.AppLiveSuite.ablbundle.12\shell	InstallHelper.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Ableton.Live.AppLiveSuite.ablbundle.12\shell\ = "Open"	InstallHelper.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\.ablpresetbundle\OpenWithProgids\Ableton.Live.AppLiveSuite.ablpresetbundle.12 = "0"	InstallHelper.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.asd	InstallHelper.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Ableton.Live.AppLiveSuite.adv.12	InstallHelper.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Ableton.Live.AppLiveSuite.adv.12\shell	InstallHelper.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F2E91D5D9817EF24183029DCF14A752C\Clients = 3a0000000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F5FC08302FE9ABA4FB78AE84621A8BB9\SourceList\Media\2 = ";"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Ableton.Live.AppLiveSuite.als.12\shell\Open\Command\ = "\"C:\\ProgramData\\Ableton\\Live 12 Suite\\Program\\Ableton Live 12 Suite.exe\" \"%1\""	InstallHelper.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Ableton.Live.AppLiveSuite.ablpresetbundle.12\EditFlags	InstallHelper.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Ableton.Live.AppLiveSuite.alc.12\EditFlags\ = "1048576"	InstallHelper.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Ableton.Live.AppLiveSuite.auz.12\EditFlags	InstallHelper.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Ableton.Live.AppLiveSuite.auz.12\DefaultIcon\ = "\"C:\\ProgramData\\Ableton\\Live 12 Suite\\Resources\\Icons\\generic.ico\""	InstallHelper.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F2E91D5D9817EF24183029DCF14A752C\AuthorizedLUAApp = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F2E91D5D9817EF24183029DCF14A752C\SourceList\PackageName = "vc_runtimeMinimum_x64.msi"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\27DD5200959A5B540A3AE7EF1BA50805\VC_Runtime_Additional	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F5FC08302FE9ABA4FB78AE84621A8BB9\SourceList\Media\1 = ";"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\.alc\OpenWithProgids\Ableton.Live.AppLiveSuite.alc.12 = "0"	InstallHelper.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Ableton.Live.AppLiveSuite.adv.12\AppUserModelID = "Ableton.Live.AppLiveSuite.12"	InstallHelper.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8A567BD6FA501A947AD1F646E53EEC14	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\F5FC08302FE9ABA4FB78AE84621A8BB9\ProductFeature	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Ableton.Live.AppLiveSuite.alc.12\shell\ = "Open"	InstallHelper.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Ableton.Live.AppLiveSuite.amxd.12\EditFlags	InstallHelper.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{9FE4C915-316D-4C18-B4C4-BF627B8504DD}\Version = "12.0.0.0"	Ableton Live 12 Suite Installer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\INSTALLER\DEPENDENCIES\MICROSOFT.VS.VC_RUNTIMEMINIMUMVSU_AMD64,V14\DEPENDENTS\{57A73DF6-4BA9-4C1D-BBBB-517289FF6C13}	VC_redist.x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Ableton.Live.AppLiveSuite.abl.12\EditFlags	InstallHelper.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F5FC08302FE9ABA4FB78AE84621A8BB9\ProductName = "Ableton Live 12 Suite"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Ableton.Live.AppLiveSuite.alc.12\shell\Open\Command\ = "\"C:\\ProgramData\\Ableton\\Live 12 Suite\\Program\\Ableton Live 12 Suite.exe\" \"%1\""	InstallHelper.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Ableton.Live.AppLiveSuite.amxd.12\DefaultIcon	InstallHelper.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ableton\Shell\open\command\ = "C:\\ProgramData\\Ableton\\Live 12 Suite\\Program\\Ableton Live 12 Suite.exe \"%1\""	InstallHelper.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\88AAB0B9F51EF1A3CA0C2B609EDD7FC1	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F5FC08302FE9ABA4FB78AE84621A8BB9\InstanceType = "0"	msiexec.exe

Modifies system certificate store 2 TTPs 11 IoCs

defense_evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\400AD8F92EF9445A4B101365446A8D4D187233B9	move-display-driver-installer.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\400AD8F92EF9445A4B101365446A8D4D187233B9\Blob = 030000000100000014000000400ad8f92ef9445a4b101365446a8d4d187233b92000000001000000e4020000308202e030820249a00302010202107661f506013cdc9f44c7fc5d8c715cf9300d06092a864886f70d0101050500306f316d306b06035504031e64005500530042005c005600490044005f00320039003800320026005000490044005f00310039003500380026004d0049005f0030003000200028006c006900620077006400690020006100750074006f00670065006e0065007200610074006500640029301e170d3235303230313134353235365a170d3239303130313030303030305a306f316d306b06035504031e64005500530042005c005600490044005f00320039003800320026005000490044005f00310039003500380026004d0049005f0030003000200028006c006900620077006400690020006100750074006f00670065006e006500720061007400650064002930819f300d06092a864886f70d010101050003818d0030818902818100c7f1d938c2a432dbe26d213a488b5dbd727fb15d7465262b3f57bcd4c05afa9504fe24c41d40c7baf9a7c5d4800a4e5c0b7fa15acfa476b81e037c62311d1c00c76ed84a00019cf05440d5da88d812d30301adb3de857e5dd66607b1a3fa6550e389ba5157a9ded945807b86d4da235163b3979c1df4876a0a3f2bc61514c4190203010001a37d307b30160603551d250101ff040c300a06082b0601050507030330200603551d07041930178615687474703a2f2f6c69627764692e616b656f2e6965303f0603551d2004383036303406082b060105050702013028302606082b06010505070201161a687474703a2f2f6c69627764692d6370732e616b656f2e696500300d06092a864886f70d0101050500038181004f204b82d4e979353124bab8ae573107eb94ee0c05b44d737f7220580c3b688cbd29b728c6006008379657639555aa069296d676f91b1a83718152f76e148b05f33872e5dc92c16643d5385c286179f1fd8bdd820986bee43090423eb970365902c3432d581a08abc46b4ac61341610a33aff3de69e9402a19a6f6051bfdd91b	move-display-driver-installer.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\400AD8F92EF9445A4B101365446A8D4D187233B9\Blob = 0b000000010000000e0000006c00690062007700640069000000030000000100000014000000400ad8f92ef9445a4b101365446a8d4d187233b92000000001000000e4020000308202e030820249a00302010202107661f506013cdc9f44c7fc5d8c715cf9300d06092a864886f70d0101050500306f316d306b06035504031e64005500530042005c005600490044005f00320039003800320026005000490044005f00310039003500380026004d0049005f0030003000200028006c006900620077006400690020006100750074006f00670065006e0065007200610074006500640029301e170d3235303230313134353235365a170d3239303130313030303030305a306f316d306b06035504031e64005500530042005c005600490044005f00320039003800320026005000490044005f00310039003500380026004d0049005f0030003000200028006c006900620077006400690020006100750074006f00670065006e006500720061007400650064002930819f300d06092a864886f70d010101050003818d0030818902818100c7f1d938c2a432dbe26d213a488b5dbd727fb15d7465262b3f57bcd4c05afa9504fe24c41d40c7baf9a7c5d4800a4e5c0b7fa15acfa476b81e037c62311d1c00c76ed84a00019cf05440d5da88d812d30301adb3de857e5dd66607b1a3fa6550e389ba5157a9ded945807b86d4da235163b3979c1df4876a0a3f2bc61514c4190203010001a37d307b30160603551d250101ff040c300a06082b0601050507030330200603551d07041930178615687474703a2f2f6c69627764692e616b656f2e6965303f0603551d2004383036303406082b060105050702013028302606082b06010505070201161a687474703a2f2f6c69627764692d6370732e616b656f2e696500300d06092a864886f70d0101050500038181004f204b82d4e979353124bab8ae573107eb94ee0c05b44d737f7220580c3b688cbd29b728c6006008379657639555aa069296d676f91b1a83718152f76e148b05f33872e5dc92c16643d5385c286179f1fd8bdd820986bee43090423eb970365902c3432d581a08abc46b4ac61341610a33aff3de69e9402a19a6f6051bfdd91b	move-display-driver-installer.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\400AD8F92EF9445A4B101365446A8D4D187233B9\Blob = 030000000100000014000000400ad8f92ef9445a4b101365446a8d4d187233b902000000010000004c0000001c0000000000000001000000200000000000000000000000020000006c006900620077006400690020006b0065007900200063006f006e007400610069006e006500720000000000000000000b000000010000000e0000006c006900620077006400690000002000000001000000e4020000308202e030820249a00302010202107661f506013cdc9f44c7fc5d8c715cf9300d06092a864886f70d0101050500306f316d306b06035504031e64005500530042005c005600490044005f00320039003800320026005000490044005f00310039003500380026004d0049005f0030003000200028006c006900620077006400690020006100750074006f00670065006e0065007200610074006500640029301e170d3235303230313134353235365a170d3239303130313030303030305a306f316d306b06035504031e64005500530042005c005600490044005f00320039003800320026005000490044005f00310039003500380026004d0049005f0030003000200028006c006900620077006400690020006100750074006f00670065006e006500720061007400650064002930819f300d06092a864886f70d010101050003818d0030818902818100c7f1d938c2a432dbe26d213a488b5dbd727fb15d7465262b3f57bcd4c05afa9504fe24c41d40c7baf9a7c5d4800a4e5c0b7fa15acfa476b81e037c62311d1c00c76ed84a00019cf05440d5da88d812d30301adb3de857e5dd66607b1a3fa6550e389ba5157a9ded945807b86d4da235163b3979c1df4876a0a3f2bc61514c4190203010001a37d307b30160603551d250101ff040c300a06082b0601050507030330200603551d07041930178615687474703a2f2f6c69627764692e616b656f2e6965303f0603551d2004383036303406082b060105050702013028302606082b06010505070201161a687474703a2f2f6c69627764692d6370732e616b656f2e696500300d06092a864886f70d0101050500038181004f204b82d4e979353124bab8ae573107eb94ee0c05b44d737f7220580c3b688cbd29b728c6006008379657639555aa069296d676f91b1a83718152f76e148b05f33872e5dc92c16643d5385c286179f1fd8bdd820986bee43090423eb970365902c3432d581a08abc46b4ac61341610a33aff3de69e9402a19a6f6051bfdd91b	move-display-driver-installer.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\400AD8F92EF9445A4B101365446A8D4D187233B9\Blob = 030000000100000014000000400ad8f92ef9445a4b101365446a8d4d187233b902000000010000004c0000001c0000000000000001000000200000000000000000000000020000006c006900620077006400690020006b0065007900200063006f006e007400610069006e006500720000000000000000000b000000010000000e0000006c006900620077006400690000002000000001000000e4020000308202e030820249a00302010202107661f506013cdc9f44c7fc5d8c715cf9300d06092a864886f70d0101050500306f316d306b06035504031e64005500530042005c005600490044005f00320039003800320026005000490044005f00310039003500380026004d0049005f0030003000200028006c006900620077006400690020006100750074006f00670065006e0065007200610074006500640029301e170d3235303230313134353235365a170d3239303130313030303030305a306f316d306b06035504031e64005500530042005c005600490044005f00320039003800320026005000490044005f00310039003500380026004d0049005f0030003000200028006c006900620077006400690020006100750074006f00670065006e006500720061007400650064002930819f300d06092a864886f70d010101050003818d0030818902818100c7f1d938c2a432dbe26d213a488b5dbd727fb15d7465262b3f57bcd4c05afa9504fe24c41d40c7baf9a7c5d4800a4e5c0b7fa15acfa476b81e037c62311d1c00c76ed84a00019cf05440d5da88d812d30301adb3de857e5dd66607b1a3fa6550e389ba5157a9ded945807b86d4da235163b3979c1df4876a0a3f2bc61514c4190203010001a37d307b30160603551d250101ff040c300a06082b0601050507030330200603551d07041930178615687474703a2f2f6c69627764692e616b656f2e6965303f0603551d2004383036303406082b060105050702013028302606082b06010505070201161a687474703a2f2f6c69627764692d6370732e616b656f2e696500300d06092a864886f70d0101050500038181004f204b82d4e979353124bab8ae573107eb94ee0c05b44d737f7220580c3b688cbd29b728c6006008379657639555aa069296d676f91b1a83718152f76e148b05f33872e5dc92c16643d5385c286179f1fd8bdd820986bee43090423eb970365902c3432d581a08abc46b4ac61341610a33aff3de69e9402a19a6f6051bfdd91b	move-display-driver-installer.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\400AD8F92EF9445A4B101365446A8D4D187233B9\Blob = 0f0000000100000014000000095a6624113e7d96fe6764fc46a147c9ed16cc010b000000010000000e0000006c0069006200770064006900000002000000010000004c0000001c0000000000000001000000200000000000000000000000020000006c006900620077006400690020006b0065007900200063006f006e007400610069006e00650072000000000000000000030000000100000014000000400ad8f92ef9445a4b101365446a8d4d187233b92000000001000000e4020000308202e030820249a00302010202107661f506013cdc9f44c7fc5d8c715cf9300d06092a864886f70d0101050500306f316d306b06035504031e64005500530042005c005600490044005f00320039003800320026005000490044005f00310039003500380026004d0049005f0030003000200028006c006900620077006400690020006100750074006f00670065006e0065007200610074006500640029301e170d3235303230313134353235365a170d3239303130313030303030305a306f316d306b06035504031e64005500530042005c005600490044005f00320039003800320026005000490044005f00310039003500380026004d0049005f0030003000200028006c006900620077006400690020006100750074006f00670065006e006500720061007400650064002930819f300d06092a864886f70d010101050003818d0030818902818100c7f1d938c2a432dbe26d213a488b5dbd727fb15d7465262b3f57bcd4c05afa9504fe24c41d40c7baf9a7c5d4800a4e5c0b7fa15acfa476b81e037c62311d1c00c76ed84a00019cf05440d5da88d812d30301adb3de857e5dd66607b1a3fa6550e389ba5157a9ded945807b86d4da235163b3979c1df4876a0a3f2bc61514c4190203010001a37d307b30160603551d250101ff040c300a06082b0601050507030330200603551d07041930178615687474703a2f2f6c69627764692e616b656f2e6965303f0603551d2004383036303406082b060105050702013028302606082b06010505070201161a687474703a2f2f6c69627764692d6370732e616b656f2e696500300d06092a864886f70d0101050500038181004f204b82d4e979353124bab8ae573107eb94ee0c05b44d737f7220580c3b688cbd29b728c6006008379657639555aa069296d676f91b1a83718152f76e148b05f33872e5dc92c16643d5385c286179f1fd8bdd820986bee43090423eb970365902c3432d581a08abc46b4ac61341610a33aff3de69e9402a19a6f6051bfdd91b	move-display-driver-installer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\400AD8F92EF9445A4B101365446A8D4D187233B9	move-display-driver-installer.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\400AD8F92EF9445A4B101365446A8D4D187233B9\Blob = 030000000100000014000000400ad8f92ef9445a4b101365446a8d4d187233b92000000001000000e4020000308202e030820249a00302010202107661f506013cdc9f44c7fc5d8c715cf9300d06092a864886f70d0101050500306f316d306b06035504031e64005500530042005c005600490044005f00320039003800320026005000490044005f00310039003500380026004d0049005f0030003000200028006c006900620077006400690020006100750074006f00670065006e0065007200610074006500640029301e170d3235303230313134353235365a170d3239303130313030303030305a306f316d306b06035504031e64005500530042005c005600490044005f00320039003800320026005000490044005f00310039003500380026004d0049005f0030003000200028006c006900620077006400690020006100750074006f00670065006e006500720061007400650064002930819f300d06092a864886f70d010101050003818d0030818902818100c7f1d938c2a432dbe26d213a488b5dbd727fb15d7465262b3f57bcd4c05afa9504fe24c41d40c7baf9a7c5d4800a4e5c0b7fa15acfa476b81e037c62311d1c00c76ed84a00019cf05440d5da88d812d30301adb3de857e5dd66607b1a3fa6550e389ba5157a9ded945807b86d4da235163b3979c1df4876a0a3f2bc61514c4190203010001a37d307b30160603551d250101ff040c300a06082b0601050507030330200603551d07041930178615687474703a2f2f6c69627764692e616b656f2e6965303f0603551d2004383036303406082b060105050702013028302606082b06010505070201161a687474703a2f2f6c69627764692d6370732e616b656f2e696500300d06092a864886f70d0101050500038181004f204b82d4e979353124bab8ae573107eb94ee0c05b44d737f7220580c3b688cbd29b728c6006008379657639555aa069296d676f91b1a83718152f76e148b05f33872e5dc92c16643d5385c286179f1fd8bdd820986bee43090423eb970365902c3432d581a08abc46b4ac61341610a33aff3de69e9402a19a6f6051bfdd91b	move-display-driver-installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\400AD8F92EF9445A4B101365446A8D4D187233B9	move-display-driver-installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\400AD8F92EF9445A4B101365446A8D4D187233B9	move-display-driver-installer.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\400AD8F92EF9445A4B101365446A8D4D187233B9\Blob = 0b000000010000000e0000006c00690062007700640069000000030000000100000014000000400ad8f92ef9445a4b101365446a8d4d187233b92000000001000000e4020000308202e030820249a00302010202107661f506013cdc9f44c7fc5d8c715cf9300d06092a864886f70d0101050500306f316d306b06035504031e64005500530042005c005600490044005f00320039003800320026005000490044005f00310039003500380026004d0049005f0030003000200028006c006900620077006400690020006100750074006f00670065006e0065007200610074006500640029301e170d3235303230313134353235365a170d3239303130313030303030305a306f316d306b06035504031e64005500530042005c005600490044005f00320039003800320026005000490044005f00310039003500380026004d0049005f0030003000200028006c006900620077006400690020006100750074006f00670065006e006500720061007400650064002930819f300d06092a864886f70d010101050003818d0030818902818100c7f1d938c2a432dbe26d213a488b5dbd727fb15d7465262b3f57bcd4c05afa9504fe24c41d40c7baf9a7c5d4800a4e5c0b7fa15acfa476b81e037c62311d1c00c76ed84a00019cf05440d5da88d812d30301adb3de857e5dd66607b1a3fa6550e389ba5157a9ded945807b86d4da235163b3979c1df4876a0a3f2bc61514c4190203010001a37d307b30160603551d250101ff040c300a06082b0601050507030330200603551d07041930178615687474703a2f2f6c69627764692e616b656f2e6965303f0603551d2004383036303406082b060105050702013028302606082b06010505070201161a687474703a2f2f6c69627764692d6370732e616b656f2e696500300d06092a864886f70d0101050500038181004f204b82d4e979353124bab8ae573107eb94ee0c05b44d737f7220580c3b688cbd29b728c6006008379657639555aa069296d676f91b1a83718152f76e148b05f33872e5dc92c16643d5385c286179f1fd8bdd820986bee43090423eb970365902c3432d581a08abc46b4ac61341610a33aff3de69e9402a19a6f6051bfdd91b	move-display-driver-installer.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\ABLETON LIVE 12 SUITE v12.1.0 WIN.zip:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 27 IoCs

pid	Process
2824	msedge.exe
2824	msedge.exe
4204	msedge.exe
4204	msedge.exe
4400	msedge.exe
4400	msedge.exe
2108	identity_helper.exe
2108	identity_helper.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
3024	msedge.exe
3024	msedge.exe
1216	msiexec.exe
1216	msiexec.exe
1216	msiexec.exe
1216	msiexec.exe
1216	msiexec.exe
1216	msiexec.exe
1216	msiexec.exe
1216	msiexec.exe
1216	msiexec.exe
1216	msiexec.exe
2984	powershell.exe
2984	powershell.exe
2984	powershell.exe

Suspicious behavior: LoadsDriver 7 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
648	Process not Found
648	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeBackupPrivilege	2524	vssvc.exe
Token: SeRestorePrivilege	2524	vssvc.exe
Token: SeAuditPrivilege	2524	vssvc.exe
Token: SeBackupPrivilege	2032	srtasks.exe
Token: SeRestorePrivilege	2032	srtasks.exe
Token: SeSecurityPrivilege	2032	srtasks.exe
Token: SeTakeOwnershipPrivilege	2032	srtasks.exe
Token: SeBackupPrivilege	2032	srtasks.exe
Token: SeRestorePrivilege	2032	srtasks.exe
Token: SeSecurityPrivilege	2032	srtasks.exe
Token: SeTakeOwnershipPrivilege	2032	srtasks.exe
Token: SeShutdownPrivilege	2832	VC_redist.x64.exe
Token: SeIncreaseQuotaPrivilege	2832	VC_redist.x64.exe
Token: SeSecurityPrivilege	1216	msiexec.exe
Token: SeCreateTokenPrivilege	2832	VC_redist.x64.exe
Token: SeAssignPrimaryTokenPrivilege	2832	VC_redist.x64.exe
Token: SeLockMemoryPrivilege	2832	VC_redist.x64.exe
Token: SeIncreaseQuotaPrivilege	2832	VC_redist.x64.exe
Token: SeMachineAccountPrivilege	2832	VC_redist.x64.exe
Token: SeTcbPrivilege	2832	VC_redist.x64.exe
Token: SeSecurityPrivilege	2832	VC_redist.x64.exe
Token: SeTakeOwnershipPrivilege	2832	VC_redist.x64.exe
Token: SeLoadDriverPrivilege	2832	VC_redist.x64.exe
Token: SeSystemProfilePrivilege	2832	VC_redist.x64.exe
Token: SeSystemtimePrivilege	2832	VC_redist.x64.exe
Token: SeProfSingleProcessPrivilege	2832	VC_redist.x64.exe
Token: SeIncBasePriorityPrivilege	2832	VC_redist.x64.exe
Token: SeCreatePagefilePrivilege	2832	VC_redist.x64.exe
Token: SeCreatePermanentPrivilege	2832	VC_redist.x64.exe
Token: SeBackupPrivilege	2832	VC_redist.x64.exe
Token: SeRestorePrivilege	2832	VC_redist.x64.exe
Token: SeShutdownPrivilege	2832	VC_redist.x64.exe
Token: SeDebugPrivilege	2832	VC_redist.x64.exe
Token: SeAuditPrivilege	2832	VC_redist.x64.exe
Token: SeSystemEnvironmentPrivilege	2832	VC_redist.x64.exe
Token: SeChangeNotifyPrivilege	2832	VC_redist.x64.exe
Token: SeRemoteShutdownPrivilege	2832	VC_redist.x64.exe
Token: SeUndockPrivilege	2832	VC_redist.x64.exe
Token: SeSyncAgentPrivilege	2832	VC_redist.x64.exe
Token: SeEnableDelegationPrivilege	2832	VC_redist.x64.exe
Token: SeManageVolumePrivilege	2832	VC_redist.x64.exe
Token: SeImpersonatePrivilege	2832	VC_redist.x64.exe
Token: SeCreateGlobalPrivilege	2832	VC_redist.x64.exe
Token: SeRestorePrivilege	1216	msiexec.exe
Token: SeTakeOwnershipPrivilege	1216	msiexec.exe
Token: SeRestorePrivilege	1216	msiexec.exe
Token: SeTakeOwnershipPrivilege	1216	msiexec.exe
Token: SeRestorePrivilege	1216	msiexec.exe
Token: SeTakeOwnershipPrivilege	1216	msiexec.exe
Token: SeRestorePrivilege	1216	msiexec.exe
Token: SeTakeOwnershipPrivilege	1216	msiexec.exe
Token: SeRestorePrivilege	1216	msiexec.exe
Token: SeTakeOwnershipPrivilege	1216	msiexec.exe
Token: SeRestorePrivilege	1216	msiexec.exe
Token: SeTakeOwnershipPrivilege	1216	msiexec.exe
Token: SeRestorePrivilege	1216	msiexec.exe
Token: SeTakeOwnershipPrivilege	1216	msiexec.exe
Token: SeRestorePrivilege	1216	msiexec.exe
Token: SeTakeOwnershipPrivilege	1216	msiexec.exe
Token: SeRestorePrivilege	1216	msiexec.exe
Token: SeTakeOwnershipPrivilege	1216	msiexec.exe
Token: SeRestorePrivilege	1216	msiexec.exe
Token: SeTakeOwnershipPrivilege	1216	msiexec.exe
Token: SeRestorePrivilege	1216	msiexec.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1084	Ableton_KeyGen.exe
1960	keygen.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4204 wrote to memory of 3252	4204	msedge.exe	78
PID 4204 wrote to memory of 3252	4204	msedge.exe	78
PID 4204 wrote to memory of 1528	4204	msedge.exe	79
PID 4204 wrote to memory of 1528	4204	msedge.exe	79
PID 4204 wrote to memory of 1528	4204	msedge.exe	79
PID 4204 wrote to memory of 1528	4204	msedge.exe	79
PID 4204 wrote to memory of 1528	4204	msedge.exe	79
PID 4204 wrote to memory of 1528	4204	msedge.exe	79
PID 4204 wrote to memory of 1528	4204	msedge.exe	79
PID 4204 wrote to memory of 1528	4204	msedge.exe	79
PID 4204 wrote to memory of 1528	4204	msedge.exe	79
PID 4204 wrote to memory of 1528	4204	msedge.exe	79
PID 4204 wrote to memory of 1528	4204	msedge.exe	79
PID 4204 wrote to memory of 1528	4204	msedge.exe	79
PID 4204 wrote to memory of 1528	4204	msedge.exe	79
PID 4204 wrote to memory of 1528	4204	msedge.exe	79
PID 4204 wrote to memory of 1528	4204	msedge.exe	79
PID 4204 wrote to memory of 1528	4204	msedge.exe	79
PID 4204 wrote to memory of 1528	4204	msedge.exe	79
PID 4204 wrote to memory of 1528	4204	msedge.exe	79
PID 4204 wrote to memory of 1528	4204	msedge.exe	79
PID 4204 wrote to memory of 1528	4204	msedge.exe	79
PID 4204 wrote to memory of 1528	4204	msedge.exe	79
PID 4204 wrote to memory of 1528	4204	msedge.exe	79
PID 4204 wrote to memory of 1528	4204	msedge.exe	79
PID 4204 wrote to memory of 1528	4204	msedge.exe	79
PID 4204 wrote to memory of 1528	4204	msedge.exe	79
PID 4204 wrote to memory of 1528	4204	msedge.exe	79
PID 4204 wrote to memory of 1528	4204	msedge.exe	79
PID 4204 wrote to memory of 1528	4204	msedge.exe	79
PID 4204 wrote to memory of 1528	4204	msedge.exe	79
PID 4204 wrote to memory of 1528	4204	msedge.exe	79
PID 4204 wrote to memory of 1528	4204	msedge.exe	79
PID 4204 wrote to memory of 1528	4204	msedge.exe	79
PID 4204 wrote to memory of 1528	4204	msedge.exe	79
PID 4204 wrote to memory of 1528	4204	msedge.exe	79
PID 4204 wrote to memory of 1528	4204	msedge.exe	79
PID 4204 wrote to memory of 1528	4204	msedge.exe	79
PID 4204 wrote to memory of 1528	4204	msedge.exe	79
PID 4204 wrote to memory of 1528	4204	msedge.exe	79
PID 4204 wrote to memory of 1528	4204	msedge.exe	79
PID 4204 wrote to memory of 1528	4204	msedge.exe	79
PID 4204 wrote to memory of 2824	4204	msedge.exe	80
PID 4204 wrote to memory of 2824	4204	msedge.exe	80
PID 4204 wrote to memory of 2620	4204	msedge.exe	81
PID 4204 wrote to memory of 2620	4204	msedge.exe	81
PID 4204 wrote to memory of 2620	4204	msedge.exe	81
PID 4204 wrote to memory of 2620	4204	msedge.exe	81
PID 4204 wrote to memory of 2620	4204	msedge.exe	81
PID 4204 wrote to memory of 2620	4204	msedge.exe	81
PID 4204 wrote to memory of 2620	4204	msedge.exe	81
PID 4204 wrote to memory of 2620	4204	msedge.exe	81
PID 4204 wrote to memory of 2620	4204	msedge.exe	81
PID 4204 wrote to memory of 2620	4204	msedge.exe	81
PID 4204 wrote to memory of 2620	4204	msedge.exe	81
PID 4204 wrote to memory of 2620	4204	msedge.exe	81
PID 4204 wrote to memory of 2620	4204	msedge.exe	81
PID 4204 wrote to memory of 2620	4204	msedge.exe	81
PID 4204 wrote to memory of 2620	4204	msedge.exe	81
PID 4204 wrote to memory of 2620	4204	msedge.exe	81
PID 4204 wrote to memory of 2620	4204	msedge.exe	81
PID 4204 wrote to memory of 2620	4204	msedge.exe	81
PID 4204 wrote to memory of 2620	4204	msedge.exe	81
PID 4204 wrote to memory of 2620	4204	msedge.exe	81

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/1ZPLsxYhJTl08W-8xLyUILsejGP_jTxbL/view?usp=sharing
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa41d63cb8,0x7ffa41d63cc8,0x7ffa41d63cd8
  2⤵
  PID:3252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1872,13907927206798535641,4452415340821677006,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1892 /prefetch:2
  2⤵
  PID:1528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1872,13907927206798535641,4452415340821677006,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1872,13907927206798535641,4452415340821677006,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8
  2⤵
  PID:2620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,13907927206798535641,4452415340821677006,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:3924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,13907927206798535641,4452415340821677006,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:4992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,13907927206798535641,4452415340821677006,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:1
  2⤵
  PID:1376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,13907927206798535641,4452415340821677006,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
  2⤵
  PID:4012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1872,13907927206798535641,4452415340821677006,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5444 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,13907927206798535641,4452415340821677006,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6412 /prefetch:1
  2⤵
  PID:3560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,13907927206798535641,4452415340821677006,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6300 /prefetch:1
  2⤵
  PID:1784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,13907927206798535641,4452415340821677006,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6520 /prefetch:1
  2⤵
  PID:596
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1872,13907927206798535641,4452415340821677006,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6540 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,13907927206798535641,4452415340821677006,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4656 /prefetch:1
  2⤵
  PID:3160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,13907927206798535641,4452415340821677006,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6756 /prefetch:1
  2⤵
  PID:2276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1872,13907927206798535641,4452415340821677006,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=7420 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1872,13907927206798535641,4452415340821677006,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5800 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:3024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,13907927206798535641,4452415340821677006,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6236 /prefetch:1
  2⤵
  PID:4172

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:572

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:664

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2960

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\ABLETON LIVE 12 SUITE v12.1.0 WIN\ABLETON LIVE 12 SUITE v12.1.0 WIN\INSTALLATION.txt
1⤵
PID:2296

C:\Users\Admin\Downloads\ABLETON LIVE 12 SUITE v12.1.0 WIN\ABLETON LIVE 12 SUITE v12.1.0 WIN\Ableton Live 12 Suite Installer.exe
"C:\Users\Admin\Downloads\ABLETON LIVE 12 SUITE v12.1.0 WIN\ABLETON LIVE 12 SUITE v12.1.0 WIN\Ableton Live 12 Suite Installer.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2704
- C:\Windows\TEMP\{484DE51E-D644-40E3-B3D2-04FE426119D9}\.cr\Ableton Live 12 Suite Installer.exe
  "C:\Windows\TEMP\{484DE51E-D644-40E3-B3D2-04FE426119D9}\.cr\Ableton Live 12 Suite Installer.exe" -burn.clean.room="C:\Users\Admin\Downloads\ABLETON LIVE 12 SUITE v12.1.0 WIN\ABLETON LIVE 12 SUITE v12.1.0 WIN\Ableton Live 12 Suite Installer.exe" -burn.filehandle.attached=776 -burn.filehandle.self=780
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:944
- - C:\Windows\TEMP\{8418C79B-8BFF-4017-90D4-19FA089207D3}\.be\Ableton Live 12 Suite Installer.exe
    "C:\Windows\TEMP\{8418C79B-8BFF-4017-90D4-19FA089207D3}\.be\Ableton Live 12 Suite Installer.exe" -q -burn.elevated BurnPipe.{599EF75C-B9A0-4A8A-BF7D-1E393577F638} {B516F363-E021-4474-8BA4-7119D4E707FC} 944
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    PID:3704
  - - C:\ProgramData\Package Cache\70A888D5891EFD2A48D33C22F35E9178BD113032162DC5A170E7C56F2D592E3C\vc_redist.x64.exe
      "C:\ProgramData\Package Cache\70A888D5891EFD2A48D33C22F35E9178BD113032162DC5A170E7C56F2D592E3C\vc_redist.x64.exe" /install /passive /norestart
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:792
    - - C:\Windows\Temp\{306EEDF4-F4BE-4D1B-BD0E-AB0CFA728460}\.cr\vc_redist.x64.exe
        
        "C:\Windows\Temp\{306EEDF4-F4BE-4D1B-BD0E-AB0CFA728460}\.cr\vc_redist.x64.exe" -burn.clean.room="C:\ProgramData\Package Cache\70A888D5891EFD2A48D33C22F35E9178BD113032162DC5A170E7C56F2D592E3C\vc_redist.x64.exe" -burn.filehandle.attached=592 -burn.filehandle.self=600 /install /passive /norestart
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:4908
      - C:\Windows\Temp\{4150EFF4-F8B3-40E0-9BC5-1BF437BE3F97}\.be\VC_redist.x64.exe
        
        "C:\Windows\Temp\{4150EFF4-F8B3-40E0-9BC5-1BF437BE3F97}\.be\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{29609A29-7353-4DF8-9D56-9F850079C1AE} {46D17632-6051-4D17-90BA-3FE54807FCE4} 4908
        6⤵
        Executes dropped EXE
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        Suspicious use of AdjustPrivilegeToken
        
        PID:2832
        
        C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
        
        "C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -uninstall -quiet -burn.related.upgrade -burn.ancestors={8bdfe669-9705-4184-9368-db9ce581e0e7} -burn.filehandle.self=588 -burn.embedded BurnPipe.{F3802E6D-BD6B-48CD-BE31-B02B56F79F70} {B9140DEE-0DE5-4AE6-A268-BC1F6E417762} 2832
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4576
        
        C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
        
        "C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -burn.clean.room="C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -burn.filehandle.attached=572 -burn.filehandle.self=592 -uninstall -quiet -burn.related.upgrade -burn.ancestors={8bdfe669-9705-4184-9368-db9ce581e0e7} -burn.filehandle.self=588 -burn.embedded BurnPipe.{F3802E6D-BD6B-48CD-BE31-B02B56F79F70} {B9140DEE-0DE5-4AE6-A268-BC1F6E417762} 2832
        8⤵
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:2712
        
        C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
        
        "C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{D50EC81B-0B8F-4A00-B77D-769269FA1799} {A7BEEA1C-AE43-49FB-B86C-BCCB929F2F48} 2712
        9⤵
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:3848

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:776

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
PID:2524

C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2032

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Blocklisted process makes network request
- Drops desktop.ini file(s)
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1216
- C:\Windows\System32\MsiExec.exe
  C:\Windows\System32\MsiExec.exe -Embedding 790EA060F04C1F794DD32F97D2C521AD
  2⤵
  - Loads dropped DLL
  PID:1124
- - C:\Windows\Installer\{2DEE5284-A470-418D-A923-0B6B1578DE3A}\tlsetupfx.exe
    "C:\Windows\Installer\{2DEE5284-A470-418D-A923-0B6B1578DE3A}\tlsetupfx.exe" task IsCurrentSystemSupported --cfg "C:\Windows\Installer\{2DEE5284-A470-418D-A923-0B6B1578DE3A}\pckHtUoGQayNxP\x64\tlsetupfx_main.xml" --logfile "C:\Users\Admin\AppData\Local\Temp\tlsetupfx.log" -v
    3⤵
    - Executes dropped EXE
    PID:1644
- - C:\Windows\Installer\{E7A32ED7-D193-4BF8-88A0-B715574A2668}\tlsetupfx.exe
    "C:\Windows\Installer\{E7A32ED7-D193-4BF8-88A0-B715574A2668}\tlsetupfx.exe" task CheckRequirementsToStart --cfg "C:\Windows\Installer\{E7A32ED7-D193-4BF8-88A0-B715574A2668}\pckHtUoGQayNxP\x64\tlsetupfx_main.xml" --logfile "C:\Users\Admin\AppData\Local\Temp\tlsetupfx.log" --target "C:\Windows\Installer\{E7A32ED7-D193-4BF8-88A0-B715574A2668}\pckHtUoGQayNxP\x64" -v
    3⤵
    - Executes dropped EXE
    PID:2168
- C:\Windows\System32\MsiExec.exe
  C:\Windows\System32\MsiExec.exe -Embedding E4198EE48724783A5C0F94EBBF64074F E Global\MSI0000
  2⤵
  - Loads dropped DLL
  - Drops file in Windows directory
  PID:1540
- - C:\Windows\Installer\{564F61C6-7D04-4B19-91F4-C9570AC062A6}\tlsetupfx.exe
    "C:\Windows\Installer\{564F61C6-7D04-4B19-91F4-C9570AC062A6}\tlsetupfx.exe" task LegacyUninstall --cfg "C:\Windows\Installer\{564F61C6-7D04-4B19-91F4-C9570AC062A6}\pckHtUoGQayNxP\x64\tlsetupfx_main.xml" --logfile "C:\Users\Admin\AppData\Local\Temp\tlsetupfx.log" --target "C:\Windows\Installer\{564F61C6-7D04-4B19-91F4-C9570AC062A6}\pckHtUoGQayNxP\x64" --result "C:\Users\Admin\AppData\Local\Temp\{8FD4898F-77B3-4DC3-BEF5-FFA6967EB3D1}\pckHtUoGQayNxP\tlsetupfx_result.xml" -v
    3⤵
    - Executes dropped EXE
    PID:2268
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:1644
- - C:\Windows\Installer\{9EB6A2F0-740F-4F13-9592-84F0D67C0DD1}\tlsetupfx.exe
    "C:\Windows\Installer\{9EB6A2F0-740F-4F13-9592-84F0D67C0DD1}\tlsetupfx.exe" task PrepareInstall --cfg "C:\Windows\Installer\{9EB6A2F0-740F-4F13-9592-84F0D67C0DD1}\pckHtUoGQayNxP\x64\tlsetupfx_main.xml" --logfile "C:\Users\Admin\AppData\Local\Temp\tlsetupfx.log" --target "C:\Windows\Installer\{9EB6A2F0-740F-4F13-9592-84F0D67C0DD1}\pckHtUoGQayNxP\x64" --result "C:\Users\Admin\AppData\Local\Temp\{8FD4898F-77B3-4DC3-BEF5-FFA6967EB3D1}\pckHtUoGQayNxP\tlsetupfx_result.xml" -v
    3⤵
    - Executes dropped EXE
    PID:2468
  - - C:\Windows\Installer\{9EB6A2F0-740F-4F13-9592-84F0D67C0DD1}\pckHtUoGQayNxP\x64\AbletonAudioCpl.exe
      "C:\Windows\Installer\{9EB6A2F0-740F-4F13-9592-84F0D67C0DD1}\pckHtUoGQayNxP\x64\AbletonAudioCpl.exe" -exitall
      4⤵
      Executes dropped EXE
      PID:2512
- - C:\Windows\Installer\{D766854D-7739-44F1-9E9E-CDD222E6C5C3}\tlsetupfx.exe
    "C:\Windows\Installer\{D766854D-7739-44F1-9E9E-CDD222E6C5C3}\tlsetupfx.exe" task Uninstall --cfg "C:\Windows\Installer\{D766854D-7739-44F1-9E9E-CDD222E6C5C3}\pckHtUoGQayNxP\x64\tlsetupfx_main.xml" --logfile "C:\Users\Admin\AppData\Local\Temp\tlsetupfx.log" --target "C:\Windows\Installer\{D766854D-7739-44F1-9E9E-CDD222E6C5C3}\pckHtUoGQayNxP\x64" -v
    3⤵
    - Executes dropped EXE
    - Drops file in Windows directory
    - Checks SCSI registry key(s)
    PID:2960
  - - C:\Windows\Installer\{D766854D-7739-44F1-9E9E-CDD222E6C5C3}\pckHtUoGQayNxP\x64\AbletonAudioCpl.exe
      "C:\Windows\Installer\{D766854D-7739-44F1-9E9E-CDD222E6C5C3}\pckHtUoGQayNxP\x64\AbletonAudioCpl.exe" -exitall
      4⤵
      Executes dropped EXE
      PID:1512
  - - C:\Windows\system32\regsvr32.exe
      regsvr32 /u /s "C:\Windows\Installer\{D766854D-7739-44F1-9E9E-CDD222E6C5C3}\pckHtUoGQayNxP\x64\AbletonAudioapi.dll"
      4⤵
      PID:1892
    - - C:\Windows\SysWOW64\regsvr32.exe
        
        /u /s "C:\Windows\Installer\{D766854D-7739-44F1-9E9E-CDD222E6C5C3}\pckHtUoGQayNxP\x64\AbletonAudioapi.dll"
        5⤵
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:416
  - - C:\Windows\system32\regsvr32.exe
      regsvr32 /u /s "C:\Windows\Installer\{D766854D-7739-44F1-9E9E-CDD222E6C5C3}\pckHtUoGQayNxP\x64\AbletonAudioapi_x64.dll"
      4⤵
      Loads dropped DLL
      PID:2280
  - - C:\Windows\system32\regsvr32.exe
      regsvr32 /u /s "C:\Windows\Installer\{D766854D-7739-44F1-9E9E-CDD222E6C5C3}\pckHtUoGQayNxP\x64\AbletonAudioasio.dll"
      4⤵
      PID:4364
    - - C:\Windows\SysWOW64\regsvr32.exe
        
        /u /s "C:\Windows\Installer\{D766854D-7739-44F1-9E9E-CDD222E6C5C3}\pckHtUoGQayNxP\x64\AbletonAudioasio.dll"
        5⤵
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:2172
  - - C:\Windows\system32\regsvr32.exe
      regsvr32 /u /s "C:\Windows\Installer\{D766854D-7739-44F1-9E9E-CDD222E6C5C3}\pckHtUoGQayNxP\x64\AbletonAudioasio_x64.dll"
      4⤵
      Loads dropped DLL
      PID:2472
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding A257EC27D285B23131F198F037239270 E Global\MSI0000
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2508
- - C:\ProgramData\Ableton\Live 12 Suite\Program\InstallHelper.exe
    "C:\ProgramData\Ableton\Live 12 Suite\Program\InstallHelper.exe" --register --app "C:\ProgramData\Ableton\Live 12 Suite\Program\Ableton Live 12 Suite.exe" --icon "C:\ProgramData\Ableton\Live 12 Suite\Resources\Icons" --rewire-slave-engine-dll "C:\ProgramData\Ableton\Live 12 Suite\Program\Ableton Live Engine.dll" --push-display-installer "C:\ProgramData\Ableton\Live 12 Suite\Redist\push2-display-driver-installer.exe" --move-display-installer "C:\ProgramData\Ableton\Live 12 Suite\Redist\move-display-driver-installer.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Program Files directory
    - Modifies data under HKEY_USERS
    - Modifies registry class
    PID:948
  - - C:\Windows\system32\pnputil.exe
      C:\Windows\system32\pnputil.exe /enum-drivers
      4⤵
      PID:2524
  - - C:\ProgramData\Ableton\Live 12 Suite\Redist\move-display-driver-installer.exe
      "C:\ProgramData\Ableton\Live 12 Suite\Redist\move-display-driver-installer.exe"
      4⤵
      Manipulates Digital Signatures
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Modifies data under HKEY_USERS
      Modifies system certificate store
      PID:3332
    - - C:\Users\Admin\AppData\Local\Temp\ableton_move_driver\installer_x64.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ableton_move_driver\installer_x64.exe" "move_display.inf"
        5⤵
        Executes dropped EXE
        Drops file in System32 directory
        Modifies data under HKEY_USERS
        
        PID:240
  - - C:\ProgramData\Ableton\Live 12 Suite\Redist\push2-display-driver-installer.exe
      "C:\ProgramData\Ableton\Live 12 Suite\Redist\push2-display-driver-installer.exe"
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:2096
- - C:\Windows\SysWOW64\icacls.exe
    "icacls.exe" "C:\ProgramData\Ableton\Live 12 Suite" "/Q" "/C" "/t" "/grant" "*S-1-1-0:(F)"
    3⤵
    - Modifies file permissions
    - System Location Discovery: System Language Discovery
    PID:4576
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 0AB5EF0A1CC9FEB502CEFCC96C92659C
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:3752
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    "powershell" "-ExecutionPolicy" "Bypass" "-NoLogo" "-NonInteractive" "-NoProfile" "-Command" "$w = New-Object -comObject WScript.Shell; $s = $w.CreateShortcut('C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ableton Live 12 Suite.lnk'); $s.TargetPath = 'C:\ProgramData\Ableton\Live 12 Suite\Program\Ableton Live 12 Suite.exe'; $s.Save()"
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:2984

C:\Windows\System32\oobe\UserOOBEBroker.exe
C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
1⤵
- Drops file in Windows directory
PID:1800

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
1⤵
- System Location Discovery: System Language Discovery
PID:1268

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
1⤵
- Checks SCSI registry key(s)
PID:4400
- C:\Windows\system32\DrvInst.exe
  DrvInst.exe "4" "1" "C:\Users\Admin\AppData\Local\Temp\ableton_move_driver\move_display.inf" "9" "4ee9b1833" "0000000000000150" "WinSta0\Default" "0000000000000140" "208" "C:\Users\Admin\AppData\Local\Temp\ableton_move_driver"
  2⤵
  - Manipulates Digital Signatures
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  - Modifies data under HKEY_USERS
  PID:3564

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc
1⤵
PID:3488

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s WPDBusEnum
1⤵
PID:1368

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc
1⤵
PID:1276

C:\Users\Admin\Downloads\ABLETON LIVE 12 SUITE v12.1.0 WIN\ABLETON LIVE 12 SUITE v12.1.0 WIN\Ableton_KeyGen.exe
"C:\Users\Admin\Downloads\ABLETON LIVE 12 SUITE v12.1.0 WIN\ABLETON LIVE 12 SUITE v12.1.0 WIN\Ableton_KeyGen.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1084
- C:\Users\Admin\AppData\Local\Temp\keygen.exe
  C:\Users\Admin\AppData\Local\Temp\keygen.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:1960

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004CC 0x00000000000004D0
1⤵
PID:3748

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

File and Directory Permissions Modification

T1222

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e60364c.rbs

Filesize
19KB

MD5
72d48c039e641e9d67004fbe2522f0a8

SHA1
011d490cc9ba3574242bab0b213b3d0ef162c8ca

SHA256
691476aa7476a8df252b346acb7bc220995a536ab6777e59089748d8d53ab4c5

SHA512
489dbac9ee448409df7ee22312835b8c5cce246134d932e6b8e4471ba7687160eb78501f8285cf91de17aea0afaf18e10a5ac4d6f106891eed9f06be64634ff6

Download Submit
C:\Config.Msi\e603658.rbs

Filesize
19KB

MD5
db8da2eab4be01bb8b097ab9cee8b422

SHA1
bdeb91a9eb04447cb4a2c877a04752ed0434951a

SHA256
576866722af5076452add3a9a420e77a66f3402e871b9f60635c34fa8b223d05

SHA512
1286d5eac64eb6a1f0783e439f9ea16208133e20d32c70eb700898513642b28aaaec605a967c10ad3578962a5b764db8ca9700013a6aa7bd6d8ff9efdb813fa1

Download Submit
C:\Config.Msi\e60365f.rbs

Filesize
21KB

MD5
cf89cbd4850c883cd232961a666b3850

SHA1
a76b077a3c0ffebcc63c736519cd911872da1656

SHA256
52cfee7f4390d9019a0555cded5c13ad2c8116158c45528e16135b5f143a3d5d

SHA512
b04537d915ecca5ca10c41b8fdcb8c722884b2c5d6b83e6dcf455bf57ceb1cbd08fcb9f6ba5b24a6d7530eebee1c0147b49169450947954af6ddcf2da4e07d17

Download Submit
C:\Config.Msi\e60366e.rbs

Filesize
21KB

MD5
c4bd9823e157be8d265557cd81058499

SHA1
64d7fd6f6b9887664378b850acf4ec1e185e0459

SHA256
8155af63b47d68c8d2274a97767b0204f8371a6a0301213d500b6e60a1636550

SHA512
958eeffa55e280f71b6800da170be4cbbd434e536d7ecd981a832345d793cc01c6270b8fef12d642f1eea5b39444c7d342797312e68d9c4407a2fff3b433b1ca

Download Submit
C:\Config.Msi\e603677.rbs

Filesize
16.5MB

MD5
4d535ee7ef7894ba0023aa75ae487b55

SHA1
1bc832e51753b35a73229fe2d7a736d55bfee9f0

SHA256
52a7177c71700cb7efd81a8a40dba01248e0d2337acea0cd3f18907b3207e5ed

SHA512
39e6bf34eb08a2d182d72a96d54032551444e151c4135d342c9a23861f0cc11769b8dd2ad1022fd0ed1df8ea191e333052a296c278c8d14b6bce3960023800d4

Download Submit
C:\ProgramData\Ableton\Live 12 Suite\Program\Push\python3_dist\site-packages\multipledispatch-1.0.0\multipledispatch-1.0.0.dist-info\INSTALLER

Filesize
4B

MD5
365c9bfeb7d89244f2ce01c1de44cb85

SHA1
d7a03141d5d6b1e88b6b59ef08b6681df212c599

SHA256
ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508

SHA512
d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

Download Submit
C:\ProgramData\Ableton\Live 12 Suite\Program\Push\python3_dist\site-packages\sentry-sdk-1.32.0\sentry_sdk.egg-info\not-zip-safe

Filesize
1B

MD5
68b329da9893e34099c7d8ad5cb9c940

SHA1
adc83b19e793491b1c6ea0fd8b46cd9f32e592fc

SHA256
01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b

SHA512
be688838ca8686e5c90689bf2ab585cef1137c999b48c70b92f67a5c34dc15697b5d11c982ed6d71be1e1e7f7b4e0733884aa97c3f7a339a8ed03577cf74be09

Download Submit
C:\ProgramData\Ableton\Live 12 Suite\Resources\Core Library\Grooves\Style\Jazz African Shakers 16ths 115 bpm.agr

Filesize
8KB

MD5
3c08c435ee91987674082a4ea1741152

SHA1
59412b1bd3bfbdb69e6905efe1f19b5be55b39c6

SHA256
17c2ab966fb38cc5bf31c13f62180e0c00b8978a2d9199b757fa8f913a8456d0

SHA512
17ba96962e12a4b7f5a83473c88910246d52d9f20d26aa0c3cd69d8787085abd419d271f2ccdd8c25a0143d67d8863874ef33f51627a8b92acd25b3f273832d1

Download Submit
C:\ProgramData\Ableton\Live 12 Suite\Resources\Core Library\Grooves\Swing\Logic\Swing Logic Sub Down 8ths 60.agr

Filesize
6KB

MD5
ed4740594cbf9992f4cdb7a1df99affe

SHA1
27d9e579e68198a9bd0ccbcb7d60feda7d4e8334

SHA256
55f034e6d472676a78e557bc150485ebeab60cf6712b656cbb79e25bc7fd9d33

SHA512
1a4f94a4c9cd56277ea9bbea26f1fc862112dd540a4f2e88a9fd5a8bd9bc87758775bd662d681e684f1c5d359af3c7eb59df2b185e48f0b6b4dcedd19532de0a

Download Submit
C:\ProgramData\Ableton\Live 12 Suite\Resources\Core Library\Grooves\Swing\Notator\Swing Notator 16E.agr

Filesize
28KB

MD5
baecaf5247346ab476a444b207110913

SHA1
054f322ff2eb4f9486fd78fddf3270ee33a387a8

SHA256
8cb82b4e08f3ce80fd9729c4b8ccd540ee58ab2e6c0917530bbc922281a2eef7

SHA512
8cf8bfeb922ecde04d4aabb2fb19971c333495cc5a401cda04958e7c9134128aa9d5cf86251b4b95042986b3874c529e91221d406bae1d6a94cd5b3c4a8f589a

Download Submit
C:\ProgramData\Ableton\Live 12 Suite\Resources\Core Library\Grooves\Swing\Notator\Swing Notator 8D.agr

Filesize
29KB

MD5
9e05f0d97e2835ddba50eb921ed2d161

SHA1
5ebdda6ef752643c35ff10964b9b9812d198dda4

SHA256
a81b08f4f8551a70d7ce2f53a850ca5f6bfefe38c7b5b9e0f38aa96a8dc2f2a5

SHA512
c04eb45bba0baa8d413780e72666b08ae21f642f7f39949b660356f78bead1a42a65c6aa0358d3a2b60cbe161f9d11c03d03a690a28e8980a07e3e892d7e45e6

Download Submit
C:\ProgramData\Ableton\Live 12 Suite\Resources\Core Library\Samples\Loops\Tonal\Synth\EDM Gabba G 128 bpm.wav

Filesize
980KB

MD5
1ec2e136d1a0e9a1b9645c6ee6dd872a

SHA1
1f7fec6def3e0931b40185a0067c28f4881e8a3b

SHA256
beee52046de7c9accddf8cffb752b998627e9ec1e55c58184c7084ef02075422

SHA512
83eeef23a74face1b97bf575354063479dda359b0ca1b8ba310c59771ea6e510a0b83ae43843ae90bc9f84bbac6cdd345697df07dc06a4c02c06f3e2a0c2dc02

Download Submit
C:\ProgramData\Ableton\Live 12 Suite\Resources\Cursors\DragRightEdgeCursor.cur

Filesize
20KB

MD5
98bc86b041955139689a9fbf822b7e73

SHA1
7f6614f23194ffba7691add934cd9a7e4cbffd81

SHA256
444c6f1aaa8490f02bd7ec79d028f376a83a93158b1add125e99f9ad6fff204f

SHA512
f173a42ddce06753f524fa6c4dee460bab28f077b4c485cbbf615d466441c634c5df539c3de15a16c469e8aa948e7e07620eb92a02216ebcb338b8d252201ac5

Download Submit
C:\ProgramData\Ableton\Live 12 Suite\Resources\Max\resources\docs\tutorials\jit-tut\images\jitterchapter30b.png

Filesize
15KB

MD5
d2c49f31671e5737ea98463bd371aa9c

SHA1
16cb1d468b5851c7edefd77b4ffd87bce3e1273d

SHA256
7590aab6ea80db3545595f23132cb041c4208a48af812ea6a3bc8017dbb031e0

SHA512
baf0ba005fc5fafe309e0e02259d48f49d7cfc880ad5c64611b991347228355aaa0ecb895a32251959549137220e9cce32833bd98f23982d0afa93e49e809c36

Download Submit
C:\ProgramData\Ableton\Live 12 Suite\Resources\Max\resources\packages\Node for Max\source\bin\npm\node_modules\@isaacs\cliui\node_modules\emoji-regex\text.js

Filesize
14KB

MD5
b25fe69acc9d8eb982b37d758746e913

SHA1
782e46467828dfe227704d09830298ae86e52127

SHA256
07005fd8527ab9ac801d940ee255890039ce8c8960dffbf5ded08c7a8d89bee0

SHA512
99c93da8c70a5ff47a237e0422aba91209680b1413cdecf6339616d12d2d69e1796527596e8859bf505451fc47b6a00302e8a50e1cd0d806da23b5608e82abd4

Download Submit
C:\ProgramData\Ableton\Live 12 Suite\Resources\Max\resources\packages\Node for Max\source\bin\npm\node_modules\@isaacs\cliui\node_modules\strip-ansi\license

Filesize
1KB

MD5
b862aeb7e1d01452e0f07403591e5a55

SHA1
b8765be74fea9525d978661759be8c11bab5e60e

SHA256
fcf1a18be2e25ba82acf2c59821b030d8ee764e4e201db6ef3c51900d385515f

SHA512
885369fe9b8cb0af1107ee92b52c6a353da7cf75bc86abb622e2b637c81e9c5ffe36b0ac74e11cfb66a7a126b606fe7a27e91f3f4338954c847ed2280af76a5f

Download Submit
C:\ProgramData\Ableton\Live 12 Suite\Resources\Max\resources\packages\Node for Max\source\bin\npm\node_modules\@isaacs\string-locale-compare\LICENSE

Filesize
763B

MD5
7428aa9f83c500c4a434f8848ee23851

SHA1
166b3e1c1b7d7cb7b070108876492529f546219f

SHA256
1fccd0ad2e7e0e31ddfadeaf0660d7318947b425324645aa85afd7227cab52d7

SHA512
c7f01de85f0660560206784cdf159b2bdc5f1bc87131f5a8edf384eba47a113005491520b0a25d3cc425985b5def7b189e18ff76d7d562c434dc5d8c82e90cce

Download Submit
C:\ProgramData\Ableton\Live 12 Suite\Resources\Max\resources\packages\Node for Max\source\bin\npm\node_modules\ansi-styles\license

Filesize
1KB

MD5
5ad87d95c13094fa67f25442ff521efd

SHA1
01f1438a98e1b796e05a74131e6bb9d66c9e8542

SHA256
67292c32894c8ac99db06ffa1cb8e9a5171ef988120723ebe673bf76712260ec

SHA512
7187720ccd335a10c9698f8493d6caa2d404e7b21731009de5f0da51ad5b9604645fbf4bc640aa94513b9eb372aa6a31df2467198989234bc2afbce87f76fbc3

Download Submit
C:\ProgramData\Ableton\Live 12 Suite\Resources\Max\resources\packages\Node for Max\source\bin\npm\node_modules\bin-links\LICENSE

Filesize
754B

MD5
d2cf52aa43e18fdc87562d4c1303f46a

SHA1
58fb4a65fffb438630351e7cafd322579817e5e1

SHA256
45e433413760dc3ae8169be5ed9c2c77adc31ad4d1bc5a28939576df240f29a0

SHA512
54e33d7998b5e9ba76b2c852b4d0493ebb1b1ee3db777c97e6606655325ff66124a0c0857ca4d62de96350dbaee8d20604ec22b0edc17b472086da4babbbcb16

Download Submit
C:\ProgramData\Ableton\Live 12 Suite\Resources\Max\resources\packages\Node for Max\source\bin\npm\node_modules\ini\LICENSE

Filesize
780B

MD5
b020de8f88eacc104c21d6e6cacc636d

SHA1
20b35e641e3a5ea25f012e13d69fab37e3d68d6b

SHA256
3f24d692d165989cd9a00fe35ca15a2bc6859e3361fa42aa20babd435f2e4706

SHA512
4220617e29dd755ad592295bc074d6bc14d44a1feeed5101129669f3ecf0e34eaa4c7c96bbc83da7352631fa262baab45d4a370dad7dabec52b66f1720c28e38

Download Submit
C:\ProgramData\Ableton\Live 12 Suite\Resources\Max\resources\packages\Node for Max\source\bin\npm\node_modules\libnpmsearch\LICENSE

Filesize
730B

MD5
072ac9ab0c4667f8f876becedfe10ee0

SHA1
0227492dcdc7fb8de1d14f9d3421c333230cf8fe

SHA256
2ef361317adeda98117f14c5110182c28eae233af1f7050c83d4396961d14013

SHA512
f38fd6506bd9795bb27d31f1ce38b08c9e6f1689c34fca90e9e1d5194fa064d1f34a9c51d15941506ebbbcd6d4193055e9664892521b7e39ebcd61c3b6f25013

Download Submit
C:\ProgramData\Ableton\Live 12 Suite\Resources\Max\resources\packages\Node for Max\source\bin\npm\node_modules\minipass-collect\node_modules\minipass\package.json

Filesize
1KB

MD5
d116a360376e31950428ed26eae9ffd4

SHA1
192b8e06fb4e1f97e5c5c7bf62a9bff7704c198b

SHA256
c3052bd85910be313e38ad355528d527b565e70ef15a784db3279649eee2ded5

SHA512
5221c7648f4299234a4637c47d3f1eb5e147014704913bc6fdad91b9b6a6ccc109bced63376b82b046bb5cad708464c76fb452365b76dbf53161914acf8fb11a

Download Submit
C:\ProgramData\Ableton\Live 12 Suite\Resources\Max\resources\packages\Node for Max\source\bin\npm\node_modules\minipass-json-stream\node_modules\minipass\LICENSE

Filesize
802B

MD5
d7c8fab641cd22d2cd30d2999cc77040

SHA1
d293601583b1454ad5415260e4378217d569538e

SHA256
04400db77d925de5b0264f6db5b44fe6f8b94f9419ad3473caaa8065c525c0be

SHA512
278ff929904be0c19ee5fb836f205e3e5b3e7cec3d26dd42bbf1e7e0ca891bf9c42d2b28fce3741ae92e4a924baf7490c7c6c59284127081015a82e2653e0764

Download Submit
C:\ProgramData\Ableton\Live 12 Suite\Resources\Max\resources\packages\Node for Max\source\bin\npm\node_modules\minizlib\node_modules\minipass\index.js

Filesize
16KB

MD5
bc0c0eeede037aa152345ab1f9774e92

SHA1
56e0f71900f0ef8294e46757ec14c0c11ed31d4e

SHA256
7a395802fbe01bb3dc8d09586e0864f255874bf897378e546444fbaec29f54c5

SHA512
5f31251825554bf9ed99eda282fa1973fcec4a078796a10757f4fb5592f2783c4ebdd00bdf0d7ed30f82f54a7668446a372039e9d4589db52a75060ca82186b3

Download Submit
C:\ProgramData\Ableton\Live 12 Suite\Resources\Max\resources\packages\Node for Max\source\bin\npm\node_modules\node-gyp\node_modules\npmlog\LICENSE.md

Filesize
818B

MD5
2916d8b51a5cc0a350d64389bc07aef6

SHA1
c9d5ac416c1dd7945651bee712dbed4d158d09e1

SHA256
733dcbf5b1c95dc765b76db969b998ce0cbb26f01be2e55e7bccd6c7af29cb04

SHA512
508c5d1842968c478e6b42b94e04e0b53a342dfaf52d55882fdcfe02c98186e9701983ab5e9726259fba8336282e20126c70d04fc57964027586a40e96c56b74

Download Submit
C:\ProgramData\Ableton\Live 12 Suite\Resources\Max\resources\packages\Node for Max\source\bin\npm\node_modules\path-scurry\node_modules\lru-cache\dist\cjs\package.json

Filesize
28B

MD5
56368b3e2b84dac2c9ed38b5c4329ec2

SHA1
f67c4acef5973c256c47998b20b5165ab7629ed4

SHA256
58b55392b5778941e1e96892a70edc12e2d7bb8541289b237fbddc9926ed51bd

SHA512
d662bff3885118e607079fcbeedb27368589bc0ee89f90b9281723fa08bda65e5a08d9640da188773193c0076ec0a5c92624673a6a961490be163e2553d6f482

Download Submit
C:\ProgramData\Ableton\Live 12 Suite\Resources\Max\resources\packages\Node for Max\source\bin\npm\node_modules\signal-exit\dist\mjs\package.json

Filesize
26B

MD5
2324363c71f28a5b7e946a38dc2d9293

SHA1
7eda542849fb3a4a7b4ba8a7745887adcade1673

SHA256
1bf0e53fc74b05f1aade7451fbac72f1944b067d4229d96bae7a225519a250e4

SHA512
7437cf8f337d2562a4046246fbfcc5e9949f475a1435e94efbc4b6a55880050077d72692cbc3413e0ccd8f36adf9956a6cc633a2adc85fbff6c4aa2b8edac677

Download Submit
C:\ProgramData\Ableton\Live 12 Suite\Resources\Max\resources\packages\Node for Max\source\bin\npm\node_modules\wrap-ansi\node_modules\emoji-regex\es2015\text.js

Filesize
15KB

MD5
ed6ed7ab5bd5bcb2a254821e233cdd8c

SHA1
59dc6ff551a34f3d4cceb0c88231a386e82d9922

SHA256
450490d136ad99169d360f0c45a317a0ccb083da34602324734491467715baea

SHA512
2148714b1ab87965f0a71c03aa0a60789c1d9dada5b4ba005b186081b8d191f196a3043964c21e0a33eb45262cc11071d4b658753a42fe91f1fcbee2507fd1c8

Download Submit
C:\ProgramData\Ableton\Live 12 Suite\Resources\Max\resources\packages\Node for Max\source\node_modules\ms\license.md

Filesize
1KB

MD5
fd56fd5f1860961dfa92d313167c37a6

SHA1
884e84ebfddafd93b5bb814df076d2ebd1757ba8

SHA256
6652830c2607c722b66f1b57de15877ab8fc5dca406cc5b335afeb365d0f32c1

SHA512
2bec1efb4dc59fa436c38a1b45b3dbd54a368460bcbbb3d9791b65275b5dc3c71a4c54be458f4c74761dccb8897efaab46df5a407723da5c48f3db02d555d5b9

Download Submit
C:\ProgramData\Ableton\Live 12 Suite\Resources\Max\resources\packages\RNBO\server\node_modules\@cycling74\maxdoc-utils\node_modules\@oclif\config\LICENSE

Filesize
1KB

MD5
f38f132057f2b394f1162f97a1746501

SHA1
caddb41ef79a9fc3be52f656c8bda3438cd98b56

SHA256
a9de3c39f8286ab8fe4a82da6e6272b402704876116b6307b10d67c4a189a87b

SHA512
826fe85f96c5f384b9d9dafbb06dfd1342a3ff4369816b20387d12b7f9515d6fd1bbd010a145c0687013a238ead5b83d25ff3af2f215e911abd1721878911b3d

Download Submit
C:\ProgramData\Ableton\Live 12 Suite\Resources\Max\resources\packages\RNBO\server\node_modules\@cycling74\maxdoc-utils\node_modules\@oclif\config\lib\manifest.js

Filesize
77B

MD5
8963201168a2449f79025884824955f2

SHA1
b66edae489b6e4147ce7e1ec65a107e297219771

SHA256
d43aa81f5bc89faa359e0f97c814ba25155591ff078fbb9bfd40f8c7c9683230

SHA512
7f65c6403a23d93fb148e8259b012d6552ab3bff178f4a7d6a9d9cec0f60429fc1899e39b4bca8cc08afc75d9a7c7bfdb13fc372ca63c85eb22b0355eb4d6000

Download Submit
C:\ProgramData\Ableton\Live 12 Suite\Resources\Max\resources\packages\RNBO\server\node_modules\@cycling74\maxdoc-utils\node_modules\@oclif\config\node_modules\tslib\tslib.html

Filesize
32B

MD5
442aa09e10281318cdf6be9e026232b0

SHA1
d1cfb0e2db3f8d42decab1311d104b923b4ad384

SHA256
e14179f388a9690437165289d45ff7747f0f839538b5abec63d2dcfe21c2a5f4

SHA512
e1d0af67959826971b20963844f5213816c5b9dd75e7a46bed1a61b91d76ffe997294788a42c68976fee58be160c534d9521fdd3d336018e1f88b589a3cf9f4f

Download Submit
C:\ProgramData\Ableton\Live 12 Suite\Resources\Max\resources\packages\RNBO\server\node_modules\@grpc\proto-loader\node_modules\emoji-regex\LICENSE-MIT.txt

Filesize
1KB

MD5
ee9bd8b835cfcd512dd644540dd96987

SHA1
d7384cd3ed0c9614f87dde0f86568017f369814c

SHA256
483acb265f182907d1caf6cff9c16c96f31325ed23792832cc5d8b12d5f88c8a

SHA512
7d6b44bb658625281b48194e5a3d3a07452bea1f256506dd16f7a21941ef3f0d259e1bcd0cc6202642bf1fd129bc187e6a3921d382d568d312bd83f3023979a0

Download Submit
C:\ProgramData\Ableton\Live 12 Suite\Resources\Max\resources\packages\RNBO\server\node_modules\@grpc\proto-loader\node_modules\is-fullwidth-code-point\license

Filesize
1KB

MD5
915042b5df33c31a6db2b37eadaa00e3

SHA1
5aaf48196ddd4d007a3067aa7f30303ca8e4b29c

SHA256
48da2f39e100d4085767e94966b43f4fa95ff6a0698fba57ed460914e35f94a0

SHA512
9c8b2def76ae5ffe4d636166bf9635d7abd69cdac4bf819a2145f7969646d39ae95c96364bc117f9fa544b98518c294233455d4f665af430c75d70798dd4ab13

Download Submit
C:\ProgramData\Ableton\Live 12 Suite\Resources\Max\resources\packages\RNBO\server\node_modules\@grpc\proto-loader\node_modules\wrap-ansi\license

Filesize
1KB

MD5
d5f2a6dd0192dcc7c833e50bb9017337

SHA1
80674912e3033be358331910ba27d5812369c2fc

SHA256
5c932d88256b4ab958f64a856fa48e8bd1f55bc1d96b8149c65689e0c61789d3

SHA512
d1f336ff272bc6b96dc9a04a7d0ef8f02936dd594f514060340478ee575fe01d55fc7a174df5814a4faf72c8462b012998eca7bb898e3f9a3e87205fb9135af2

Download Submit
C:\ProgramData\Ableton\Live 12 Suite\Resources\Max\resources\packages\RNBO\server\node_modules\@oclif\errors\node_modules\emoji-regex\es2015\text.js

Filesize
10KB

MD5
6afc6146a683f0492a6a88616ab5e56a

SHA1
952566d5d9d640b45a2a228c7240d4c37156e504

SHA256
aad6b3f580511fe1fd70ae4ddadff4f4ec6bd5143f1a53b93c7e16eaf608d552

SHA512
0f27e8d9ad62cd6d5dfa3d48c91760ff8a57f484851977bc46f891f5cdf656c7df1afadd71e8766c11984f91449cecb9bcd65aabe128245067a7392ac6ab12e6

Download Submit
C:\ProgramData\Ableton\Live 12 Suite\Resources\Max\resources\packages\RNBO\server\node_modules\@oclif\errors\node_modules\emoji-regex\index.js

Filesize
10KB

MD5
0438b0678667b951cf518a14560fa0b7

SHA1
e678799abbf2035d94ab0114ae0783b36a3e5994

SHA256
c56978800e47f095cfbfe96712b5e78d150d1f62e32bb4943675213fce481ef0

SHA512
75924c24968e298b1496170a66624b97a76a77fb4ce5968e7c097ad227401256752d9d28c8a1f84d313ce4b06f9dc9b20e3f75d81398c8951b45375ccb013e3e

Download Submit
C:\ProgramData\Ableton\Live 12 Suite\Resources\Max\resources\packages\RNBO\server\node_modules\@oclif\parser\lib\screen.d.ts

Filesize
86B

MD5
a696841d0b0f78f166060af0f31344a8

SHA1
f993e98c0576572921d73f580d2879d9d2e9d9db

SHA256
abe0149fd07081cd515d0024888af2ddeff5ba0010d614eaf13939bbc9feba79

SHA512
88c80f13e1d66671a594a4fdbafe051b78a217c2d28b2bafcdaa42bf3e072729b15b87fd6ea267e175109b8bd2cd4a5d11bc71073f97ece9cdfa35dc3d92fcf5

Download Submit
C:\ProgramData\Ableton\Live 12 Suite\Resources\Max\resources\packages\RNBO\server\node_modules\@protobufjs\float\LICENSE

Filesize
1KB

MD5
532013e80f57c86a3d7176374afe6380

SHA1
e40a5d2090efd5d2eae97987590d414d7b1389f8

SHA256
a67b34a24a5daddcce46aea68c5004e4442bbfb63690329fa607bf4de4269794

SHA512
db98bcc743122ae1ced03c2d7e4efc4cd090d61b75a2eeee0534cff58ef6ec9a313ad826d4bcf490378a8b13c8a360f20a026df83700c0244113988d7e35b7f5

Download Submit
C:\ProgramData\Ableton\Live 12 Suite\Resources\Max\resources\packages\RNBO\server\node_modules\@rnbo\genexpr_js\LICENSE

Filesize
196B

MD5
212dac4dc8935b89a290c5add0a8f986

SHA1
3501645f3e678de653790c555e57ee6f00b17a36

SHA256
933fe0a97a8113c26df7190375d54e4e1126f06e3a46b7704071120454b2f4a5

SHA512
b261d7b5a2c77495d57397b24c17a8eb87d5c0daf7c8c4b7991652a88bacbac5e6b80e4878d4600bf3a11e0f0dda491836de0611a561045732cfb2d22f028b5c

Download Submit
C:\ProgramData\Ableton\Live 12 Suite\Resources\Max\resources\packages\RNBO\server\node_modules\@rnbo\recast-cpp\node_modules\source-map\LICENSE

Filesize
1KB

MD5
b1ca6dbc0075d56cbd9931a75566cd44

SHA1
914d42b13ad394be4aa75b4d93fde94b1e79cbbd

SHA256
6cb0631f71c7749763fd3dd1d5bee52dd1070ec17f2edc1710079ad070bd2fbd

SHA512
6b8aae75aeaa2150548d86f1f0025cec9ddbc7dfa3c1f51e87de87721ec64ef31b60da2b04871838ca951cea1bb83af0dc518ab16d08e5334119d12aef4de27b

Download Submit
C:\ProgramData\Ableton\Live 12 Suite\Resources\Max\resources\packages\RNBO\server\node_modules\@rnbo\recast-cpp\node_modules\source-map\lib\base64.js

Filesize
1KB

MD5
d6ba9a233e14b859b51f538c0b295953

SHA1
269e8e4dcb82db12f6e2a6187e7be46bee604ab0

SHA256
651bf433cf05e9ec8cee0b94639483236a605d48279e83d3d5c5de81c21d6599

SHA512
f896503ca600bcebae2ca94bf5d4193de91eb37e16489ddf3dd74a43a9631769ae4d3b3c5b952fbe692048e93f847480943ec2d300ee9ba4f938287eb83a0121

Download Submit
C:\ProgramData\Ableton\Live 12 Suite\Resources\Max\resources\packages\RNBO\server\node_modules\@rnbo\recast-cpp\node_modules\source-map\lib\quick-sort.js

Filesize
3KB

MD5
dfeffc75906e8f42d235a55801ae2a42

SHA1
e4adf67561f701e7563d7db979e5c9ff8d60267b

SHA256
00ed5475b08b4a239836bc5d667bfaf343f4f2412cd7616d2aaf37bddd8582c2

SHA512
47fce1b68ae29000002ccfd28727922c138a3f216b1fb411528acc962fec850492e3b1bc8c7b36374b247a342767ed49981620dc0b065f693dcdec9617c4be6d

Download Submit
C:\ProgramData\Ableton\Live 12 Suite\Resources\Max\resources\packages\RNBO\server\node_modules\@serialport\binding-mock\LICENSE

Filesize
1KB

MD5
e2bc0aa64d278eb2b6ddeb692e294945

SHA1
1941e6bbe3767d6eceb0ac7f35cc06269fe1dcce

SHA256
12b8f57dbef742496d1356e7773fdf32924724bf1cdb2cd833c448611d04a525

SHA512
bef30979ae240a15748d72c13ac112937b1a1813d49b7bf2ab631ef4fe3d515ad41af89e7e546396185efa0d3de4d62f9d1382dde2eb5494da17f116f2e0245c

Download Submit
C:\ProgramData\Ableton\Live 12 Suite\Resources\Max\resources\packages\RNBO\server\node_modules\@types\glob\LICENSE

Filesize
1KB

MD5
d4a904ca135bb7bc912156fee12726f0

SHA1
689ec0681815ecc32bee639c68e7740add7bd301

SHA256
c2cfccb812fe482101a8f04597dfc5a9991a6b2748266c47ac91b6a5aae15383

SHA512
1d0688424f69c0e7322aeb720e4e28d9af3b5a7a2dc18b8b198156e377a61a6e05bc824528fca0f8e61ac39b137a028029ff82e5229ad400a3cc22e2bdb687ad

Download Submit
C:\ProgramData\Ableton\Live 12 Suite\Resources\Max\resources\packages\RNBO\server\node_modules\ast-types\def\babel-core.d.ts

Filesize
77B

MD5
05fc7803abe3991b7e2af14e9f517e55

SHA1
4e41c541a4992168e1754211c2417386058fa7b9

SHA256
3ea32e42e55c3614ecf58119574b79867d19a6d4447b8ef2f15bf60a1cdedb25

SHA512
d1c63ee7e65fdc2e0e87bd7f18c698ae528938299aaf2e6b1cb278cac18ee4affcae4748f1390f90d0175de475df3c6e5f7beeef8ec4035ffd958b02f741b4ff

Download Submit
C:\ProgramData\Ableton\Live 12 Suite\Resources\Max\resources\packages\RNBO\server\node_modules\babel-code-frame\node_modules\chalk\license

Filesize
1KB

MD5
a12ebca0510a773644101a99a867d210

SHA1
0c94f137f6e0536db8cb2622a9dc84253b91b90c

SHA256
6fb9754611c20f6649f68805e8c990e83261f29316e29de9e6cedae607b8634c

SHA512
ae79e7a4209a451aef6b78f7b0b88170e7a22335126ac345522bf4eafe0818da5865aae1507c5dc0224ef854548c721df9a84371822f36d50cbcd97fa946eee9

Download Submit
C:\ProgramData\Ableton\Live 12 Suite\Resources\Max\resources\packages\RNBO\server\node_modules\babel-core\node_modules\debug\src\browser.js

Filesize
4KB

MD5
62cfee6d6dd5ffec5d3ed35073791aec

SHA1
c41adc79487f377d3dfb397c531812fb9cc429a2

SHA256
0144ab6a52b9330c567de11a5c3a4aea35cdac47a4c106482aa24ae8054cdc6f

SHA512
920aea250d98e29e8005ef0185df5e34bc426d321785df07cbabace60bdbcfc6c92e2ff0c9f226a54925d2c7d595035efeababc935c7f1a4c704e7a7ef641339

Download Submit
C:\ProgramData\Ableton\Live 12 Suite\Resources\Max\resources\packages\RNBO\server\node_modules\babel-core\node_modules\source-map\CHANGELOG.md

Filesize
7KB

MD5
a3af94376054cec4d2e6fdcf2831d7e0

SHA1
30497f61c3317cab69ac398e6a1bbb3ced8165f2

SHA256
e425d36553476d66611f2929534ac33c8b77aa8d77ccbe8b0d1d172eab129c59

SHA512
e88e9d909938d1c4d8619086a91df447c5dcf8b188520537ee9f4f4a15017d47c930c9dde0fb00d47812f9dd05eeac6674f2ab7213e57f359ef41575232773f8

Download Submit
C:\ProgramData\Ableton\Live 12 Suite\Resources\Max\resources\packages\RNBO\server\node_modules\babel-generator\node_modules\source-map\dist\source-map.js

Filesize
99KB

MD5
c6221a16383e3caf16ac3649e10f8476

SHA1
3f8fb771c39895c9a414c886f50792aecf1c1c6b

SHA256
f634f4245878855ef18dcdd66b8deb4fdbbd0f4bb52d8a92fd824da8c05ce6d7

SHA512
925401951e5ae911288fb7035f32e24ea05563471ffff1fd1839a7323a78e0f52e33839da63c0fdc74ee7de8a3eef9cb1638f7530a6a1cc5476b8936d91dfa3d

Download Submit
C:\ProgramData\Ableton\Live 12 Suite\Resources\Max\resources\packages\RNBO\server\node_modules\babel-generator\node_modules\source-map\lib\base64-vlq.js

Filesize
4KB

MD5
10ab2672fb7feaa6e4a2ca651d2412f9

SHA1
493d3d895198dfaefe88d2b066c272552ea35889

SHA256
f3407e528f54ec0787bd0a71eeac0c99fffd98445916fcbe116dc69ca3be928b

SHA512
e225b4e032b8be81654b43e73e38d162cc449f80f5ea16b97f87759808317c022c9b60cdc0c119ed6bd7e69db7bb8359b742bf00f768197b5b88c4619e8c26e2

Download Submit
C:\ProgramData\Ableton\Live 12 Suite\Resources\Max\resources\packages\RNBO\server\node_modules\babel-helper-explode-assignable-expression\.npmignore

Filesize
22B

MD5
2d83cab775631267fb8d3981d1cc65cd

SHA1
2730b322febcfba6482485a848ca8250485c5dd0

SHA256
cd8e4ad3792d880e5842593cb0fe6f647f7a88c451ea26e37be0814ae0b368cc

SHA512
5cc8a8647c212ad75a8dc04a91c55780124d4ba3a0df40723e2320765eb3ff4a5a9af3e71df29660c8f62ef70793380e96a3e3a30698ec38de14254877be30a9

Download Submit
C:\ProgramData\Ableton\Live 12 Suite\Resources\Max\resources\packages\RNBO\server\node_modules\babel-plugin-syntax-class-constructor-call\.npmignore

Filesize
23B

MD5
9d1bac7eb794ecc91fcdf0d58855c289

SHA1
da05c42c8a8383439b66d60d5e4e3e7aff379a57

SHA256
baa1ad651b95452a5dc7993fb8f4217d8a06f62ab31bd77c57602c2c9971d4f0

SHA512
cb9be5fe49b3febaf4194b50ea44dd8937a4ec49e0454f3538f1529967a9e5d170ddf702f4c2bf0dbc8b17caab1663fdcd1384a6b0d576c65fa94a08676f6890

Download Submit
C:\ProgramData\Ableton\Live 12 Suite\Resources\Max\resources\packages\RNBO\server\node_modules\babel-plugin-syntax-trailing-function-commas\.npmignore

Filesize
28B

MD5
ed5668eae57755c4900acfed5c89fe3e

SHA1
1cfee0e25d0952f623e996b453d8f120732e86c1

SHA256
0f59d9939341a7f3ae5dcc93500b728ee0fbcae85a4474eb167e4cd40c666d8b

SHA512
fa38b515b494ec78f1297a9f4c22d8c820309d2c586e3791f9932607a67b6feb727e571f11d9ece9aa40c36f681d4d2ef2f7a973050d3426d2aa29b89b636855

Download Submit
C:\ProgramData\Ableton\Live 12 Suite\Resources\Max\resources\packages\RNBO\server\node_modules\babel-register\node_modules\source-map\README.md

Filesize
22KB

MD5
2b6d24c48eb012c450c789488f54526c

SHA1
57db4f374077098f029b577e000cb26e8ccbcccd

SHA256
647bdcc7186e20e91a3865cc0b7e86f1152d5627002692f1f41eb28c2aefb585

SHA512
b2c83305e41f69dc04dd3163047665e3abf075249adf39f8c7401bcdeb4717463dec1c2f80a64fd56c37c6aa9e4b225d365c389da3ce05ea9d2047934f713313

Download Submit
C:\ProgramData\Ableton\Live 12 Suite\Resources\Max\resources\packages\RNBO\server\node_modules\babel-register\node_modules\source-map\dist\source-map.debug.js

Filesize
254KB

MD5
28a7e11ae114c7f74df596ab15f63a6e

SHA1
a26c8de3235c7942b54c8bad310347d54300fd90

SHA256
60b087e34835dae7fd69f309f0291312207288f5999d8518c0562917eeb173ae

SHA512
410a74d4d175980d7cd54a1050126f45d22e771cfbbfac989a6e47f3bd8a1cb0426a5c3779e6de23d7e387333af9f889360bb330326a3bed39f5f7e2b2bff0ab

Download Submit
C:\ProgramData\Ableton\Live 12 Suite\Resources\Max\resources\packages\RNBO\server\node_modules\babel-register\node_modules\source-map\lib\array-set.js

Filesize
3KB

MD5
e409c2198743fb3f9c3e5939358bc32e

SHA1
ad62f4ee15345ba799a00c59dd226690b4d1d1d2

SHA256
163bb3055aaea7140167740036a83161fd912c344b14f992754b80f21477d754

SHA512
fcebb4bd5734c19593ff05ae30f5c96d2bf7187185ea0b18283b73b3f7a3f3dc704deb84c6265a90cf256f278cf6a5e8e15c3e8f79f28d038b6d5a13a812abea

Download Submit
C:\ProgramData\Ableton\Live 12 Suite\Resources\Max\resources\packages\RNBO\server\node_modules\babel-traverse\node_modules\debug\.coveralls.yml

Filesize
46B

MD5
55352d85883681df5f0fa66d3f32a872

SHA1
90709e4fb4ce17729974b3a140ccbf330519835c

SHA256
64e6b64f19837a76c30865579aabdde1a825729ae0204ba73ba6de77296ce18e

SHA512
bd3f23a4d44a5df32ae36277d55bf3335d4e8a2954b2ae2db3167996058b8c6d1e74c2dd9dd2c934bc1d70c15c026fc075a53d47e7b856750047fb86f6b22f58

Download Submit
C:\ProgramData\Ableton\Live 12 Suite\Resources\Max\resources\packages\RNBO\server\node_modules\babel-traverse\node_modules\debug\README.md

Filesize
17KB

MD5
03694893d682191b3c893701ba6f4a55

SHA1
38096a9c10830714695a97a8501b817eb0a7534e

SHA256
cda3dbd285a2b65894758565a565e7bc2e7c3696225af7b5bd01454240df0aea

SHA512
3b80ea8a912ec4ddf1a1e2fc3f3ebd8f4bc6f591f9b2732694cb5627c549d7911c1a6eb82ab68ac025e13e090b3e39b8b4ae66a9159f45696b6343ce76213f54

Download Submit
C:\ProgramData\Ableton\Live 12 Suite\Resources\Max\resources\packages\RNBO\server\node_modules\babel-traverse\node_modules\debug\karma.conf.js

Filesize
1KB

MD5
06f3babbdc43c6c4dd1493b6c1af32e2

SHA1
93fef7cf3ed6f04d2cfc3cd0b8d5d972d35cfd29

SHA256
2430869adb61a5e24a3612110a9b49a948e6db43ab7e947c003a9c19c478e609

SHA512
ad65132ed6f675f6f318fefa36f4e6c23f3ff4dc47d02575f6d5bef7b062a2e90aea1a43dd5327c2565be3d834c969ff2ae3efdb2add4a958882a6f056f659ea

Download Submit
C:\ProgramData\Ableton\Live 12 Suite\Resources\Max\resources\packages\RNBO\server\node_modules\babel-traverse\node_modules\debug\src\debug.js

Filesize
4KB

MD5
74bdccf347345d27fe8a4ac3add99c60

SHA1
a2b8a915c86fc750f56a7137860f19ec1182ee21

SHA256
d8d1c1d6c387ab67c3f28d78fd0b20b9becd69442db9d3efe110ca464b509c8a

SHA512
c2d47efee2a4442be6375d623f46b4c7ee9552c132b9229eb284bdd98629edd02664167805b0af9b3faaa9b1906e9ed0c5e383396d4995cef7051f9a450e1b99

Download Submit
C:\ProgramData\Ableton\Live 12 Suite\Resources\Max\resources\packages\RNBO\server\node_modules\babel-traverse\node_modules\ms\index.js

Filesize
2KB

MD5
ae157c9a8e70902576c2d8a06dbcde32

SHA1
0d10ee921436fa5ff5988445cc67676219dfffbe

SHA256
4bd92209cb9dacf3e3773e725acb7aaec43ea9e78540324e4d0f73e5ce9adef7

SHA512
4c2f31f1f2a297ab6c55a21d58a5c26cad22c1ed1913e7a48605111d217257ae2d9f26ea889e8610e011ba9b9c487c91ecdb4cea3437534faf905e8fb89ba248

Download Submit
C:\ProgramData\Ableton\Live 12 Suite\Resources\Max\resources\packages\RNBO\server\node_modules\bl\node_modules\readable-stream\CONTRIBUTING.md

Filesize
1KB

MD5
08365b138b43284489ecfbf6efd44a25

SHA1
1b97e91ac67fcbbd711dedd3b5c388c08489eeaa

SHA256
56e4e12a6934a2c4d36c7bf893f4d8aefa6c96f9ffcec357dfa6476e36c4f1f5

SHA512
85494ca6582db6aa3679f532c540f2075516628c02abd6fc827369cf8ec1f2ac66092ff815406d4670c7a33cadc62f34c2c478136953656ce85a7d5755f8c31e

Download Submit
C:\ProgramData\Ableton\Live 12 Suite\Resources\Max\resources\packages\RNBO\server\node_modules\bl\node_modules\readable-stream\lib\internal\streams\stream-browser.js

Filesize
49B

MD5
df20453c19af8406babdf987facd76d9

SHA1
0167a0dc72daab83989846563aae870f37549151

SHA256
72d46a15491627d8fb1489a47d03583cfe5c21902918016ab532b53e615e5a9a

SHA512
8004aca5efc10cf89bf41ecbb6586f9acd707ef3b789cc714043c48c0d47b6479d9d2c2fd9894aedc683edcb88fad8b28517d329417d6e2d0e2b639d964956d9

Download Submit
C:\ProgramData\Ableton\Live 12 Suite\Resources\Max\resources\packages\RNBO\server\node_modules\body-parser\node_modules\debug\.eslintrc

Filesize
180B

MD5
f69af9893c473d8e925169156a42f70c

SHA1
8d154aeddf66a7bcbd433e3c619f76bb0d920ae2

SHA256
7b7d5a5736dddae0e7cf1c06cdf41ddd9f98e73db8f57a18fe4c9bd0f52f9aa3

SHA512
4239496b31071b799e30dcc18a05e6e95279799418a97dd57141a4d0f07ee0ddb057e09cb13c30c400202474b61e71175495b3cc411747ade097d12f4ee87dd0

Download Submit
C:\ProgramData\Ableton\Live 12 Suite\Resources\Max\resources\packages\RNBO\server\node_modules\body-parser\node_modules\debug\.npmignore

Filesize
72B

MD5
b0205b7904bef0ad0b403fbcf4f57434

SHA1
90fef7cc1058bd0f85b0959c4fcd49230a29593e

SHA256
f4580152a6f48954b44cb2a0a002fa500467663db5a6dc8e796b52533dc04ec1

SHA512
fd7f6d36580b9f9d94247fb4ec398c7bfe7715399d11a1d6fa1efc51e95405ee8f5e6559c5861b0d032ab425f0de24c7e84bb4c03594e715fa21cd47461a69b4

Download Submit
C:\ProgramData\Ableton\Live 12 Suite\Resources\Max\resources\packages\RNBO\server\node_modules\body-parser\node_modules\debug\package.json

Filesize
1KB

MD5
71a7656944ffe50cc27ebe02491ae49b

SHA1
8ebf0f80660d982fc68f00f82855696157e74b10

SHA256
6c3d2c892db282317913ce7c340dd2edccd326bcafd18b644b8738144967d6ee

SHA512
5b0010b41304e212a22d2c89eff65ce410b000c71c4ab8c7fdba8f549ba0629fe27f37c142058b041fb889bc73e00959ad58f673866ee7d29724687da3c3f320

Download Submit
C:\ProgramData\Ableton\Live 12 Suite\Resources\Max\resources\packages\RNBO\server\node_modules\body-parser\node_modules\debug\src\index.js

Filesize
263B

MD5
dd13897ea2eed92695bb7e4e744a9148

SHA1
182314d32e789e4f9c29e3150ae392f1630f171c

SHA256
9a34fedeb2d269c46ed94e6f13039eb0d16d866dd460ec66fa3acd78122fa9fe

SHA512
0b53bc984178336ac516601e72d477d2beeef6936800da17d3a79c153e0036f7428517ebd75d296729f65856c7e07749029f5aa192b2ac071efc4d3e39750a32

Download Submit
C:\ProgramData\Ableton\Live 12 Suite\Resources\Max\resources\packages\RNBO\server\node_modules\body-parser\node_modules\ms\package.json

Filesize
704B

MD5
cbd55880a650b56c3d5acddbbdbee9bc

SHA1
4d354da7ece1c7d5689b8104f3b6f3dcbac7790e

SHA256
30fbfaa3840b2f63978ad4bcd7ed8dc24d277b818e4755fe93eda8cb1bc8b74c

SHA512
e329a6f6a38dd33bd60334a8dec4a91aa6e7dab28f0893240374ae6a303c12646399d821403e3b80eb51317d1808e6abf30bd91b0bd99951f96815a22ba105c7

Download Submit
C:\ProgramData\Ableton\Live 12 Suite\Resources\Max\resources\packages\RNBO\server\node_modules\convert-source-map\node_modules\safe-buffer\index.d.ts

Filesize
8KB

MD5
372fa012d04e945ab97c27e000f8df78

SHA1
0b5844a33b757b9db574541363116917fcbc6d90

SHA256
5e379df3d61561c2ed7789b5995b9ba2143bbba21a905e2381e16efe7d1fa424

SHA512
e420c6f2a15605de938f77a085453e6c0e84b62aae7640aa7bf0e576534f6b07fdefceea14cb2773e9a7fb042885b5bd108ef98e90258a37d3e907307c9fc674

Download Submit
C:\ProgramData\Ableton\Live 12 Suite\Resources\Max\resources\packages\RNBO\server\node_modules\core-js\library\modules\_regexp-exec.js

Filesize
9B

MD5
8733db8bb02cf7abd5d7d07601acc332

SHA1
9f8c54fe2dad4a5f9adbac98d1f814b1a6728bec

SHA256
909c50607a29630c8b3ba42ccb712816ced4a96ad97d346cab88e3b0ebfc02a2

SHA512
912775ee690a8850d06086fa3a000af67c38687d587972d021ece658f6e663a43bed3c0f6b88243b1ce211dbff6be1337513fca4778909a464f0293f365bf9e7

Download Submit
C:\ProgramData\Ableton\Live 12 Suite\Resources\Max\resources\packages\RNBO\server\node_modules\dns-txt\.npmignore

Filesize
13B

MD5
3d10912d07e7bc8cd7d2faea51adb2d8

SHA1
8b894ec0b3bbc33011392ad9bafeb1df2634db45

SHA256
16d30e4462189fb14dd611bdb708c510630c576a1f35b9383e89a4352da36c97

SHA512
8d609d64d4e3f7b92e6cb047b2c416902f59f67b716cfc1b030ff4a745f78e2cb65caab8fa38d39cf28e3997fe35ccc24c2e6b1c02de7a39e821467bdee70561

Download Submit
C:\ProgramData\Ableton\Live 12 Suite\Resources\Max\resources\packages\RNBO\server\node_modules\express\node_modules\debug\.travis.yml

Filesize
140B

MD5
75c6cbb25b2a5720c8663637a2678879

SHA1
e87a69a064f6a95b166333d46b919afbc5487f59

SHA256
839e44ee0a96a3e302dc6472800b51822982b77d08f19200ab2cc70534781fd8

SHA512
9fee1c0df8c2098d418ba0816e47eefe46063e5dc62d5b9b9b2dc951968627f4e5b53b7c27f42fb6c8caac0af10e3bd4c32526913c3b467e6059237601a77de0

Download Submit
C:\ProgramData\Ableton\Live 12 Suite\Resources\Max\resources\packages\RNBO\server\node_modules\express\node_modules\debug\node.js

Filesize
40B

MD5
79f3814f32362c1c6f9dbb8a1e3b01bf

SHA1
aa7655ee80c9a485313675f9379c2f18d33ea061

SHA256
996b381f353555cb172ebb2802bb2a7323442ff67b7b530cc26834058d7f31a2

SHA512
61367ec2aff9349e203a295fe1bc28faddc6d80b556660f56ea49d6625d6228212fe82d7398114509a3b8d9ad4026429f0ebb849579c7481928f47f37c8632d5

Download Submit
C:\ProgramData\Ableton\Live 12 Suite\Resources\Max\resources\packages\RNBO\server\node_modules\fast-glob\node_modules\micromatch\LICENSE

Filesize
1KB

MD5
0f64900f8f30e53054962c9f1fc3205b

SHA1
6210a5e4e9224b4fc8ef250fe227311daa2bc5ac

SHA256
35bdd8a44339719441900fb50fbefc5e2dca1ca662cbaed7a687de842c8b70f2

SHA512
72392bccd8964c88ec8aa3d815746a2b6a4466d9c7ca8f428d7d0f3e2bb11674ef494ca335c8b255eee5825c087a77bb45a5d60025f318b78a64e19beccd23c7

Download Submit
C:\ProgramData\Ableton\Live 12 Suite\Resources\Max\resources\packages\RNBO\server\node_modules\finalhandler\node_modules\debug\CHANGELOG.md

Filesize
11KB

MD5
504a70c7eb9eba0c4b26965cf4d252c6

SHA1
c35e6a85b4a8732ec8af63beea964483e1b2dd94

SHA256
d8c1b0717964e189010b13521379c3b970eecc889cb8b788ac21d8dd85247165

SHA512
cb9836af90c63deeaf5c2dd5085685b3213b3579337d69f9b44dfb5c61c6bffa5a940c4d9e9b8bb8df4a845c0f7008077fa35598b27fe45079fb921fe8528e50

Download Submit
C:\ProgramData\Ableton\Live 12 Suite\Resources\Max\resources\packages\RNBO\server\node_modules\finalhandler\node_modules\debug\component.json

Filesize
321B

MD5
510af4d67a35446e6dccea1429399c3a

SHA1
4963889b7905abd5a8955b8d27c3079e2d449564

SHA256
2e5ab9ae90f41699e00d00fca16765024f437300a0568c2208669cc281ba7656

SHA512
bb8d1e0e4c99a82d32fb40daa9a79e2abf3a3f495b3dc9afa883021110b3ca9eb93e052d71e98d6494722df947ec280d66f4bca36bb0ae975f05d710e8c47415

Download Submit
C:\ProgramData\Ableton\Live 12 Suite\Resources\Max\resources\packages\RNBO\server\node_modules\finalhandler\node_modules\debug\src\inspector-log.js

Filesize
373B

MD5
b22697b673c7c3586f22ae0206258fde

SHA1
b2f2996b1f38b6cec0b1746be6cfe458f2585eac

SHA256
949ae67ec1b655694f83dce57d47d9d77234f9e7d698616932a90e69c7afee91

SHA512
4ffd89dbc519a1f6c2f56a1b26f1aad445df8d5096da1453645dbb67dc58b17ae9143906357ca4af60059740c3ba34f7233049652b805d1afed3fd206cd55a0c

Download Submit
C:\ProgramData\Ableton\Live 12 Suite\Resources\Max\resources\packages\RNBO\server\node_modules\finalhandler\node_modules\debug\src\node.js

Filesize
5KB

MD5
25807a97fbb1fcc42a013abc7d7768c4

SHA1
f24d52cbc9144b011def218234ff7b50e7ddcb19

SHA256
a3e83594a4ce88997e2e4fc66bc942b17b9d736290ad62560c7f09d6d0989ad0

SHA512
8d316b63700126d7c8965a886e9b35a332d3f7e68d28f2264d235c0afad28066f877f25821e1983ddde5f2d5052716cc73338779b41b6f4d1b90ad33dc3e9f24

Download Submit
C:\ProgramData\Ableton\Live 12 Suite\Resources\Max\resources\packages\RNBO\server\node_modules\has-symbols\.eslintignore

Filesize
10B

MD5
0549babc2213b12c788bfeb5c47cab97

SHA1
8525adbdf9ac9a497e638cc69cedd64804151830

SHA256
5c5daf48fdf4db42e16c29b5b3de54984bafe0c2ff367a186ca97f1d4ed48290

SHA512
54b84472aba9dc81d7b5924fb74ed962803d24d463cb58e153f354e35630e04f2613279aff3fba6f0e612f796108ed3da638bd134047d90dda0d775cde2f7306

Download Submit
C:\ProgramData\Ableton\Live 12 Suite\Resources\Max\resources\packages\RNBO\server\node_modules\is-buffer\LICENSE

Filesize
1KB

MD5
badd5e91c737e7ffdf10b40c1f907761

SHA1
07d9563f6153658de124707787ff43f0458ab24a

SHA256
c7cc929b57080f4b9d0c6cf57669f0463fc5b39906344dfc8d3bc43426b30eac

SHA512
ef233f8db609b7025e2e027355ee0b5e7b65b537506412ca1a4d95e74f2be2fe284c3a3fa36cb9d85dbd1a35fe650fe14de5b4d93ab071f2024c1fc8cf40730e

Download Submit
C:\ProgramData\Ableton\Live 12 Suite\Resources\Max\resources\packages\RNBO\server\node_modules\is-decimal\license

Filesize
1KB

MD5
8e9f707ac01af145c36ef2adde15d7e4

SHA1
dca2c8e0270971c85ee563d26f7446b159c317fe

SHA256
ca4662cb5d1b738fbe5350c0d5485ba11773b4b7208974082ae6e129a52d631d

SHA512
710bf2e13bc33464f0c395bbc28ed21d18efff41bc837bbfbfc576061c30ac033e33933667b5bc872f9c42b53e7b87b19d42d8d8bad9d0442a064e858ff49daf

Download Submit
C:\ProgramData\Ableton\Live 12 Suite\Resources\Max\resources\packages\RNBO\server\node_modules\levn\LICENSE

Filesize
1KB

MD5
7733af876e78a187f3a51e7c276ae883

SHA1
7bc795bf398cfa51e99e85dc51931c3b0d1b5a79

SHA256
b9eb082c39fe245e38793699074c394c43a722c51fce031c3c165cb92a31035c

SHA512
164ca6658b71df6f4298868edc777368767a5ab2f90598ff3462d655a33a4ee36fb1b61c0674e339de98cef8ba9497cb5405b4a091a197c98af442882e8a580e

Download Submit
C:\ProgramData\Ableton\Live 12 Suite\Resources\Max\resources\packages\RNBO\server\node_modules\long\LICENSE

Filesize
11KB

MD5
d273d63619c9aeaf15cdaf76422c4f87

SHA1
47b573e3824cd5e02a1a3ae99e2735b49e0256e4

SHA256
3ddf9be5c28fe27dad143a5dc76eea25222ad1dd68934a047064e56ed2fa40c5

SHA512
4cc5a12bfe984c0a50bf7943e2d70a948d520ef423677c77629707aace3a95aa378d205de929105d644680679e70ef2449479b360ad44896b75bafed66613272

Download Submit
C:\ProgramData\Ableton\Live 12 Suite\Resources\Max\resources\packages\RNBO\server\node_modules\mdast-util-to-string\license

Filesize
1KB

MD5
91fb5297439b32d9cd49df8a2484d3eb

SHA1
7dcd733b13e53039e09f06e0201bdf02a8840421

SHA256
63cb98b3f6abfb3c3592c16f88253c1bdc834087bf52671e8ce5609e4eb693cf

SHA512
d349816807a03973490f292c4ccaf2b5887df201febff7ebb9eb465df2efe485589f0f160f93e039339d33403bab6e380cdb34627abc805938240e925b121d6c

Download Submit
C:\ProgramData\Ableton\Live 12 Suite\Resources\Max\resources\packages\RNBO\server\node_modules\printj\LICENSE

Filesize
11KB

MD5
7dd7dcd097eb3d69d972417073fc8bea

SHA1
af3844a0cc33020333d15b6f08cc69c99f06414a

SHA256
f96477af528634af7f4335b818f0b7e173131fcd60607a2e521a49d651a1fc5d

SHA512
c21b0f1286f315bac44aa7e4935a92b5926811947d1210d1b00dbb892026770a565f795151b6308e4f8b3b734b693f4cc80d3b60895aebd9ba49483d680b0fbf

Download Submit
C:\ProgramData\Ableton\Live 12 Suite\Resources\Max\resources\packages\RNBO\server\node_modules\protobufjs\cli\node_modules\source-map\source-map.js

Filesize
405B

MD5
1bb9c1d35d2fbb3779c67306ca3d8070

SHA1
54dd50c132e3a298bcad252861389300ac0ce265

SHA256
dc098456c2d9ab90a4c0a17cca9be16665b9813df20906553a98b0088a157be7

SHA512
0bea14ba77149fb58887c248e0abdcdb892b953dee9d94707fb4194fbaec3e6afa13ba9c5846e52976c3444fdd12a26a7a98cd8c7fabdc166ff8c98e294c3a4d

Download Submit
C:\ProgramData\Ableton\Live 12 Suite\Resources\Max\resources\packages\RNBO\server\node_modules\pump\LICENSE

Filesize
1KB

MD5
9befe7026bf915886cd566a98117c80e

SHA1
a95ab3a4b0e4bd978897f09b3b430a449da20a08

SHA256
3fe8d55a98dbf260eace67c00cf9bc53edb46234e840098a0b93df3096b97fb6

SHA512
b52ba143042812d6dd1031a12946afddb6e8f8ebbc7169c59c138d16aafc5e261aae92fe6b1ea94a3d80e39d2415c4b219710ef46939a2df135db24a0cf712fb

Download Submit
C:\ProgramData\Ableton\Live 12 Suite\Resources\Max\resources\packages\RNBO\server\node_modules\send\node_modules\debug\LICENSE

Filesize
1KB

MD5
ddd815a475e7338b0be7a14d8ee35a99

SHA1
d16a2786962571280a11cae01d5e59aeb1351c9a

SHA256
98c970de440dcfc77471610aec2377c9d9b0db2b3be6d1add524a586e1d7f422

SHA512
47b612ef4e93f1af62891e295e9fbac05e02cf1726f56c36fad5314376e28cbcaf7c8355527bc0bda54c26cbe097bc8ca5cb4f79aa9e3ab6f1d875dca41d4aac

Download Submit
C:\ProgramData\Ableton\Live 12 Suite\Resources\Max\resources\packages\RNBO\server\node_modules\send\node_modules\debug\Makefile

Filesize
1KB

MD5
f8739cab4ae015ee84820716a8ac193a

SHA1
89eb5a7b8385734ef7ff4f910d4605cde0bc12fd

SHA256
f6466507e02c62f14e477af08e4a13ec883152b54d87feeffb8f0d6de6e9013b

SHA512
ef875b744303169b5600ce5c42a0791a38bf933983f5011ba2ea9560ac5449e6fe9d4ae706efc970b40096b9533a425ffc53265353ead256be44606790688bf1

Download Submit
C:\ProgramData\Ableton\Live 12 Suite\Resources\Max\resources\packages\RNBO\server\node_modules\send\node_modules\debug\node_modules\ms\readme.md

Filesize
1KB

MD5
90e631c6afccde3ed414d3d230734864

SHA1
e875d9fa741fe44893c778974860f362724e35ec

SHA256
c9ac67ff103c01871b0ff09e2f094631991908c1fd0dc08bdb53287e5a760ae5

SHA512
bc98602bb2b67ae4fefac895cef22f3c25b2e765d9074121700dc523365feb252ba813684275f74b7ffca4a8cbf34b68384aae1a84bb76d09e55413741172005

Download Submit
C:\ProgramData\Ableton\Live 12 Suite\Resources\Max\resources\packages\RNBO\server\node_modules\source-map\lib\binary-search.js

Filesize
4KB

MD5
250315731532fce9f782a6dcc6a0f569

SHA1
b4333085d02fb4c091361de85d5cb368a3ce7632

SHA256
c7f4a47a125af0bd860443dfd71d2f412d1a97dcb53ab7038189d63b91dc32bd

SHA512
ac91badb057ecc12e5fb37012414db051c8d9c35389e905079911f89bcf12289249f6e35080c8ba7b3230865c51bd62107c82051139f9bbc5cb0df05923b6e0c

Download Submit
C:\ProgramData\Ableton\Live 12 Suite\Resources\Max\resources\packages\RNBO\server\node_modules\source-map\lib\mapping-list.js

Filesize
2KB

MD5
b43d49bb65a0e89b26e13a97de816cad

SHA1
68a9ed5c0a48a384f64efaec04444a464952509d

SHA256
35ddb82861f11a70ab84cb47d620fcb28d7f884bb444644e06bde815b836ef9e

SHA512
20632da7048bf50ba4982decdee68d1e0ecd1da52a979f9b5dd0891cfbad52bb34b4bc92df466c6db7fa58c9c011b9e77abd20e6803e2ee1b84cfb8fd099c77b

Download Submit
C:\ProgramData\Ableton\Live 12 Suite\Resources\Max\resources\packages\RNBO\server\node_modules\string_decoder\node_modules\safe-buffer\README.md

Filesize
19KB

MD5
570381ffb15269fa623a0b75e67eb63a

SHA1
75916065970faa645bca603327ecbaea09afe12e

SHA256
d301a850808775718ddb510d4bf2a922d9b0afa72894e67137daa20fbeafac05

SHA512
4185327934cb42e8495da451c6fc1a3cb5fd4e3e5c91a46b0c07c0c4a49c03ef8622332e0c441d00dcb5ecde9d293e76a20bdc6a9fa6aa6e713c6f2ae11a68fd

Download Submit
C:\ProgramData\Ableton\Live 12 Suite\Resources\Max\resources\packages\RNBO\server\node_modules\stringify-entities\license

Filesize
1KB

MD5
7e5307a85144ae88c8ce8eb803918a97

SHA1
7c909c8f7cbf034c63f09c74520644c5d3a4e066

SHA256
9f084fac69d8cf1e6ce983ba5a3499c7695ed74a26ec625c38f0fd19fddd5e10

SHA512
fcad3da4d5889ae0554c9d80fa051f7a4821f6d24eba84d12df8a780773af0df8a94de81b839ebaa4d097f8c2d9ca405ddd60b62364e588e317068c61ca22eef

Download Submit
C:\ProgramData\Ableton\Live 12 Suite\Resources\Max\resources\packages\RNBO\server\node_modules\tar-stream\node_modules\readable-stream\GOVERNANCE.md

Filesize
5KB

MD5
70b44945cec4643ca805d87f673fbd34

SHA1
f30fd9ba0fa4f12c900d1b7bb248aa568a72cc3c

SHA256
7a521e462d1c6f3b599c44637fb337bbf969dda311510a87236ec539a415331d

SHA512
586f0f2a46ae29e8dc0b5931e144d3b7536057cb0a6d2ecfc72544c5048a1fc9417d14fbdb45f33e21eef99a2a0e302a3c74d2f8e360573544c8328593053daa

Download Submit
C:\ProgramData\Ableton\Live 12 Suite\Resources\Max\resources\packages\RNBO\server\node_modules\tslib\tslib.es6.html

Filesize
36B

MD5
5b9030beaa547926ac803bc3e7626b63

SHA1
2fbd8d667ac4b49b23033f82a32dc7b6708c1d9b

SHA256
759c26504a9ccbbfcd730269c9c5ef15512cf16ba617e61a92212365e57c9f5d

SHA512
6a8011db36b113d52d7173b8904f456cf06021911593bbb767e9c43e60e8eabc1c62d874ecac6b5597a3544772d9798abe491c6fc3bf5ccf542b76cf73588c3f

Download Submit
C:\ProgramData\Ableton\Live 12 Suite\Resources\Max\resources\packages\RNBO\server\node_modules\winston-transport\node_modules\readable-stream\LICENSE

Filesize
2KB

MD5
a67a7926e54316d90c14f74f71080977

SHA1
d3622fac093fe1cbcb4d8e8d35801600b681fc45

SHA256
ec62dc96da0099b87f4511736c87309335527fb7031639493e06c95728dc8c54

SHA512
e61de704d5a76afd66b5d9b1c78f0a5afe9a846686ca2fb28c814a4a60dbe82a190ed4a6a2f31e09bf6d695b8ec178ebea9804593029c58c1b1bedd793324d13

Download Submit
C:\ProgramData\Ableton\Live 12 Suite\Resources\Max\resources\packages\RNBO\server\node_modules\winston\node_modules\readable-stream\lib\internal\streams\stream.js

Filesize
36B

MD5
76bae0aaca4d9c61a71995751b67448b

SHA1
90b89ec87417d1301e7615a3ba50b04626c2796c

SHA256
1e7903927df33aadb3659ecce55266c9c851da65ce6c8b723a60a305c1c5422c

SHA512
9be70625af9c47a3772622031cdc4ada6e009d9ddf71f7409109ef6b6adfb444414630897eab07f77bd268f66c9462d199cb72934e0bb4fdbbe614f16bb3de24

Download Submit
C:\ProgramData\Ableton\Live 12 Suite\Resources\Max\resources\packages\RNBO\server\node_modules\wrappy\LICENSE

Filesize
765B

MD5
82703a69f6d7411dde679954c2fd9dca

SHA1
bb408e929caeb1731945b2ba54bc337edb87cc66

SHA256
4ec3d4c66cd87f5c8d8ad911b10f99bf27cb00cdfcff82621956e379186b016b

SHA512
3fa748e59fb3af0c5293530844faa9606d9271836489d2c8013417779d10cc180187f5e670477f9ec77d341e0ef64eab7dcfb876c6390f027bc6f869a12d0f46

Download Submit
C:\ProgramData\Ableton\Live 12 Suite\Resources\Max\resources\packages\RNBO\server\node_modules\xast-util-from-xml\license

Filesize
1KB

MD5
6a9c614ad8a32fcd51b47e458d620e48

SHA1
435e3add4488d6fb01ad761f9f60b1aa3f60041d

SHA256
536804b3adbff17dbbb9ed0d2bf9655b78f07640278581e37e3d7475282d5e61

SHA512
7f3be41030d5aa17c226928db789d27c276a97de5d5e7601bba413c1a103579757fc4b52198cacdaedf2ffd2da463a788d4801e2a6f3e5cb071a326371901bd9

Download Submit
C:\ProgramData\Ableton\Live 12 Suite\Resources\Python2\lib\plat-freebsd4\regen

Filesize
93B

MD5
f38762de7858b6bfafb96a6a88e91ef6

SHA1
b5db6f9c59526ddd54f04683795630f5f8c03ce8

SHA256
0534a0c24c109b17aa517076ccac81fcfe711fb10b8370b51b3c8b1ecd387c3b

SHA512
d75668aaa6035d27a2aade43fd4d1425d358265d860d10350610a52a97efe9d2104bda5b5e3d2686be7fda8bd34063fe6e270b3e533990eb88b4a7c93ee5368a

Download Submit
C:\ProgramData\Ableton\Live 12 Suite\Resources\Python\site-packages\future-0.18.3\future-0.18.3.dist-info\WHEEL

Filesize
92B

MD5
18f1a484771c3f3a3d3b90df42acfbbe

SHA1
cab34a71bd14a5eede447eeb4cfa561e5b976a94

SHA256
c903798389a0e00c9b4639208bef72cb889010589b1909a5cfbf0f8a4e4eafe0

SHA512
3efaf71d54fc3c3102090e0d0f718909564242079de0aa92dacab91c50421f80cbf30a71136510d161caac5dc2733d00eb33a4094de8604e5ca5d307245158aa

Download Submit
C:\ProgramData\Package Cache\{9FE4C915-316D-4C18-B4C4-BF627B8504DD}\state.rsm

Filesize
1KB

MD5
ebbae125d88d7446edca58de75bdfa62

SHA1
bdeed8f4e004430c665418bce0761731fd3ac68a

SHA256
9522dfd0171db96e8b8d9578f38ddecd272df7ede2fbd502c406917908180cff

SHA512
a60fbdb68c1d435475910735451f07884f39be9c59019f5c5e671adfbb1570cd8203368619ac0aaa60128e65a3876f54a53897b2e5e76ff30ad9394237a9bb9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5431d6602455a6db6e087223dd47f600

SHA1
27255756dfecd4e0afe4f1185e7708a3d07dea6e

SHA256
7502d9453168c86631fb40ec90567bf80404615d387afc7ec2beb7a075bcc763

SHA512
868f6dcf32ef80459f3ea122b0d2c79191193b5885c86934a97bfec7e64250e10c23e4d00f34c6c2387a04a15f3f266af96e571bbe37077fb374d6d30f35b829

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7bed1eca5620a49f52232fd55246d09a

SHA1
e429d9d401099a1917a6fb31ab2cf65fcee22030

SHA256
49c484f08c5e22ee6bec6d23681b26b0426ee37b54020f823a2908ab7d0d805e

SHA512
afc8f0b5b95d593f863ad32186d1af4ca333710bcfba86416800e79528616e7b15f8813a20c2cfa9d13688c151bf8c85db454a9eb5c956d6e49db84b4b222ee8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
28e2c69e804dc525d8e48e6df779730d

SHA1
a7d7d9c37548f492259e60f19ead5dc7b03748ae

SHA256
51651d1c869b137d1a43d61ec5d502caa44d67ffee63cf709622118a4672d32d

SHA512
2f1e9d30eea7ffbee3524d0b7c2b8bae0a8894419aea00dcc0e8cdd0d706b2f03c1fa3558fd2b1835389b7f580651f201463d3bf6f4671f757fe9fa9e9baff75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
8431c8804a2b07f4bd4f672eaa50cc4d

SHA1
493c6fc022e601dd2663cce49ed2d8a8f04d0263

SHA256
3f7acf4e2823f9a9b1a3a21c986927ab043afdbde717fde1f9d533ea7f71567f

SHA512
d475ca3564a9d5904f2440d5be6f8c7e33ad6a8d94c6afb83e02c0fdc51603fbdea9131c6da2999aeae3af219e802a923f99b034b7e311ce2aca7110c99ad07e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
6bf1fa13afec465ccbdf85dcc767f50d

SHA1
ec538323865f2d06401f1c02e42b946102c6f727

SHA256
d297e0f74b9c4232a05a4f509f9e5464d1bd814c87f5436d9be3ee6c4d6caa07

SHA512
173f3af3635d26ec0012a9ff3ae4722ccb652dfc5f87ae543af60f4ce1464cc1639c93554209ea35707d60130f635431a644fc022feca0b093aae4a4a2b9a33b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
f10f5f79efce5b4cbbe9ea163f918557

SHA1
0f5d46b3f7c508d6c6bff5eff569c4f27b7ebe67

SHA256
f98d409f3a6d44e56d724bdbd1cc01322ac323dd412788e985cd4d819b7b4ef0

SHA512
33982c3bb5a8dafa22330224ede209e87faa25d952e2e5162785e3e3c565470129f6af40f680e789059b71a26c934a862980300e808fd48fbc497544ab2947ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
a7913240d9785b09b90fef5e0c200ab4

SHA1
8892ec8bb0eaf48ae72bae058063f3c1428222be

SHA256
c632c6c1467bb5452e7534241370dc0d92a67fa34b69194d51e3786021b49875

SHA512
1665c0faa7395234cf44cca25e84dda2969cedaa3e34129992c1db4def728f20d128e0a90d93354c76a49ac32047febe8ce684c2d628f41442d1858c79332e81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
75cf6256288f4743b819441fa5b6553b

SHA1
7917d3057184ec5d182f3ed85c9fd57830d87dd0

SHA256
259bf3e8a8270960dd00e54833ac859a83c55177ce5fb9c51c06bb1b31c98993

SHA512
1031c6d28006654fbd697a3c9afa79b01ef6424cdee35b8854e5cf2336232c326ccde4c1bdcff14b08f5ae3a558e606163512e9abf9b2e2acc671a2e42ad9453

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
895da3859450ced1965f9b5fc29a14dd

SHA1
fc7ad7eae428d28a6c3d34d7c8ffe019c4578632

SHA256
fd10500b29bc7dbe996e9d34f0ba5a871729cc5b353cd0fcedb53d14c3ddc575

SHA512
70d75c59aebcaaf19333ab24ddcf0dbd0849cf12fb13626957edd9972246779b6cc72b4ae28ac21c65d6d18aaf156ad0a1b701393cd73a439306da30fb0407eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
da52f5a26310be14de7e8ce2179a7c4e

SHA1
9852a7374ac898af53a98731cded50752e68cc24

SHA256
6f3dfb8c33bb3e1819c26396404c69597b38112c726968c883190f8156d6a3a2

SHA512
14bf37739713aeafe70a9756c293805d6e65d9434619e2ac53213276f798029f8db8e728e92c2fba58e871cd6b481a96101a2566846548ab5cb2a97f80d86228

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
a2847a223527d5f1aeea0f0bbb0cacd1

SHA1
174863f0e6ac7d89648430a68235b29adf37f77e

SHA256
909bc2cc37368a181a033b7cdb5db709d7a42c9d41f2735d2ea795f6c2fc5ee9

SHA512
49bbb4d235b2a6534744331d575cba802e44f1d917f62f10a89be26c830c12f735d724b6b230ba87690f9635bbb4a63da31fb8cd6fef7fd4e3740d49cc48d386

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
26cad9f2c5c0a9f2c51a9fb0d7d93304

SHA1
55fdf256adf2bc8e72fd1a1417310acabc0755fb

SHA256
3cb0feb7ba9e2c7b36c30abdaa45b0ae3285d4d082b0152e10456477e4d20114

SHA512
f8ec3dd84dba9fcf26fe22015c5cd114ed75fe79357de2103f0fca45bad05b83bd48906f1312b92afb7b62b14e21bc7eaa3f761b13f948854442408537080dc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
e372a640b96b09de92f806f923e3f4b7

SHA1
eed207c6881f7efefea1753c05f3d7d7f9e334ed

SHA256
10aba29fb80c048ed3f8b92a8d284c2c04a5c60d2294f6b2087ed43137f733a1

SHA512
b415a21be99a82eca7db0d87f443a97d4835da26642b0b2d34bd58c39fd34abb274136b4c9cdfa059f07cdb44333002eae3c3a0677b4ad65956f39cc04f91460

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2b9095859ea180f9a78479531ebded4d

SHA1
9993dbcd9479a25c02d9945b71dc175573e6b269

SHA256
c6b3ddb686343f642c6704e526120426b20a6f41d80dce2b8bfe5a51edb8a8ce

SHA512
9da985f21c5a277f9b559924913569121fac785de1167c5f25d289f6115930a97f43865e8cd694a90ed0e1017d07564b9a61fb6d936400f0abd8607b9b5db781

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cbd1e1713ab527f2af08d56d9d105d9e

SHA1
a589f71dcb77b647dc2166d2b7aadafb61a556c0

SHA256
f281cd1996bc0db5ca56e40801e6fcfe73160e279fdeb4d506b1d600002feed1

SHA512
12499b0f1384290c1231da52c03ded8a2967b1ca96fef2e01ad398bae4b3dc984fb8279fa37c4e9ff18eb2d0b9461becc5a378837e421a5e7e9dddf3e73217a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a447e288a9f7780a2974bbec0dcb3352

SHA1
bcd0538f9604be0e6f2840596fc99adf6ea99338

SHA256
30ec254ce7020b00233bf112c666dd1998cb9ef5529792e815ce71cd4301b56b

SHA512
7f8297fd6d08810ce4a8faea9e4acabe5ee1668f494fb25c4933ae047c580f533ec62cd6e3796799cfbe21cb12f47dcb9bc1a70a02ab511d3e46c209b0b0c538

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
196b0066f5de2fa9030a8a49c9705847

SHA1
bc0f7bd23c8e7179700873a7f31fda68301e64e1

SHA256
1979fe8435454337876d62cec95a74574fcdfb9df830760c13f1e4615ba630d4

SHA512
5b683e2ec69f4de9b69e810310e78bca0b0fa15136ba876aaf457e015ab7c64c4d3618baa20a5c75f84160c726cb700be9561be859f9b6176de023d076f0dced

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d4df2d092ac3b47d0d299fe7a4fd220b

SHA1
2fed5e93a08a91292aa15116f7807f47178b38ed

SHA256
482d45ecf3e1eb3bae62acff125bdfae116370de293da087f4c4c1cdcc571e90

SHA512
9d89dce7dd920a9a42b05067076a93f94459351f7bffe79bb78915611bcf304817570a6c9fe03b7ac2399975008cb43d923e57b7dc784ca0b5e3370089a45c4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Ableton_Live_12_Suite_20250201144601_001_Push3AudioDriver.log

Filesize
2KB

MD5
2e4ae319406f856af69661297b28c419

SHA1
65ce73c9ad5005e7ca2f9d1ccdf89df0bff5374c

SHA256
d8dbdaab7809c7deb2343e28f8fe284caba13982c48ce9173f76b839c6a4e809

SHA512
8e935dd8adac227b5cba4c91d7399e3d6fe3e63cbb67df9cbdb6fe61017da5415fe0fe7b3cd341029fda25f92a6c03e05b6503263c5ea722c6acfd58ecf18aae

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_dc2j1qge.myq.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\ableton_move_driver\x86\winusbcoinstaller2.dll

Filesize
831KB

MD5
8e7b9f81e8823fee2d82f7de3a44300b

SHA1
1633b3715014c90d1c552cd757ef5de33c161dee

SHA256
ebe3b7708dd974ee87efed3113028d266af87ca8dbae77c47c6f7612824d3d6c

SHA512
9ae37b2747589a0eb312473d895ef87404f4a395a27e15855826a75b4711ea934ca9a2b289df0abe0a8825dec2d5654a0b1603cf0b039fe25662359b730ce1a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\dd_vcredist_amd64_20250201144820_000_vcRuntimeMinimum_x64.log

Filesize
2KB

MD5
128a95d7c4baa317950a8618f2435766

SHA1
466dd64e84702cc89e9f4ccd2465c07a70cc2352

SHA256
c4a069bcdb8676f49813a3c57374528f90f8a012b273bd3b3c1946d6af7e326c

SHA512
6d6b0d4e4c307f8a2917ad542eff4cf5f2239873491c9cd87c0275613b33f1a1a70bedfa1a556fc9eafca534175476cdf9a4b67316c4a18b3db2817d893b2b03

Download Submit
C:\Users\Admin\AppData\Local\Temp\dd_vcredist_amd64_20250201144820_001_vcRuntimeAdditional_x64.log

Filesize
2KB

MD5
e5da699bafcb2a56f1c70e88ddd8dce1

SHA1
289467e13a4b61b8d45d609f9070f265a64b6420

SHA256
10ffcd2d80c5492fb95a418ae8afd293c9c45c00ba53a228e34dd12f409d1053

SHA512
0cc198d52ff047205719e74b50088c00b55a65004429d2a6eb1c08be959b84eced79f863ea83637cf8b62bebf48e3eb9e7b0c2d9104e2ef76adb3951158f072b

Download Submit
C:\Users\Admin\AppData\Local\Temp\tlsetupfx.log

Filesize
44KB

MD5
6c20b8c1e37eded2bd5de6810ffb52f8

SHA1
1a820ee0e6a20b770f35c1702c90f1e8ffd40cd3

SHA256
0162bfdd680c4b72785dd3b54ccacffc94783b6709901559fc968710d271012a

SHA512
0633f08283165323566d217120c4345cf4ff60baca86b117034774fc0ceab1b4be2c215ba50560e06745aff50505ac8a85cbfd95f5a4300b3c646481d7e8dc44

Download Submit
C:\Users\Admin\AppData\Local\Temp\tlsetupfx.log

Filesize
9KB

MD5
48bea5e51a9b4f78646b7e1c389f4b3a

SHA1
2031542553d4f57b6afe58852de773568e769dfd

SHA256
eb9e261a75d65851416d47320f8fa0bb480eceed1451833d8f02bf232c5fd753

SHA512
29e2f6c23a714ec06f5f1a31719fd6e94e1b2838993a89661c42ef4652566be239eee4be58b5ce4947d5376831ca23c7da457d7a09ce0c1b5d581278170e5462

Download Submit
C:\Users\Admin\AppData\Local\Temp\{8418C79B-8BFF-4017-90D4-19FA089207D3}\Push3AudioDriver

Filesize
7.2MB

MD5
609863642ff6428a5541d9a4b6547e77

SHA1
ded1b6f3a6cc7e140f2c50a88176c7070c0fb01e

SHA256
719047581c40a709f7baa568668a6532f430608702a941e34c363d7d030e4cd0

SHA512
f134f999e3ef17055c0e59be81f0185b40758f94d606a164d7b0ed262db444d8515cb16ce61ef76a7aa7de96cc9bdd4560903c422eba260b236def44dfbb32f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\{8418C79B-8BFF-4017-90D4-19FA089207D3}\Setup.msi

Filesize
11.3MB

MD5
d5f11ef77d5a7de77404c915211e2e64

SHA1
03b1b2a3db317c4156ff3597a4b725807b97315d

SHA256
78bf5fb97d6e841c7961fca2b83a78fb757eae2605b8b4a9de178d6ce0a1470e

SHA512
e012dab82c2b7691eabed6d2b6758c189f29eae98ea34c55389a997d339729fd8c0d7e3a15812b7ce1a3e604c0e8ba85f4af3d0d450a88caea0985428ac6349f

Download Submit
C:\Users\Admin\AppData\Local\Temp\{8418C79B-8BFF-4017-90D4-19FA089207D3}\vc_redist.x64.exe

Filesize
24.2MB

MD5
077f0abdc2a3881d5c6c774af821f787

SHA1
c483f66c48ba83e99c764d957729789317b09c6b

SHA256
917c37d816488545b70affd77d6e486e4dd27e2ece63f6bbaaf486b178b2b888

SHA512
70a888d5891efd2a48d33c22f35e9178bd113032162dc5a170e7c56f2d592e3c59a08904b9f1b54450c80f8863bda746e431b396e4c1624b91ff15dd701bd939

Download Submit
C:\Users\Admin\Downloads\ABLETON LIVE 12 SUITE v12.1.0 WIN.zip:Zone.Identifier

Filesize
186B

MD5
370ec8e27da993678e33e90e8b2d4921

SHA1
db8a64d4a8c9d7a6ab2ee530ea1a72800ee44485

SHA256
2766edbc9c84aec2a1e803c83080aec17c5d6275e413e18a85cbdc76e2744824

SHA512
2269be129b517c3b69136b938b758d8fc5f7332e07f5743776488b3478720bb53a50fd0c0b285fecd6108b7a3b561bee3113b53d6efc7f09f98ec694af6fcf17

Download Submit
C:\Windows\Installer\MSI2939.tmp

Filesize
234KB

MD5
8edc1557e9fc7f25f89ad384d01bcec4

SHA1
98e64d7f92b8254fe3f258e3238b9e0f033b5a9c

SHA256
78860e15e474cc2af7ad6e499a8971b6b8197afb8e49a1b9eaaa392e4378f3a5

SHA512
d26c9dce3c3d17583ffb5dbcd3989f93b096a7f64a37a2701a474c1bf4b8c8b1e922c352d33f24e411f1c793e1b4af11a3aec1de489087d481b1b636df2050cd

Download Submit
C:\Windows\Installer\MSI4B59.tmp

Filesize
1.2MB

MD5
4816ab7f6b3ec3ad9e9d2205d761e569

SHA1
bb5bc0d83eb06994cecbb429408b99803b6e362c

SHA256
6370476c59660f6d076751eec9c6976a5a07b8bb3c90dbf77c436d78de35f6aa

SHA512
0f5360d77a087a1ae4fdc12ee900a6931686e73d59fd93c190bd67ceb90e69ef66c71c8c7b41c59810d6aa2be677bf43a689515fdd9c9fc31203fa78bb9df59b

Download Submit
C:\Windows\Installer\{2DEE5284-A470-418D-A923-0B6B1578DE3A}\pckHtUoGQayNxP\x64\tlsetupfx_drv.xml

Filesize
5KB

MD5
82711ef305631507b7d585e0903e5864

SHA1
7e8c1a71101e524dc947cc088c4c2cdb4025cf5b

SHA256
d55bd6faca86b449d698d95bb23ad759aaecb7a3d5d1de053ad8164ac8972d84

SHA512
403483528099030d26b136d750ee837532965cfa77e3cd6f1b34f42221ee97a5962f233e5786e60ac25a8f0f2fb202e92714619ad0f1c40c2a736b5d281c591c

Download Submit
C:\Windows\Installer\{2DEE5284-A470-418D-A923-0B6B1578DE3A}\pckHtUoGQayNxP\x64\tlsetupfx_main.xml

Filesize
3KB

MD5
4cca7f6a52ea6b169df944a197e3f51b

SHA1
68fab82958d9f765507526bb5903c7a8ce7b545c

SHA256
d70d64df38ef516070730c26604421678649a8716ef8f836e0f0bf94aa5d72cc

SHA512
e36f59ae2ef9d6ae949d8932e3a33c3542a72de9eb5ab02cf45f75532add62ee50808e718122564ec05634a32805333c3fa63d6500c569ed8cb6ec6f71fb0e29

Download Submit
C:\Windows\Installer\{2DEE5284-A470-418D-A923-0B6B1578DE3A}\tlsetupfx.exe

Filesize
1.4MB

MD5
0c44efc49da3057ae06d1d79f1673376

SHA1
22adb0adb12ba5f45d84a24d78811554d52e6b6b

SHA256
d36d41d0a37a5d57306d69c1b85b17ca2750feb9a95791156e85bd6e237ef1cf

SHA512
593b889a199dbaa97be1e4eec56785fcb6b22369acf523240ee0194e785036ffced0307bb3b8ae38628d014e2d9a893f9d0e8500f4190d7ae76c1b01f883b8a9

Download Submit
C:\Windows\Installer\{D766854D-7739-44F1-9E9E-CDD222E6C5C3}\pckHtUoGQayNxP\x64\AbletonAudioCpl.exe

Filesize
645KB

MD5
d90466f18d98c8d78ec21fa33c6cf088

SHA1
1f22039ce25c7ba98eceb9474ab731b5c642f104

SHA256
480b113812dff9b18b0b5c14a620c46e3f4120b8204bef8e55d7f448f490565a

SHA512
cece2f51095ee28bc49ed74d238f1e2300c815edb8abb9ad59dc3c18bca0a709b7ec8c65b08575781ccb8ffddef451dba7cecb9f778cadf0f41f38426243aa27

Download Submit
C:\Windows\Installer\{D766854D-7739-44F1-9E9E-CDD222E6C5C3}\pckHtUoGQayNxP\x64\tlsetupfx_apps.xml

Filesize
1KB

MD5
23f4a473a65315c51957e3bc8d6b7ed6

SHA1
45015ae6915ed74e6826f537ea087c319f62cfd8

SHA256
f304692c0a26442e493663ffbf6e53f07d17fd299889ed01e5e712c981627371

SHA512
493f19c620eb3beacf000136d8c2d7e8c821a84fc72ddc2b99a5c8c58fce753b07fb0f7a04e410b49e12ee496cc333348f55fad98b0ef07b96fb5a9227044c25

Download Submit
C:\Windows\System32\DriverStore\Temp\{cb634119-5319-e040-a0bf-205c14e092fa}\amd64\WdfCoInstaller01009.dll

Filesize
1.6MB

MD5
4da5da193e0e4f86f6f8fd43ef25329a

SHA1
68a44d37ff535a2c454f2440e1429833a1c6d810

SHA256
18487b4ff94edccc98ed59d9fca662d4a1331c5f1e14df8db3093256dd9f1c3e

SHA512
b3d73ed5e45d6f2908b2f3086390dd28c1631e298756cee9bdf26b185f0b77d1b8c03ad55e0495dba982c5bed4a03337b130c76f7112f3e19821127d2cf36853

Download Submit
C:\Windows\System32\DriverStore\Temp\{cb634119-5319-e040-a0bf-205c14e092fa}\amd64\WinUSBCoInstaller2.dll

Filesize
979KB

MD5
246900ce6474718730ecd4f873234cf5

SHA1
0c84b56c82e4624824154d27926ded1c45f4b331

SHA256
981a17effddbc20377512ddaec9f22c2b7067e17a3e2a8ccf82bb7bb7b2420b6

SHA512
6a9e305bfbfb57d8f8fd16edabef9291a8a97e4b9c2ae90622f6c056e518a0a731fbb3e33a2591d87c8e4293d0f983ec515e6a241792962257b82401a8811d5c

Download Submit
C:\Windows\System32\DriverStore\Temp\{cb634119-5319-e040-a0bf-205c14e092fa}\move_display.cat

Filesize
3KB

MD5
899d687d3d4217cec73d91aa55b591bc

SHA1
913df50975bb3d879bca55e958098cc30509e736

SHA256
2865553507ca71456b1f80644f69cc75dd3da6849da44204516961264ff650b1

SHA512
82b3c60bed337a169e810758c848f6d74206f7c8254ce39c481634e0ed70272e266e293f50d39dd7ddef7a0e96c8eb7eba46a149d10fb72a62dd8fc5845066d4

Download Submit
C:\Windows\System32\DriverStore\Temp\{cb634119-5319-e040-a0bf-205c14e092fa}\move_display.inf

Filesize
4KB

MD5
df6138abe156f0ffd04f5b5d83329b13

SHA1
4a8cebadbe623cfab4d07da3c4f505834aaa0a8b

SHA256
439d15078381dd8e1ab63a902983fe129fa94b751a0905fde630b38ee8f7f47f

SHA512
b4b968d38d717988a6b32abc8a5a404dcb0748dcb4309487ec57f11509b500be4f1cada8f9dd8f7c9ab0a310cd7468e6478f197053ac03024d1d23e815e3df05

Download Submit
C:\Windows\System32\GroupPolicy\gpt.ini

Filesize
127B

MD5
cead048a81341e7f91c31f96a82e98e3

SHA1
32f24dda3c3774957c623df11c1237c36ded44fd

SHA256
07956deed8284ce2dc1ff98f4a0fc3776df4b2299f53fac42962fe6f8de39836

SHA512
34c2887a34a65befe377822c93c662f26ace734b74628c77334d019f22633ecde948ceba29dad5d2b38685bfd90bbdc9817887f1f5a7bd4d3d68fbde38611a7a

Download Submit
C:\Windows\Temp\{306EEDF4-F4BE-4D1B-BD0E-AB0CFA728460}\.cr\vc_redist.x64.exe

Filesize
635KB

MD5
35e545dac78234e4040a99cbb53000ac

SHA1
ae674cc167601bd94e12d7ae190156e2c8913dc5

SHA256
9a6c005e1a71e11617f87ede695af32baac8a2056f11031941df18b23c4eeba6

SHA512
bd984c20f59674d1c54ca19785f54f937f89661014573c5966e5f196f776ae38f1fc9a7f3b68c5bc9bf0784adc5c381f8083f2aecdef620965aeda9ecba504f3

Download Submit
C:\Windows\Temp\{4150EFF4-F8B3-40E0-9BC5-1BF437BE3F97}\.ba\logo.png

Filesize
1KB

MD5
d6bd210f227442b3362493d046cea233

SHA1
ff286ac8370fc655aea0ef35e9cf0bfcb6d698de

SHA256
335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef

SHA512
464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b

Download Submit
C:\Windows\Temp\{4150EFF4-F8B3-40E0-9BC5-1BF437BE3F97}\.ba\wixstdba.dll

Filesize
191KB

MD5
eab9caf4277829abdf6223ec1efa0edd

SHA1
74862ecf349a9bedd32699f2a7a4e00b4727543d

SHA256
a4efbdb2ce55788ffe92a244cb775efd475526ef5b61ad78de2bcdfaddac7041

SHA512
45b15ade68e0a90ea7300aeb6dca9bc9e347a63dba5ce72a635957564d1bdf0b1584a5e34191916498850fc7b3b7ecfbcbfcb246b39dbf59d47f66bc825c6fd2

Download Submit
C:\Windows\Temp\{4150EFF4-F8B3-40E0-9BC5-1BF437BE3F97}\cab2C04DDC374BD96EB5C8EB8208F2C7C92

Filesize
5.4MB

MD5
46efc5476e6d948067b9ba2e822fd300

SHA1
d17c2bf232f308e53544b2a773e646d4b35e3171

SHA256
2de285c0fc328d30501cad8aa66a0ca9556ad5e30d03b198ebdbc422347db138

SHA512
58c9b43b0f93da00166f53fda324fcf78fb1696411e3c453b66e72143e774f68d377a0368b586fb3f3133db7775eb9ab7e109f89bb3c5e21ddd0b13eaa7bd64c

Download Submit
C:\Windows\Temp\{4150EFF4-F8B3-40E0-9BC5-1BF437BE3F97}\cab5046A8AB272BF37297BB7928664C9503

Filesize
935KB

MD5
c2df6cb9082ac285f6acfe56e3a4430a

SHA1
591e03bf436d448296798a4d80f6a39a00502595

SHA256
b8b4732a600b741e824ab749321e029a07390aa730ec59401964b38105d5fa11

SHA512
9f21b621fc871dd72de0c518174d1cbe41c8c93527269c3765b65edee870a8945ecc2700d49f5da8f6fab0aa3e4c2db422b505ffcbcb2c5a1ddf4b9cec0e8e13

Download Submit
C:\Windows\Temp\{4150EFF4-F8B3-40E0-9BC5-1BF437BE3F97}\vcRuntimeAdditional_x64

Filesize
188KB

MD5
dd070483eda0af71a2e52b65867d7f5d

SHA1
2b182fc81d19ae8808e5b37d8e19c4dafeec8106

SHA256
1c450cacdbf38527c27eb2107a674cd9da30aaf93a36be3c5729293f6f586e07

SHA512
69e16ee172d923173e874b12037629201017698997e8ae7a6696aab1ad3222ae2359f90dea73a7487ca9ff6b7c01dc6c4c98b0153b6f1ada8b59d2cec029ec1a

Download Submit
C:\Windows\Temp\{4150EFF4-F8B3-40E0-9BC5-1BF437BE3F97}\vcRuntimeMinimum_x64

Filesize
188KB

MD5
a4075b745d8e506c48581c4a99ec78aa

SHA1
389e8b1dbeebdff749834b63ae06644c30feac84

SHA256
ee130110a29393dcbc7be1f26106d68b629afd2544b91e6caf3a50069a979b93

SHA512
0b980f397972bfc55e30c06e6e98e07b474e963832b76cdb48717e6772d0348f99c79d91ea0b4944fe0181ad5d6701d9527e2ee62c14123f1f232c1da977cada

Download Submit
C:\Windows\Temp\{484DE51E-D644-40E3-B3D2-04FE426119D9}\.cr\Ableton Live 12 Suite Installer.exe

Filesize
1.1MB

MD5
2489cd151ca920a9216df7a3a3344be9

SHA1
4e7b775cd2c45c2a108c4683173afc29e0afa47a

SHA256
b343124b1415e9eb7d3523ce9690203e022adf1bcbaf9d3fb70c939177780a91

SHA512
ebf1f035ec6b30a50aa30419ee0075a2f91a44f7348e9d20e0c305b5877942c9c12d505586e0b060af630d8541b9b91f9c927440069b8e01ef4f6c49333ad44d

Download Submit
C:\Windows\Temp\{8418C79B-8BFF-4017-90D4-19FA089207D3}\.ba\bafunctions.dll

Filesize
235KB

MD5
67eb5162ca11466e922f378036a9d37d

SHA1
24a326df1b5b244a121ad0d0d4bee3b0c2331afe

SHA256
0dbdd7edcb5e6e10d1f0fe50e7f0e91cce20c251d1480cbc228e0b21fd86bd68

SHA512
81f3f6b127488e1addca913e5c011efa423af0903825aaf3055c31128cebcbd3b96245eb3655605f7f12e8b961d429b14c806fd56aadf628d81c034af7573867

Download Submit
C:\Windows\Temp\{8418C79B-8BFF-4017-90D4-19FA089207D3}\.ba\logo.png

Filesize
10KB

MD5
1f170910fe02a810df1dfc987e297837

SHA1
96f6aa07adaf4ebab9e7419e676a3afcb9335058

SHA256
ab9310270edfb5992615dbab53d45d167868925e9eebf729d182f965748bb1e5

SHA512
f0655a5987e00d9ef4b1fc0c6f548bb13c047e1a7b38bdbe8fa79d54429904c49dec9c7f45fb4cac844be0ecf1edb4cbbde81bb60d1a0a6c2aa4fba0b75f32f1

Download Submit
C:\Windows\Temp\{8418C79B-8BFF-4017-90D4-19FA089207D3}\.ba\progress.png

Filesize
128B

MD5
755694747f03f7265f93f16f9cd14525

SHA1
3e183211f304cd712c22e051351066e7f5857bca

SHA256
41bf75a73109a1b0de698a958ed264a0dff8157bea4cf0d96d9e4ca176cd1b3d

SHA512
081266a226ab5aa8d7f44cfb6c8a0f317ee6a222898908e2ad9f20764363f5bb1cbaa95281d21032537ea98e0b4f7a3e7aa720ad66604278d70ec7cd35080b86

Download Submit
C:\Windows\Temp\{8418C79B-8BFF-4017-90D4-19FA089207D3}\.ba\wixstdba.dll

Filesize
309KB

MD5
55211abff95d198e76f5a4700e7759b6

SHA1
a7e6fdd0e4d2ac1f8df709a623920d6229abf447

SHA256
f1f8918f38cbc20d2ddc4e2cdda06ba565a65dc3ea7cd1825092cd183a58740e

SHA512
78c5a1373738a98c296e079606b6a84136b3c7e6d361d41904345691d2199304ad85400962263d829c9e0821b5436f07ccb5bc8de3c88492da4d02c14bf5b464

Download Submit
memory/1960-53307-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/1960-53305-0x0000000000630000-0x000000000064F000-memory.dmp

Filesize
124KB

Download
memory/1960-53304-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download
memory/2712-589-0x0000000000820000-0x0000000000897000-memory.dmp

Filesize
476KB

Download
memory/2984-53246-0x0000000004EE0000-0x000000000550A000-memory.dmp

Filesize
6.2MB

Download
memory/2984-53258-0x0000000005820000-0x0000000005B77000-memory.dmp

Filesize
3.3MB

Download
memory/2984-53259-0x0000000005CD0000-0x0000000005CEE000-memory.dmp

Filesize
120KB

Download
memory/2984-53260-0x0000000005D20000-0x0000000005D6C000-memory.dmp

Filesize
304KB

Download
memory/2984-53261-0x0000000007550000-0x0000000007BCA000-memory.dmp

Filesize
6.5MB

Download
memory/2984-53262-0x0000000006210000-0x000000000622A000-memory.dmp

Filesize
104KB

Download
memory/2984-53249-0x00000000057B0000-0x0000000005816000-memory.dmp

Filesize
408KB

Download
memory/2984-53248-0x0000000005740000-0x00000000057A6000-memory.dmp

Filesize
408KB

Download
memory/2984-53247-0x0000000004D40000-0x0000000004D62000-memory.dmp

Filesize
136KB

Download
memory/2984-53245-0x0000000004840000-0x0000000004876000-memory.dmp

Filesize
216KB

Download
memory/3704-53293-0x0000000000580000-0x000000000064D000-memory.dmp

Filesize
820KB

Download
memory/3848-552-0x0000000000820000-0x0000000000897000-memory.dmp

Filesize
476KB

Download
memory/4576-590-0x0000000000820000-0x0000000000897000-memory.dmp

Filesize
476KB

Download